Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT443 – Network Security Administration Instructor: Bo Sheng

Published byRosaline Barton Modified over 6 years ago

Similar presentations

Presentation on theme: "IT443 – Network Security Administration Instructor: Bo Sheng"— Presentation transcript:

1 IT443 – Network Security Administration Instructor: Bo Sheng
Review IT443 – Network Security Administration Instructor: Bo Sheng

2 Final Exam 12/10/2015 Thursday 5:30~6:30pm Science S-3-028 True/false
Multiple choices Descriptive questions

3 Network Basics Network Layers Application layer Transport layer
IP layer Data link layer TCP, UDP, IP, SSH, HTTP IP address, MAC address, TCP address? Port number

4 Network Basics Headers TCP / UDP TCP 3-way handshake
[ether net header [IP header [TCP header [Payload]]]] TCP / UDP TCP is reliable Acknowledgement, retransmission, discard duplicates, … TCP 3-way handshake SYN, ACK, FIN

5 Network Basics IP layer Routing (different paths)
IP prefix, e.g., /24 Classful Addressing (Class A, B, C) Classless Inter-Domain Routing (CIDR) Private networks /8 ( ) /12 ( ) /16 ( )

6 Network Basics DNS Data link layer Hierarchical name space
Local DNS server / caching dig / dig -x Data link layer MAC address ARP messages / ARP table

7 Network Basics Questions true/false
x.x is not globally accessible. multiple choice Which of the following header may not contain destination’s information: A. TCP header B. IP header C. Ethernet header D. All of above Compare TCP and UDP, and briefly describe their difference.

8 Crypto Basics Encryption/Decryption Plaintext, ciphertext, key
Secret key/symmetric key crypto Public key/asymmetric key crypto Hash function

9 Crypto Basics Secret key crypto Stream cipher (XOR)
Block cipher (with padding) File size

10 Crypto Basics Public key crypto Public/private key pair
Encryption/decryption (different keys) Sign/verify (digital signature) Much slower than secret key operations

11 Crypto Basics Hash function One way transformation
Collision resistance Applications Message digest/checksum File integrity Password

12 Crypto Basics Questions True or false
In secret key encryption, the encrypted file’s size may be smaller than the original file’s. Which of the following gives the desired properties of hash functions? a. One-way property, that is, it’s easy to reverse the hash computation, but computationally infeasible to compute the hash function itself. b. Collision free, that is, it’s computationally infeasible to find two messages that have the same hash value. c. Only authorized parties can perform hash functions.

13 Authentication What’s authentication User authentication
Allow a user to prove his/her identity to another entity (e.g., a system, a device). Message authentication Verify that a message has not been altered without proper authorization.

14 Authentication Threat Eavesdropping Password guessing
Server database reading (compromised)

15 Authentication Challenge/response Alice Bob Alice Bob I’m Alice
a challenge R H(KAlice-Bob, R) I’m Alice Alice Bob R SigAlice{R}

16 Authentication Key Distribution Center Certificate
If node A wants to communicate with node B A sends a request to the KDC The KDC securely sends to A: EKA(RAB) and EKB(RAB, A) Certificate How do you know the public key of a node? Certification Authorities (CA) Everybody needs to know the CA public key The CA generates certificates: Signed(A, public-key, validity information) [Alice’s public key is ]carol [Carol’s public key is ]Ted & [Alice’s public key is ]carol

17 Authentication Password guessing Online vs. offline Dictionary attack
Password salt

18 Authentication Questions Alice Bob
Assume Alice and Bob share a secret KAlice-Bob, what is the security flaw when they use the following protocol for Bob to authenticate Alice? I’m Alice, H(KAlice-Bob) Alice Bob

19 IPsec Which layer Why we need it Two protocols / two modes IP spoofing
Payload modification Eavesdropping Two protocols / two modes

20 IPsec Transport mode Tunnel mode Host-to-host Gateway-to-gateway
IP header is encrypted

21 SSL Which layer Why we need it Main processes Think about https
Negotiate cipher suites Authenticate servers Verify certificates

22 IPsec / SSL Questions True or false
Applying IPsec and SSL on the same data packet is redundant. Compare IPsec and SSL, and briefly describe their differences.

23 Firewall / IDS What are their roles Firewall Prevent vs. detect
Packet filtering (stateless) vs. session filtering (stateful) iptables

24 Firewall / IDS IDS Accuracy, e.g., false alarm
TPR, FPR, TNR, FNR Misuse detection (signatures) Anomaly detection Host-based (e.g., aide) Network-based (e.g., snort)

25 Firewall Questions True or false
A stateless firewall on a server cannot limit the number of TCP connections per client. Describe the goal of the following firewall rule: iptables -A INPUT -p icmp -j DROP

26 IDS Questions Explain the following snort rule and describe how to trigger the alert: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:“Test attack"; content:"test_attack"; … … ) Compare host-based and network-based IDS, and briefly describe the difference.

27 Final Grade

Download ppt "IT443 – Network Security Administration Instructor: Bo Sheng"

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
G53SEC 1 Network Security Hijacking, flooding, spoofing and some honey.

G53SEC 1 Network Security Hijacking, flooding, spoofing and some honey.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Final Exam Review IT443 – Network Security Administration 1.

Final Exam Review IT443 – Network Security Administration 1.
CSI315 Web Development Technologies Continued. Communication Layer information needs to get from one place to another –Computer- Computer –Software- Software.

CSI315 Web Development Technologies Continued. Communication Layer information needs to get from one place to another –Computer- Computer –Software- Software.
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.

Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.

Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
Final Exam Review Knowledge questions True or false statement (explain why) Protocol Calculation Cover the second half contents.

Final Exam Review Knowledge questions True or false statement (explain why) Protocol Calculation Cover the second half contents.
Chapter 21 Distributed System Security Copyright © 2008.

Chapter 21 Distributed System Security Copyright © 2008.
Network Security David Lazăr.

Network Security David Lazăr.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

Similar presentations

Ads by Google