chapter seventeen
DESCRIPTION
Chapter Seventeen. Network Security. The Need for Security. Increased reliance on data communications results in greater vulnerability of data and systems Losses associated with computerized fraud and thefts are much larger than non-computerized fraud and theft - PowerPoint PPT PresentationTRANSCRIPT
CIS 325: Data Communications 1
Chapter SeventeenChapter Seventeen
Network SecurityNetwork Security
CIS 325: Data Communications 2
The Need for SecurityThe Need for Security
Increased reliance on data Increased reliance on data communications results in greater communications results in greater vulnerability of data and systemsvulnerability of data and systems
Losses associated with computerized Losses associated with computerized fraud and thefts are much larger than fraud and thefts are much larger than non-computerized fraud and theftnon-computerized fraud and theft– Average bank robbery loss: $3000Average bank robbery loss: $3000– Average computer fraud loss: $300,000Average computer fraud loss: $300,000
CIS 325: Data Communications 3
Types of Security ThreatsTypes of Security Threats
Disruption, Destruction, & DisasterDisruption, Destruction, & Disaster– VirusesViruses– Hardware, software, operator errorsHardware, software, operator errors– Fires/floods/earthquakesFires/floods/earthquakes
Unauthorized AccessUnauthorized Access– HackersHackers– Disgruntled employeesDisgruntled employees
CIS 325: Data Communications 4
Passive AttacksPassive Attacks
Primarily listening to trafficPrimarily listening to traffic Auth. Users can eavesdrop on lineAuth. Users can eavesdrop on line Tap into patch panelsTap into patch panels Intercept microwave transmissionsIntercept microwave transmissions Tap lines to phone co.Tap lines to phone co. Capture electromagnetic emissionsCapture electromagnetic emissions Fiber optic prevents most Fiber optic prevents most
opportunitiesopportunities
CIS 325: Data Communications 5
Active AttacksActive Attacks
Read stored dataRead stored data Modify data in storage or during Modify data in storage or during
transmissiontransmission Disrupt serviceDisrupt service Computer Emergency Response Computer Emergency Response
Team (CERT)Team (CERT) An expensive problemAn expensive problem
CIS 325: Data Communications 6
Conventional EncryptionConventional Encryption
5 ingredients5 ingredients– plain textplain text– encryption algorithmencryption algorithm– secret keysecret key– ciphertextciphertext– decryption algorithmdecryption algorithm
Needs strong encryption algorithmNeeds strong encryption algorithm Sender and receiver must have same keySender and receiver must have same key
CIS 325: Data Communications 7
Conventional EncryptionConventional Encryption
How to attack or de-cipherHow to attack or de-cipher– cryptanalysiscryptanalysis– brute forcebrute force
Data Encryption Standard (DES)Data Encryption Standard (DES)– Symmetric (same key to encrypt and Symmetric (same key to encrypt and
decrypt)decrypt)– Uses 64-bit key (100 quadrillion Uses 64-bit key (100 quadrillion
possibilities)possibilities)
CIS 325: Data Communications 8
Public Key EncryptionPublic Key Encryption
6 ingredients6 ingredients– plain textplain text– encryption algorithmencryption algorithm– public keypublic key– private keyprivate key– ciphertextciphertext– decryption algorithmdecryption algorithm
CIS 325: Data Communications 9
Public Key EncryptionPublic Key Encryption
Process works regardless of order Process works regardless of order that keys are usedthat keys are used
Many know your public keyMany know your public key Only you know private keyOnly you know private key Keys and algorithm designed so Keys and algorithm designed so
they can’t be figured out even with they can’t be figured out even with one key knownone key known
CIS 325: Data Communications 10
Public Key ProcessPublic Key Process
You encode msg using rcvrs You encode msg using rcvrs PUBLIC keyPUBLIC key
Only rcvr can decode and read Only rcvr can decode and read with private keywith private key
No one else can read msgNo one else can read msg Anyone with public key can send Anyone with public key can send
msg to that rcvrmsg to that rcvr
CIS 325: Data Communications 11
Public Key ProcessPublic Key Process
Also can be used for authentication Also can be used for authentication of senderof sender– sender send msg using private keysender send msg using private key– rcvr decodes using public keyrcvr decodes using public key– since only sender knows private key, since only sender knows private key,
that authenticates the senderthat authenticates the sender– however, anyone with public key can however, anyone with public key can
read msg, so no good for secrecyread msg, so no good for secrecy
CIS 325: Data Communications 12
Encryption ManagementEncryption Management
Link EncryptionLink Encryption– devices to protect path from node to devices to protect path from node to
nodenode– all traffic on path is secureall traffic on path is secure– traffic most be decoded at each node traffic most be decoded at each node
for switchingfor switching– traffic is vulnerable at switchtraffic is vulnerable at switch
CIS 325: Data Communications 13
Encryption ManagementEncryption Management
End-to-end EncryptionEnd-to-end Encryption– devices at each work stationdevices at each work station– traffic secure on path AND switchestraffic secure on path AND switches– But, switch needs to read control bits, But, switch needs to read control bits,
so only data encryptedso only data encrypted Solution is to use combination of Solution is to use combination of
bothboth
CIS 325: Data Communications 14
Key DistributionKey Distribution
How to get keys to all partiesHow to get keys to all parties– A physically delivers key to BA physically delivers key to B– 3rd party delivers to A and B3rd party delivers to A and B– A transmits key online to BA transmits key online to B– 3rd party transmits to A and B3rd party transmits to A and B
Key Distribution CenterKey Distribution Center Session key for a single sessionSession key for a single session
CIS 325: Data Communications 15
Digital SignaturesDigital Signatures
Conventional Key doesn’t support Conventional Key doesn’t support non-repudiationnon-repudiation
Authentication does, but very slow Authentication does, but very slow for big messagesfor big messages
Digital Signature relies on public-Digital Signature relies on public-key and ‘secure hash function’ key and ‘secure hash function’
CIS 325: Data Communications 16
Digital SignaturesDigital Signatures
Hash Code created by doing some Hash Code created by doing some function on plain textfunction on plain text– like a very fancy frame check like a very fancy frame check
sequencesequence Use private key to encrypt hash code Use private key to encrypt hash code
onlyonly Prevents anyone from modifying Prevents anyone from modifying
messagemessage Provides authentication of senderProvides authentication of sender
CIS 325: Data Communications 17
Web SecurityWeb Security
ProblemsProblems– Alteration of web pageAlteration of web page– Access to server op sysAccess to server op sys– EavesdroppingEavesdropping– ImpersonationImpersonation
SolutionsSolutions– Secure web site serverSecure web site server– Secure site accessSecure site access