8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

Slides:



Advertisements
Similar presentations
Security in Networks (Part 2) CPSC 363 Computer Networks Ellen Walker Hiram College (Includes figures from Computer Networking by Kurose & Ross, © Addison.
Advertisements

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Introduction to Security Computer Networks Computer Networks Term B10.
Lecture 25 Secure Communications CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose & Keith Ross and Dave Hollinger.
7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity Security in practice:
7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
1 Network Security What is network security? Principles of cryptography Authentication Access control: firewalls Attacks and counter measures.
Chapter 7: Network Security
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
8: Network Security – Integrity, Firewalls.
CSE401n:Computer Networks
Network Security7-1 Network Security 1. What is network security 2. Principles of cryptography 3. Authentication 4. Integrity 5. Key Distribution and certification.
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
7: Network Security1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Network security EECS 489 Computer Networks Z. Morley Mao Monday, April 9, 2007.
CPSC 441 TUTORIAL TA: FANG WANG NETWORK SECURITY.
24-1 Last time □ Message Integrity □ Authentication □ Key distribution and certification.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
Network Security7-1 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Network Security7-1 Today r Collect Ch6 HW r Assign Ch7 HW m Ch7 #2,3,4,5,7,9,10,12 m Due Wednesday Nov 19 r Continue with Chapter 7 (Security)
7: Network Security1 Chapter 7: Network security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Internet and Intranet Protocols and Applications Lecture 10 Network (Internet) Security April 3, 2002 Joseph Conron Computer Science Department New York.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Secure connections.
8: Network Security8-1 Chapter 8: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond.
8: Network Security8-1 Chapter 8: Network Security Chapter goals:  understand principles of network security: o cryptography and its many uses beyond.
8: Network Security8-1 Chapter 8: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond.
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
8: Network Security8-1 Security 8.1 What is network security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Integrity 8.5 Key Distribution and.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 12 Network Security (2)
Kurose and Ross Chapter 8: Network Security 8: Network Security8-1.
Security 14-Oct-15CPSC558 Advanced Computer Networks Chapter 8: Network Security Chapter goals: understand principles of network security: –cryptography.
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Network Security overview. Topics What is network security? Principles of cryptography Authentication Integrity Key Distribution and certification Access.
1 Firewalls. 2 What is a firewall? Device that provides secure connectivity between networks (internal/external; varying levels of trust) Used to implement.
Network Security7-1 Firewalls Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
8.4 – 8.5 Securing & Securing TCP connections with SSL By: Amanda Porter.
Network Security7-1 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Data Security & Cryptology Wednesday, October 28, 2015.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
Network Security7-1 Firewalls Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Chapter 8 Network Security A note on these ppt slides: All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Computer Science Lecture 23, page 1 CS677: Distributed OS Security: Focus of Control Three approaches for protection against security threats a)Protection.
Network Security7-1 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Network Security7-1 Firewalls Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Network Security7-1 Firewalls Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Lecture 22 Network Security (cont) CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger slides are modified from Jim Kurose,
Network Security. 2 Why Network Security?  Malicious people share your network  Problem made more severe the more the Internet became commercialized.
8: Network Security8-1 Network Security Goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality” m.
Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.
Last time Message Integrity Authentication
Firewalls firewall Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. administered network public.
Network Security Basics
Chapter 7: Network security
Network Security Goals: understand principles of network security:
Review and Announcement
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Unit 8 Network Security.
Presentation transcript:

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine what hosts have addresses on network m Port-scanning: try to establish TCP connection (e.g. socket programming) to each port in sequence (see what happens) m nmap ( mapper: “network exploration and security auditing” Mapping: countermeasures m record traffic entering network m look for suspicious activity (IP addresses, ports being scanned sequentially)

8-2 Internet security threats Packet sniffing: m broadcast media m promiscuous network interface card reads all packets passing by m can read all unencrypted data (e.g. passwords) m e.g.: C sniffs B’s packets A B C src:B dest:A payload Packet sniffing: countermeasures m all hosts in organization run software that checks periodically if host interface in promiscuous mode. m encrypt all data.

8-3 Internet security threats IP Spoofing: m can generate “raw” IP packets directly from application, putting any value into IP source address field m receiver can’t tell if source is spoofed m e.g.: C pretends to be B A B C src:B dest:A payload IP Spoofing: ingress filtering m routers should not forward outgoing packets with invalid source addresses (= ingress filtering), e.g. datagram source address not in router’s network. m great, but ingress filtering can not be mandated for all networks

8-4 Denial of service (DOS): m flood of maliciously generated packets “swamp” receiver (e.g. TCP SYN-attack, incomplete IP datagram) m Distributed DOS (DDOS): multiple coordinated sources swamp receiver: e.g., C and remote host TCP SYN- attack A A B C SYN Denial of service (DOS): countermeasures m Difficult to filter bad from good packets because of IP spoofing m filter out flooded packets (e.g., TCP SYN) before reaching host: throw out good with bad m traceback to source of floods (most likely an innocent, compromised machine), current research

8-5 Why security and many layers? Security in many layers (upper layer services may take advantage of lower level security) 1. Secure (application layer) 2. Secure sockets (transport layer) 3. IPsec (network layer) 4. Security in (link layer) r Lower layers cannot offer user-level security, m A commerce site need to authenticate customers r Easier to deploy services, including security, at the higher layers r Security is not broadly deployed at the network layer m E.g. IP spoofing m IPsec (with source authentication, hence no IP spoofing) is many years away m Performance?

8-6 Secure Alice:  generates random symmetric private session key, K S.  encrypts message with K S (for efficiency)  also encrypts K S with Bob’s public key.  sends both K S (m) and K B (K S ) to Bob.  Alice wants to send confidential , m, to Bob. K S ( ). K B ( ) K S (m ) K B (K S ) + m KSKS KSKS KBKB + Internet K S ( ). K B ( ). - KBKB - KSKS m K S (m ) K B (K S ) + Bob:  uses his private key to decrypt and recover K S  uses K S to decrypt K S (m) to recover m

8-7 Secure (continued) Alice wants to provide sender authentication and message integrity. Alice digitally signs message. sends both message (in the clear) and digital signature. H( ). K A ( ) H(m ) K A (H(m)) - m KAKA - Internet m K A ( ). + KAKA + K A (H(m)) - m H( ). H(m ) compare

8-8 Secure (continued) Alice wants to provide secrecy, sender authentication, message integrity. Alice uses three keys: her private key, Bob’s public key, newly created symmetric session key H( ). K A ( ). - + K A (H(m)) - m KAKA - m K S ( ). K B ( ). + + K B (K S ) + KSKS KBKB + Internet KSKS

8-9 Pretty good privacy (PGP) r Internet encryption scheme, de-facto standard. r uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described on previous slides r provides secrecy, sender authentication, integrity. r inventor, Phil Zimmerman, was target of 3-year federal investigation. ---BEGIN PGP SIGNED MESSAGE--- Hash: SHA1 Bob:My husband is out of town tonight. Passionately yours, Alice ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJ hFEvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE--- A PGP signed message:

8-10 Network Security (summary) Basic techniques…... m cryptography (symmetric and public) m authentication m message integrity m key distribution …. used in many different security scenarios m secure m secure transport (SSL) m IP sec m

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.