© 2009 Pearson Education, Inc. Publishing as Prentice Hall Chapter 9 Raymond Panko’s Business Data Networks and Telecommunications, 7th edition May only.

Slides:



Advertisements
Similar presentations
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Advertisements

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security Chapter 9 Copyright 2004 Prentice-Hall Panko’s Business Data Networks and Telecommunications, 5 th edition.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
COS 338 Day 16. DAY 16 Agenda Capstone Proposals Overdue 3 accepted, 3 in mediation Capstone progress reports still overdue I forgot to mark in calendar.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 12-1© 2007 Prentice-Hall, Inc ELC 200 Day 22.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Chapter 9 Security. The Threat Environment 3 Figure 9-1: CSI/FBI Survey Companies Face Many Attacks –Viruses (and other malware) –Insider abuse of net.
Network Security Chapter 3 Panko and Panko
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Chapter 13 Network Security. Contents Definition of information security Role of network security Vulnerabilities, threats and controls Network security.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
© 2013 Pearson.  Controlling Access to Resources ◦ If criminals cannot get access, they cannot do harm.  Authentication ◦ Proving one’s identity ◦ Cannot.
Chapter 3 Revised August  Introductory Chapters ◦ 1. Overview and core concepts ◦ 2. Standards concepts and key standards ◦ 3. Network security.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
© 2009 Pearson Education, Inc. Publishing as Prentice Hall Chapter 9 Updated January 2009 Raymond Panko’s Business Data Networks and Telecommunications,
Chapter 9 Updated January 2009 XU Zhengchuan Fudan University Security.
Chapter 9 Panko’s Business Data Networks and Telecommunications, 6 th edition Copyright 2006 Prentice-Hall Security.
Securing Information Systems
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
Security Copyright 2003 Prentice-Hall Panko’s Business Data Networking and Telecommunications, 4 th edition.
Security Chapter 9 (October 2002) Copyright 2003 Prentice-Hall Panko’s Business Data Networking and Telecommunications, 4 th edition.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Security Chapter 8 Objectives Societal impact of information and information technology –Explain the meaning of terms related to computer security and.
Internet Security facilities for secure communication.
Chapter 3.  Introductory Chapters ◦ 1. Overview and core concepts ◦ 2. Standards concepts and key standards ◦ 3. Network security  Critical for understanding.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Types of Electronic Infection
Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
ELC 200 Day 11. Agenda Questions? Assignment 3 is Not Corrected  Missing assignments Assignment 4 is posted  Due March 9:30 AM  Assignment4.pdf.
Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
1 The Elements of Cryptography Chapter 7 Copyright 2003 Prentice-Hall.
Network Security Chapter 3 Panko and Panko
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Network Security Celia Li Computer Science and Engineering York University.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Information Systems Design and Development Security Precautions Computing Science.
Chapter 3 Network Security KuangChiu Huang Ph.D. Institute of Telecommunications Management National Cheng Kung University.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Chapter 40 Internet Security.
Instructor Materials Chapter 7 Network Security
Security Chapter 9 Copyright 2004 Prentice-Hall Panko’s Business Data Networks and Telecommunications, 5th edition.
Faculty of Science IT Department By Raz Dara MA.
Security Chapter 9 Revised January 2007
Test 3 review FTP & Cybersecurity
Presentation transcript:

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Chapter 9 Raymond Panko’s Business Data Networks and Telecommunications, 7th edition May only be used by adopters of the book Security

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-2 Security Requirements Authenticity Confidentiality Integrity Non-repudiation Availability

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Security A Major Threat Intelligent Adversaries –Not just human error to content with –Adapt to defenses Recap from Chapter 1 –Authentication –Cryptography for messages –Firewalls –Host hardening

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Malware Malware –A general name for evil software Viruses –Pieces of code that attach to other programs –Virus code executes when infected programs execute –Infect other programs on the computer –Spread to other computers by attachments, IM, peer-to-peer file transfers, etc. –Antivirus programs are needed to scan arriving files Also scan for other malware

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Malware Worms –Stand-alone programs that do not need to attach to other programs –Can propagate like viruses through , etc. This requires human gullibility, which is unreliable and slow 易受欺騙

