Presentation is loading. Please wait.

Presentation is loading. Please wait.

2/24/2000 Will Lennon 1 Internet Security Based on Learning Tree Course #468: Internet and Intranet Security: A Comprehensive Introduction.

Published byLydia Hampton Modified over 8 years ago

Similar presentations

Presentation on theme: "2/24/2000 Will Lennon 1 Internet Security Based on Learning Tree Course #468: Internet and Intranet Security: A Comprehensive Introduction."— Presentation transcript:

1 2/24/2000 Will Lennon 1 Internet Security Based on Learning Tree Course #468: Internet and Intranet Security: A Comprehensive Introduction

2 February 20, 2001 Will Lennon 2 Security Model Objectives vs. Threats Information Source Information Destination Normal Flow Authenticity vs. Masquerade Integrity vs. Modification Privacy vs. Interception Availability vs. Interruption

3 February 20, 2001 Will Lennon 3 Authenticity vs. Masquerade Personal Authenticity (Logins) restrict access to unauthorized users Interior Authenticity (DHCP, IPSec) restrict access to unauthorized hosts Exterior Authenticity (firewalls) restrict access to internal services

4 February 20, 2001 Will Lennon 4 Authenticity vs Masquerade 3 ways to establish personal identity: Something you know (Passwords) Something you have (Keys) Something you are (Biometrics)

5 February 20, 2001 Will Lennon 5 Personal Authenticity vs. Masquerade Passwords attacks: Guessing (spouse, pets, child) Cracking passwords (dictionary attacks) Snooping passwords (network analyzers) Social Engineering (Deception) Trojan Horses

6 February 20, 2001 Will Lennon 6 Personal Authentication methods One-time lists Repeated hashing (S/Key, OPIE) Electronic tokens Challenge-Response Schemes (CHAP)

7 February 20, 2001 Will Lennon 7 Interior Authentication: IPSec Generic security mechanism for IPv6 A security association is created between two parties Provides privacy services as well as authentication Included in most modern O.S.s

8 February 20, 2001 Will Lennon 8 Exterior Authentication: Firewalls Packet Filters Stateless Packet Filters State-full Packet Filters Proxies Application Proxy Circuit-Level Gateways

9 February 20, 2001 Will Lennon 9 Sanity Check Network 1: 147.117.xx.xx Network 2: 192.168.88.xx From: 192.168.88.11 To: 192.168.88.33 From: 147.117.32.65 To: 192.168.88.33 Insane: blocked Sane: Pass Router

10 February 20, 2001 Will Lennon 10 Stateless Packet Filters Network 1: 147.117.xx.xx Network 2: 192.168.88.xx Telnet SMTP Telnet (port 23): Block SMTP (port 25): Pass Router

11 February 20, 2001 Will Lennon 11 Stateless Packet Filter Refinements: TCP Block incoming packets without ACK to block connections initiated by external hosts Doesn’t work for UDP SYN SYN + ACK ACK ClientServer TCP Handshake

12 February 20, 2001 Will Lennon 12 Problems with Stateless Packet Filtering IP Fragmentation Protocols with variable port numbers Non-standard use of standard ports

13 February 20, 2001 Will Lennon 13 Circuit-Level Gateway Outside Host Inside Host 1 2 3 1: Inside Host connects to TCP port on Gateway 2: Gateway connects to Outside Host 3: Gateway passes messages transparently Gateway

14 February 20, 2001 Will Lennon 14 Screened Subnet Topology WWW FTP Server WWW Server Internal Network Screening Router (Packet Filter) DMZ DWOS Proxy

15 February 20, 2001 Will Lennon 15 Chapman Architecture WWW FTP Server WWW Server Internal Network Screening Router (Packet Filter) Screening Router DMZ DWOS Bastion Host

16 February 20, 2001 Will Lennon 16 Privacy vs. Interception 3 ways to maintain information privacy: Hide the existence -> steganography Hide the content -> access control Hide the meaning -> encryption

17 February 20, 2001 Will Lennon 17 Cryptography / Encryption EncryptorDecryptor Helloa#k3WjHello Key AKey B Two types of cryptographic algorithms exist: 1) Secret Key (aka Symmetrical) Key A == Key B DES, 3DES, Blowfish, RC5, IDEA, Skipjack 2) Public Key (aka Symmetrical) Key A != Key B RSA, DSA Hash Functions: MD5, SHA

18 February 20, 2001 Will Lennon 18 Public Key Encryption Example ? Alice: “I want to send you a secret message.” Ahab: “Encrypt it with my public key: s6sd2KlUq.” Alice: “Here’s the message: iqm3k2lsjesk Ahab: “Got it.” Alice Ahab

19 February 20, 2001 Will Lennon 19 Virtual Private Networks (VPNs) VPN is an encrypted tunnel through which all data passes between two endpoints Endpoints are usually firewalls Encryption technology varies, often negotiated using IPSec Net 1 Internet VPN Net 2

20 February 20, 2001 Will Lennon 20 Integrity vs. Modification Use a Hash Function to assure Integrity. A Hash Sum or message digest is: data dependent irreversible collision free Hash Function Hash Sum Message

21 February 20, 2001 Will Lennon 21 Cryptography for Personal Messages MD5 Hash (Integrity) Hash Sum Encrypt (Authenticity) Digital Signature Sender’s Private Key Digital Signature Message Encrypt (Privacy) Encrypted Private Message Receiver’s Public Key

22 February 20, 2001 Will Lennon 22 Availability vs. Interruption Bombs: Files that have undesirable behavior Viruses: Designed to propagate themselves Limited to a particular OS or application Must be attached to another piece of software Worms: Similar to viruses but are stand-alone software

23 February 20, 2001 Will Lennon 23 Availability vs. Interruption Electro-Magnetic Pulse (EMP) HERF gun: High Energy Radiated Frequency Data Flood: -->traceOn(“”) Broadcast Storms: “Smurf Attack” Bombardment Attacks: SYN flood Duplicate IP Address problem

24 February 20, 2001 Will Lennon 24 SYN Flood SYN SYN + ACK ACK Client Server Server opens a new port, sends response, and waits for client to acknowledge Client repeated sends SYN messages. Client never sends the ACK message. Server’s ports quickly become full.

25 February 20, 2001 Will Lennon 25 Smurf Attack Victim 1.2.3.4 Relays Zombies Attack Station Ping To: 255.255.255.255 From: 1.2.3.4 Zombies Relays Start Ping Response To: 1.2.3.4 From: w.x.y.z

26 February 20, 2001 Will Lennon 26 Requirements for Good Security Security Policy Security Technology Activity Logging Incidence Response Plan Enforcement

Download ppt "2/24/2000 Will Lennon 1 Internet Security Based on Learning Tree Course #468: Internet and Intranet Security: A Comprehensive Introduction."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Network Security Professor Dr. Adeel Akram. Firewalls, SSL, VPN and IPSec.

Network Security Professor Dr. Adeel Akram. Firewalls, SSL, VPN and IPSec.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Chapters 8 Network Security Professor Rick Han University of Colorado at Boulder

Chapters 8 Network Security Professor Rick Han University of Colorado at Boulder
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Network Security IS250 Spring 2010 John Chuang. 2 Outline  What is Network Security? -Security properties -Cryptographic techniques  Availability (or.

Network Security IS250 Spring 2010 John Chuang. 2 Outline  What is Network Security? -Security properties -Cryptographic techniques  Availability (or.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.

Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.

Similar presentations

Ads by Google