Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Chapter 1 – Introduction
Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
IEEE Wireless LAN Standard
Network and Internet Security
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Wireless and Security CSCI 5857: Encoding and Encryption.
Cryptography and Network Security
Wireless Network Security. What is a Wireless Network Wireless networks serve as the transport mechanism between devices and among devices and the traditional.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Chapter 21 Distributed System Security Copyright © 2008.
Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
Network Security Lecture 10 Presented by: Dr. Munam Ali Shah.
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.
Wireless Network Security Presented by: Prabhakaran Theertharaman.
Network Security Lecture 8 Presented by: Dr. Munam Ali Shah.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Information Security What is Information Security?
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Data Communications and Networks Chapter 10 – Network Hardware and Software ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Lecture 24 Wireless Network Security
Network Components David Blakeley LTEC HUB A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.
Chapter 14 Network Encryption
Wireless Network Security CSIS 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Security of a Local Area Network
Designing IIS Security (IIS – Internet Information Service)
A Model For Network Security
LM 5. Wireless Network Security
Presentation transcript:

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah

Summary of the previous lecture We talked about different types of security attacks for wireless networks such as man-in-the middle attack, spoofing, wardrive etc. We discussed how different solution could be used to secure our wireless networks. Some of the solutions we discussed are limiting the signal of wireless network and use of encryption We also studies about mobile networks and specialized attacks that can breach the security of a wireless network.

Outlines of today’s lecture We will continue our discussion on: Mobile Device Security  Mobile Device Security Strategy Robust Security Network (RSN) and IEEE802.11i Network Security Model

Objectives You would be able to present an overview of security threats and countermeasures for mobile networks. Understand the basics of IEEE802.11i standard for robust security Describe the principal elements for a network security model.

Mobile Device Security Strategy With the threats for mobile networks discussed in Lecture 8, Let us now see the main elements of a mobile device security strategy. They fall into three categories:  device security  client/server traffic security  barrier security

1. Device Security Different organizations supply mobile devices for employee use and preconfigure those devices to ensure company security policy. Some organizations adopt bring-your-own-device (BYOD) policy that allows personal devices to access company’s resources For BYOD policy, the IT staff should:  Inspect each device before allowing networks access  Establish configuration guidelines, e.g., rooted or jail- broken devices should not be permitted  The device must not be allowed to store company’s contacts on mobile

Device Security (cont.) Following security controls should be configured on the mobile devices  Enable auto-lock  Enable SSL (secure socket layer)  Enable password or PIN protection  Avoid using auto-complete features that remember passwords  Enable remote wipe  Make sure that software, including operating systems and applications, is up to date.  Install antivirus software as it becomes available.

Examples of device Security

Device Security (cont.)  Either sensitive data should be prohibited from storage on the mobile device or it should be encrypted.  IT staff should also have the ability to remotely access devices, wipe the device of all data, and then disable the device in the event of loss or theft.  The organization may prohibit all installation of third-party applications  implement and enforce restrictions on what devices can synchronize and on the use of cloud-based storage  Disable location services  Employees training

2. Traffic Security Traffic security is based on the usual mechanisms for encryption and authentication. All traffic should be encrypted and travel by secure means, such as SSL or IPv6. Virtual private networks (VPNs) can be configured so that all traffic between the mobile device and the organization’s network is via a VPN.

Traffic Security (Cont.) A strong authentication protocol should be used to limit the access from the device to the resources of the organization. A preferable strategy is to have a two-layer authentication mechanism, which involves authenticating the device and then authenticating the user of the device.

Barrier Security The organization should have security mechanisms to protect the network from unauthorized access. The security strategy can also include firewall policies specific to mobile device traffic. Firewall policies can limit the scope of data and application access for all mobile devices. Similarly, intrusion detection (IDS) and intrusion prevention systems (IPS) can be configured to have tighter rules for mobile device traffic.

Mobile Device Security Strategy

Robust Security Network (RSN) Wireless LAN are different from wired LAN in following ways:  Physical connection acts as a form of authentication  A wired LAN provides a degree of privacy, limiting reception of data to stations connected to the LAN. On the other hand, with a wireless LAN, any station within radio range can receive.

Robust Security Network (RSN) These differences between wired and wireless LANs suggest the increased need for robust security services and mechanisms for wireless LANs. The original specification included a set of security features for privacy and authentication that were quite weak. For privacy, defined the Wired Equivalent Privacy (WEP) algorithm. The privacy portion of the standard contained major weaknesses. Subsequent to the development of WEP, the i task group has developed a set of capabilities to address the WLAN security issues.

RSN The final form of the i standard is referred to as Robust Security Network (RSN). The i RSN security specification defines the following services.  Authentication  Access Control  Privacy with message integrity

RSN Services Authentication: A protocol is used to define an exchange between a user and an Authentication Server (AS) that provides mutual authentication and generates temporary keys to be used between the client and the AP over the wireless link. Access control: This function enforces the use of the authentication function, routes the messages properly, and facilitates key exchange. It can work with a variety of authentication protocols. Privacy with message integrity: MAC-level data such as frames are encrypted to ensure that the data have not been altered.

IEEE802.11i Five Phases of Operation Discovery Authentication Key generation and distribution Protected data transfer Connection Termination

IEEE802.11i Five Phases of Operation

Network Security Model Security aspects come into play when it is necessary or desirable to protect the information transmission from an opponent who may present a threat to confidentiality, authenticity, and so on. All the techniques for providing security have two components:  A security-related transformation on the information to be sent. Examples include the encryption of the message, which scrambles the message so that it is unreadable by the opponent, and the addition of a code based on the contents of the message, which can be used to verify the identity of the sender.  Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An example is an encryption key used in conjunction with the transformation to scramble the message before transmission and unscramble it on reception

Model for Network Security This general security model shows that there are four basic tasks in designing a particular security service: 1. Design an algorithm for performing the security-related transformation. The algorithm should be such that an opponent cannot defeat its purpose. 2. Generate the secret information to be used with the algorithm. 3. Develop methods for the distribution and sharing of the secret information. 4. Specify a protocol to be used by the two principals that makes use of the security algorithm and the secret information to achieve a particular security service.

Model for Network Security

Summary of today’s lecture We talked about different security measures that can be used to make a mobile network secure We also talked about IEEE802.11i standard which ensures security in a WLAN by using different protocols Lastly, we discussed network security model which provides detail of what need to be protected against whome.

Next lecture topics Our discussion on Network security will continue and we will see some new paradigms of ensuring security We will see some examples and protocols which are used to secure a communication in a practical fashion

The End