9 30 mar reading week reading week reading …bill/2009_sfc/unit01_introduction.pdf · 14 18 may...
TRANSCRIPT
Author: Prof Bill Buchanan
Bob Alice
Eve
Proxy
Trent
Delegate
Intrusion
Detection
Defence
Suspect
Trap-door
Trojan horse
Spoofing
25 May15
MCQ Test18 May14
Professional Certification11 May13
Professional Certification4 May12
Lab 12: Signature Analysis
Lab 13: Role-based Security
C/W hand-in (IDS)7: Forensic Computing27 Apr11
Lab 10: TCP Forensics
Lab 11: Binary Analysis/Sig Detection
6: Network Security6 Apr10
READING WEEKREADING WEEKREADING WEEK30 Mar9
Lab 9: Log/Process/Hashing5: Software Security23 Mar 8
Lab 8: Public-key EncryptionMCQ Test16 Mar 7
Lab 7: Private-key Encryption4: Authentication (Part 2)9 Mar 6
Lab 6: IDS Snort 24: Authentication (Part 1)2 Mar5
Lab 5: IDS Snort 13: Encryption23 Feb 4
Lab 3: Packet Capture (IDS)
Lab 4: Packet Capture (IDS – ARP)
2: IDS16 Feb 3
Lab 1: Packet Capture
Lab 2: Packet Capture (Filter)
1: Security Fundamentals9 Feb 2
Lab/TutorialAssessmentAcademicDateWeek
25 May15
18 May14
11 May13
ASA_NewPIX Challenge J41-604 May12
ASA_NewPIX Challenge J11-4027 Apr11
20 Apr
13 Apr
ASA_NewPIX Challenge J1-206 Apr10
30 Mar9
PIX_SNPA Challenge I71-9623 Mar 8
PIX_SNPA Challenge I51-7016 Mar 7
PIX_SNPA Challenge I31-509 Mar 6
PIX_SNPA Challenge I11-302 Mar5
PIX_SNPA Challenge I1-1023 Feb 4
CCNA Challenge A11-A2016 Feb 3
CCNA Challenge A1-A109 Feb 2
Lab/TutorialDateWeek
Author: Prof Bill Buchanan
FundamentalsIntroductionISO 27002Risk AnalysisSecurity PolicyThreatsKey PrinciplesConclusions
Visual spying
Eavesdropping
Mis-
representation
Logical
scavenging
Interference
Physical
removal Spoofing
Trojan horse
Logic bombs
Author: Prof Bill Buchanan
Outside and inside threats
Intrusion
Detection
Assets
Users
Systems
Data
Data
stealing
DoS (Denial-of-
sevice)
Personal
abuse
Worms/viruses
Terrorism/
extortionFraud
External
hack
Corporate access
Network/
Organisational
perimeter
Firewall/
Gateway
(cannot deal with internal threats)
CSI (Computer Security Institute) found:
70% of organisation had breaches60% of all breaches came from inside their own systems
`
Author: Prof Bill Buchanan
Intrusion Detection SystemsIntroductionThreatsTypesHost or Network?Agent-basedSnortA simple ruleA few intrusionsUser profilingHoneypotsIPSConclusions
Eve
(Intruder)
Defence
Intrusion
Detection
Defence
Author: Prof Bill Buchanan
User profiling for on-line purchases
Name: Fiona SmithNationality: BritishLocation: EdinburghGender: FemaleTypical purchase: Computer equipmentAverage Purchases/week: 5Average Value of purchases: £30Browser used: MozillaDate of last purchase: 6 May 2008Email address: f.smith@nowhere
Name: Fred McLeanNationality: USALocation: WashingtonGender: MaleTypical purchase: Fish FoodAverage Purchases/week: 50Average Value of purchases: $4Browser used: IEDate of last purchase: 18 Sept 2008Email address: f.mclean@usa
Name: Michel WeberNationality: GermanLocation: MunichGender: MaleTypical purchase: FlowersAverage Purchases/week: 0.005Average Value of purchases: €43Browser used: OperaDate of last purchase: 1 Mar 2007Email address: m_weber@de
Name: Amélie CheneyNationality: FrenchLocation: ParisGender: FemaleTypical purchase: ClothesAverage Purchases/week: 70Average Value of purchases: €13Browser used: MozillaDate of last purchase: 16 Sept 2008Email address: [email protected]
