Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security and Privacy Vitaly Shmatikov CS 378

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security and Privacy Vitaly Shmatikov CS 378"— Presentation transcript:

1 Network Security and Privacy Vitaly Shmatikov CS 378 http://www.cs.utexas.edu/~shmat/courses/cs378_spring05/

2 Course Personnel uInstructor: Vitaly Shmatikov Office: TAYLOR 4.115C Office hours: Thursday, 3:30-4:30pm (after class) Open door policy – don’t hesitate to stop by! uTA: Justin Brickell Office hours TBA uWatch the course website Assignments, reading materials, lecture notes uThis course is an experiment! First UT course on network security

3 Prerequisites uRequired: CS 372 (Operating Systems) My course has a substantial implementation component No waivers! uRecommended: Introduction to Computer Security; Cryptography; Computer Networks Not much overlap with this course, but will help gain deeper understanding of security mechanisms and where they fit in the big picture uRecommended: exposure to C programming Project will involve implementing buffer overflow exploits in C

4 Class Poll uIntroduction to computer security? Access control, Web security, sandboxing, firewalls? uCryptography? Public-key and symmetric encryption, digital signatures, cryptographic hash, random-number generators? uComputer networks? Network architecture, application and transport layer protocols? uProgramming in C?

5 Course Logistics uLectures Tuesday, Thursday 2-3:30pm uFive homeworks (40% of the grade) One or two may involve implementation uProject (15% of the grade) Involves a fair bit of implementation Security is a contact sport! uMidterm (20% of the grade) uFinal (25% of the grade) uUTCS Code of Conduct will be strictly enforced

6 Course Materials uTextbook: William Stallings. “Network Security Essentials: Applications and Standards.” Focuses on details of deployed security systems Lectures will focus on “big-picture” principles and ideas of network attack and defense Attend lectures! Lectures will cover some material that is not in the textbook – and you will be tested on it! uOccasional assigned readings Start reading “Smashing the Stack For Fun and Profit” by Aleph One (from Phrack hacker magazine) Understanding it will be essential for your project

7 Other Helpful Books uRoss Anderson. “Security Engineering”. Focuses on design principles for secure systems Wide range of entertaining examples: banking, nuclear command and control, burglar alarms Ross Anderson is famous for hacking tamper-resistant hardware uKaufman, Perlman, Speciner. “Network Security: Private Communication in a Public World”. Comprehensive network security textbook

8 Main Themes of the Course u Vulnerabilities of networked applications Worms, denial of service attacks, malicious code arriving from the network, attacks on infrastructure uDefense technologies Protection of information in transit: cryptography, application- and transport-layer security protocols Protection of networked applications: firewalls and intrusion detection uStudy a few deployed systems in detail: from design principles to gory implementation details Kerberos, SSL/TLS, IPSec

9 What This Course is Not About uNot a comprehensive course on computer security uNot a course on ethical, legal or economic issues No file sharing, DMCA, free speech issues uOnly cursory overview of cryptography Take CS 346 for deeper understanding uOnly some issues in systems security No access control, OS security, secure hardware Will cover buffer overflow: #1 cause of remote penetration attacks uNo language-based security

10 Motivation https://

11 Excerpt From “General Terms of Use” YOU ACKNOWLEDGE THAT NEITHER WELLS FARGO, ITS AFFILIATES NOR ANY OF THEIR RESPECTIVE EMPLOYEES, AGENTS, THIRD PARTY CONTENT PROVIDERS OR LICENSORS WARRANT THAT THE SERVICES OR THE SITE WILL BE UNINTERRUPTED OR ERROR FREE; NOR DO THEY MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES OR THE SITE, OR AS TO THE TIMELINESS, SEQUENCE, ACCURACY, RELIABILITY, COMPLETENESS OR CONTENT OF ANY INFORMATION, SERVICE, OR MERCHANDISE PROVIDED THROUGH THE SERVICES AND THE SITE.

