CSCE 522 - Farkas1 CSCE 522 Network Security. Reading Pfleeger and Pfleeger: Chapter 6 CSCE 522 - Farkas2.

Slides:



Advertisements
Similar presentations
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Advertisements

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
Data Communications System By Ajarn Preecha Pangsuban.
Internet Security CSCE 813 Network Access Layer Security Protocols.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
IS Network and Telecommunications Risks
1 Chapter 9 Computer Networks. 2 Chapter Topics OSI network layers Network Topology Media access control Addressing and routing Network hardware Network.
1 Fall 2005 Internetworking: Concepts, Architecture and TCP/IP Layering Qutaibah Malluhi CSE Department Qatar University.
Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.
CS 268: Lecture 2 (Layering & End-to-End Arguments)
Protocols and the TCP/IP Suite
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Inside the Internet. INTERNET ARCHITECTURE The Internet system consists of a number of interconnected packet networks supporting communication among host.
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
2000 Copyrights, Danielle S. Lahmani UNIX Tools G , Fall 2000 Danielle S. Lahmani Lecture 10.
TCP/IP Reference Model Host To Network Layer Transport Layer Application Layer Internet Layer.
COMPUTER NETWORKS.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.
Chapter Threats in Networks Network Security / G. Steffen.
1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
1.  A protocol is a set of rules that governs the communications between computers on a network.  Functions of protocols:  Addressing  Data Packet.
Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Presentation Title Subtitle Author Copyright © 2002 OPNET Technologies, Inc. TM Introduction to IP and Routing.
LECTURE 9 CT1303 LAN. LAN DEVICES Network: Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
CS 268: Lecture 3 (Layering & End-to-End Arguments)
Review: – computer networks – topology: pair-wise connection, point-to-point networks and broadcast networks – switching techniques packet switching and.
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
CSCE Farkas1 CSCE 201 Computer Networks. CSCE Farkas2 Reading Assignment Required: – Security Awareness: Chapter 3 Recommended: – Internet.
Cisco 1 - Networking Basics Perrine. J Page 19/17/2015 Chapter 9 What transport layer protocol does TFTP use? 1.TCP 2.IP 3.UDP 4.CFTP.
Protocol Architectures. Simple Protocol Architecture Not an actual architecture, but a model for how they work Similar to “pseudocode,” used for teaching.
Internet Security - Farkas1 CSCE 813 Midterm Topics Overview.
Cisco – Chapter 11 Routers All You Ever Wanted To Know But Were Afraid to Ask.
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
Objectives: Chapter 5: Network/Internet Layer  How Networks are connected Network/Internet Layer Routed Protocols Routing Protocols Autonomous Systems.
Lect1..ppt - 01/06/05 CDA 6505 Network Architecture and Client/Server Computing Lecture 2 Protocols and the TCP/IP Suite by Zornitza Genova Prodanoff.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,
1 Version 3.0 Module 11 TCP Application and Transport.
Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
Internet Security - Farkas1 CSCE 813 Internet Security TCP/IP.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 03_b Protocol Layering Instructor: Dr. Li-Chuan Chen Date: 09/15/2003 Based in part upon slides of Prof.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.
CHAPTER 5 TCP/IP PROTOCOLS. P ROTOCOL STANDARDS Protocols are formal rules of behavior When computers communicate, it is necessary to define a set of.
Chapter 2 Protocols and the TCP/IP Suite 1 Chapter 2 Protocols and the TCP/IP Suite.
William Stallings Data and Computer Communications
Security in Networks Single point of failure Resillence or fault tolerance CS model.
1 Chapters 2 & 3 Computer Networking Review – The TCP/IP Protocol Architecture.
Open System Interconnection Describe how information from a software application in one computer moves through a network medium to a software application.
1. Layered Architecture of Communication Networks: TCP/IP Model
Net 221D:Computer Networks Fundamentals
Rehab AlFallaj.  Network:  Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and do specific task.
Security in network Outline Threats in network Network security controls Firewalls Intrusion detection system Secure Networks and Cryptography Example.
Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.
Advanced Higher Computing Computer Networking Topic 1: Network Protocols and Standards.
The OSI Model. Understanding the OSI Model In early 1980s, manufacturers began to standardize networking so that networks from different manufacturers.
@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.
Computer Networking A Top-Down Approach Featuring the Internet Introduction Jaypee Institute of Information Technology.
Networking Devices.
Network Architecture Introductory material
Review of Important Networking Concepts
Cengage Learning: Computer Networking from LANs to WANs
Computer Networking A Top-Down Approach Featuring the Internet
Presentation transcript:

CSCE Farkas1 CSCE 522 Network Security

Reading Pfleeger and Pfleeger: Chapter 6 CSCE Farkas2

Overview of TCP/IP Layers CSCE Farkas3

4 Internet Challenge Interconnected networks differ (protocols, interfaces, services, etc.) Solutions: 1. Reengineer and develop one global packet switching network standard: not economically feasible 2. Have every host implement the protocols of every network it wants to communicate with: too complex, very high engineering cost 3. Add an extra layer: internetworking layer Hosts: one higher-level protocol Connecting networks use the same protocol Interface between the new protocol and network

CSCE Farkas5 Layering Organize a network system into logically distinct entities – the service provided by one entity is based only on the service provided by the lower level entity

CSCE Farkas6 TCP/IP Protocol Stack Application Layer Transport Layer Internetwork Layer Network Access Layer Each layer interacts with neighboring layers above and below Each layer can be defined independently Complexity of the networking is hidden from the application

CSCE Farkas7 Layering Advantages – Modularity – protocols easier to manage and maintain – Abstract functionality –lower layers can be changed without affecting the upper layers – Reuse – upper layers can reuse the functionality provided by lower layers Disadvantages – Information hiding – inefficient implementations