Name: A.N.OtherNationality: AnyLocation: NowhereGender: Female/MaleTypical purchase: High-value goodsAverage Purchases/week: 1000Average Value of purchases: $9999Browser used: Not knownDate of last purchase: TodayEmail address: doesnt@exist
User profiler (such as bank transaction agent)
Transactions are checkedagainst user profile
Profiles
User/behaviour profiling is especially useful in fraud detection
`
Author: Prof Bill Buchanan
EncryptionIntroductionBefore electronic communicationsCodesA few fundamentalsKey-based encryptionCracking the codeBrute forceBlock or streamPrivate-key methodsEncryption keysPassing keysPublic-key encryptionOne-way hashEncrypting disksPGP encryption
Bob
Eve
Alice
Trent
Author: Prof Bill Buchanan
Diffie-Hellman
One of the most widely method for creating a secret key which is the same for Bob and Alice
Communications
ChannelEncryption Decryption
Bob Alice
Eve
How do Bob and Alice send their private (secret) key without Eve getting it?
This problem was solved by Whitfield Diffie, who created the Diffie-Hellman algorithm,
which is the most widely used method for passing
secret keys
`
Author: Prof Bill Buchanan
AuthenticationIntroductionMethodsUsernames/passwordsBiometric issuesBiometric methodsMessage hashAuthenticating with private keyHMACDigital certificatesTrustCardspaceEmail encryptionConclusions
Bob
Eve
Alice
Trent
Author: Prof Bill Buchanan
One-way server.One-way client.Two-way.
Authentication type
Device
ID
Server
One-way server authentication. Server provides authentication to the client, such as SSL (HTTPS, FTPS, etc).
User
Device
One-way client authentication. Client provides authentication to the server such as EAP-TLS in Wireless.
User
Mutual authentication. Client and server provide ID to authenticate each other. Examples include PEAP in wireless.
UserID
ID
ID
Author: Prof Bill Buchanan
Network SecurityIntroductionScreening FirewallsNATStateful FirewallsPIX/ASA FirewallProxiesVPNTunnelling
Proxy
VPN
Eve
Bob
Alice
Tunnelling mode or transport mode
Intrusion Detection System
Intrusion Detection System
Firewall
Firewall
Internet
Switch
Router
Proxyserver
Emailserver
Webserver
FTPserver
Switch
Bob Alice
Traffic only
encrypted over the public
channel
Traffic is encrypted and cannot be
checked by firewalls, IDS, and so on
Stateful firewall
`
Role-based security
Application/
Web Application
Operating System
Bob
GuestsAliceAdmin
Bob
Admin
Alice
Guests
ID (Bob)
Role
(Admin)Role
(Guests)
ID (Carol)
Carol
ID (Alice)
Application/
Web Application
With Role-based
Security
Bob
Guests
AliceAdmin
Application
method:
Windows built-in authentication
Passport base authentication
Form-based authentication
IIS Authentication
Most applications/Web pages to not take into
account ID or role
Author: Prof Bill Buchanan
Forensic ComputingIntroductionLegal InfrastructureComputer ForensicsOTPCPAREvent Logs
Bob
Eve
Alice
Trent
Author: Prof Bill Buchanan
CPAR
NetworkInfrastructure
Security/
Audit
Policy
Networklogs
Networklogs
Networklogs
Event
detection
Network
sensors
Hostlogs
Hostlogs
Collection
Preservation
Analysis
Reporting
Eventlogs
Eventlogs
Serverlogs
OrganisationalPerimeter
Networklogs
Forensic Computing
Investigation