# Midterm. Name: Andrew user id:

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 Midterm 6 March 2008 Name: Andrew user id: Scores: Problem 0 (10 points): Problem 1 (10 points): Problem 2 (15 points): Problem 3 (10 points): Problem 4 (20 points): Problem 5 (10 points): Problem 6 (10 points): Problem 7 (15 points): Total (Max 100 points): 1

2 Problem 0: Very Simple Warmup Problems (10 Points) a) (2 points) A TCP ISN is generated by computing a block cipher encrypt operation on the current ISN with an N-bit key that provides sufficient security until year The following ISN is the least 32 bits of the block cipher output. More formally: ISN i+1 = [{ISN i } K ] 32. What value would you suggest for the key size N? If the attacker uses 1 million 1GHz processor machines in parallel, how many years would it take to predict the next ISN? Justify your answer. b) (2 points) What is the probability of a forged packet with a MAC of length n bits to be accepted by the receiver? c) (2 points) What is the minimal size of the MAC if one wants a probability of less than 10 9 for a forged packet to be accepted? d) (4 points) Suppose that a hash function H takes an 8-bit input and has an 8-bit output. Graph the probability of finding two different inputs with the same hash value given a certain number of trials. No need to compute any fancy equations, simply draw an approximate curve. 2

3 Problem 1: Next Generation Secure Internet (10 Points) a) (5 points) One of the major features of the AIP protocol is to provide self-certification for the public key of a domain. Using such a self-certification scheme, can the AIP protocol be implemented completely without the use of a PKI? If yes, explain why is it possible. If not, provide a case where AIP does rely on a PKI. b) (5 points) Recall the accountability service mechanism we read in the paper by Bender et al. Their Strawman approach relies on each sender having a PKI certificate and the sender signing each packet with the private key. To achieve a more efficient mechanism, the authors propose to essentially set up shared secret keys using Diffie-Hellman-based public-key certificates and using the shared secret to attach a MAC to each packet (no need to go into more details here). Is non-repudiation still achieved in the more efficient version? Explain why or why not. If not, how would you redesign the scheme to achieve non-repudiation? 3

4 Problem 2: SSL (15 Points) Recall the SSL handshake protocol taught in class, in this case using ephemeral DH key agreement: C client hello S server hello server certificate server key exchange server hello done Ephemeral DH key exchange Contains RSA public key certificate g, p, g s mod p, {H(g,q,g s mod p)} KS 1 client key exchange change cipherspec finished g c mod p Compute keys, set up ciphers Contains authenticator for early messages change cipherspec finished Compute keys, set up ciphers Contains authenticator for early messages a) (5 points) An attacker wants to perform a computational DoS attack on the server using one of the messages of the SSL handshake protocol. Which message or sequence of messages should the attacker use to launch a DoS attack on the server? Explain why. 4

5 b) (5 points) Using the attack you came up with in a), how many messages should the attacker send to saturate the computational resources of the server? Explain your reasoning. c) (5 points) Describe a scheme to prevent such a DoS attack. 5

6 Problem 3: TCP/IP Defenses (10 points) Guessing or knowing the initial TCP sequence number (ISN) that a server will choose enables an attacker to establish a TCP connection with a server impersonating another node. What are the advantages and disadvantages of the following solutions with respect to mitigating the attack? What modifications in the behavior of TCP result by implementing the solution? a) (3 points) The server selects an initial sequence number based on the following oneway hash chain construction. The server picks a random 128-bit value v 0, and derives subsequent one-way chain values with v i+1 = MD5(v i ). For connection i, the server uses the least significant 32 bits of one-way chain value [v i ] 32. b) (3 points) The server selects an initial sequence number based on the following one-way hash chain construction. The server picks a random 128-bit value v n, and derives previous one-way chain values with v i = MD5(v i+1 ). For connection i, the server uses the least significant 32 bits of one-way chain value [v i ] 32. c) (4 points) The server selects an initial sequence number based on the following one-way hash chain construction. The server picks a random 32-bit value v n, and derives previous one-way chain values with v i = [MD5(v i+1 )] 32. For connection i, the server uses the 32 bit one-way chain value v i for the ISN. 6

7 Problem 4: Securing BGP (20 Points) 1. (12 points) An attack has happened and we would like you to explain what is the likely cause of the attack and what is the likely defense measure that the victim has taken. To illustrate the attack, we provide the three consecutive snapshots. Each graph represents the BGP routing activity for the destination IP address at a given time. A number in a snapshot represents a BGP Autonomous System (AS) number. A solid line indicates a route to the destination (i.e., ). Describe the most likely scenario that could explain the sequence of depicted snapshots. In particular, describe the actions taken between every two snapshots. Figure 1: Snapshot 1. 7

8 Figure 2: Snapshot 2. Figure 3: Snapshot 3. 8

9 2. (8 points) In class, we have seen that the current BGP protocol is vulnerable to prefix hijack. Researchers have proposed several schemes to detect that a prefix is being hijacked. One of the proposal consists in collecting BGP updates from a large number of collection points (i.e., from different parts of the world). Upon noticing a change in the originating Autonomous System (i.e., the first inserted AS in the AS PATH), e.g., from AS XYZ to AS ABC, an would be automatically sent to network XYZ to notify it of a potential prefix hijack. The following figure depicts the infrastructure of the proposal. We assume that the deployment of the infrastructure is not an issue, and that we can indeed collect BGP UPDATES from a large and diverse number of sites. We further assume that at the initial state, there is no prefix hijack. What is then the major challenge with this scheme? Mail server of AS 103 Mail server BGP of AS 105 Collector BGP AS 103 BGP AS 105 Mail server BGP of AS 101 Collector Mail server BGP of AS 104 Collector BGP AS 101 Mail server of AS 102 BGP AS 104 Mail server of AS 76 BGP AS 102 BGP AS 76 Figure 4: Detecting IP Prefix Hijack. 9

