1 / 14

Lect 8

Lect 8 . Tahani al jehain. Types of attack . Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not have priviliges to run. Denial of services: an attacker can send a large number of TCP Sync packets to a target. Syn packets

hong
Download Presentation

Lect 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lect 8 Tahani al jehain

  2. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not have priviliges to run. Denial of services: an attacker can send a large number of TCP Sync packets to a target. Syn packets are supposed to be the first part of the TCP header. The server normally responds with a Syn-Ack packet, and allocates buffer for new TCP session. However, the attacking host never responds. Worms and virus: automated attacks, programmed to spread themselves as rapidaly, and widely as possible.

  3. Trojan and Spyware: installed with other software. They collect information about the system (password, visited websites,…). Information which has been collected can be send to someone else. 3- Functionnal segmentation: Is based on layered security and the principle of least privilege. Functionnalsegmentation suggests a design in which the network is partitionned according to user or device function.

  4. Virtual private network Virtual private network: Provides a secure connection between a sender and a receiver over a public network such as Internet. VPNs are not new. They have been used in telephone networks for years. VPN uses data encryption and other security mechanisms to prevent unauthorized users from accessing data. It then use tunneling process (enclosing the encrypted data) to transport the encrypted data across the network.

  5. Virtual private Network • A VPN solution should provide at least all of the following: • User authentication : verify the user’s ID and restrict VPN access to authorized users. • Address management: assign a client’s address on the private network and ensure that private addresses are kept private. • Data encryption: for ensuring confidentiality. • Key management: generate and refresh encryption keys. • Multiprotocol support: handle common protocols used in the public network

  6. IPSec • Short for Internet Protocol Security, IPSec is a framework of open standards to provide security for transmission of sensitive information over unprotected networks such as the Internet. • IPsechas been deployed widely to implement Virtual Private Networks (VPNs). • The IPSec protocol typically works on the edges of a protected network domain. • It supports secure data exchange between a pair of participating IPSec devices (peers), such as PIX Firewalls

  7. IPSec • Basically, IPSec provides security by building tunnels between two peers. • You define which packets are considered sensitive and should be sent through these secure tunnels. • When the IPSec peer sees such a sensitive packet, it encapsulates a packet by wrapping another packet around it

  8. Tunneling • Before continue we should define tunnel: • Tunneling basics: • Tunneling is a method to transfer data from one network over another. • It encapsulates the frame in an additional header. • Encapsulated packets are then routed between tunnel endpoints over the internetwork. • Tunnel= logical path.

  9. Virtual private networks Tunneling in virtual private network

  10. Tunnel types • Tunnel types : • Voluntary tunnels: a user or a client computer can issue a VPN request to configure and create a voluntary tunnel. In this case, the user’s computer is a tunnel endpoint and acts as the tunnel client. • Compulsory tunnels: the user’s computer is not a tunnel endpoint. Another device, the remote access server, between the user’s computer and the tunnel server is the tunnel endpoint.

  11. Ipsec protocols • IPsec has two main framework protocols: • Authentication Header • Encapsulating Security Payload • Authentication Header (AH), which essentially allows authentication of the sender of data, and • Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data. • ESP and AH can either be used together or separately, depending on the environment

  12. IPSec Security Services • Confidentiality (encryption) • Data integrity • Origin Authentication

More Related