IT443 – Network Security Administration Week 1 – Introduction Instructor: Alfred J Bird, Ph.D., NBCT Door Key: * Office – McCormick 3rd floor 607 ( ) Office Hours – Tuesday and Thursday, 4:00 pm to 5:15pm 1

Basic Information Textbook: –Network Security: Private Communications in a Public World –by Charlie Kaufman, Radia Perlman and Mike Speciner –2 nd Edition, Prentice Hall, ISBN Location and time of classes –Section 1 Web Lab S Monday and Wednesday 4:00pm to 5:15pm –Section 2 IT Lab S Tuesday and Thursday 5:30 to 6:45pm 2

Course Outline Network Basics Cryptography Basics Authentication Public Key Infrastructure IPsec SSL/TLS Firewall / Intrusion Detection Security Wireless security / Worm (backup) 3

Course Work 6~7 Lab Assignments (50%) –Team of 2 students –Lab Notebook (Individual) –Lab report (Individual) Written Projects (25%) Final Exam (25%) 4

Potential Labs Understanding network packets Encryption/decryption Password cracking Intrusion detection System monitoring Implementing certificate Implementing VPN Configuring a firewall Wireless security / Worm (backup) 5

Policies Lab reports –Partial points will be given for incomplete work –Late submissions will be accepted for reduced credit. Honor code No makeup exam without prior permission Accommodations –Ross Center for Disability Service Campus Center Room 211,

Some Network Security Websites Carnegie Mellon University – Trend Micro Threat Tracker – Dept of Homeland Security – Symantec Threat Explorer – 7

Some Postulates about Network Security You can never prove something perfect, all you can do is fail to prove that it has some faults! Keep looking! If a lot of smart people have failed to solve the problem, then it probably won’t be solved (soon!) (p41 in the text) Security people need to remember that most people regard security as a nuisance rather than as needed protection and left to their own devices they often carelessly give up the security that someone worked so hard to provide. (p245 in the text) 8

Introduction to Network Security Security threats –Malware: Virus, worm, spyware –Spam –Botnet –DDoS attacks –Phishing –Cross-site scripting (XSS) –Theft and/or Whistleblowers –… 9

Introduction to Network Security Security breaches in 2011 –Sony's PlayStation Network (77M clients) –Epsilon (60M clients) –Fidelity National ($13M loss) –Sega's online gaming network (1.3M clients) –Citigroup (210K clients) –MA Executive Office of Labor and Workforce Development (210K records) –SF Subway, Health Net, … 10

Contributing Factors Lack of awareness of threats and risks of information systems –Security measures are often not considered until an Enterprise has been penetrated by malicious users Wide-open network policies –Many Internet sites allow wide-open Internet access Lack of security in TCP/IP protocol suite –Most TCP/IP protocols not built with security in mind Complexity of security management and administration Software vulnerabilities –Example: buffer overflow vulnerabilities Cracker skills keep improving 11

Security Objectives (CIA) 12

Security Objectives (CIA) Confidentiality — Prevent/detect/deter improper disclosure of information Integrity — Prevent/detect/deter improper modification of information Availability — Prevent/detect/deter improper denial of access to services provided by the system 13

OSI Security Architecture ITU-T X.800 “Security Architecture for OSI” Defines a systematic way of defining and providing security requirements It provides a useful, if abstract, overview of concepts we will study 14

Aspects of Security 3 aspects of security: –security attack Any action that compromises the security of information owned by an organization –security mechanism A process that is designed to detect, prevent, or recover from a security attack –security service Counter security attacks: make use of one or more security mechanisms to provide the service 15

Threat Model and Attack Model Threat model and attack model need to be clarified before any security mechanism is developed Threat model –Assumptions about potential attackers –Describes the attacker’s capabilities Attack model –Assumptions about the attacks –Describe how attacks are launched 16

Passive Attacks 17

Active Attacks 18

Security Mechanism (X.800) Specific security mechanisms: –encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization Pervasive security mechanisms: –trusted functionality, security labels, event detection, security audit trails, security recovery 19

Security Service Enhance security of data processing systems and information transfers of an organization Intended to counter security attacks Using one or more security mechanisms Often replicates functions normally associated with physical documents –For example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed 20

Security Service Authentication - assurance that communicating entity is the one claimed Access Control - prevention of the unauthorized use of a resource Data Confidentiality –protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication Availability – resource accessible/usable 21

For Next Time Prepare a 500 word essay on the topic: –In your view what is meant by the term “Network Security”? –An essay is not a research paper but is a written work expressing and defending your views! –What do you think about the topic and why! Be prepared to discuss the topic on Wednesday. We will be having a class discussion and you (each and every one) will be expected to participate! 22