12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028"

Transcription

1 Review Final Exam 12/10/2015 Thursday 5:30~6:30pm Science S IT443 Network Security Administration Instructor: Bo Sheng True/false Multiple choices Descriptive questions 1 2 Network Layers Application layer Transport layer IP layer Data link layer TCP, UDP, IP, SSH, HTTP IP address, MAC address, TCP address? Port number Headers [ether net header [IP header [TCP header [Payload]]]] TCP / UDP TCP is reliable Acknowledgement, retransmission, discard duplicates, TCP 3-way handshake SYN, ACK, FIN 3 4 IP layer Routing (different paths) IP prefix, e.g., /24 Classful Addressing (Class A, B, C) Classless Inter-Domain Routing (CIDR) Private networks /8 ( ) /12 ( ) /16 ( ) DNS Hierarchical name space Local DNS server / caching dig / dig -x Data link layer MAC address ARP messages / ARP table 5 6 1

2 true/false x.x is not globally accessible. multiple choice Which of the following header may not contain destination s information: A. TCP header B. IP header C. Ethernet header D. All of above Encryption/Decryption Plaintext, ciphertext, key Secret key/symmetric key crypto Public key/asymmetric key crypto Hash function Compare TCP and UDP, and briefly describe their difference. 7 8 Secret key crypto Stream cipher (XOR) Block cipher (with padding) File size Public key crypto Public/private key pair Encryption/decryption (different keys) Sign/verify (digital signature) Much slower than secret key operations 9 10 Hash function One way transformation Collision resistance Applications Message digest/checksum File integrity Password In secret key encryption, the encrypted file s size may be smaller than the original file s. Which of the following gives the desired properties of hash functions? a. One-way property, that is, it s easy to reverse the hash computation, but computationally infeasible to compute the hash function itself. b. Collision free, that is, it s computationally infeasible to find two messages that have the same hash value. c. Only authorized parties can perform hash functions

3 What s authentication User authentication Allow a user to prove his/her identity to another entity (e.g., a system, a device). Message authentication Verify that a message has not been altered without proper authorization. Threat Eavesdropping Password guessing Server database reading (compromised) Challenge/response I m a challenge R H(K -, R) I m R Sig {R} Key Distribution Center If node A wants to communicate with node B A sends a request to the KDC The KDC securely sends to A: E KA (R AB ) and E KB (R AB, A) Certificate How do you know the public key of a node? Certification Authorities (CA) Everybody needs to know the CA public key The CA generates certificates: Signed(A, public-key, validity information) [ s public key is ] carol [Carol s public key is ] Ted & [ s public key is ] carol Password guessing Online vs. offline Dictionary attack Password salt Assume and share a secret K -, what is the security flaw when they use the following protocol for to authenticate? I m, H(K - )

4 IPsec Which layer Why we need it IP spoofing Payload modification Eavesdropping Two protocols / two modes Transport mode Host-to-host IPsec Tunnel mode Gateway-to-gateway IP header is encrypted SSL Which layer Why we need it Think about https Main processes Negotiate cipher suites Authenticate servers Verify certificates IPsec / SSL Applying IPsec and SSL on the same data packet is redundant. Compare IPsec and SSL, and briefly describe their differences What are their roles Prevent vs. detect Firewall / IDS Firewall Packet filtering (stateless) vs. session filtering (stateful) iptables Firewall / IDS IDS Accuracy, e.g., false alarm TPR, FPR, TNR, FNR Misuse detection (signatures) Anomaly detection Host-based (e.g., aide) Network-based (e.g., snort)

5 Firewall IDS A stateless firewall on a server cannot limit the number of TCP connections per client. Explain the following snort rule and describe how to trigger the alert: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg: Test attack"; content:"test_attack"; ) Describe the goal of the following firewall rule: iptables -A INPUT -p icmp -j DROP Compare host-based and network-based IDS, and briefly describe the difference Final Grade 27 5

CSCI 4250/6250 Fall 2015 Computer and Networks Security

CSCI 4250/6250 Fall 2015 Computer and Networks Security CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

CSCI 454/554 Computer and Network Security. Final Exam Review

CSCI 454/554 Computer and Network Security. Final Exam Review CSCI 454/554 Computer and Network Security Final Exam Review Topics covered by Final Topic before Midterm 20% Topic after Midterm 80% Date: 05/13/2015 9:00am noon Place: the same classroom Open book/notes

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Transport Level Security

Transport Level Security Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc. Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Protocol Rollback and Network Security

Protocol Rollback and Network Security CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Solution of Exercise Sheet 5

Solution of Exercise Sheet 5 Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????

