1 / 22

CTC228

Nov 9 2015. CTC228. Administrative. Required 2 nd exam will be next week on Wed Nov 18th It will be short (around 10 questions) It will only cover chapters 8 and 9 We will review on Mon Nov 16th It will count as a class project NO SCHOOL WED NOV 11 th. Topics. Policy basics

kittle
Download Presentation

CTC228

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Nov 9 2015 CTC228

  2. Administrative • Required 2nd exam will be next week on Wed Nov 18th • It will be short (around 10 questions) • It will only cover chapters 8 and 9 • We will review on Mon Nov 16th • It will count as a class project • NO SCHOOL WED NOV 11th

  3. Topics • Policy basics • ARP Spoofing and Man-In-The-Middle

  4. Chapter 10: Security Policies * • A policy is a human-language document that describes who can access what. • In order to write it, you need to know: • WHAT you are trying to protect • WHO you are trying to protect it from • Notice we don't mention specifically HOW STUFF WILL BE PROTECTED in the policy • A mechanism is something that enforces a policy

  5. Is it a policy or a mechanism? • 1. All user email accounts must have a good, strong password. • 2. Bank customers are not allowed to withdraw money from other customers' accounts. • 3. Facebook users must re-login every 5 minutes.

  6. Physical Security • Must have it • If adversary can physically access your computer, it is no longer your computer

  7. Securing Access to Data • Identification and Authentication • Login/password • Encryption • Scramble data so that only some can read it • Firewalls • Block traffic to or from certain places

  8. Passwords • Make sure they are long (right now, at least 8 characters) • Make sure they use more than just letters • Make sure they are changed sometimes • However, don't be too aggressive with hard passwords or else users will just write them down on a post-it note.

  9. Encryption • Much network traffic is “in the clear” by default • Encryption scrambles data so that only someone with the “key” can unscramble and read it • Only component kept secret is the key, not the encryption algorithm itself • Two types of encryption: Symmetric and Public Key

  10. Symmetric Key Encryption

  11. Asymmetric Key Encryption

  12. Warning • Do any sort of attack over a network can land you in jail or get you kicked out of school.

  13. Quick Review: ARP

  14. Arp: A Better Diagram

  15. Arp Spoofing: Lying about your IP address • If you can respond to the ARP request faster than a legitimate host, you can send a falsified (called “spoofed”) reply (sometimes called ARP poisoning) • Will allow you to see all traffic being sent to that host • Can be performed on two victims simultaneously to create a “Man-In-The-Middle” (MITM) scenario

  16. MITM: A better diagram

  17. MITM: An Even Better Diagram

  18. Cain – A security testing tool for Windows

  19. Cain can do ARP Poisoning

  20. Some Mitigations • Static ARP entries • Not very flexible • Keep bad guys off your internal network • Can be hard to do • Private VLANs • Basically set up each physical port on the switch as its own isolated network • Requires hardware that supports this

  21. Short Break

  22. Nov 9 Group projects • In groups, answer the following questions and email to rspengler@csudh.edu • Answer each in few paragraphs. • 1. There is a school policy that says all students must do their own homework and cannot share work. Alice completes her homework and stores it on a class computer in her private directory. Bob uses the class computer and notices he is able to read Alice's files. Bob copies Alice's homework into his own directory. Since Bob was able to copy the file, was there a breach of the policy? Why or why not? • Bonus question: Would ARP spoofing work across the Internet? Could a remote attacker create a MITM situation between your home computer and your home router? Why or why not?

More Related