1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and...
-
Upload
alfred-willis -
Category
Documents
-
view
226 -
download
0
Transcript of 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and...
![Page 1: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/1.jpg)
1
Introduction to Introduction to Network Network SecuritySecurity
Spring 2009
![Page 2: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/2.jpg)
2
OutlineOutline
• Introduction• Attacks, services and mechanisms• Security threats and attacks• Security services• Methods of Defense• A model for Internetwork Security• Internet standards and RFCs
![Page 3: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/3.jpg)
3
IntroductionIntroduction GoalInformatio
nSecurity
ComputerSecurity
NetworkSecurity
Automated toolsfor protecting infoon the computer
Measures to protectdata during theirtransmission on the network
Services
![Page 4: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/4.jpg)
4
Security Trends
spams
2009
![Page 5: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/5.jpg)
5
HackingHacking• Attack using the vulnerability of protocol
– DoS
– Sniffing
– Session Hijacking
– Spoofing
• Malicious code– Virus
– Trojan horse
– Back door
– Worm
John Draper, Phone hacker
![Page 6: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/6.jpg)
6
Virus and Worm
• What is Virus?– Self-replicating code
– Inserts itself into other executable code
– Contains a malicious function, called payload (can be empty)
– Native code which infects executable files
– Distribution by Email and File sharing
– Often requires a trigger from a user• e.g. execute infected application
– Virus is often used as a collective term for malware
![Page 7: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/7.jpg)
7
Trojan Horse• A destructive program that masquerades as
a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive.– A Trojan horse can be deliberately attached to
otherwise useful software by a cracker, or it can be spread by tricking users into believing that it is a useful program.
• The term comes from the a Greek story of the Trojan War : between Greek and Troy
![Page 8: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/8.jpg)
8
Virus and Worm• What is Worm?
– First Internet worm in 1988– Different to a virus
• Stand-alone program• Does not infect an application• Spreads itself through the network automatically• Usually spread much faster than viruses
– Worms often use exploits to propagate• SQL Slammer – MS SQL Server• Slapper - Apache/Mod-SSL• Code Red – MS Internet Information Server
![Page 9: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/9.jpg)
9
Attacks, Services and Attacks, Services and MechanismsMechanisms
• Security Attack: Any action that compromises the security of information.
• Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
• Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
![Page 10: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/10.jpg)
10
Security Threats & AttacksSecurity Threats & Attacks
• Threats• A possible danger that might exploit a
vulnerability of given a Circumstance, Capability by action, or event to breach security and cause harm
• Attacks• An assault on system security that derives from
an intelligent threat
![Page 11: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/11.jpg)
11
Security ThreatsSecurity Threats
![Page 12: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/12.jpg)
12
Security ThreatsSecurity Threats
• Interruption: This is a threat on availability
• Interception: This is a threat on confidentiality
• Modification: This is a threat on integrity
• Fabrication: This is a threat on authenticity
![Page 13: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/13.jpg)
13
Security AttacksSecurity Attacks
• Passive Attack : Attempts to learn or make use of info. from the system, but no affect on
system resources
- Release of message contents- Traffic analysis
• Active Attack : Attempts to data system resources or affect their operations- Masquerade- Replay- Modification of message- Denial of service : 1.25 Internet Chaos
![Page 14: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/14.jpg)
14
Release of Message Release of Message ContentsContents
Sensitive or confidential info needs to be prevented from an opponent who will learn the contents of the there transmissions
Internet orother comms
facility
Darth Read contents of
message from Bob to Alice
Bob Alice
![Page 15: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/15.jpg)
15
Traffic AnalysisTraffic AnalysisIf the contents of msgs are masked or protected by encryption, and opponent might still be able to observe the pattern of msgs,
• such as source and destination of communicating hosts,
• frequency and length of msgs being exchanged.
Internet orother communications
facility
Darth Observe pattern ofmessages from Bobto Alice
Bob Alice
![Page 16: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/16.jpg)
16
Masquerade Masquerade • Taking place when one entity pretends to be a different entity• Enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges.
Internet orother comms
facility
Darth Read contents
of message from Bob to Alice
Bob Alice
![Page 17: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/17.jpg)
17
Replay attackReplay attack
The passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
Internet orother comms facility
Darth Capture message fromBob to Alice; laterreplay message to Alice
Bob Alice
![Page 18: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/18.jpg)
18
ModificationModification of Message of Message
Some portion of legitimate msg altered, delayed, or reordered to produce an unauthorized effect.
Internet orother comms
facility
Darth Darth modifiesmessage from Bobto Alice
Bob Alice
![Page 19: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/19.jpg)
19
DenialDenial of Service of Service
The normal use of communications facilities prevented or inhibited, such as
• Suppressing all msgs directed to a particular dest.
