Download presentation
Presentation is loading. Please wait.
1
Network Security 4/21/2019 Raj Rajarajan
2
Security Attacks 4/21/2019 Raj Rajarajan
3
Security Attacks Interruption: This is an attack on availability
Interception: This is an attack on confidentiality Modification: This is an attack on integrity Fabrication: This is an attack on authenticity 4/21/2019 Raj Rajarajan
4
Security Goals Confidentiality Integrity Availability 4/21/2019
Raj Rajarajan
5
4/21/2019 Raj Rajarajan
6
4/21/2019 Raj Rajarajan
7
4/21/2019 Raj Rajarajan
8
Electronic mail security
4/21/2019 Raj Rajarajan
9
Pretty Good Privacy (PGP)
Philip R. Zimmerman is the creator of PGP. PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. 4/21/2019 Raj Rajarajan
10
Why Is PGP Popular? It is availiable free on a variety of platforms.
Based on well known algorithms. Wide range of applicability Not developed or controlled by governmental or standards organizations 4/21/2019 Raj Rajarajan
11
Compression PGP compresses the message after applying the signature but before encryption The compression algorithm used is ZIP 4/21/2019 Raj Rajarajan
12
Segmentation and Reassembly
Often restricted to a maximum message length of 50,000 octets. Longer messages must be broken up into segments. PGP automatically subdivides a message that is too large. The receiver strip of all headers and reassemble the block. 4/21/2019 Raj Rajarajan
13
IP Security 4/21/2019 Raj Rajarajan
14
IP Security Overview IPSec is not a single protocol. Instead, IPSec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication. 4/21/2019 Raj Rajarajan
15
IP Security Overview Applications of IPSec
Secure branch office connectivity over the Internet Secure remote access over the Internet Establsihing extranet and intranet connectivity with partners Enhancing electronic commerce security 4/21/2019 Raj Rajarajan
16
IP Security Scenario 4/21/2019 Raj Rajarajan
17
IP Security Overview Benefits of IPSec IPSec can assure that:
Transparent to applications (below transport layer (TCP, UDP) Provide security for individual users IPSec can assure that: A router or neighbour advertisement comes from an authorized router A redirect message comes from the router to which the initial packet was sent A routing update is not forged 4/21/2019 Raj Rajarajan
18
IPSec Services Access Control Connectionless integrity
Data origin authentication Rejection of replayed packets Confidentiality (encryption) Limited traffic flow confidentiality 4/21/2019 Raj Rajarajan
19
Before applying AH ** The IPv6 header includes extensions that allow a packet to specify a mechanism for authenticating its origin, for ensuring data integrity, and for ensuring privacy 4/21/2019 Raj Rajarajan
20
Transport Mode (AH Authentication)
4/21/2019 Raj Rajarajan
21
Tunnel Mode (AH Authentication)
4/21/2019 Raj Rajarajan
22
WEB Security 4/21/2019 Raj Rajarajan
23
Web Security Considerations
The WEB is very visible. Complex software hide many security flaws. Web servers are easy to configure and manage. Users are not aware of the risks. 4/21/2019 Raj Rajarajan
24
Security facilities in the TCP/IP protocol stack
4/21/2019 Raj Rajarajan
25
SSL and TLS Secure Sockets Layer (SSL) was originated by Netscape
Transport Layer Security (TLS) working group was formed within IETF First version of TLS can be viewed as an SSLv3.1 4/21/2019 Raj Rajarajan
26
SSL Architecture 4/21/2019 Raj Rajarajan
27
SSL Record Protocol Operation
4/21/2019 Raj Rajarajan
28
SSL Record Format 4/21/2019 Raj Rajarajan
29
Handshake Protocol The most complex part of SSL.
Allows the server and client to authenticate each other. Negotiate encryption, MAC algorithm and cryptographic keys. Used before any application data are transmitted. 4/21/2019 Raj Rajarajan
30
Handshake Protocol Action
4/21/2019 Raj Rajarajan
31
Transport Layer Security (TLS)
The same record format as the SSL record format. Defined in RFC 2246. Similar to SSLv3. Differences in the: version number message authentication code alert codes cipher suites client certificate types certificate_verify and finished message cryptographic computations 4/21/2019 Raj Rajarajan
32
Secure Electronic Transactions (SET)
An open encryption and security specification. Protect credit card transaction on the Internet. Companies involved: MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign Not a payment system. Set of security protocols and formats. 4/21/2019 Raj Rajarajan
33
SET Services Provides a secure communication channel in a transaction.
Provides trust by the use of X.509v3 digital certificates. Ensures privacy. 4/21/2019 Raj Rajarajan
34
SET Overview Key Features of SET: Confidentiality of information
Integrity of data Cardholder account authentication Merchant authentication 4/21/2019 Raj Rajarajan
35
SET Participants 4/21/2019 Raj Rajarajan
36
Sequence of events for transactions
The customer opens an account. The customer receives a certificate. Merchants have their own certificates. The customer places an order. The merchant is verified. The order and payment are sent. The merchant request payment authorization. The merchant confirm the order. The merchant provides the goods or service. The merchant requests payments. 4/21/2019 Raj Rajarajan
37
The Stages of a Network Intrusion
1. Scan the network to: • locate which IP addresses are in use, • what operating system is in use, • what TCP or UDP ports are “open” (being listened to by Servers). 2. Run “Exploit” scripts against open ports 3. Get access to Shell program which is “suid” (has “root” privileges). 4. Download from Hacker Web site special versions of systems files that will let Cracker have free access in the future without his cpu time or disk storage space being noticed by auditing programs. 5. Use IRC (Internet Relay Chat) to invite friends to the feast. 4/21/2019 Raj Rajarajan 37
38
Virus Structure 4/21/2019 Raj Rajarajan
39
Advanced Antivirus Techniques
4/21/2019 Raj Rajarajan
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.