More information

NETWORK SECURITY (W/LAB) Course Syllabus

NETWORK SECURITY (W/LAB) Course Syllabus 6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information

More information

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP) Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

More information

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration

More information

Chapter 4: Security of the architecture, and lower layer security (network security) 1

Chapter 4: Security of the architecture, and lower layer security (network security) 1 Chapter 4: Security of the architecture, and lower layer security (network security) 1 Outline Security of the architecture Access control Lower layer security Data link layer VPN access Wireless access

More information

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

More information

Network Security Essentials Chapter 5

Network Security Essentials Chapter 5 Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Security: Focus of Control. Authentication

Security: Focus of Control. Authentication Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

CPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu

CPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu CPS 590.5 Computer Security Lecture 9: Introduction to Network Security Xiaowei Yang xwy@cs.duke.edu Previous lectures Worm Fast worm design Today Network security Cryptography building blocks Existing

More information

CSCI 454/554 Computer and Network Security. Topic 8.4 Firewalls and Intrusion Detection Systems (IDS)

CSCI 454/554 Computer and Network Security. Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) CSCI 454/554 Computer and Network Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) Outline Firewalls Filtering firewalls Proxy firewalls Intrusion Detection System (IDS) Rule-based IDS

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Computer Networks. Secure Systems

Computer Networks. Secure Systems Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to

More information

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0 APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations

More information

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of

More information

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng What Layer? /TLS IT443 Network Security Administration Instructor: Bo Sheng Application TCP IPSec IP LAN layer Application TCP IP LAN layer 1 2 History v2 proposed and deployed in Netscape 1.1 (1995) PCT

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication

More information

Bit Chat: A Peer-to-Peer Instant Messenger

Bit Chat: A Peer-to-Peer Instant Messenger Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

Computer security Lecture 9

Computer security Lecture 9 Computer security Lecture 9 Communications and network security Jonathan Jogenfors Communication and network security: Threat model Passive attacks: Eavesdropping, Wiretapping, Sniffing, and Traffic analysis

More information

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson Chapter 8 Network Security Slides adapted from the book and Tomas Olovsson Roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity Security protocols and measures: Securing

More information

Network Security Part II: Standards

Network Security Part II: Standards Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

More information

Computer Networks - CS132/EECS148 - Spring 2013 --------------------------------------------------------------------------

Computer Networks - CS132/EECS148 - Spring 2013 -------------------------------------------------------------------------- Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 5 Deadline : May 30th 9:30pm (hard and soft copies required) --------------------------------------------------------------------------

More information

Authenticity of Public Keys

Authenticity of Public Keys SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!

More information

CSE/EE 461 Lecture 23

CSE/EE 461 Lecture 23 CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data

More information

Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering.

Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering. CSE 127 Computer Security Fall 2011 More on network security Todays outline NAT, Firewalls IDS DDoS Chris Kanich (standing in for Hovav) [some slides courtesy Dan Boneh & John Mitchell] TCP/IP Protocol

More information

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610 Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS

More information

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

NETWORK SECURITY. Ch. 8: Defense Mechanism - Firewall

NETWORK SECURITY. Ch. 8: Defense Mechanism - Firewall NETWORK SECURITY Ch. 8: Defense Mechanism - Firewall Firewall A firewall is a hardware, software, or a combination of both that monitors and filters traffic packets that attempt to either enter or leave

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

CS 3251: Computer Networking 1 Security Protocols I

CS 3251: Computer Networking 1 Security Protocols I Georgia Tech CS 3251: Computer Networking 1 Security Protocols I Brad Reaves, PhD Student 11/21/13 (slides from Prof. Patrick Traynor) CS 3251 - Computer Networks I Last Time Trying to prove who you are

More information

Web Security Considerations

Web Security Considerations CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

8.2 The Internet Protocol

8.2 The Internet Protocol TCP/IP Protocol Suite HTTP SMTP DNS RTP Distributed applications Reliable stream service TCP UDP User datagram service Best-effort connectionless packet transfer Network Interface 1 IP Network Interface

More information

ΕΠΛ 674: Εργαστήριο 5 Firewalls

ΕΠΛ 674: Εργαστήριο 5 Firewalls ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized

More information

tcpcrypt Andrea Bittau, Dan Boneh, Mike Hamburg, Mark Handley, David Mazières, Quinn Slack Stanford, UCL

tcpcrypt Andrea Bittau, Dan Boneh, Mike Hamburg, Mark Handley, David Mazières, Quinn Slack Stanford, UCL tcpcrypt Andrea Bittau, Dan Boneh, Mike Hamburg, Mark Handley, David Mazières, Quinn Slack! Stanford, UCL Reminder: project goal IPsec SSH TLS Unencrypted TCP traffic today Not drawn to scale Reminder:

More information

True False questions (25 points + 5 points extra credit)

True False questions (25 points + 5 points extra credit) Student Name: ISA 656: Network Security Midterm Examination GENERAL INSTRUCTIONS The midterm is worth 110 points (including 10 extra credit points): 25 points of True/False and 75 points of short answer.