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Malware Worms –Vulnerability-enabled worms jump to victim hosts directly Can do this because hosts have vulnerabilities –Vulnerability-enabled worms can spread with amazing speed –Vendors develop patches for vulnerabilities, but companies often fail or are slow to apply them Infested Computer with Vulnerability 寄生 弱點 受害者

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Malware Payloads –After propagation, viruses and worms execute their payloads –Payloads erase hard disks or send users to pornography sites if they mistype URLs –Trojan horses are exploitation programs that disguise themselves as system files –Spyware Trojans collect sensitive data and send the data it to an attacker 偽裝 開採

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Attacks on Individuals Social Engineering –Tricking the victim into doing something against his or her interests Spam –Unsolicited commercial Fraud –Deceiving individuals to get them to do things against their interests Taking the Reader to a Web site with Malware 未經請求的 詭計 ; 騙局 欺騙

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Attacks on Individuals Credit Card Number Theft –Performed by carders Identity theft –Involves collecting enough data to impersonate the victim in large financial transactions Phishing –A sophisticated social engineering attack in which an authentic-looking or Web site entices the user to enter his or her username, password, or other sensitive information 網路釣魚

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Human Break-Ins Human Break-Ins –Viruses and worms rely on one main attack method –Humans can keep trying different approaches until they succeed Hacking –Hacking is breaking into a computer –More precisely, hacking is intentionally using a computer resource without authorization or in excess of authorization

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Human Break-Ins Scanning Phase –Send attack probes to map the network and identify possible victim hosts –The Nmap program is popular for scanning attacks (Figure 9-6)

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-12 Figure 9-6: Nmap Scanning Output IP Range to Scan Type of Scan Identified Host and Open Ports

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Human Break-Ins The Break-In –Uses an exploit—a tailored attack method that is often a program –Normally exploits a vulnerability on the victim computer –Often aided by a hacker tool –The act of breaking in is called the exploit –The hacker tool is also called an exploit

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Human Break-Ins After the Break-In –The hacker downloads a hacker tool kit to automate hacking work –The hacker becomes invisible by deleting log files –The hacker creates a backdoor (way to get back into the computer) Backdoor account—account with a known password and full privileges Backdoor program—program to allow reentry; usually Trojanized

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Human Break-Ins After the Break-In –The hacker can then do damage at his or her leisure Download a Trojan horse to continue exploiting the computer after the attacker leaves Manually give operating system commands to do damage

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Distributed Denial-of-Service (DDoS) Attack Using Bots In a distributed denial-of-service attack, the attacker floods the victim computer (or network) with more traffic than the victim can handle. Legitimate users are denied service from the unavailable server.

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Distributed Denial-of-Service (DDoS) Attack Using Bots The attacker installs Bot programs on many PCs. This is called a botnet.

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Distributed Denial-of-Service (DDoS) Attack Using Bots When it is time to attack the victim, the attacker sends attack commands to all of the Bots.

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Distributed Denial-of-Service (DDoS) Attack Using Bots The Bots then begin flooding the victim with attack packets, rendering the victim unavailable to users

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Bots Bots can be updated by their human master to fix bugs or to give new functionality— for instance, to change the Bot from a DOS attacker to a spambot.

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Types of Attackers Traditional Attackers –Traditional Hackers Hackers break into computers Driven by curiosity, a desire for power, and peer reputation –Virus writers

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Types of Attackers Traditional Attackers –Script kiddies use scripts written by experienced hackers and virus writers They have limited knowledge and abilities But large numbers of script kiddies make them dangerous –Disgruntled employees and ex-employees

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Types of Attackers Criminal Attackers –Most attacks are now made by criminals –Crime generates funds that criminal attackers need to increase attack sophistication

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Types of Attackers (Cont.) On the Horizon –Cyberterror attacks by terrorists –Cyberwar by nations –Potential for massive attacks

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Authentication with a Central Authentication Server 1. The supplicant sends its credentials to the verifier.

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Authentication with a Central Authentication Server 2. The verifier passes the credentials to a central authentication server. 3. The central authentication server checks the credentials. If the credentials are correct, the authentication server sends an OK to the verifier, along with authorizations. 1

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Authentication with a Central Authentication Server Central authentication servers bring consistency. All supplicants are evaluated exactly the same way no matter what verifiers they connect to.

