1

Introduction

IT443 – Network Security AdministrationInstructor: Bo Sheng

2

Basic Information

• Location and time– S-3-028, – Mondays and Wednesdays 7:00~8:15pm

• Instructor (Bo Sheng)– Bo.sheng@umb.edu , shengbo@cs.umb.edu– 617-287-6468– Office: S-3-167– Office hours: Mon & Wed, 2~4pm

3

Course Outline

• Network Basics– Network layers, headers, services, …– TCP/IP, MAC, DNS, ARP, …

• Cryptography Basics– Secret key encryption, Public key encryption, Hash

function– Doesn’t cover theoretical foundation

• Authentication– Password, challenge/response, mutual authentication,

…

4

Course Outline

• Public Key Infrastructure– PKI architecture, certificates, …

• IPsec– Secure IP layer protocol

• SSL/TLS– Secure transport layer protocol

• Firewall– Prevent attacks, iptables, …

5

Course Outline

• Intrusion Detection System– Host-based IDS and network-based IDS

• Email Security• Wireless security / Worm (backup)

– Rouge AP attacks, WEP crack, Worm propagation/detection, …

6

Course Work

• 6~7 lab assignments (70%)– Team of 2 students– Lab report

• Follow the instructions• Observe the output• Understand the results (may need more tests to

confirm)

7

Course Work

• Final exam (30%)– Last time this course was taught

• 8 “true or false”• 6 “multiple choices”• 3 “descriptive questions”

• Lecture + Lab– Virtual machines

8

Lab Outline

• Understanding network packets– IP prefix, DNS service

• Encryption/decryption– Conduct file encryption (openssl)– Distinguish cryptographic algorithms

• Password cracking– Dictionary attack, john-the-ripper

• Network attacks– SYN flood, ARP poisoning

9

Lab Outline

• Implementing certificate– Set up https service

• Configuring a firewall– iptables

• System monitoring– Remote logging

• Intrusion detection– Aide and Snort

• SQL injection (backup)

10

Other Info

• Course web page– http://www.cs.umb.edu/~shengbo/teaching/it443.html

• Prerequisite– IT341– If you take IT341 later, you will lose the credits

of this course.

11

Policies

• Lab reports– Partial points will be given, but no later

submissions are accepted.

• Honor code• No makeup exam• Accommodations

– Ross Center for Disability Service• Campus Center Room 211• 617-287-7430

12

Information

• Door code: 434598*• Login: Your windows account• If you use your own laptop, install

– Vmware workstation 10.0– Virtualbox

• Install Ubuntu Desktop on a VM– Vmware 10.0: NM21L-LK05L-N8864-0J0K0-28X25 – http://wes.cs.umb.edu/it443/ubuntu-10.04.4-desktop-i386.iso

13

Introduction to Network Security

• Security Breaches– http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-

breaches-hacks/

• Symantec Threat Explorer– http://us.norton.com/security_response/threatexplorer/index.jsp

• Email Spam

14

Introduction to Network Security

• Security threats– Malware: Virus, worm, spyware– Spam– Botnet– DDoS attacks– Phishing– Cross-site scripting (XSS)– …

15

Contributing Factors• Lack of awareness of threats and risks of information

systems– Security measures are often not considered until an Enterprise

has been penetrated by malicious users

• Wide-open network policies– Many Internet sites allow wide-open Internet access

• Lack of security in TCP/IP protocol suite– Most TCP/IP protocols not built with security in mind

• Complexity of security management and administration• Software vulnerabilities

– Example: buffer overflow vulnerabilities

• Cracker skills keep improving

16

Security Objectives (CIA)

17

Security Objectives (CIA)

• Confidentiality — Prevent/detect/deter improper disclosure of information

• Integrity — Prevent/detect/deter improper modification of information

• Availability — Prevent/detect/deter improper denial of access to services provided by the system

18

OSI Security Architecture

• ITU-T X.800 “Security Architecture for OSI”

• Defines a systematic way of defining and providing security requirements

• It provides a useful, if abstract, overview of concepts we will study

19

Aspects of Security

• 3 aspects of security:– security attack

• Any action that compromises the security of information owned by an organization

– security mechanism• A process that is designed to detect, prevent, or

recover from a security attack

– security service• Counter security attacks: make use of one or more

security mechanisms to provide the service

20

Threat Model and Attack Model

• Threat model and attack model need to be clarified before any security mechanism is developed

• Threat model– Assumptions about potential attackers– Describes the attacker’s capabilities

• Attack model– Assumptions about the attacks– Describe how attacks are launched

21

Passive Attacks

22

Active Attacks

23

Security Mechanism (X.800)

• Specific security mechanisms:– encipherment, digital signatures, access controls, data

integrity, authentication exchange, traffic padding, routing control, notarization

• Pervasive security mechanisms:– trusted functionality, security labels, event detection,

security audit trails, security recovery

24

Security Service

• Enhance security of data processing systems and information transfers of an organization

• Intended to counter security attacks• Using one or more security mechanisms

• Often replicates functions normally associated with physical documents– For example, have signatures, dates; need protection

from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed

25

Security Service• Authentication - assurance that communicating entity is the one

claimed

• Access Control - prevention of the unauthorized use of a resource

• Data Confidentiality –protection of data from unauthorized disclosure

• Data Integrity - assurance that data received is as sent by an authorized entity

• Non-Repudiation - protection against denial by one of the parties in a communication

• Availability – resource accessible/usable

26

• Check network connection– ping google.com

• Log out