CSC8320. Outline Content from the book Recent Work Future Work.

Slides:



Advertisements
Similar presentations
Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Issues Relevant To Distributed Security xuhong Zhang.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Database Administration and Security Transparencies 1.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Applied Cryptography for Network Security
Lecture 11 Reliability and Security in IT infrastructure.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Understanding Active Directory
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
APA of Isfahan University of Technology In the name of God.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Enforcing Concurrent Logon Policies with UserLock.
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
The Security Aspect of Social Engineering Justin Steele.
Computer & Network Security
Computer Science and Engineering 1 Service-Oriented Architecture Security 2.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
Issues Relevant To Distributed Security CSC 8320 Nidhi Gahlot.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
ACM 511 Introduction to Computer Networks. Computer Networks.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Information Security in Distributed Systems Distributed Systems1.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
Network Security Introduction
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Information Security, Theory and Practice.
Grid Computing Security Mechanisms: the state-of-the-art
Information System and Network Security
Information Security.
Securing the Network Perimeter with ISA 2004
Chapter 17 Risks, Security and Disaster Recovery
Information and Network Security
Lecture 1: Foundation of Network Security
Intrusion Detection system
Presentation transcript:

CSC8320

Outline Content from the book Recent Work Future Work

Distributed Systems Security Different from operating system security No central trusted authority that mediates interaction between users and processes. Distributed system runs on top of a large number of loosely coupled autonomous hosts, that maybe running different OS’s with possibly different security policies. Application level security is not the solution as programmers are not security experts and security depends on application call chain Thus the issue of security is complex in distributed systems

Security Issues Confidentiality Information might be revealed to unauthorized users Integrity Data is corrupted or changed either intentionally or unintentionally Accountability Information of actions cannot be attributed accurately to the person or user Loss of Service Service is denied to authorized users

DDoS Distributed Denial of Service Attempts to make an available resource unavailable Attacker uses a “botnet” – hacked computers/network of computers – to send traffic to a particular site or a system and this way slows down/denies regular users access to the site. With enough computers, the attacker could even bring down the site

Protection against threats Authentication First line of defense. Only authenticated users have access to the system Authorization Second line of defense. Only authorized users have acces to a file or object Auditing Maintain a security log that logs all activities in the system. This helps to trace security attacks

Proxy Certificate used to verify that a principal truly delegates a subset of its rights to another principal for performing some tasks on its behalf Properties that proxy protocols should ideally exhibit include authenticity, integrity, additivity, sufficiency and revocability Advantage of proxy is that the amount of file transfer in the network is reduced. Thus delegation of responsibilities improves the efficiency of processing

Traffic Analysis Prevention Unauthorized users may gain useful information from analyzing the network traffic Traffic Analysis Prevention (TAP) regulates information flow in the network Common TAP approaches include Encryption – messages are encrypted to prevent unauthorized disclosure of the contents Padding – Packets are padded with redundant bytes such that all packets appear to be of same size Routing and Scheduling

Auditing Passive protection – acts as a last resort when other mechanisms such as authentication and authorization are not sufficient to protect the security of the system Can be performed online in the firewalls for early detection of threats or offline when an attack or problem has already occured Maintain log files that record all activity in the system and the network Audit logs help to trace security attacks

Recent Work A stateful CSG-based Distributed Firewall Architecture for robust Distributed Security [2009, Ramsurrun.V, Soyjaudah] Distributed security model following a bottom-up approach such that each cluster of end-user hosts are first secured using the Cluster Security Gateway architecture Provides higher level of protection compared to traditional firewalls

Architecture

Architecture contd Stateful CSG Multiple active firewalls nodes acting in parallel to filter traffic Network admin machine Contains the Policy Repository (central repository where all firewall scripts deployed in the network are stored) and the Policy Distributor (sends firewall updates to the CSMs by establishing secure and encrypted end-end connections with the CSM)

Architecture contd Cluster Security Manager (CSM) Receives firewall updates from the policy distributor. Each end user cluster has a CSM and this then distributes those updates across the multiple firewall nodes Gateway firewall First line of access control and protection against external attacks Also has a CSM for receiving updates from the network administrator

Future Work Artificially Intelligent systems that enforce security policies and detect/prevent attacks based on past occurrences and heuristics ? Adaptive distributed systems that evolve their behavior based on the changes in their environment so that they continually provide their intended functionalities

References R. Chow,T. Johnson, “Distributed Operating, Systems & Algorithms”, Addison Wesley, 1997 Distributed Denial-of-Service Attacks and You, April 11,2007 “A stateful CSG-based distributed firewall architecture for robust distributed security”, Ramsurrun.V, Soyjaudah K.M.S, Jan 2009

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.