Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Published bySonya Gatling Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e."— Presentation transcript:

1 Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e

2 IPSec Functions Authentication Header (AH) Encapsulating Security Payload (ESP) Key exchange 2

3 ESP Transport and Tunnel Mode Transport mode: provides protection primarily for upper-layer protocols. Typically used for end-to-end communications between two hosts. Payload is encrytped but not the header. Tunnel mode: provides protection for the entire IP packet. The entire packet is placed within a new outer IP packet. Used when one destination is a security gateway. 3

4 Scope of ESP Encryption and Authentication 4

5 Key Management Manual: system administrator manually configures each system with its own keys and with the keys of other communicating systems. Automatic: An automated system enables the on-demand creation of keys and facilitates the use of keys. Used in large system configurations. 5

6 Advantages of IPSec Provides managers with a standard means of implementing security for VPNs. Encryption and authentication algorithms and security protocols are well studied. Users can be confident that IPSec provides strong security. Can be implemented in firewalls and routers owned by the organization, giving network managers control over security. 6

7 SSL Architecture Provides reliable end-to-end secure service. Uses two layers of protocols. SSL Record Protocol provides basic security services to higher layer protocols such as HTTP SSL includes: - Handshake Protocol -Change Cipher Spec Protocol -Alert Protocol 7

8 SSL Protocol Stack 8

9 Key SSL Concepts Connection: a transport that provides a suitable type of service. Every connection is associated with one session. Session: an association between client and server. Defien a set of sryptographic security parameters which can be sharedby multiple connections. 9

10 SSL Record Protocol Operation 10

11 SSL Protocols Change Cipher Spec Protocol: simplest protocol, consists of a single byte with a value of 1; causes the pending state to be copied into the current state. Alert Protocol: used to convey SSL related alerts to the peer entity. Each message consisst of 2 bytes; the first denotes a warning or fatal error. 11

12 Handshake Protocol The most complex part of SSL. Allows for servers and clients to authenticate each other, negotiate an encryption and MAC algorithm and cryptographic keys to protect data. Used before any application data is transmitted. 12

13 Handshake Protocol Phases Phase 1: Initiates logical connection Phase 2: passes certificate, additional key information and request for client certificate. Also passes server-done message. Phase 3: client sends message to server depending on underlying public-key scheme. Phase 4: completes setting up the secure connection. 13

14 802.11i Operational Phases 14

15 802.11i Architecture Authentication: protocol used to define an exchange between a user and an AS Access control: function that enforces the use of the authentication function, routes messages properly and facilitates key exchange. Privacy with message integrity: MAC-level data are encrypted along with a message integrity code that ensures that the data have not been altered. 15

16 802.11i Access Control 16

17 Intrusion Detection Security Intrusion : a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so. Intrusion Detection: A security service that monitors and analyzes system events for the purpose of finding and providing real- time or near-real-time warning of, attempts to access system resources in an unauthorized manner. Intrusion Detection System Classification: -Host-based IDS -Network-based IDS 17

18 IDS Logical Components Sensors Analyzers User Interface 18

19 Approaches to Host-Based IDSs Anomaly Detection: involves the collection of data relating to the behavior of legitimate users over time. -Threshold Detection -Profile based Signature Detection : involves an attempt to define a set of rules or attack patterns that can be used to decide an intruders behavior. 19

20 Firewalls Provides an additional layer of defense between internal systems and external networks Firewalls use four techniques: -Service Control -Direction Control -User Control -Behavior Control 20

21 Firewall Capabilities Defines a single choke point that keeps unauthorized users out of the protected network. Provides a location for monitoring security-related events. Provides a platform for several Internet functions. Serves as a platform for IPSec. 21

22 Firewall Limitations Cannot protect against attacks that bypass the firewall. May not protect against all internal threats. A wireless LAN may be accessed from outside. A client (Laptop, PDA, portable storage device, etc) may be infected outside and then attached internally 22

23 Firewall Types 23

24 Antivirus Approaches Prevention: Do not all the virus to get into the system. Detection: Once infection has occurred, determine that it has occurred and locate the virus. Identification: Once detection has been achieved, identify the specific virus that has infected a program. Removal: Remove all traces of the virus and restore the program to its original state. 24

25 Generic Decryption Enables antivirus programs to detect complex polymorphic viruses. Generic Decryption elements: -CPU emulator -Virus signature scanner -Emulation control module The most difficult design issue is to determine how long to run the scanner. 25

26 Digital Immune System Developed first by IBM, then refined by Symantec. Provides a general purpose emulation and virus detection system. Detects new viruses, analyze them, adds detection and shielding for it, removes it and passes information on about that virus to other systems. 26

27 Digital Immune System 27

28 Behavior Backbone Software Integrates with the operating system and monitors program behavior in real-time for malicious actions. Blocks potentially malicious actions. Suspicious software is also blocked. 28

29 Behavior-Blocking Software Operation 29

30 Requirements for Worm Countermeasures Generality Timeliness Resiliency Minimal denial-of-service costs Transparency Global and local coverage 30

31 Classes of Worm Defense Signature-based worm scan filtering Filter-based worm containment Payload-classification-based worm containment Threshold random walk (TRW) scan detection Rate limiting Rate halting 31

Download ppt "Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Secure Socket Layer.

Secure Socket Layer.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Lecture 22 Internet Security Protocols and Standards

Lecture 22 Internet Security Protocols and Standards
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Similar presentations

Ads by Google