• The disruption of an entire network by disabling the network
• The degradation of performance by overloading it with msgs
![Page 20: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/20.jpg)
20
Security ServiceSecurity Service
• A service that is provided by a protocol layer of communicating open system and that ensures adequate security of the systems or of data transfer
• Security services implement security policies and are implemented by security mechanisms
• Classification of the services– Authentication - Data Integrity– Access control - Nonrepudiation– Data confidentiality - Availability
![Page 21: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/21.jpg)
21
AuthenticationAuthentication• This service is concerned with assuring that a communication is
authentic
• Data origin authentication (in the case of a single message)
– The function of the authentication service is to assure the recipient that the message is from the original source.
– No service on duplication or modification.
• Peer entity authentication (in a connection-oriented transmission i.e TCP)
– At the time of connection initiation, the service assures that the two entities are authentic
– On the way of transmissions, the service assures that the connection is not interfered by a third party to masquerade as one of the entities.
![Page 22: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/22.jpg)
22
Access ControlAccess Control
• The prevention of unauthorised use of a resource
• In the context of network security, this service is the ability to limit and control the access to host systems and applications via communications links.
• Each entity must be identified or authenticated then, access rights can be tailored to the individual.
![Page 23: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/23.jpg)
23
Data ConfidentialityData Confidentiality
• The protection of transmitted data from passive attacks.
• Types of data confidentiality– Connection confidentiality (all user data on a
connection)– Connectionless confidentiality (all user data in a single
msg.)– Selective field confidentiality (specific fields within a
use data)– Traffic-flow confidentiality (information for traffic flow)
![Page 24: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/24.jpg)
24
Data IntegrityData Integrity• To provide the assurance that the received data are exactly
the same as the data transmitted by an authorised entity. ※ no modification, insertion, deletion, or replay
• A connection-oriented / connectionless integrity service
– Connection-oriented : deals with a stream of messages & assures no duplication, alteration, or replays on the messages.
– Connectionless : deals with individual messages & may provide protection on data modification
• Integrity service with / without recovery– The automated recovery mechanism is more attractive.
![Page 25: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/25.jpg)
25
NonrepudiationNonrepudiation
• To prevent either sender or receiver from denying a transmitted message.
– Origin (sender): Proof that the message was sent by the specified party.
– Destination (receiver): Proof that the message was received by the specified party.
![Page 26: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/26.jpg)
26
AvailabilityAvailability
• Provides the normal use of a system or system resource
• Addresses the security concerns raised by denial-of-service attack.
![Page 27: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/27.jpg)
27
Security MechanismsSecurity Mechanisms
• Specific Security Mechanisms– Implemented in a specific protocol layer.
• Pervasive Security Mechanisms– Not specific to any particular protocol layer
or security service.
![Page 28: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/28.jpg)
28
A Model for Network A Model for Network SecuritySecurity
Sec
ure
Mes
sage
Mes
sage
Trusted third party (e.g., arbiter, distributer of secret information)
Opponent
Secretinformation
Secretinformation
Security-relatedtransformation
Security-relatedtransformation
Informationchannel
Sec
ure
Mes
sage
Mes
sage
![Page 29: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/29.jpg)
29
![Page 30: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/30.jpg)
30
Methods of DefenceMethods of Defence
• Encryption• Software Controls (access limitations in
a data base, in operating system protect each user from other users)
• Hardware Controls (smartcard)• Policies (frequent changes of
passwords)• Physical Controls
![Page 31: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/31.jpg)
31
Internet standards and Internet standards and RFCsRFCs
• The Internet society– Internet Architecture
Board (IAB)
– Internet Engineering Task Force (IETF)
– RFC (request for comments)
– Internet Engineering Steering Group (IESG)
![Page 32: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/32.jpg)
32
Internet RFC Internet RFC Publication ProcessPublication Process
InternetDraft
InternetDraft
ProposedStandard
ProposedStandard
Best currentPractice
Best currentPractice ExperimentalExperimental InformationalInformational
DraftStandard
DraftStandard
InternetStandard
InternetStandard
HistoricHistoric
![Page 33: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/33.jpg)
33
Summary
• We deals with – security trends– Security attacks such as passive attacks and active
attacks– Security services such as authentication, access
control, data confidentiality, data integrity, nonrepudiation and availability service
– A model for network security including Opponent, Access Channel, Gatekeeper Function and Information System
![Page 34: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/34.jpg)
34
Outline of the Course • This chapter serves as an introduction to the entire course. The
remainder of the book is organized into three parts:• Part One : Provides a concise survey of the cryptographic
algorithms and protocols underlying network security applications, including encryption, hash functions, digital signatures, and key exchange.
• Part Two : Examines the use of cryptographic algorithms and security protocols to provide security over networks and the Internet. Topics covered include user authentication, e-mail, IP security, and Web security.
• Part Three : Deals with security facilities designed to protect a computer system from security threats, including intruders, viruses, and worms. This part also looks at firewall technology.
![Page 35: 1 Introduction to Network Security Spring 2009. 2 Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.](https://reader035.fdocuments.us/reader035/viewer/2022062304/56649ebd5503460f94bc7145/html5/thumbnails/35.jpg)
35
Thank you