Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing."— Presentation transcript:

1 CS682- Session 10 Prof. Katz

2 Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing

3 Sources for Information http://www.microsoft.com/security http://www.cert.org http://www.ntsecurity.net http://www.linuxsecurity.org Vendor websites Hacker websites

4 How to protect Maintain the latest versions with the latest patches, with reservation. Have more than one layer of security Provide services only to those whom you intend to use your service

5 Some common attacks RedButton RPC BIND Vulnerabilities Apache Vulnerabilities Email Vulnerabilities

6 Who’s to blame Hackers Script-Kiddies Administrators Management Programmers Computers

7 SSL Encryption

8 What is SSL Now referred to as Transport Layer Security, it is more commonly known as Secure Sockets Layer Exists above TCP but below Application layer. It is an layer designed to encrypt the data section of a TCP packet without the ULP knowing

9 What is SSL used for Encryption of data between client and server Authentication of server to a client

10 What do we need for SSL? The client must support an encryption protocol and SSL Server must have an X.509v3 certificate issued by a source trusted by both client and server

11 Basic Procedure TCP Three way handshake Client issues a greeting listing available cyphers Server chooses cypher and sends it’s x.509v3 certificate including the public key. Client checks certificate for trust of issuance and expiration time then uses server’s public key to encrypt a ”premaster secret”, client then calculates session key based on the premaster secret Server decrypts premaster secret and calculates the same session key. Server then replies to the client with an encrypted message indicating completion.

12 Extensions to the Procedure After server is authenticated, it can request client authentication.

Download ppt "CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing."

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
Internet Security Protocols

Internet Security Protocols
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Similar presentations

Ads by Google