8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

Slides:



Advertisements
Similar presentations
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Advertisements

Security in Networks (Part 2) CPSC 363 Computer Networks Ellen Walker Hiram College (Includes figures from Computer Networking by Kurose & Ross, © Addison.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
(4.4) Internet Protocols Layered approach to Internet Software 1.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Chapters 8 Network Security Professor Rick Han University of Colorado at Boulder
Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Chapter 7: Network Security
8: Network Security – Integrity, Firewalls.
1DT014/1TT821 Computer Networks I Chapter 8 Network Security
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
Network security and Hot topics in networking EECS 489 Computer Networks Z. Morley Mao Wednesday, April 11,
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
24-1 Last time □ Message Integrity □ Authentication □ Key distribution and certification.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
FIREWALL Mạng máy tính nâng cao-V1.
Network Security7-1 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Network Security7-1 Today r Collect Ch6 HW r Assign Ch7 HW m Ch7 #2,3,4,5,7,9,10,12 m Due Wednesday Nov 19 r Continue with Chapter 7 (Security)
Secure connections.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
Network Security7-1 Chapter 7 Network Security Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley,
Firewalls A note on the use of these ppt slides:
Chapter 13 – Network Security
1 WEP Design Goals r Symmetric key crypto m Confidentiality m Station authorization m Data integrity r Self synchronizing: each packet separately encrypted.
8: Network Management1 Firewalls. 8: Network Management2 Firewalls Two firewall types: m packet filter m application gateways To prevent denial of service.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 12 Network Security (2)
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
Ch 8. Security in computer networks Myungchul Kim
Network Security overview. Topics What is network security? Principles of cryptography Authentication Integrity Key Distribution and certification Access.
Network Security7-1 Firewalls Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
TCP/IP Protocols Contains Five Layers
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 5: Mobile security,
Network Security7-1 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Network Security Understand principles of network security:
Network Security7-1 Firewalls Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)
8: Network Security 8-1 IPsec: Network Layer Security r network-layer secrecy: m sending host encrypts the data in IP datagram m TCP and UDP segments;
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Chapter 14 Network Encryption
Chapter 10: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality” m authentication.
Network Security7-1 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Network Security7-1 Firewalls Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Network Security7-1 Firewalls Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall.
Lecture Notes Thursday Sue B. Moon.
K. Salah1 Security Protocols in the Internet IPSec.
Network Security. 2 Why Network Security?  Malicious people share your network  Problem made more severe the more the Internet became commercialized.
25-1 Last time □ Firewalls □ Attacks and countermeasures □ Security in many layers ♦ PGP ♦ SSL ♦ IPSec.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Last time Message Integrity Authentication
The Transport Layer Implementation Services Functions Protocols
Security in the layers 8: Network Security.
Firewalls firewall Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. administered network public.
Review and Announcement
Chapter 6 Network Security
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

8: Network Security8-1 Security in the layers

8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using SSL services. r Used between Web browsers, servers for e-commerce (https). r Security services: m server authentication m data encryption m client authentication (optional) r Server authentication: m SSL-enabled browser includes public keys for trusted CAs. m Browser requests server certificate, issued by trusted CA. m Browser uses CA’s public key to extract server’s public key from certificate.

8: Network Security8-3 SSL (continued) Encrypted SSL session: r Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server. r Using private key, server decrypts session key. r Browser, server know session key m All data sent into TCP socket (by client or server) encrypted with session key. r SSL: basis of IETF Transport Layer Security (TLS). r SSL can be used for non-Web applications, e.g., IMAP. r Client authentication can be done with client certificates.