More information

Secure Sockets Layer

Secure Sockets Layer SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated

More information

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:

More information

18-731 Midterm. Name: Andrew user id:

18-731 Midterm. Name: Andrew user id: 18-731 Midterm 6 March 2008 Name: Andrew user id: Scores: Problem 0 (10 points): Problem 1 (10 points): Problem 2 (15 points): Problem 3 (10 points): Problem 4 (20 points): Problem 5 (10 points): Problem

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

More information

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication

More information

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline

More information

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31 IP address format: 7 24 Class A 0 Network ID Host ID 14 16 Class B 1 0 Network ID Host ID 21 8 Class C 1 1 0 Network ID Host ID 28 Class D 1 1 1 0 Multicast Address Dotted decimal notation: 10000000 00001011

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication

More information

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

Networking Test 4 Study Guide

Networking Test 4 Study Guide Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Early Recognition of Encrypted Applications

Early Recognition of Encrypted Applications Early Recognition of Encrypted Applications Laurent Bernaille with Renata Teixeira Laboratoire LIP6 CNRS Université Pierre et Marie Curie Paris 6 Can we find the application inside an SSL connection? Network

More information

Lecture 9 - Network Security TDTS41-2006 (ht1)

Lecture 9 - Network Security TDTS41-2006 (ht1) Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,

More information

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts

More information

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer

More information

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation

More information

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized Internet users

More information

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part III-b Contents Part III-b Secure Applications and Security Protocols Practical Security Measures Internet Security IPSEC, IKE SSL/TLS Virtual Private Networks Firewall Kerberos SET Security Measures

More information

Lab exercise: Working with Wireshark and Snort for Intrusion Detection

Lab exercise: Working with Wireshark and Snort for Intrusion Detection CS 491S: Computer and Network Security Fall 2008 Lab exercise: Working with Wireshark and Snort for Intrusion Detection Abstract: This lab is intended to give you experience with two key tools used by

More information

Security Protocols/Standards

Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards How do we actually communicate securely across a hostile network? Provide integrity, confidentiality, authenticity

More information

Network-Oriented Software Development. Course: CSc4360/CSc6360 Instructor: Dr. Beyah Sessions: M-W, 3:00 4:40pm Lecture 2

Network-Oriented Software Development. Course: CSc4360/CSc6360 Instructor: Dr. Beyah Sessions: M-W, 3:00 4:40pm Lecture 2 Network-Oriented Software Development Course: CSc4360/CSc6360 Instructor: Dr. Beyah Sessions: M-W, 3:00 4:40pm Lecture 2 Topics Layering TCP/IP Layering Internet addresses and port numbers Encapsulation

More information

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Socket Layer (SSL) and Transport Layer Security (TLS) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available

More information

Chapter 7: Network security

Chapter 7: Network security Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

More information

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300 Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300 This example explains how to configure pre-shared key based simple IPSec tunnel between NetScreen Remote Client and RN300 VPN Gateway.

More information

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002 INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before

More information

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and

More information

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS Eric Vyncke (@evyncke) Cisco Session ID: ARCH W01 Session Classification: Advanced Agenda Status of WorldWide IPv6 Deployment IPv6 refresher:

More information

General Network Security

General Network Security 4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those

More information

ELEN 689: Topics in Network Security: Firewalls. Ellen Mitchell Computing and Information Services 20 April 2006

ELEN 689: Topics in Network Security: Firewalls. Ellen Mitchell Computing and Information Services 20 April 2006 ELEN 689: Topics in Network Security: Firewalls Ellen Mitchell Computing and Information Services 20 April 2006 Firewall Historically: a wall constructed to prevent the spread of fire Firewall Function

More information

TLS and SRTP for Skype Connect. Technical Datasheet

TLS and SRTP for Skype Connect. Technical Datasheet TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security

More information

Rules definition for anomaly based intrusion detection

Rules definition for anomaly based intrusion detection Rules definition for anomaly based intrusion detection 2002 By Lubomir Nistor Introduction Intrusion detection systems (IDS) are one of the fastest growing technologies within the security space. Unfortunately,

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information