Download presentation
Presentation is loading. Please wait.
Published bySonya Gatling Modified over 9 years ago
1
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e
2
IPSec Functions Authentication Header (AH) Encapsulating Security Payload (ESP) Key exchange 2
3
ESP Transport and Tunnel Mode Transport mode: provides protection primarily for upper-layer protocols. Typically used for end-to-end communications between two hosts. Payload is encrytped but not the header. Tunnel mode: provides protection for the entire IP packet. The entire packet is placed within a new outer IP packet. Used when one destination is a security gateway. 3
4
Scope of ESP Encryption and Authentication 4
5
Key Management Manual: system administrator manually configures each system with its own keys and with the keys of other communicating systems. Automatic: An automated system enables the on-demand creation of keys and facilitates the use of keys. Used in large system configurations. 5
6
Advantages of IPSec Provides managers with a standard means of implementing security for VPNs. Encryption and authentication algorithms and security protocols are well studied. Users can be confident that IPSec provides strong security. Can be implemented in firewalls and routers owned by the organization, giving network managers control over security. 6
7
SSL Architecture Provides reliable end-to-end secure service. Uses two layers of protocols. SSL Record Protocol provides basic security services to higher layer protocols such as HTTP SSL includes: - Handshake Protocol -Change Cipher Spec Protocol -Alert Protocol 7
8
SSL Protocol Stack 8
9
Key SSL Concepts Connection: a transport that provides a suitable type of service. Every connection is associated with one session. Session: an association between client and server. Defien a set of sryptographic security parameters which can be sharedby multiple connections. 9
10
SSL Record Protocol Operation 10
11
SSL Protocols Change Cipher Spec Protocol: simplest protocol, consists of a single byte with a value of 1; causes the pending state to be copied into the current state. Alert Protocol: used to convey SSL related alerts to the peer entity. Each message consisst of 2 bytes; the first denotes a warning or fatal error. 11
12
Handshake Protocol The most complex part of SSL. Allows for servers and clients to authenticate each other, negotiate an encryption and MAC algorithm and cryptographic keys to protect data. Used before any application data is transmitted. 12
13
Handshake Protocol Phases Phase 1: Initiates logical connection Phase 2: passes certificate, additional key information and request for client certificate. Also passes server-done message. Phase 3: client sends message to server depending on underlying public-key scheme. Phase 4: completes setting up the secure connection. 13
14
802.11i Operational Phases 14
15
802.11i Architecture Authentication: protocol used to define an exchange between a user and an AS Access control: function that enforces the use of the authentication function, routes messages properly and facilitates key exchange. Privacy with message integrity: MAC-level data are encrypted along with a message integrity code that ensures that the data have not been altered. 15
16
802.11i Access Control 16
17
Intrusion Detection Security Intrusion : a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so. Intrusion Detection: A security service that monitors and analyzes system events for the purpose of finding and providing real- time or near-real-time warning of, attempts to access system resources in an unauthorized manner. Intrusion Detection System Classification: -Host-based IDS -Network-based IDS 17
18
IDS Logical Components Sensors Analyzers User Interface 18
19
Approaches to Host-Based IDSs Anomaly Detection: involves the collection of data relating to the behavior of legitimate users over time. -Threshold Detection -Profile based Signature Detection : involves an attempt to define a set of rules or attack patterns that can be used to decide an intruders behavior. 19
20
Firewalls Provides an additional layer of defense between internal systems and external networks Firewalls use four techniques: -Service Control -Direction Control -User Control -Behavior Control 20
21
Firewall Capabilities Defines a single choke point that keeps unauthorized users out of the protected network. Provides a location for monitoring security-related events. Provides a platform for several Internet functions. Serves as a platform for IPSec. 21
22
Firewall Limitations Cannot protect against attacks that bypass the firewall. May not protect against all internal threats. A wireless LAN may be accessed from outside. A client (Laptop, PDA, portable storage device, etc) may be infected outside and then attached internally 22
23
Firewall Types 23
24
Antivirus Approaches Prevention: Do not all the virus to get into the system. Detection: Once infection has occurred, determine that it has occurred and locate the virus. Identification: Once detection has been achieved, identify the specific virus that has infected a program. Removal: Remove all traces of the virus and restore the program to its original state. 24
25
Generic Decryption Enables antivirus programs to detect complex polymorphic viruses. Generic Decryption elements: -CPU emulator -Virus signature scanner -Emulation control module The most difficult design issue is to determine how long to run the scanner. 25
26
Digital Immune System Developed first by IBM, then refined by Symantec. Provides a general purpose emulation and virus detection system. Detects new viruses, analyze them, adds detection and shielding for it, removes it and passes information on about that virus to other systems. 26
27
Digital Immune System 27
28
Behavior Backbone Software Integrates with the operating system and monitors program behavior in real-time for malicious actions. Blocks potentially malicious actions. Suspicious software is also blocked. 28
29
Behavior-Blocking Software Operation 29
30
Requirements for Worm Countermeasures Generality Timeliness Resiliency Minimal denial-of-service costs Transparency Global and local coverage 30
31
Classes of Worm Defense Signature-based worm scan filtering Filter-based worm containment Payload-classification-based worm containment Threshold random walk (TRW) scan detection Rate limiting Rate halting 31
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.