class 16
TRANSCRIPT
![Page 1: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/1.jpg)
![Page 2: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/2.jpg)
Network and website security,
Security Technologies
![Page 3: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/3.jpg)
What is “Security” Dictionary.com says:
o Freedom from risk or danger; safety.o Freedom from doubt, anxiety, or fear; confidence.o Something that gives or assures safety, as:
• A group or department of private guards: Call building security if a visitor acts suspicious.
• Measures adopted by a government to prevent espionage, sabotage, or attack.
• Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.
…etc.
![Page 4: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/4.jpg)
Network Security Network security consists of the
provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.
Network security involves the authorization of access to data in a network, which is controlled by the network administrator.
![Page 5: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/5.jpg)
What is network security?
Confidentiality: only sender, intended receiver should “understand” message contents o sender encrypts message o receiver decrypts message
Authentication: sender, receiver want to confirm identity of each other
Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection
Access and availability: services must be accessible and available to users
![Page 6: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/6.jpg)
Friends and enemies: Alice, Bob, Trudy
well-known in network security world Bob, Alice (lovers!) want to communicate “securely” Trudy (intruder) may intercept, delete, add messages
![Page 7: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/7.jpg)
Who might Bob, Alice be?
… well, real-life Bobs and Alices! web browser/server for electronic
transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples?
![Page 8: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/8.jpg)
There are bad guys (and girls) out there!
They can do a lot of things eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address
in packet (or any field in packet) hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in place
denial of service: prevent service from being used by others (e.g., by overloading resources)
![Page 9: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/9.jpg)
Security properties Confidentiality
o Information about system or its users cannot be learned by an attacker
Integrityo The system continues to operate properly,
only reaching states that would occur if there were no attacker
Availabilityo Actions by an attacker do not prevent users
from having access to use of the system
![Page 10: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/10.jpg)
What do we Need to Protect?
Datao Information we keep on computers (product
design, financial records, personnel data) o Lost time, lost sales, lost confidence
Resourceso Unauthorized use of computer time & space
Reputationo Misrepresentation, forgery, negative
publicity
![Page 11: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/11.jpg)
Who is vulnerable? Financial institutions and banks Internet service providers Pharmaceutical companies Government and defence agencies Contractors to various government
agencies Multinational corporations ANYONE ON THE NETWORK
![Page 12: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/12.jpg)
Firewall Definition - hardware &/or software
components that restrict access between a restricted network & the Internet or between networks
Logically - a separator, restricted, analyser Rarely a single object
o Restricts people to entering at a controlled pointo Prevents attackers from getting close to other
defences (host controls)o Restricts people to leaving at a controlled point
![Page 13: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/13.jpg)
Firewall Capabilities Focus security decisions - single point to
leverage control Enforce security policy - minimize
exceptions Log Internet activity - analysis Limit exposure - separate sensitive areas
of one network from another or outside world
![Page 14: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/14.jpg)
Firewall Limitations Can’t protect against
o malicious insiderso connections that don’t go through ito new threatso viruseso scans for source & destination addresses &
port numbers, not details of data
![Page 15: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/15.jpg)
Attacking the Network
The Internet
De-MilitarizedZone
Private Network
Border Router/Firewall
Commercial Network
Private NetworkWLAN
![Page 16: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/16.jpg)
Path of Logical Access
The Internet
De-MilitarizedZone
Private Network
Border Router/Firewall
Router/FirewallWLAN
![Page 17: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/17.jpg)
Protecting the Network
The Internet
De-MilitarizedZone
Private Network
Border Router: Packet Filter
Bastion Hosts
Proxy server firewallWLAN
![Page 18: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/18.jpg)
Security Services Authentication (entity, data origin) Access control (prevent unauthorized
access) Confidentiality (disclosure, encryption) Data integrity (value of data item) Non-repudiation (falsely denying a
transaction)
![Page 19: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/19.jpg)
Intrusion Detection Used to monitor for “suspicious activity”
on a network Can protect against known software
exploits, like buffer overflows
![Page 20: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/20.jpg)
Dictionary Attack We can run a dictionary attack on the
passwordso The passwords in /etc/passwd are encrypted
with the crypt(3) function (one-way hash)o Can take a dictionary of words, crypt() them
all, and compare with the hashed passwords This is why your passwords should be
meaningless random junk!o For example, “sdfo839f” is a good password
![Page 21: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/21.jpg)
Denial of Service Purpose: Make a network service
unusable, usually by overloading the server or network
Many different kinds of DoS attackso SYN floodingo SMURFo Distributed attacks
![Page 22: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/22.jpg)
Historical hackers (prior to 2000)
Profile:o Maleo Between 14 and 34 years of ageo Computer addictedo No permanent girlfriend
![Page 23: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/23.jpg)
Trends for 2010 - 14 Malware, worms, and Trojan horses
o spread by email, instant messaging, malicious or infected websites Botnets and zombies
o improving their encryption capabilities, more difficult to detect Scareware – fake/rogue security software Attacks on client-side software
o browsers, media players, PDF readers, etc. Ransom attacks
o malware encrypts hard drives, or DDOS attack Social network attacks
o Users’ trust in online friends makes these networks a prime target. Cloud Computing - growing use will make this a prime target for
attack. Web Applications - developed with inadequate security controls Budget cuts - problem for security personnel and a boon to cyber
criminals.
![Page 24: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/24.jpg)
![Page 25: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/25.jpg)
Cryptography
![Page 26: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/26.jpg)
![Page 27: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/27.jpg)
![Page 28: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/28.jpg)
![Page 29: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/29.jpg)
![Page 30: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/30.jpg)
![Page 31: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/31.jpg)
![Page 32: Class 16](https://reader033.vdocuments.us/reader033/viewer/2022051618/55c3803abb61eba02d8b4631/html5/thumbnails/32.jpg)