Post on 27-May-2015
transcript
Security/Security/NetworkingNetworking
EncryptionEncryption
Encoding information – cryptographyEncoding information – cryptography Dan Brown’s “DaVinci Code” and “Digital Fortress”Dan Brown’s “DaVinci Code” and “Digital Fortress”
The The Caesar Cipher Caesar Cipher Julius Caesar encoded messages by replacing each Julius Caesar encoded messages by replacing each
letter with 3letter with 3rdrd letter after in alphabet (a=d, b=e, letter after in alphabet (a=d, b=e, z=c, etc.)z=c, etc.)
Improve: use cipher alphabet BUT use different Improve: use cipher alphabet BUT use different shifts for subsequent lettersshifts for subsequent letters 11stst letter = shift by 3 letters letter = shift by 3 letters 22ndnd letter = shift by 1 letter letter = shift by 1 letter 33rdrd letter = shift by 4 letters letter = shift by 4 letters Pi = 3.1415926Pi = 3.1415926
What would ‘Hello’ be?What would ‘Hello’ be?
EncryptionEncryption Public-key Public-key systems systems
Used with modern computer systemsUsed with modern computer systems Complex mathematical formulasComplex mathematical formulas Person wishing to receive messages will Person wishing to receive messages will
publish public key (often 128 publish public key (often 128 bits – larger the key – longer to bits – larger the key – longer to break)break) Example:1000 yearsExample:1000 years
Important for e-commerce (secure sites) Important for e-commerce (secure sites) PGPPGP – Pretty Good Privacy – protects – Pretty Good Privacy – protects
data in storage, too data in storage, too Public key is for Public key is for encryptionencryption Private key is for Private key is for decryptiondecryption
Debate over public key encryptionDebate over public key encryption Terrorists use encryptionTerrorists use encryption Yet, needed for e-commerce growthYet, needed for e-commerce growth
TLS/SSL TLS/SSL – Transport Layer – Transport Layer Security/Secure Sockets Layer Security/Secure Sockets Layer Web browsersWeb browsers Protects data in transit over a networkProtects data in transit over a network
Security for Wireless Security for Wireless Computer?Computer?
Wireless networksWireless networks PasswordsPasswords control what computers and users control what computers and users
access networkaccess network Encryption and AuthenticationEncryption and Authentication Encryption:Encryption:
WEPWEP (Wired Equivalency Privacy) (Wired Equivalency Privacy) Protects against casual snoopingProtects against casual snooping No longer recommended – crack in minutesNo longer recommended – crack in minutes
WPA WPA (Wi-Fi Protected Access)(Wi-Fi Protected Access) Works with all wireless network adapters but not Works with all wireless network adapters but not
all older routers or access pointsall older routers or access points WPA2WPA2 (Wi-Fi Protected Access) (Wi-Fi Protected Access)
More Secure than WPAMore Secure than WPA Will not work with some older network adaptersWill not work with some older network adapters
Wireless SecurityWireless Security
Prevents ‘Piggybacking’Prevents ‘Piggybacking’ Tapping into someone else’s wireless Internet Tapping into someone else’s wireless Internet
connection without proper authorizationconnection without proper authorization Illegal in some statesIllegal in some states
NY Times Article 2006
Passwords – Problems Passwords – Problems
Easily guessed (40-50%)Easily guessed (40-50%)
Share passwordsShare passwords
Post password next to computerPost password next to computer
Passwords too short Passwords too short
Password Solutions Password Solutions (PC (PC Mag Feb. 2008) Mag Feb. 2008)
Use ‘strong’ passwordsUse ‘strong’ passwords Mix numbers and letters; mix caseMix numbers and letters; mix case The longer the better (6-8 chars or longer)The longer the better (6-8 chars or longer)
Brute Force – trying every combination until Brute Force – trying every combination until password is determinedpassword is determined
Pet, kids and spouse names make bad Pet, kids and spouse names make bad passwordspasswords
Be inconsistent – use different passwords Be inconsistent – use different passwords for different sites for different sites (I know…hard to do!)(I know…hard to do!)
Change passwords oftenChange passwords often
Security Solutions - Security Solutions - Revised Revised
No such thing as 100% security No such thing as 100% security :: Make sure Operating System is up-to-date (automatic Make sure Operating System is up-to-date (automatic
update/service packs)update/service packs) Use anti-malware programs/Security Suites (update)Use anti-malware programs/Security Suites (update) Use a bidirectional firewallUse a bidirectional firewall Use additional anti-spyware scanners (Spybot S&D, Use additional anti-spyware scanners (Spybot S&D,
Adaware, Windows Defender)Adaware, Windows Defender) Secure wireless network (WEP/WPA/WPA2)Secure wireless network (WEP/WPA/WPA2) Use unique (strong) passwords Use unique (strong) passwords Consider using different browser – Internet Explorer Consider using different browser – Internet Explorer
is a popular target (Opera, Firefox)is a popular target (Opera, Firefox) Use encryption (E-mail, IM - example ‘PGP Desktop’)Use encryption (E-mail, IM - example ‘PGP Desktop’) Backup important files (ex. storms, hardware Backup important files (ex. storms, hardware
failure)failure) Be mindful of “social engineering” issues Be mindful of “social engineering” issues
(Phishing, Facebook)(Phishing, Facebook) Turn computer OFF when not in useTurn computer OFF when not in use
NetworkingNetworking
What are File What are File Servers?Servers?