8: Network Security8-4 IPsec: Network Layer Security r Network-layer secrecy: m sending host encrypts the data in IP datagram m TCP and UDP segments; ICMP and SNMP messages. r Network-layer authentication m destination host can authenticate source IP address r Two principal protocols: m authentication header (AH) protocol m encapsulation security payload (ESP) protocol r For both AH and ESP, source, destination handshake: m create network-layer logical channel called a security association (SA) r Designed for IPv6 m Backward compatible with IPv4

8: Network Security8-5 IEEE security r War-driving: drive around Bay area, see what networks available? m More than 9000 accessible from public roadways m 85% use no encryption/authentication m packet-sniffing and various attacks easy! r Securing m encryption, authentication m first attempt at security: Wired Equivalent Privacy (WEP): a failure m current attempt: i

8: Network Security8-6 Wired Equivalent Privacy (WEP): r authentication as in a weak protoocol m host requests authentication from access point m access point sends 128 bit nonce m host encrypts nonce using shared symmetric key m access point decrypts nonce, authenticates host r no key distribution mechanism r authentication: knowing the shared key is enough

8: Network Security8-7 WEP data encryption r Host/AP share 40 bit symmetric key r Host appends 24-bit Initialization Vector (IV) to create 64-bit key r 64 bit key used to generate stream of keys, k i IV r k i IV used to encrypt ith byte, d i, in frame: c i = d i XOR k i IV r IV and encrypted bytes, c i sent in frame

8: Network Security WEP encryption Sender-side WEP encryption

8: Network Security8-9 Breaking WEP encryption Security hole: r 24-bit IV, one IV per frame, -> IV’s eventually reused r IV transmitted in plaintext -> IV reuse detected r Attack: m Trudy causes Alice to encrypt known plaintext d 1 d 2 d 3 d 4 … m Trudy sees: c i = d i XOR k i IV m Trudy knows c i d i, so can compute k i IV m Trudy knows encrypting key sequence k 1 IV k 2 IV k 3 IV … m Next time IV is used, Trudy can decrypt!

8: Network Security i: improved security r numerous (stronger) forms of encryption possible r provides key distribution r uses authentication server separate from access point

8: Network Security8-11 WPA - Wi-Fi Protected Access r Implements i r 128-bit key, 48-bit IV r Uses TKIP (Temporary Key Integrity Protocol) m Hash of IV (not sent in plaintext) m Ensures each frame is sent with a unique key

8: Network Security8-12

8: Network Security8-13 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. firewall

8: Network Security8-14 Firewalls: Why prevent denial of service attacks: m SYN flooding: attacker establishes many bogus TCP connections, no resources left for “real” connections. prevent illegal modification/access of internal data. m e.g., attacker replaces CIA’s homepage with something else allow only authorized access to inside network (set of authenticated users/hosts) two types of firewalls: m application-level m packet-filtering

8: Network Security8-15 Packet Filtering r internal network connected to Internet via router firewall r router filters packet-by-packet, decision to forward/drop packet based on: m source IP address, destination IP address m TCP/UDP source and destination port numbers m ICMP message type m TCP SYN and ACK bits Should arriving packet be allowed in? Departing packet let out?

8: Network Security8-16 Packet Filtering r Example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23. m All incoming and outgoing UDP flows and telnet connections are blocked. r Example 2: Block inbound TCP segments with ACK=0. m Prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside.

8: Network Security8-17 Application gateways r Filters packets on application data as well as on IP/TCP/UDP fields. r Example: allow select internal users to telnet outside. host-to-gateway telnet session gateway-to-remote host telnet session application gateway router and filter 1. Require all telnet users to telnet through gateway. 2. For authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections 3. Router filter blocks all telnet connections not originating from gateway.

8: Network Security8-18 Limitations of firewalls and gateways r IP spoofing: router can’t know if data “really” comes from claimed source r if multiple app’s. need special treatment, each has own app. gateway. r client software must know how to contact gateway. m e.g., must set IP address of proxy in Web browser r filters often use all or nothing policy for UDP. r tradeoff: degree of communication with outside world, level of security r many highly protected sites still suffer from attacks. prevention/showArticle.jhtml?articleID=

8: Network Security8-19 Network Security (summary) Basic techniques…... m cryptography (symmetric and public) m authentication m message integrity m key distribution …. used in many different security scenarios m secure m secure transport (SSL) m IP sec m m Firewall

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.