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Password Authentication Passwords –Passwords are strings of characters –They are typed to authenticate the use of a username (account) on a computer Benefits –Ease of use for users (familiar) –Inexpensive because they are built into operating systems

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Password Authentication Often Weak (Easy to Crack) –Word and name passwords are common –They can be cracked quickly with dictionary attacks –Hybrid dictionary attacks can crack simple variations, such as “Processing1” almost as fast

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Password Authentication Passwords should be complex –Mix case (A and a), digits (6), and other keyboard characters ($, #, etc.) –Can only be cracked with brute force attacks (trying all possibilities) Passwords should be long –Eight characters minimum –Each added character increases the brute force search time by a factor of about 70

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Password Authentication Tell what attack can break it fastest, and tell how difficult it will be for the attacker to guess the password –swordfish –Processing1 –SeAtTLe –R7%t& –4h*6tU9$^l

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Password Authentication Other Concerns –If people are forced to use long and complex passwords, they tend to write them down –People should use different passwords for different sites Otherwise, a compromised password will give access to multiple sites

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Digital Certificate Authentication Public and Private Keys –Each party has both a public key and a private key –A party makes its public key available to everybody –A party keeps its private key secret If there are 12 employees, how many private keys will there be? How many public keys will there be?

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Digital Certificate Authentication Digital Certificate –Tamper-proof file that gives a party’s public key Name: Smith Public Key: Other field … Tamper Checking Field

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Digital Certificate Authentication CalculationDigital Certificate Authentication Test 2. Public key of the person the applicant claims to be 1. Applicant does a calculation with his or her Private key 3. Verifier tests the calculation with the public key of the claimed party (not of the sender) If the test succeeds, the applicant must know the secret private key of the claimed party, which only the claimed party should know 2

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Digital Certificate Authentication Perspective –Digital certificate authentication is very strong –However, it is very expensive because companies must set up the infrastructure for distributing public–private key pairs –The firm must do the labor of creating, distributing, and installing private keys

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Biometric Authentication Biometric Authentication –Authentication based on bodily measurements –Promises to eliminate passwords Fingerprint Scanning –Dominates biometrics use today –Simple and inexpensive –Substantial error rate (misidentification) –Often can be fooled fairly easily by impostors

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Biometric Authentication Iris Scanners –Scan the iris (colored part of the eye) –Irises are complex, so iris scanning gives strong authentication –Expensive Face Recognition –Camera: allows analysis of facial structure –Can be done surreptitiously—that is, without the knowledge or consent of the person being scanned –Very high error rate and easy to fool

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Biometric Authentication Error and Deception Rates –Error and deception rates are higher than vendors claim –The effectiveness of biometrics is uncertain

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Cryptographic Systems Cryptographic Systems –Provide security to multi-message dialogues At the Beginning of Each Communication Session –The two parties usually mutually authenticate each other Party A Party B Initial Authentication A’s Credentials To B B’s Credentials To A

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-41 Message-by-Message Protection –After this initial authentication, cryptographic systems provide protection to every message –Encrypt each message for confidentiality so that eavesdroppers cannot read it 9-20: Cryptographic Systems Party A Party B Messages Encrypted for Confidentiality Eavesdropper Cannot Read Messages

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Symmetric Key Encryption for Confidentiality Message “Hello” Cipher & Key Symmetric Key Party A Party B Network Encrypted Message Encryption uses a non-secret cipher (encryption method ) and a secret key

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Symmetric Key Encryption for Confidentiality Encrypted Message Symmetric Key Party A Party B Interceptor Network Interceptor cannot read encrypted messages en route Encrypted Message

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Symmetric Key Encryption for Confidentiality Encrypted Message Message “Hello” Cipher & Key Symmetric Key Same Symmetric Key Party A Party B Interceptor Network Receiver decrypts the message using the same cipher and the same symmetric key

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-45 Types of Symmetric Key Encryption DES3DESAES Key Length (bits)56112 or , 192, or 256 StrengthWeakStrongStrong to Very Strong Processing Requirements ModerateHighModest RAM RequirementsModerateHighModest

