Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication Assures that a received packet was, in fact, transmitted by the party identified as the source in the packet header Assures that the.

Published byFay Felicity Rich Modified over 8 years ago

Similar presentations

Presentation on theme: "Authentication Assures that a received packet was, in fact, transmitted by the party identified as the source in the packet header Assures that the."— Presentation transcript:

1

2

3 Authentication Assures that a received packet was, in fact, transmitted by the party identified as the source in the packet header Assures that the packet has not been altered in transit Confidentiality Enables communicating nodes to encrypt messages to prevent eavesdropping by third parties Key management Concerned with the secure exchange of keys Provided by the Internet Key Exchange standard IKEv2 Encompasses three functional areas: Encompasses authentication and confidentiality using a protocol known as Encapsulating Security Payload (ESP) Current version of IPsec is IPsecv3

4 ESP supports two modes of use: Transport mode Provides protection primarily for upper-layer protocols Encrypts and optionally authenticates the IP payload but not the IP header Tunnel mode Provides protection for the entire IP packet After ESP fields are added the entire packet plus security fields is treated as the payload of a new “outer” IP packet with a new outer IP header The entire original, or inner, packet travels through a “tunnel” from one point to an IP network to another No routers along the way are able to examine the inner IP header The new, larger packet may have totally different source and destination addresses, adding to the security Used when at least one of the two ends is a security gateway, such as a firewall or router that implements IPsec

5

6 Involves the determination and distribution of secret keys The IPsec Architecture document mandates support for two types of key management Manual System administrator (SA) manually configures each system with its own keys and with the keys of other communicating systems Practical for small, relatively static environments Automated Enables the on-demand creation of keys and facilitates the use of keys in a large distributed system with an evolving configuration Is the most flexible but requires more effort to configure and requires more software

7 Driving force is the need for business and government users to connect their private WAN/LAN infrastructure in a secure manner to the Internet With IPsec, managers have a standardized means of implementing security for VPNs Because IPsec can be implemented in routers or firewalls owned and operated by the organization, the network manager has complete control over security aspects of the VPN

8

9 SSL Record Protocol provides basic security services to various higher-layer protocols The Hypertext Transfer Protocol (HTTP), which provides the transfer service for Web client/server interaction, can operate on top of SSL Three higher-layer protocols are defined as part of SSL: Handshake Protocol Change Cipher Spec Protocol Alert Protocol

10 Connection A transport in the OSI layering model definition that provides a suitable type of service Are peer-to-peer relationships Transient Every connection is associated with one session Session An association between a client and a server Created by the Handshake Protocol Defines a set of cryptographic security parameters, which can be shared among multiple connections Used to avoid the expensive negotiation of new security parameters for each connection

11

12 The most complex part of SSL Allows the server and client to authenticate each other and negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record Used before any application data are transmitted

13 Phase 1 Used to initiate a logical connection and to establish the security capabilities that will be associated with it Phase 2 Details depend on the underlying public-key encryption scheme that is used In some cases, the server passes a certificate to the client and a request for a certificate from the client Phase 3 Client sends one or more messages back to the server after verifying certificate Phase 4 Completes the setting up of a secure connection by signaling to both parties that the exchange has been successful

14 Wi-Fi standard Set of security mechanisms that eliminates most 802.11 security issues and was based on the current state of the 802.11i standard IEEE 802.11i addresses three main security areas: Authentication Key management Data transfer privacy

15

16 Authentication A protocol is used to define an exchange between a user and an AS that provides mutual authentication and generates temporary keys to be used between the client and the AP over the wireless link Access control Function that enforces the use of the authentication function, routes the message properly, and facilitates key exchange Can work with a variety of authentication protocols Privacy with message integrity MAC-level data are encrypted, along with a message integrity code that ensures that the data have not been altered

17

18 Security Intrusion A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so Intrusion Detection A security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near-real-time warning of, attempts to access system resources in an unauthorized manner

19 Host-based IDS Monitors the characteristics of a single host and the events occurring within that host for suspicious activity Network-based IDS Monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity

20 Sensors Responsible for collecting data Types of input include network packets, log files, and system call traces Analyzers Receive input from one or more sensors or from other analyzers Responsible for determining if an intrusion has occurred User interface Enables a user to view output from the system or control the behavior of the system In some systems the user interface may equate to a manager, director, or console component

21 If an intrusion is detected quickly enough the intruder can be identified and ejected from the system before any damage is done or any data are compromised An effective IDS can serve as a deterrent, thus acting to prevent intrusions Intrusion detection enables the collection of information about intrusion techniques that can be used to strengthen intrusion prevention measures

