lab 1 network security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Lab 1 Network Security PowerPoint Presentation
Download Presentation
Lab 1 Network Security

Loading in 2 Seconds...

play fullscreen
1 / 26

Lab 1 Network Security - PowerPoint PPT Presentation


  • 77 Views
  • Uploaded on

Lab 1 Network Security. CPSC 441 University of Calgary Department of Computer Science. Hello world. Name: Keynan Pratt Contact: keynan21@gmail.com Website: http://pages.cpsc.ucalgary.ca/~kjpratt Research Area: Network / Systems Bandwidth optimization Software Defined Networking (SDN)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Lab 1 Network Security' - zulema


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
lab 1 network security

Lab 1Network Security

CPSC 441

University of Calgary

Department of Computer Science

hello world
Hello world

Name: Keynan Pratt

Contact: keynan21@gmail.com

Website: http://pages.cpsc.ucalgary.ca/~kjpratt

Research Area: Network / Systems

  • Bandwidth optimization
  • Software Defined Networking (SDN)
  • Distributed Cache / Security Models
ground rules
Ground Rules
  • I will respond to emails within 48 hours
    • Provided it’s not within 72 hours of an assignment deadline
  • I’ll gladly answer any question you have about computer networking.
    • Sometimes the answer will be “I’ll get back to you.” or “We covered that last week.”
network security
Network Security
  • The field of network security is about:
    • how bad guys can attack computer networks
    • how we can defend networks against attacks
    • how to design architectures that are immune to attacks
  • Internet not originally designed with (much) security in mind
    • original vision: “a group of mutually trusting users attached to a transparent network” 
goals of network security1
Goals of Network Security

Confidentiality: only sender, intended receiver should “understand” message contents

  • sender encrypts message
  • receiver decrypts message

Authentication: sender, receiver want to confirm identity of each other

Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

Access and availability: services must be accessible and available to users

there are bad guys and girls out there
There are bad guys (and girls) out there!

Q: What can a “bad guy” do?

there are bad guys and girls out there1
There are bad guys (and girls) out there!

Q: What can a “bad guy” do?

A: A lot!

  • eavesdrop: intercept messages
  • actively insert messages into connection
  • impersonation: can fake (spoof) source address in packet (or any field in packet)
  • hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place
  • denial of service: prevent service from being used by others (e.g., by overloading resources)
bad guys can attack servers and network infrastructure

target

Bad guys can attack servers and network infrastructure
  • Denial of service (DoS): attackers make resources (server, bandwidth) unavailable to legitimate traffic by overwhelming resource with bogus traffic

select target

break into hosts around the network (see botnet)

send packets toward target from compromised hosts

the bad guys can sniff packets

src:B dest:A payload

The bad guys can sniff packets

Packet sniffing:

  • broadcast media (shared Ethernet, wireless)
  • promiscuous network interface reads/records all packets (e.g., including passwords!) passing by

C

A

B

  • Wireshark software used for end-of-chapter labs is a (free) packet-sniffer
the bad guys can use false source addresses

src:B dest:A payload

The bad guys can use false source addresses
  • IP spoofing: send packet with false source address

C

A

B

the bad guys can record and playback
The bad guys can record and playback
  • record-and-playback: sniff sensitive info (e.g., password), and use later
    • password holder is that user from system point of view

C

A

src:B dest:A user: B; password: foo

B

bad guys can put malware into hosts via internet
Trojan horse

Hidden part of some otherwise useful software

Today often on a Web page (Active-X, plugin)

Virus

infection by receiving object (e.g., e-mail attachment), actively executing

self-replicating: propagate itself to other hosts, users

Bad guys can put malware into hosts via Internet
  • Worm
    • infection by passively receiving object that gets itself executed
    • self- replicating: propagates to other hosts, users

Sapphire Worm: aggregate scans/sec

in first 5 minutes of outbreak (CAIDA, UWisc data)

friends and enemies alice bob trudy
Friends and enemies: Alice, Bob, Trudy
  • well-known in network security world
  • Bob, Alice (lovers!) want to communicate “securely”
  • Trudy (intruder) may intercept, delete, add messages

Alice

Bob

data, control messages

channel

secure

sender

secure

receiver

data

data

Trudy

the language of cryptography

Alice’s

encryption

key

Bob’s

decryption

key

encryption

algorithm

decryption

algorithm

ciphertext

plaintext

plaintext

K

K

A

B

The language of cryptography

m plaintext message

KA(m) ciphertext, encrypted with key KA

m = KB(KA(m))

security techniques
Security Techniques
  • Cryptography
    • Encrypted messages provide confidentially
    • Message Digests provide integrity
    • Digital Signatures provide authentication
  • Authorization / Access control
    • Firewalls
    • File permissions
    • User rights
certification authorities

+

+

digital

signature

(encrypt)

K

K

B

B

K

CA

Certification Authorities
  • Certification authority (CA): binds public key to particular entity, E.
  • E (person, router) registers its public key with CA.
    • E provides “proof of identity” to CA.
    • CA creates certificate binding E to its public key.
    • certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key”

Bob’s

public

key

CA

private

key

certificate for Bob’s public key, signed by CA

-

Bob’s

identifying information

diginotar ca breach
DigiNotar CA Breach
  • Story: A hacker (or a group of hackers) hacked the DigiNotar CA servers and issued more than 500 fraudulent certificates.
  • The certificates has been later used to spy on some 300,000 Iranians.
  • DigiNotar filed for bankruptcy in a Netherland court.
diginotar ca breach1
DigiNotar CA Breach
  • Dutch government announced that because of the breach, "it could not guarantee the security of its own Web sites.”
  • The list of fraudulent certificates contains Google, Skype, Microsoft, Mozilla, yahoo, tor as well as the CIA, Israel’s Mossad and the UK’s MI6.
  • All of the major browser makers -- Apple, Google, Microsoft, Mozilla and Opera -- issued updates and considered DigiNotar issued certificates invalid.
diginotar ca breach2
DigiNotar CA Breach
  • The Fox-IT report states that:
    • The most critical servers contain malicious software that can normally be detected by anti-virus software
    • CA-servers, although physically very securely placed, were accessible over the network from the management LAN.
    • The password was not very strong and could easily be brute-forced. All CA servers were members of one Windows domain, i.e. they were accessible using one obtained user/pass combination.
supplementary resources
Supplementary Resources
  • OWASP Top 10 (Open Web Application Security Project) Top 10 most common vulnerabilities
  • Frequently brought up in tech interviews
review questions
Review Questions
  • What’s the difference between Packet Switching and Circuit Switching?
review questions1
Review Questions
  • What’s the difference between Packet Switching and Circuit Switching?
  • What are the four sources of packet delay?
review questions2
Review Questions
  • What’s the difference between Packet Switching and Circuit Switching?
  • What are the four sources of packet delay?
  • What are the 5/7 layers in networking?
review questions3
Review Questions
  • What’s the difference between Packet Switching and Circuit Switching?
  • What are the four sources of packet delay?
  • What are the 5/7 layers in networking?
  • Name a protocol at each layer?
review questions4
Review Questions
  • What’s the difference between Packet Switching and Circuit Switching?
  • What are the four sources of packet delay?
  • What are the 5/7 layers in networking?
  • Name a protocol at each layer?
  • What layer do switches/routers ‘talk’ with?