Presentation is loading. Please wait.

Presentation is loading. Please wait.

March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Project ScheduleProject Schedule Upcoming LabUpcoming Lab RecapRecap.

Published byLindsey Kennedy Modified over 8 years ago

Similar presentations

Presentation on theme: "March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Project ScheduleProject Schedule Upcoming LabUpcoming Lab RecapRecap."— Presentation transcript:

1 March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Project ScheduleProject Schedule Upcoming LabUpcoming Lab RecapRecap Protocols and LayeringProtocols and Layering Network EncryptionNetwork Encryption –Link vs Network vs Application

2 Project Schedule April 22: 1 week after EasterApril 22: 1 week after Easter –Project Proposal DUE –You want to start working on the project NOW –You want to have your team in place ASAP April 27: 1 week laterApril 27: 1 week later –Project OUTLINE Due –The outline is a bit of work –It counts for a chunk of the assignment (20% or so) –DON’T MESS IT UP March 2005 2R. Smith - University of St Thomas - Minnesota

3 The Lab Lab Objective: map the lab machinesLab Objective: map the lab machines Lab GroupsLab Groups –I’ve assigned groups via e-mail – I’ll also post groups –Do the labs as a group (this one and future ones) –If you want to trade group members, talk to me FIRST Where to do itWhere to do it –Lab down the hall – OSS 428 When to do itWhen to do it –I’ll set up a schedule –OR – do it on your own time if you have card access 10/11/2015 3R. Smith - University of St Thomas - Minnesota

4 Recap Wireless LANs - recapWireless LANs - recap Link Encryption – book styleLink Encryption – book style Link encryption – LAN styleLink encryption – LAN style WEPWEP WPAWPA Clipper and Escrowed EncryptionClipper and Escrowed Encryption March 2005 4R. Smith - University of St Thomas - Minnesota

5 Protocols and Layers We use layering for several thingsWe use layering for several things –Organize the software –Format the packets What it really does:What it really does: Establish a relationship between software components on different computers –Layers communicate with each other at same layer IP – IP or TCP – TCP or HTTP – HTTPIP – IP or TCP – TCP or HTTP – HTTP –They ‘use’ the lower layers to carry their messages March 2005 5R. Smith - University of St Thomas - Minnesota

6 Protocol Layering Examples Network class – bear with meNetwork class – bear with me Pizza delivery examplePizza delivery example –How do we order pizza at a party? March 2005 6R. Smith - University of St Thomas - Minnesota

7 Network Protocol Layering Usually a ‘funnel’ shape Top level = ApplicationsTop level = Applications –Lots of choices: e-mail, web, file exchange, –Uses ‘socket interface’ to talk to networks Mid levels = “The Protocol Stack”Mid levels = “The Protocol Stack” –Transport layer: UDP/TCP –Internet layer: IP –Link layer: LAN protocols Bottom level = device driver connectionsBottom level = device driver connections –Hardware-specific software, configuration –Uses device driver interface to link to the protocol stack –Uses a cable or antenna to link to the network March 2005 7R. Smith - University of St Thomas - Minnesota

8 Packets follow the layers Upper layer data = innermoustUpper layer data = innermoust Lower layer data = outermostLower layer data = outermost Innermost data usually travels the network unchangedInnermost data usually travels the network unchanged Outermost data gets swapped with each hop through a routerOutermost data gets swapped with each hop through a router March 2005 8R. Smith - University of St Thomas - Minnesota

9 Addressing Reachability => what address you haveReachability => what address you have Layer 2 addresses can’t traverse Layer 3Layer 2 addresses can’t traverse Layer 3 March 2005 9R. Smith - University of St Thomas - Minnesota

10 A Routing Exercise LAN 1: hosts A, B, CLAN 1: hosts A, B, C LAN 2: hosts D, E, FLAN 2: hosts D, E, F LAN 3: hosts G, H, ILAN 3: hosts G, H, I Layer 3 Router connects LANs 1 and 2Layer 3 Router connects LANs 1 and 2 Given MAC addressesGiven MAC addresses –Can A reach: C, D, F, H –Can G reach I, D, A Given IP addressesGiven IP addresses –Answer above questions again March 2005 10R. Smith - University of St Thomas - Minnesota

11 The Network Security Problem Protection is usually localProtection is usually local Network data travels to remote locationsNetwork data travels to remote locations March 2005 11R. Smith - University of St Thomas - Minnesota

12 Risk: Eavesdropping An established social tradition (“party lines”)An established social tradition (“party lines”) March 2005 12R. Smith - University of St Thomas - Minnesota

13 Risk: Forgery Who really sent the message?Who really sent the message? March 2005 13R. Smith - University of St Thomas - Minnesota

14 Risk: Replay If a message worked once, why not again,If a message worked once, why not again, and again?and again? March 2005 14R. Smith - University of St Thomas - Minnesota