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-46 Figure 9-20: Symmetric and Public Key Encryption Public Key Encryption for Confidentiality Encrypted Message Encrypted Message Party A Party B Encrypt with Party B’s Public Key Decrypt with Party B’s Private Key Decrypt with Party A’s Private Key Encrypt with Party A’s Public Key Note: Four keys are used to encrypt and decrypt in both directions

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Cryptographic Systems Message-by-Message Protection –Adds an electronic signature to each message The electronic signature authenticates the sender It also provides message integrity: receiver can tell if a message has been changed in transit Party A Party B Electronic Signature

© 2009 Pearson Education, Inc. Publishing as Prentice Hall : Cryptographic Systems Message-by-Message Protection –Digital signatures use digital certificate authentication Very strong authentication, but also very expensive –HMACs (key-hashed message authentication codes) are less expensive They are not quite as secure as digital signatures, but are still quite secure The most widely used electronic signature method

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-49 Figure D-7: Digital Signature Sender Receiver DSPlaintext Add Digital Signature to Each Message Provides Message-by-Message Authentication Encrypted for Confidentiality

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-50 Figure D-7: Digital Signature: Sender DS Plaintext MD Hash Sign (Encrypt) MD with Sender’s Private Key To Create the Digital Signature: 1.Hash the plaintext to create a brief message digest a brief message digest; This is NOT the digital signature 2. Sign (encrypt) the message sender’s private digest with the sender’s private key key to create the digital Signature Hash algorithms: MD5, SHA-1

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-51 Figure D-7: Digital Signature Sender Encrypts Receiver Decrypts Send Plaintext Plus Digital Signature Encrypted with Symmetric Session Key DSPlaintext Transmission Receiver Decrypts the Message, Getting the Plaintext Plus Digital Signature

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-52 Figure D-7: Digital Signature: Receiver DSReceived Plaintext MD 1. Hash 2. Decrypt with True Party’s Public Key 3. Are they Equal? 1. Hash the received plaintext with the same hashing algorithm the sender used. This gives the message digest. 2. Decrypt the digital signature with the sender’s public key. This also should give the message digest. 3. If the two match, the message is authenticated; The sender has the true Party’s private key

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-53 Figure D-8: Public Key Deception Impostor “I am the True Party.” “Here is TP’s public key.” (Sends Impostor’s public key) “Here is authentication based on TP’s private key.” (Really Impostor’s private key) Decryption of message from Verifier encrypted with Impostor’s public key, so Impostor can decrypt it Verifier Must authenticate True Party. Believes now has TP’s public key Believes True Party is authenticated based on Impostor’s public key “True Party, here is a message encrypted with your public key.” Critical Deception

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-54 Digital Certificates Digital certificates are electronic documents that give the true party’s name and public key Applicants claiming to be the true party have their authentication methods tested by this public key If they are not the true party, they cannot use the true party’s private key and so will not be authenticated Digital certificates follow the X.509 Standard

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-55 Figure D-10: Roles of Digital Certificates and Digital Signatures in Authentication Public key authentication requires both a digital signature and a digital certificate to give the public key needed to test the digital signature DSPlaintext Applicant Verifier Certificate Authority Digital Certificate: True Party’s Public Key

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-56 Figure D-10: Roles of Digital Certificates and Digital Signatures in Authentication Digital Signature Authentication Applicant Verifier Certificate Authority Digital Certificate: True Party’s Name and Public Key Must be Tested with True Party’s Digital Certificate

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-57 Figure D-9: Public Key Infrastructure (PKI) Verifier (Brown) Certificate Authority PKI Server 2. Distribute Private Key Applicant (Lee) Verifier (Cheng) 1. Create Public Key/ Private Key Pair

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-58 Figure D-9: Public Key Infrastructure (PKI) Verifier (Brown) Certificate Authority PKI Server 4. Certificate for Lee Applicant (Lee) Verifier (Cheng) 3. Request Certificate for Lee

© 2009 Pearson Education, Inc. Publishing as Prentice Hall9-59 Figure D-9: Public Key Infrastructure (PKI) Verifier (Brown) Certificate Authority PKI Server 6. Request Certificate Revocation List (CRL) Applicant (Lee) 5. Certificate for Lee Verifier (Cheng) 7. CRL