controls protection mechanisms
Download
Skip this Video
Download Presentation
CONTROLS & PROTECTION MECHANISMS

Loading in 2 Seconds...

play fullscreen
1 / 17

CONTROLS & PROTECTION MECHANISMS - PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on

CONTROLS & PROTECTION MECHANISMS. Today’s Reference: Whitman & Mattord, Management of Information Security , 2 nd edition, 2008 Chapter 9. Overview. Access controls Firewalls Intrusion Detection Systems (IDSs) Wireless Network Security Cryptography. Access Controls.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' CONTROLS & PROTECTION MECHANISMS' - tia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
controls protection mechanisms

CONTROLS & PROTECTION MECHANISMS

Today’s Reference:

Whitman & Mattord, Management of Information Security, 2nd edition, 2008

Chapter 9

overview
Overview
  • Access controls
  • Firewalls
  • Intrusion Detection Systems (IDSs)
  • Wireless Network Security
  • Cryptography
access controls
Access Controls
  • Authentication – controlling a person’s access to a system
    • Barrier (i.e. login sequence) versus ongoing (intrusion detection)
    • Something you know
    • Something you have
    • Something you are (and something you produce, e.g. voice)
    • Includes biometrics which authenticate a user against known personal features (fingerprints, iris patterns, voice, etc)
    • Something you do (user behaviour profiling)
  • Authorisation – controlling a person’s access to features (software, data) within the system
    • Scoping each user’s permitted activities
    • Maybe individual or group-based
    • Can be specific to resources
firewalls
Firewalls
  • Generations
    • 1: packet filtering
    • 2: application-level
    • 3: stateful inspection
    • 4: dynamic packet filtering
  • Architectures
    • Packet filtering routers
    • Screened-host firewalls
    • Dual-homed host firewalls
    • Screened-subnet firewalls
intrusion detection systems
Intrusion Detection Systems
  • Host-based
    • Alerts administrator when files or folders change
    • Monitor host only
  • Network-based
    • Monitor network traffic
    • Alerts administrator when patterns of network traffic change
  • Signature-based
    • Work like anti-virus software
    • Alerts administrator when ‘signature’ of attack is matched
  • Statistical-anomaly-based
    • Establishes baseline of what is ‘normal’ traffic
    • Alerts administrator when pattern is abnormal
  • Rule-based ‘never do this’
    • includes honeypots
wireless network security
Wireless Network Security
  • Wired Equivalent Privacy (WEP)
    • basic level of security
    • several fundamental cryptological flaws
    • average home or small only
  • Wi-Fi Protected Access (WPA)
    • WPA is industry standard
    • increased capabilities for authentication, encryption, and throughput
cryptography
Cryptography
  • Symmetric encryption methods
    • Substitution, Transposition, XOR, Vernam Cipher, One-time pad, and many others
    • the same key—a secret key—is used to encrypt and decrypt the message
    • Mono-alphabetic & poly-alphabetic ciphers
  • Asymmetric encryption
    • public key encryption (PKE)
    • uses two different keys. Either key can be used to encrypt or decrypt the message, but one must always be kept secret
  • Digital signatures
    • PKE used in reverse to give non-repudiation
  • Steganography
    • Hiding messages in graphics files
slide8

Encryption & Decryption

Plain Text

Encryption

Cipher

from Sender

Secure

Cipher Text

Key Management

Plain Text

Decryption

Cipher

to Recipient

symmetric encryption methods
Symmetric Encryption Methods
  • Substitution
    • One letter exchanged for another
    • Creates confusion
    • Mono-alphabetic or Poly-alphabetic
  • Transposition
    • Re-arrangement of letters
    • Creates diffusion
  • XOR
    • If 2 values are the same, you get “0”
    • If not, you get “1”
    • Process is reversible

E.g. 1 0 1 0 0 0 1 0

1 1 1 1 0 0 0 1

__________________

0 1 0 1 0 0 1 1

slide10

Monoalphabetic cipher

Random

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

M N B V C X Z L K J H G F D S A P O I U Y T R E W Q

Keyword

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

S E C U R I T Y A B D F G H J K L M N O P Q V W X Z

Caesar

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

plaintext is ROSTRUM

ciphertext is URVWUXP

slide11

Polyalphabetic Cipher

Alphabet No. 1

(offset by 3)

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Alphabet No. 2

(offset by 15)

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

1 2 1 2 1 2 1 2 1

plaintext is GO FOR GOLD

ciphertext is JD IDU VRAG

transposition ciphers
Transposition Ciphers
  • For example, every 4th letter
  • Modern transposition ciphers use a network or path diversity principle, so the diffusion is not just within-file but over the network via different paths

1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3

THE RAIN IN SPAIN FALLS

4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3

MAINLY ON THE PLAIN

becomes

TANIL AYHAH ISNLI OEIEN

PFSNN PNRIA AMLTL

vernam cipher
Vernam Cipher
  • The perfect substitution cipher
  • The original one-time pad

Plaintext V E R N A M

Numerics 21 4 17 13 0 12

Random 76 48 16 82 44 3

_________________

Sum 97 52 33 95 44 15

Mod 26 19 0 7 17 18 15

Ciphertext T A H R S P

breaking encryption
Breaking Encryption
  • (almost) All encryption is crackable…
    • Just need time and computing power
  • Brute force may not work because -
    • Number of alphabet combinations is 26 x 25 x 24 x 23 x etc which equals 4 x 1027
    • 4 000 000 000 000 000 000 000 000 000
    • If each alphabet takes 1 millionth of a sec (micro second) then all combinations would take 4 x 1021 secs
    • 4 x 1013 years !!!!
  • EXCEPT…
    • The one-time pad is provably secure (if properly used)
    • but it is not easy to use properly
public key encryption
Public Key Encryption
  • Known as Asymmetric encryption
  • 2 keys, one public, one private, linked mathematically, one to encrypt & one to decrypt
  • Uses large prime numbers
  • “mathematically infeasible” to derive private key from public key
  • Advantages
    • no need to tell anyone your private key
    • no need for key distribution
    • no need for a key for each pair of people
  • Not used to encrypt messages, as it is generally slower than secret-key encryption
  • Used to encrypt other keys (as in PGP) and to authenticate sender
digital signatures
Digital Signatures
  • Reverses the role of private & public keys
  • Effectively unique to the document
    • uses a cryptographically-robust hash function
  • Unforgeable (without the sender’s private key)
  • not re-usable (due to message-specific hash)
  • document unalterable
  • undeniable
what you need to know
What you Need to Know
  • A basic level of detail about all of the security technologies in the previous slides.
ad