CIS 325: Data Communications1 Chapter Seventeen Network Security
CIS 325: Data Communications2 The Need for Security n Increased reliance on data communications results in greater vulnerability of data and systems n Losses associated with computerized fraud and thefts are much larger than non-computerized fraud and theft –Average bank robbery loss: $3000 –Average computer fraud loss: $300,000
CIS 325: Data Communications3 Types of Security Threats n Disruption, Destruction, & Disaster –Viruses –Hardware, software, operator errors –Fires/floods/earthquakes n Unauthorized Access –Hackers –Disgruntled employees
CIS 325: Data Communications4 Passive Attacks n Primarily listening to traffic n Auth. Users can eavesdrop on line n Tap into patch panels n Intercept microwave transmissions n Tap lines to phone co. n Capture electromagnetic emissions n Fiber optic prevents most opportunities
CIS 325: Data Communications5 Active Attacks n Read stored data n Modify data in storage or during transmission n Disrupt service n Computer Emergency Response Team (CERT) n An expensive problem
CIS 325: Data Communications6 Conventional Encryption n 5 ingredients –plain text –encryption algorithm –secret key –ciphertext –decryption algorithm n Needs strong encryption algorithm n Sender and receiver must have same key
CIS 325: Data Communications7 Conventional Encryption n How to attack or de-cipher –cryptanalysis –brute force n Data Encryption Standard (DES) –Symmetric (same key to encrypt and decrypt) –Uses 64-bit key (100 quadrillion possibilities)
CIS 325: Data Communications8 Public Key Encryption n 6 ingredients –plain text –encryption algorithm –public key –private key –ciphertext –decryption algorithm
CIS 325: Data Communications9 Public Key Encryption n Process works regardless of order that keys are used n Many know your public key n Only you know private key n Keys and algorithm designed so they can’t be figured out even with one key known
CIS 325: Data Communications10 Public Key Process n You encode msg using rcvrs PUBLIC key n Only rcvr can decode and read with private key n No one else can read msg n Anyone with public key can send msg to that rcvr
CIS 325: Data Communications11 Public Key Process n Also can be used for authentication of sender –sender send msg using private key –rcvr decodes using public key –since only sender knows private key, that authenticates the sender –however, anyone with public key can read msg, so no good for secrecy
CIS 325: Data Communications12 Encryption Management n Link Encryption –devices to protect path from node to node –all traffic on path is secure –traffic most be decoded at each node for switching –traffic is vulnerable at switch
CIS 325: Data Communications13 Encryption Management n End-to-end Encryption –devices at each work station –traffic secure on path AND switches –But, switch needs to read control bits, so only data encrypted n Solution is to use combination of both
CIS 325: Data Communications14 Key Distribution n How to get keys to all parties –A physically delivers key to B –3rd party delivers to A and B –A transmits key online to B –3rd party transmits to A and B n Key Distribution Center n Session key for a single session
CIS 325: Data Communications15 Digital Signatures n Conventional Key doesn’t support non- repudiation n Authentication does, but very slow for big messages n Digital Signature relies on public-key and ‘secure hash function’
CIS 325: Data Communications16 Digital Signatures n Hash Code created by doing some function on plain text –like a very fancy frame check sequence n Use private key to encrypt hash code only n Prevents anyone from modifying message n Provides authentication of sender
CIS 325: Data Communications17 Web Security n Problems –Alteration of web page –Access to server op sys –Eavesdropping –Impersonation n Solutions –Secure web site server –Secure site access