itec4621 network security dr. supakorn kungpisdan [email protected]
TRANSCRIPT
ITEC4621 Network Security
Dr. Supakorn [email protected]
ITEC4621 Network Security 2
Supakorn Kungpisdan
Education PhD (Computer Science and Software Engineering), Monash University,
Australia M.Eng. (Computer Engineering), KMUTT
Specializations Information and Network Security, Electronic Commerce, Formal Methods,
Computer Networking Experiences
Director, Master of Science in Network Engineering, MUT External Research Advisor, Network Security Research Group, Monash
University, Australia http://www.mut.ac.th/~supakorn/ http://www.msit.mut.ac.th/
ITEC4621 Network Security 3
Course Descriptions
Saturday 9.00 AM – 12.00 PM Textbook
W. Stallings: Cryptography and Network Security, 4th Edition, Pearson Prentice Hall, ISBN 0-13-202322-9
Supplementary materials M. E. Whitman and H. J. Mattord, Principles of Information
Security, 3rd Edition, Thomson, ISBN 1-4239-0177-0 G. De Laet and G. Schauwers: Network Security
Fundamentals, Cisco Press, ISBN 1-58705-167-2
http://www.msit.mut.ac.th/
ITEC4621 Network Security 4
Evaluation Criteria
Quizzes 10% Assignment 30% Midterm exam 20% Final exam 40%
Course Outlines
Network Security Overview Information Security
Symmetric Cryptography, Public-key Cryptography, Hash Functions and MAC
Network Security IP Security, Web Security, Email Security, Firewalls, Intrusion
Detection Systems
ITEC4621 Network Security 5
Lecture 01 Network Security Overview
Dr. Supakorn [email protected]
ITEC4621 Network Security 7
What is Security?
“The quality or state of being secure—to be free from danger”
A successful organization should have multiple layers of security in place: Information Security Systems Security Network Security Security Management Physical security
ITEC4621 Network Security 8
Security Trends
ITEC4621 Network Security 9
C.I.A Triangle
Confidentiality Ensure that the message is accessible only by authorized parties
Integrity Ensure that the message is not altered during the transmission
Availability Ensure that the information on the system is available for
authorized parties at appropriate times without interference or obstruction
ITEC4621 Network Security 10
Vulnerabilities, Threats, and Attacks
Vulnerability A weakness in the security system E.g. a program flaw, poor security configuration, bad
password policy Threat
A set of circumstances or people that potentially causes loss or harm to a system
Attack An action or series of actions to harm a system
ITEC4621 Network Security 11
Relationships among Different Security Components
ITEC4621 Network Security 12
Relationship of Threats and Vulnerabilities
ITEC4621 Network Security 13
How Hackers Exploit Weaknesses
ITEC4621 Network Security 14
Types of Attacks
Interruption Attack on Availability
Interception Attack on Confidentiality
ITEC4621 Network Security 15
Types of Attacks (cont.)
Modification Attack on Integrity Tampering a resource
Fabrication Attack on Authenticity Impersonation,
masquerading
ITEC4621 Network Security 16
Passive VS Active Attacks
Passive Attacks The goal is to obtain information that is being
transmitted. E.g. Release of confidential information and Traffic
analysis Difficult to detect not alter data nobody realizes
the existence of the third party Initiative to launch an active attack Interception May be relieved by using encryption
ITEC4621 Network Security 17
Passive VS Active Attacks (cont.)
Active Attacks Involve modification of the data stream or creation of a
false stream E.g. Masquerade, replay, message modification, denial
of services Potentially detected by security mechanisms Interruption, Modification, Fabrication
ITEC4621 Network Security 18
Direct VS Indirect Attacks
Computer can be subject of an attack and/or the object of an attack
When the subject of an attack, computer is used as an active tool to conduct attack indirect attack
When the object of an attack, computer is the entity being attacked direct attack
ITEC4621 Network Security 19
Direct VS Indirect Attacks (cont.)
ITEC4621 Network Security 20
Hackers
White Hat Hackers Grey Hat Hackers Script Kiddies Hacktivists Crackers or Black Hat Hackers
ITEC4621 Network Security 21
Hackers’ Steps
1. Gather information Telephone conversation, password crackers
2. Gain initial system access Often limited access and rights
3. Increase privileges and expand access Try to get root privilege
4. Carry out purpose of the attack Steal or destroy information
5. Install backdoors Build entrance for the next visit
6. Cover tracks and exit Remove all traces. Usually modifying log files
ITEC4621 Network Security 22
Malicious Codes
Viruses A destructive program code that attaches itself to a host and copies
itself and spreads to other hosts Viruses replicates and remains undetected until being activated.
Worms Unlike viruses, worms is independent of other programs or files. No
trigger is needed. Trojans
Externally harmless program but contains malicious code Spyware
Software installed on a target machine sending information back to an owning server
ITEC4621 Network Security 23
Security at Each Layer
ITEC4621 Network Security 24
Security at Each Layer (cont.) Firewall combats a range of attacks including some DoS attacks Proxy protects the application layer. It combats against unauthorized access and
packet spoofing NAT hides LAN addresses and topology STP cabling helps against network eavesdropping and signal interference NIDS sensor monitors traffic at the network layer for known attack signatures IPSec is configured for VPN connections. It protects against masquerading, data
manipulation, and unauthorized access Web server is configured against unauthorized access Mail server with antivirus protects against viruses and DoS attacks
ITEC4621 Network Security 25
A Model for Network Security
ITEC4621 Network Security 26
A Model for Network Access Security
ITEC4621 Network Security 27
Security Controls
ITEC4621 Network Security 28
ITEC4621 Network Security 29
NSTISSC Security Model
ITEC4621 Network Security 30
Balancing Information Security and Access
Impossible to obtain perfect security—it is a process, not a goal
Security should be considered balance between protection and availability
To achieve balance, level of security must allow reasonable access, yet protect against threats
Give an example of a completely secure information system !!!
ITEC4621 Network Security 31
ITEC4621 Network Security 32
Approaches to Information Security Implementation: Bottom-Up Approach
Grassroots effort: systems administrators attempt to improve security of their systems
Key advantage: technical expertise of individual administrators
Seldom works, as it lacks a number of critical features:
Participant support
Organizational staying power
ITEC4621 Network Security 33
Approaches to Information Security Implementation: Top-Down Approach
Initiated by upper management
Issue policy, procedures, and processes
Dictate goals and expected outcomes of project
Determine accountability for each required action
The most successful also involve formal development strategy referred to as systems development life cycle
ITEC4621 Network Security 34
ITEC4621 Network Security 35
Information Security: Is it an Art or a Science?
Implementation of information security often described as combination of art and science
“Security artesan” idea: based on the way individuals perceive systems technologists since computers became commonplace
ITEC4621 Network Security 36
Security as Art
No hard and fast rules nor many universally accepted complete solutions
No manual for implementing security through entire system
ITEC4621 Network Security 37
Security as Science
Dealing with technology designed to operate at high levels of performance
Specific conditions cause virtually all actions that occur in computer systems
Nearly every fault, security hole, and systems malfunction are a result of interaction of specific hardware and software
If developers had sufficient time, they could resolve and eliminate faults
ITEC4621 Network Security 38
Security as a Social Science
Social science examines the behavior of individuals interacting with systems
Security begins and ends with the people that interact with the system
Security administrators can greatly reduce levels of risk caused by end users, and create more acceptable and supportable security profiles
Questions?
Next weekSymmetric Cryptography 1