NetworkNetwork – a group of two or more computers – a group of two or more computers connected together for exchanging connected together for exchanging data/information and sharing resourcesdata/information and sharing resources
File Server File Server – centralized computer used for – centralized computer used for storing (and sharing) programs and files.storing (and sharing) programs and files. Examples: Database server, Web server, mail Examples: Database server, Web server, mail
server, general file serversserver, general file servers
Client-serverClient-server Client – computer that ‘receives’ dataClient – computer that ‘receives’ data Server – computer that provides services to a Server – computer that provides services to a
clientclient
MessageMessage
A communication that is transferred from A communication that is transferred from one node on a network to another.one node on a network to another. E-mailE-mail Web Pages Web Pages FTP (File Transfer Protocol)FTP (File Transfer Protocol)
NetworksNetworks
BandwidthBandwidth Amount of data that can be transmitted across Amount of data that can be transmitted across
transmission medium in a certain amount of timetransmission medium in a certain amount of time
PacketPacket Data (Web pages, e-mail messages, etc.) is Data (Web pages, e-mail messages, etc.) is
transmitted in bundles called packets transmitted in bundles called packets HeaderHeader
Sender’s IP addressSender’s IP address Receiver’s IP addressReceiver’s IP address ProtocolProtocol Packet NumberPacket Number
DataData
TCP/IP- Tells which application TCP/IP- Tells which application should beshould be
used for a network used for a network message message
Transmission Control Protocol/Internet Protocol Transmission Control Protocol/Internet Protocol
Used withUsed with Ethernet networksEthernet networks
IP header IP header – includes information about which – includes information about which application should be used for each messageapplication should be used for each message
IP IP – specifies a way of sending packet – specifies a way of sending packet information from source to destinationinformation from source to destination
Port Address Port Address (16-bit number)(16-bit number)
PacketsPackets can travel separately to your computer. can travel separately to your computer.
ICANN maintains list of well-known ports (0-ICANN maintains list of well-known ports (0-1023)1023)◦ Registered ports 1024-49151Registered ports 1024-49151
Port AddressesPort Addresses
Port Address Port Address (16-bit number) (16-bit number) 21 – message contains FTP commands21 – message contains FTP commands 20 – message contains file related to FTP 20 – message contains file related to FTP
commandcommand 23 – Telnet23 – Telnet 25 – E-mail25 – E-mail 80 – HTTP (access to World Wide Web)80 – HTTP (access to World Wide Web)
Also used by firewall (screen port numbers)Also used by firewall (screen port numbers)
Firewall – Guard Against Firewall – Guard Against External ThreatsExternal Threats
Acts as a barrier between your Acts as a barrier between your system and outside worldsystem and outside world
Ports provide application-routing Ports provide application-routing information for every messageinformation for every message 21 (FTP)21 (FTP) 25 (E-mail)25 (E-mail) 80 (HTTP)80 (HTTP) 1234512345 (NetBus – Trojan) *Block* (NetBus – Trojan) *Block*
Firewall screens ports Firewall screens ports Norton Internet SecurityNorton Internet Security McAfee Internet SecurityMcAfee Internet Security Windows XP (blocks only incoming Windows XP (blocks only incoming
traffic)traffic)
Wireless TechnologyWireless Technology
Wireless TechnologyWireless Technology
Access PointAccess Point Computer connected to the Internet (acts as intermediary)Computer connected to the Internet (acts as intermediary) Name is Name is SSID (Example: RoyalAir) SSID (Example: RoyalAir) (to broadcast or not to (to broadcast or not to
broadcast?)broadcast?) Microsoft's AnswerMicrosoft's Answer
Usually user able to configure security features Usually user able to configure security features
Wireless RouterWireless Router – – attaches to access point computerattaches to access point computer
BeaconBeacon Repeating of identifying information by access pointRepeating of identifying information by access point Example: on a 2.4 GHz radio frequency band Example: on a 2.4 GHz radio frequency band
Association Association – Portable wishes to make connection– Portable wishes to make connection
Radio waves Radio waves or or infrared signals infrared signals used to communicate with used to communicate with access pointaccess point As portable computers move, interact with new access pointAs portable computers move, interact with new access point If no computers have direct access to the Internet, portable If no computers have direct access to the Internet, portable
computers still can interact with each other, but not with computers still can interact with each other, but not with the Internetthe Internet