1. Session 10

2. Objectives: By the end of this session, the student will be able to: Recognize the basic forms of system attacks Cite the technique used to make data secure Recognize the concepts underlying physical protection measures Cite the techniques used to control access to computers and networks Cite the strengths and weaknesses of passwords Explain the difference between a substitution-based and a transposition-based cipher Outline the basic features of public key cryptography, Advanced Encryption Standard, digital signatures, and the public key infrastructure Cite the techniques used to secure communications Recognize the importance of a firewall, and be able to describe the two basic types of firewall protection

3. Hacker 3 Hacker saga continues: Mounties nab 15-year-old Canadian ITworld.com 4/19/00 UPDATE The Royal Canadian Mounted Police (RCMP) said that they have arrested a 15-year-old Montreal boy and charged him in connection with the largest hacker attacks to date on e-commerce Web sites in the United States. In accordance with Canadian law, the identity of the boy, who is said to have used the alias "Mafia Boy," was not disclosed. http://security.itworld.com/4339/ITW384/page_1.html

4. Typical Hacker Approach 4 Step 1: Reconnaissance-ARIN, whois Step 2: Scanning-wardialing, port scanning, firewalk Step 3: Exploit Systems - Gaining Access-spoofing, hijiacking, DNS poisoning - Elevating Access-L0phtCrack, Crack, SecHole, getAdmin - Application-Level Attacks – CGI attacks, Web state maintenance - Denial of Service-CPUhog, WinNuke, Ping of death, Land, smurf, SYNflood, Targa, TFN2K, Trin00 Step 4: Keeping Access- Back Orifice 2000, Rootkits, Knark Step 5: Covering the tracks- logs, reverse WWW shell, Loki

5. Security 5 Basic Premise: The means to uniquely identify a person, consists of using at least one selection from a minimum of two of the following categories: Something you have User ID – others may have knowledge of this A token (smart card / SecurID / WatchWord Token) Something you know Password / Passphrase / PIN – only you know this Something you are An attribute of your physical body that is unique (fingerprint, hand geometry, iris, retina, earprint... )

6. Passwords 6 Standard Rules: Change password often Pick a good password with At least 8 characters Mix upper-case and lower-case characters Don't choose passwords that are similar to first or last names, or other choices easily guessed Don't share your password with others Don't write it down and “post it on your monitor”

7. Passwords 7 UNIX Password Passwd file: sample:x:503:100::/home/sample:/bin/bash Shadow File: sample:$2a$05$JGqlq1afYTnH0t3OwOxbOeogkJAo9/vWdbOTQ73fQXRzjBsLvmxXS:12737:0:999 99:7:::

8. Monoalphabetic Substitution-Based Ciphers 8 Plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z Ciphertext: P O I U Y T R E W Q L K J H G F D S A M N Z V C X B how about lunch at noon EGVPO GNMKN HIEPM HGGH

9. Polyalphabetic Substitution-Based Ciphers 9 Key: COMPUTERSCIENCECOMPUTERSCIENCECOMPUTERSCIENCECO Plaintext: thisclassondatacommunicationsisthebestclassever Ciphertext: VVUHWEEJKQVHNVEECYBOGMTSVQSAUMUHTTVXWKUNIWFGZGF

10. Transposition-Based Ciphers 10 Keyword: COMPUTER 14358726 relative position of characters in alphabet Plaintext Message: this is the best class i have ever taken COMPUTER 14358726 thisisth ebestcla ssihavee vertaken Ciphertext: TESVTLEEIEIRHBSESSHTHAENSCVKITAA

11. AES - Rijndael 11 Animation of Algorithm at work http://people.senecac.on.ca/travis.mander/rijndael_ingles2004.swf

12. Windows Firewall 12

13. Filter Firewall 13

14. Proxy Firewall 14