15 How do we fix this? Again, it depends on policyAgain, it depends on policy –What are we really trying to achieve (“the big picture”) –What are the real risks to that big picture? Practical networking choicesPractical networking choices –Should/must the users control the defenses? Can/should they choose what gets protected?Can/should they choose what gets protected? –Can we isolate the users in a safe but restrictive “bubble”? If not, what access do they need to the ‘outside’?If not, what access do they need to the ‘outside’? –What external, secure connections do we need? Are they ad-hoc, or can we anticipate them?Are they ad-hoc, or can we anticipate them? Risk AssessmentRisk Assessment –Which threats matter: eavesdropping, forgery, replay? March 2005 15R. Smith - University of St Thomas - Minnesota

16 Security and the Protocol Stack We get different results by putting protection in different places in the protocol architectureWe get different results by putting protection in different places in the protocol architecture March 2005 16R. Smith - University of St Thomas - Minnesota Application Device Driver TCP/UDP Layer IP Layer Link Layer Protocol Stack

17 Security and the Protocol Stack Classic layer-oriented examples of crypto protocols Application: PGPApplication: PGP –encrypts application data Trans->App: SSLTrans->App: SSL –encrypts the connection IP->Transport: IPSECIP->Transport: IPSEC –encrypts routable packets Link Level: WEP/WPALink Level: WEP/WPA –encrypts LAN packets March 2005 17R. Smith - University of St Thomas - Minnesota Application Device Driver TCP/UDP Layer IP Layer Link Layer WEP/WPA IPSEC SSL PGP Protocol Stack

18 How Crypto works in the stack “Above” a crypto layer“Above” a crypto layer –Data is assumed to be in plaintext form “At” a crypto layer“At” a crypto layer –We convert between plaintext and ciphertext –We have access to some keys –We generate some plaintext headers –Some header info may be encrypted or protected otherwise “Below” the crypto layer“Below” the crypto layer –New network headers are added in plaintext March 2005 18R. Smith - University of St Thomas - Minnesota

19 How it works Geographically Application layer encryptionApplication layer encryption –“End to end security” – routable, and inaccessible to others –Defeats intermediate virus scans, intrusion detection –Applied at the discretion of the end user (usually) Socket layer encryptionSocket layer encryption –Application-application security – similar to application layer –Often applied automatically under control of the server –Sometimes it is a user-level option IPSEC – IP Security ProtocolsIPSEC – IP Security Protocols –Internet layer security – protects routable packets, per-packet –Protects all Internet application traffic equally –Often a substitute for inter-site leased lines March 2005 19R. Smith - University of St Thomas - Minnesota

20 March 2005 20R. Smith - University of St Thomas - Minnesota Diagramming the Crypto ElementsElements –Protocol stack elements –Where the crypto goes –What is encrypted –What is plaintext

21 Let’s visit the lab It’s down the hallIt’s down the hall 10/11/2015 21R. Smith - University of St Thomas - Minnesota

22 March 2005 22R. Smith - University of St Thomas - Minnesota That’s it Questions?Questions? Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.

Download ppt "March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Project ScheduleProject Schedule Upcoming LabUpcoming Lab RecapRecap."

Similar presentations

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Chapter 2 Network Models.

Chapter 2 Network Models.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Handing back the examHanding back the exam ProjectsProjects Certificates.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Handing back the examHanding back the exam ProjectsProjects Certificates.
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Attack ExerciseAttack Exercise Attacking serversAttacking servers Firewalls.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Attack ExerciseAttack Exercise Attacking serversAttacking servers Firewalls.
Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.

Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.
March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Wireless LANs - recapWireless LANs - recap Link Encryption – book styleLink.

March R. Smith - University of St Thomas - Minnesota CISC Class Today Wireless LANs - recapWireless LANs - recap Link Encryption – book styleLink.
March 2005 1R. Smith - University of St Thomas - Minnesota CISC 210 - Class Today Return Homework; grading recapReturn Homework; grading recap “Enigma”

March R. Smith - University of St Thomas - Minnesota CISC Class Today Return Homework; grading recapReturn Homework; grading recap “Enigma”
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Working the InternetWorking the Internet RoutingRouting Firewalling in.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Working the InternetWorking the Internet RoutingRouting Firewalling in.
Chapter 1 Read (again) chapter 1.

Chapter 1 Read (again) chapter 1.
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Cryptography – introductory termsCryptography – introductory terms “Enigma”

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Cryptography – introductory termsCryptography – introductory terms “Enigma”
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.

Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
1 Review of Important Networking Concepts Introductory material. This module uses the example from the previous module to review important networking concepts:

1 Review of Important Networking Concepts Introductory material. This module uses the example from the previous module to review important networking concepts:
March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Homework due TodayHomework due Today LAN and Internet AddressesLAN and.

March R. Smith - University of St Thomas - Minnesota QMCS Class Today Homework due TodayHomework due Today LAN and Internet AddressesLAN and.
Prepared By E.Musa Alyaman1 Networking Theory Chapter 1.

Prepared By E.Musa Alyaman1 Networking Theory Chapter 1.
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Understanding Networks Charles Zangla. Network Models Before I can explain how connections are made from across the country, I would like to provide you.

Understanding Networks Charles Zangla. Network Models Before I can explain how connections are made from across the country, I would like to provide you.
Lecturer: Tamanna Haque Nipa

Lecturer: Tamanna Haque Nipa

Similar presentations

Ads by Google