22

23 Host-based IDSs: Add a specialized layer of security software to vulnerable or sensitive systems Monitor activity on the system in a variety of ways to detect suspicious behavior Primary purpose is to detect intrusions, log suspicious events, and send alerts Primary benefit is that it can detect both external and internal intrusions

24 Anomaly Detection Involves the collection of data relating to the behavior of legitimate users over a period of time Two approaches to statistical anomaly detection: Threshold detection Involves defining threshold, independent of user, for the frequency of occurrence of various events Profile based A profile of the activity of each user is developed and used to detect changes in the behavior of individual accounts Signature Detection Involves an attempt to define a set of rules or attack patterns that can be used to decide that a given behavior is that of an intruder

25 Typically are inserted between the premises network and the Internet to establish a controlled link and to erect an outer security wall or perimeter Provide an additional layer of defense, insulating the internal systems from external networks Design goals for a firewall: All traffic from inside to outside and vice versa must pass through the firewall Only authorized traffic, as defined by the local security policy, will be allowed to pass The firewall itself is immune to penetration

26 Service control Determines the types of Internet services that can be accessed, inbound or outbound Direction control Determines the direction in which particular service requests may be initiated and allowed to flow through the firewall User control Controls access to a service according to which user is attempting to access it Behavior control Controls how particular services are used

27 Capabilities within the scope of a firewall: Defines a single choke point that: Keeps unauthorized users out of the protected network Prohibits potentially vulnerable services from entering or leaving the network Provides protection from various kinds of IP spoofing and routing attacks Provides a location for monitoring security-related events Is a convenient platform for several Internet functions that are not security related Can serve as the platform for IPsec Limitations: Cannot protect against attacks that bypass the firewall May not protect fully against internal threats An improperly secured WLAN may be accessed from outside the organization A laptop, tablet, or portable storage device may be used and infected outside the corporate network, and then attached and used internally

28

29 They cannot prevent attacks that employ application specific vulnerabilities or functions The logging functionality present in packet filter firewalls is limited Most do not support advanced user authentication schemes Generally vulnerable to attacks and exploits that take advantage of problems within the TCP/IP specification and protocol stack Are susceptible to security breaches caused by improper configurations

30 Prevention The ideal solution to the threat of viruses Do not allow a virus to get into the system in the first place Detection Once the infection has occurred, determine that it has occurred and locate the virus Identification Once detection has been achieved, identify the specific virus that has infected a program Removal Remove all traces of the virus from the infected program and restore it to its original state Remove the virus from all infected systems so that the disease cannot spread further

31 Integrates with the operating system of a host computer and monitors program behavior in real time for malicious actions Blocks potentially malicious actions before they have a chance to affect the system Monitored behaviors can include: Attempts to open, view, delete, and/or modify files Attempts to format disk drives and other unrecoverable disk operations Modifications to the logic of executable files or macros Modification of critical system settings Scripting of e-mail and instant messaging clients to send executable content Initiation of network communications

32

33 Once a worm is resident on a machine, antivirus software can be used to detect it Worm propagation generates considerable network activity Network activity and usage monitoring can form the basis of a worm defense Administrators typically need to use multiple approaches in defending against worm attacks Worm countermeasures focus either on identifying suspected worm content or on identifying traffic patterns that appear to conform to worm behavior

34 Should be able to handle a wide variety of worm attacks, including polymorphic worms Generality Should respond quickly so as to limit the number of infected systems and the number of generated transmissions from infected systems Timeliness Should be resistant to evasion techniques employed by attackers to evade worm countermeasures Resiliency In an attempt to contain worm propagation, the countermeasure should not significantly disrupt normal operation Minimal denial-of- service costs Should not require modification to existing (legacy) OSs, application software, and hardware Transparency Should be able to deal with attack sources both from outside and inside the enterprise network Global and local coverage

35 A number of the countermeasures previously discussed make sense against bots (IDSs, behavior-blocking software) Once bots are activated and an attack is underway these countermeasures can be used to detect the attack Primary objective is to try to detect and disable the botnet during its construction phase

36 VPNs and IPsec IPsec functions Transport and tunnel modes Key management IPsec and VPNs SSL and TLS SSL architecture SSL record protocol Handshake protocol Wi-Fi protected access Access control Chapter 19: Computer and Network Security Techniques Intrusion detection Basic principles Host-based intrusion detection techniques Firewalls Characteristics Types Malware defense Antivirus approaches Worm countermeasures Bot countermeasures

Download ppt "Authentication Assures that a received packet was, in fact, transmitted by the party identified as the source in the packet header Assures that the."

Similar presentations

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
Lecture 22 Internet Security Protocols and Standards

Lecture 22 Internet Security Protocols and Standards
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Similar presentations

Ads by Google