Date post: | 15-Jan-2016 |
Category: |
Documents |
Upload: | javion-messenger |
View: | 278 times |
Download: | 0 times |
1
Introduction
IT443 – Network Security AdministrationInstructor: Bo Sheng
2
Basic Information
• Location and time– S-3-028, – Mondays and Wednesdays 7:00~8:15pm
• Instructor (Bo Sheng)– [email protected] , [email protected]– 617-287-6468– Office: S-3-167– Office hours: Mon & Wed, 2~4pm
3
Course Outline
• Network Basics– Network layers, headers, services, …– TCP/IP, MAC, DNS, ARP, …
• Cryptography Basics– Secret key encryption, Public key encryption, Hash
function– Doesn’t cover theoretical foundation
• Authentication– Password, challenge/response, mutual authentication,
…
4
Course Outline
• Public Key Infrastructure– PKI architecture, certificates, …
• IPsec– Secure IP layer protocol
• SSL/TLS– Secure transport layer protocol
• Firewall– Prevent attacks, iptables, …
5
Course Outline
• Intrusion Detection System– Host-based IDS and network-based IDS
• Email Security• Wireless security / Worm (backup)
– Rouge AP attacks, WEP crack, Worm propagation/detection, …
6
Course Work
• 6~7 lab assignments (70%)– Team of 2 students– Lab report
• Follow the instructions• Observe the output• Understand the results (may need more tests to
confirm)
7
Course Work
• Final exam (30%)– Last time this course was taught
• 8 “true or false”• 6 “multiple choices”• 3 “descriptive questions”
• Lecture + Lab– Virtual machines
8
Lab Outline
• Understanding network packets– IP prefix, DNS service
• Encryption/decryption– Conduct file encryption (openssl)– Distinguish cryptographic algorithms
• Password cracking– Dictionary attack, john-the-ripper
• Network attacks– SYN flood, ARP poisoning
9
Lab Outline
• Implementing certificate– Set up https service
• Configuring a firewall– iptables
• System monitoring– Remote logging
• Intrusion detection– Aide and Snort
• SQL injection (backup)
10
Other Info
• Course web page– http://www.cs.umb.edu/~shengbo/teaching/it443.html
• Prerequisite– IT341– If you take IT341 later, you will lose the credits
of this course.
11
Policies
• Lab reports– Partial points will be given, but no later
submissions are accepted.
• Honor code• No makeup exam• Accommodations
– Ross Center for Disability Service• Campus Center Room 211• 617-287-7430
12
Information
• Door code: 434598*• Login: Your windows account• If you use your own laptop, install
– Vmware workstation 10.0– Virtualbox
• Install Ubuntu Desktop on a VM– Vmware 10.0: NM21L-LK05L-N8864-0J0K0-28X25 – http://wes.cs.umb.edu/it443/ubuntu-10.04.4-desktop-i386.iso
13
Introduction to Network Security
• Security Breaches– http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-
breaches-hacks/
• Symantec Threat Explorer– http://us.norton.com/security_response/threatexplorer/index.jsp
• Email Spam
14
Introduction to Network Security
• Security threats– Malware: Virus, worm, spyware– Spam– Botnet– DDoS attacks– Phishing– Cross-site scripting (XSS)– …
15
Contributing Factors• Lack of awareness of threats and risks of information
systems– Security measures are often not considered until an Enterprise
has been penetrated by malicious users
• Wide-open network policies– Many Internet sites allow wide-open Internet access
• Lack of security in TCP/IP protocol suite– Most TCP/IP protocols not built with security in mind
• Complexity of security management and administration• Software vulnerabilities
– Example: buffer overflow vulnerabilities
• Cracker skills keep improving
16
Security Objectives (CIA)
17
Security Objectives (CIA)
• Confidentiality — Prevent/detect/deter improper disclosure of information
• Integrity — Prevent/detect/deter improper modification of information
• Availability — Prevent/detect/deter improper denial of access to services provided by the system
18
OSI Security Architecture
• ITU-T X.800 “Security Architecture for OSI”
• Defines a systematic way of defining and providing security requirements
• It provides a useful, if abstract, overview of concepts we will study
19
Aspects of Security
• 3 aspects of security:– security attack
• Any action that compromises the security of information owned by an organization
– security mechanism• A process that is designed to detect, prevent, or
recover from a security attack
– security service• Counter security attacks: make use of one or more
security mechanisms to provide the service
20
Threat Model and Attack Model
• Threat model and attack model need to be clarified before any security mechanism is developed
• Threat model– Assumptions about potential attackers– Describes the attacker’s capabilities
• Attack model– Assumptions about the attacks– Describe how attacks are launched
21
Passive Attacks
22
Active Attacks
23
Security Mechanism (X.800)
• Specific security mechanisms:– encipherment, digital signatures, access controls, data
integrity, authentication exchange, traffic padding, routing control, notarization
• Pervasive security mechanisms:– trusted functionality, security labels, event detection,
security audit trails, security recovery
24
Security Service
• Enhance security of data processing systems and information transfers of an organization
• Intended to counter security attacks• Using one or more security mechanisms
• Often replicates functions normally associated with physical documents– For example, have signatures, dates; need protection
from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed
25
Security Service• Authentication - assurance that communicating entity is the one
claimed
• Access Control - prevention of the unauthorized use of a resource
• Data Confidentiality –protection of data from unauthorized disclosure
• Data Integrity - assurance that data received is as sent by an authorized entity
• Non-Repudiation - protection against denial by one of the parties in a communication
• Availability – resource accessible/usable
26
• Check network connection– ping google.com
• Log out