CSCE Farkas8 ISO OSI Reference Model ISO – International Standard Organization OSI – Open System Interconnection Goal: a general open standard – allow vendors to enter the market by using their own implementation and protocols

CSCE Farkas9 OSI vs. TCP/IP OSI: conceptually define: service, interface, protocol Internet: provide a successful implementation Application Presentation Session Transport Network Datalink Physical Internet Network Access Transport Application IP LAN Packet radio TCPUDP TelnetFTPDNS

CSCE Farkas10 Network Access Layer Responsible for packet transmission on the physical media Transmission between two devices that are physically connected The goal of the physical layer is to move information across one “hop” For example: Ethernet, token ring, Asynchronous Transfer Mode (ATM)

CSCE Farkas11 Network Layer Provides connectionless and unreliable service Routing (routers): determine the path a path has to traverse to reach its destination Defines addressing mechanism – Identify each destination unambiguously – Hosts should conform to the addressing mechanism

CSCE Farkas12 IP Addresses – Network layer IP provides logical address space and a corresponding addressing schema IP address is a globally unique or private number associated with a host network interface Every system which will send packets directly out across the Internet must have a unique IP address IP addresses are based on where the hosts are connected IP addresses are controlled by a single organization - address ranges are assigned They are running out of space!

CSCE Farkas13 Routing Protocols Enable routing decisions to be made Manage and periodically update routing tables, stored at each router Router : “which way” to send the packet Protocol types: Reachability Distance vector

CSCE Farkas14 The Domain Name System Each system connected to the Internet also has one or more logical addresses. Unlike IP addresses, the domain address have no routing information - they are organized based on administrative units There are no limitations on the mapping from domain addresses to IP addresses

CSCE Farkas15 Domain Name Resolution Domain Name Resolution: looking up a logical name and finding a physical IP address There is a hierarchy of domain name servers Each client system uses one domain name server which in turn queries up and down the hierarchy to find the address If your server does not know the address, it goes up the hierarchy possibly to the top and works its way back down

CSCE Farkas16 Transport Layer Provides services to the application layer Services: – Connection-oriented or connectionless transport – Reliable or unreliable transport – Security : new compared to the other two services. May provide: authenticity, confidentiality, integrity Application has to choose the services it requires from the transport layer Limitations of combinations, e.g., connectionless and reliable transport is invalid

CSCE Farkas17 Application Layer Provides services for an application to send and recieve data over the network, e.g., telnet (port 23), mail (port 25), finger (port 79) Interface to the transport layer – Operating system dependent – Socket interface – most popular

CSCE Farkas18 Communication Between Layers Transport layer Network layer Data Link layer Network layer Data Link layer Network layer Data Link layer Network layer Transport layer Application layer Application Data Transport payload Network Payload Data Link Payload Host ARouter Host B

Networks Threats CSCE Farkas19

Network Threats 1. Reconnaissance – Port scan: which ports and services are running, which OS is installed, applications and their versions – Social engineering: can access sensitive information up to login credentials – Intelligence: open source vs. espionage – Bulletin boards, chats, documentations, etc. CSCE Farkas20

Threats in Transit Passive attacks: wiretap, traffic monitoring, packet sniffer, etc. Protocol Flaws: RFC number used to report new vulnerabilities Impersonation – Nonexistent authentication, guessing authentication information, well-known authentication – Eavesdropping and wiretapping – Spoofing and masquerading – Session hijacking, man-in-the-middle CSCE Farkas21

Message Confidentiality Threats Mis-delivery – Target not available, promiscuous-mode Exposure – Eavesdropping – Traffic analysis CSCE Farkas22

Message Integrity Threats Falsification of Messages Noise Malformed Packets Protocol failures CSCE Farkas23

Denial of Service Threats Transmission failure – Multiple reasons, intentional accidental Connection flooding: attacker sends as much data as the victim can handle, preventing other from acess – E.g., ping of death, smurf, syn flooding, etc. Traffic redirection: routers forward packets to wrong address – Corrupted router, incorrect DNS entry, etc. CSCE Farkas24

How to address these threats? CSCE Farkas25

CSCE Farkas26 Security -- At What Level? Secure traffic at various levels in the network Where to implement security? -- Depends on the security requirements of the application and the user Basic services that need to be implemented: Key management Confidentiality Nonrepudiation Integrity/authentication Authorization

CSCE Farkas27 Network Access Layer (Data Link) Security Dedicated link between hosts/routers  hardware devices for encryption Advantages: – Speed Disadvantages: – Not scaelable – Works well only on dedicates links – Two hardware devices need to be physically connected

CSCE Farkas28 Internetwork Layer Security IP Security (IPSec) Advantages: – Overhead involved with key negotiation decreases <-- multiple protocols can share the same key management infrastructure – Ability to build VPN and intranet – Provides per flow or per connection security Disadvantages: – Difficult to handle low granularity security, e.g., nonrepudation, user-based security,

CSCE Farkas29 Transport Layer Security Advantages: – Does not require enhancement to each application Disadvantages: – Difficult to obtain user context – Implemented on an end system (Transport Layer Security) – Protocol specific Implemented for each protocol Must maintain context for a connection

CSCE Farkas30 Application Layer Security Advantages: – Executing in the context of the user --> easy access to user’s credentials – Complete access to data --> easier to ensure nonrepudation – Application can be extended to provide security (do not depend on the operating system) – Application understand data --> fine tune security Disadvantages: – Implemented in end hosts – Security mechanisms have to be implemented for each application --> –expensive –greated probability of making mistake

CSCE Farkas31 Application Example client using PGP Extended capabilities – Ability to look up public keys of the users – Ability to provide securiy services such as encryption/decrytion, nonrepudation, and authentication for messages

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.