12 “Privacy and Security” “As a Wells Fargo customer, your privacy and security always come first.” Privacy policy for individuals Online privacy policy Our commitment to online security Online and computer security tips How we protect you General terms of use

13 What Do You Think? What do you think should be included in “privacy and security” for an e-commerce website? ?

14 Desirable Security Properties uAuthenticity uConfidentiality uIntegrity uAvailability uNon-repudiation uFreshness uAccess control uPrivacy of collected information uIntegrity of routing and DNS infrastructure

15 Syllabus (1): Security Mechanisms uBasics of cryptography Symmetric and public-key encryption, certificates, cryptographic hash functions, pseudo-random generators uAuthentication and key establishment Case study: Kerberos uIP security Case study: IPSec protocol suite uWeb security Case study: SSL/TLS (Transport Layer Security)

16 Syllabus (2): Attacks and Defenses uBuffer overflow attacks uNetwork attacks Distributed denial of service Worms and viruses Attacks on routing infrastructure uDefense tools Firewalls and intrusion detection systems uWireless security uPrivacy-enhancing technologies

17 network Attack on Confidentiality uConfidentiality is concealment of information Eavesdropping, packet sniffing, illegal copying

18 network Attack on Integrity uIntegrity is prevention of unauthorized changes Intercept messages, tamper, release again

19 network Attack on Authenticity uAuthenticity is identification and assurance of origin of information Unauthorized assumption of another’s identity

20 network Attack on Availability uAvailability is ability to use information or resources desired Overwhelm or crash servers, disrupt infrastructure

21 Network Stack application presentation session transport network data link physical IP TCP email, Web, NFS RPC 802.11 Sendmail, FTP, NFS bugs, chosen-protocol and version-rollback attacks SYN flooding, RIP attacks, sequence number prediction IP smurfing and other address spoofing attacks RPC worms, portmapper exploits WEP attacks Only as secure as the single weakest layer…

22 Network Defenses Cryptographic primitives Protocols and policies Implementations Building blocks Blueprints Systems RSA, DSS, SHA-1… SSL, IPSec, access control… Firewalls, intrusion detection… …all defense mechanisms must work correctly and securely

23 Correctness versus Security uProgram or system correctness: program satisfies specification For reasonable input, get reasonable output uProgram or system security: program properties preserved in face of attack For unreasonable input, output not completely disastrous uMain difference: active interference from adversary uModular design may increase vulnerability Abstraction is very difficult to achieve in security: what if the adversary operates below your level of abstraction?

24 Bad News uSecurity often not a primary consideration Performance and usability take precedence uFeature-rich systems may be poorly understood Higher-level protocols make mistaken assumptions uImplementations are buggy Buffer overflows are the “vulnerability of the decade” uNetworks are more open and accessible than ever Increased exposure, easier to cover tracks uMany attacks are not even technical in nature Phishing, impersonation, etc.

25 Better News uThere are a lot of defense mechanisms We’ll study some, but by no means all, in this course uIt’s important to understand their limitations “If you think cryptography will solve your problem, then you don’t understand cryptography… and you don’t understand your problem” -- Bruce Schneier Many security holes are based on misunderstanding uSecurity awareness and user “buy-in” help uOther important factors: usability and economics

26 Reading Assignment uStallings, sections 1.1-1.5 uStart reading buffer overflow materials on the website

Download ppt "Network Security and Privacy Vitaly Shmatikov CS 378"

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Cryptography and Network Security

Cryptography and Network Security
NS-H0503-02/11041 Attacks. NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
L0. Introduction Rocky K. C. Chang, January 2013.

L0. Introduction Rocky K. C. Chang, January 2013.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Slide 1 Vitaly Shmatikov CS 378 Network Security and Privacy

Slide 1 Vitaly Shmatikov CS 378 Network Security and Privacy
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
1 Security Concepts Introduction. 2 Main Themes of the Course Vulnerabilities of networked applications –Worms, denial of service attacks, malicious code.

1 Security Concepts Introduction. 2 Main Themes of the Course Vulnerabilities of networked applications –Worms, denial of service attacks, malicious code.
7.3 Network Security Controls 1Network Security / G.Steffen.

7.3 Network Security Controls 1Network Security / G.Steffen.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

Similar presentations

Ads by Google