10 Problem 5: Vehicular Ad Hoc Networks (10 Points) (10 points) An amateur researcher analyses the characteristics of VANET messages that were exchanged in a particular VANET application. Her analysis reveals that the messages are frequent (about one every 10 milliseconds) but short (around 20 bytes). She also notes that signing each short message is time consuming. So she proposes to her adviser that these short messages can be grouped together and signed using a Bloom filter. Describe how such a scheme could work to achieve efficient signature of the messages using the Bloom filter as a component. Describe one advantage and two disadvantages of the resulting approach. 10

11 Problem 6: Intrusion Detection (10 Points) a) (5 points) A student of Secure Programming class (yeah, the same student who haunted you in homework 1), decides to implement a fail-open NIDS for her final project. Having learnt the principles of secure coding she avoids using any piece of code that could be exploited to launch memory overrun attacks like buffer overflow attacks. To gain extra credits, she decides to implement caching of web objects so that her NIDS can act as a proxy too. To achieve this, she refers to the Squid proxy implementation and implements caching using an in-memory hash table with the HTTP request method (i.e., GET, HEAD etc.) and the URL in question as a key to the hash table. However, her mentor for this project informs her of the possibility of an attack on this approach (as identified by you in homework 1). As a good friend of her, advise her on how to evade such attacks without much compromise in the performance/functionality of the NIDS/Proxy. b) (5 points) Consider an inline active-response intrusion detection product (often called Intrusion Prevention Systems, these apply stateful packet inspection beyond traditional TCP/IP protocols, and examine application data streams) that reconfigures your firewall rules to automatically block further connections from the attack source address for a certain period of time. Give two advantages and two disadvantages of this approach compared to a traditional NIDS, and describe where/when it might be beneficial to employ such a technology. 11

13 c) (5 points) Describe how to generate keys using MARKS. Using the diagram below, show how keys B and O are generated. What key(s) will allow a member to receive data for time T2 - T8? 13

### Client Server Registration Protocol

Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

### Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection

### Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

### SSL A discussion of the Secure Socket Layer

www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record

### CS5008: Internet Computing

CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

### Overview. SSL Cryptography Overview CHAPTER 1

CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

### Protocol Rollback and Network Security

CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

### 12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Review Final Exam 12/10/2015 Thursday 5:30~6:30pm Science S-3-028 IT443 Network Security Administration Instructor: Bo Sheng True/false Multiple choices Descriptive questions 1 2 Network Layers Application

### Security Sensor Network. Biswajit panja

Security Sensor Network Biswajit panja 1 Topics Security Issues in Wired Network Security Issues in Wireless Network Security Issues in Sensor Network 2 Security Issues in Wired Network 3 Security Attacks

### Computer Networks - CS132/EECS148 - Spring 2013 --------------------------------------------------------------------------

Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 5 Deadline : May 30th 9:30pm (hard and soft copies required) --------------------------------------------------------------------------

### Chapter 10. Network Security

Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

### First Semester Examinations 2011/12 INTERNET PRINCIPLES

PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2011/12 INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS TO CANDIDATES

### A1.1.1.11.1.1.2 1.1.1.3S B

CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security

### CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

### 9/15: Security problems with TCP/IP

9/15: Security problems with TCP/IP Scribe: Derek Leung The TCP and IP protocols have been a classic area of focus for network security owing to their ubiquity, age, and importance. Designed at a time

### Linux Network Security

Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

### Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:

### Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures

### Bit Chat: A Peer-to-Peer Instant Messenger

Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one

### CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

### Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

### Secure Sockets Layer

SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated

### Lab 7. Answer. Figure 1

Lab 7 1. For each of the first 8 Ethernet frames, specify the source of the frame (client or server), determine the number of SSL records that are included in the frame, and list the SSL record types that

### 20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

### Transport Level Security

Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

### SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

### INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002

INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before

### Firewalls and Intrusion Detection

Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

### CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay

CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement

### SPINS: Security Protocols for Sensor Networks

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, J.D. Tygar, Victor Wen, and David Culler Department of Electrical Engineering & Computer Sciences, University of California

### Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

### JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router

### Chapter 17. Transport-Level Security

Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

### Application Intrusion Detection

Application Intrusion Detection Drew Miller Black Hat Consulting Application Intrusion Detection Introduction Mitigating Exposures Monitoring Exposures Response Times Proactive Risk Analysis Summary Introduction

### Firewalls. configuring a sophisticated GNU/Linux firewall involves understanding

Firewalls slide 1 configuring a sophisticated GNU/Linux firewall involves understanding iptables iptables is a package which interfaces to the Linux kernel and configures various rules for allowing packets

### Cornerstones of Security

Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

### Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

### Steelcape Product Overview and Functional Description

Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session

### 12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

### Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption

### The Secure Sockets Layer (SSL)

Due to the fact that nearly all businesses have websites (as well as government agencies and individuals) a large enthusiasm exists for setting up facilities on the Web for electronic commerce. Of course

### Tema 5.- Seguridad. Problemas Soluciones

Tema 5.- Seguridad Problemas Soluciones Wireless medium is easy to snoop on Routing security vulnerabilities Due to ad hoc connectivity and mobility, it is hard to guarantee access to any particular node

### IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,

### Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

### SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview

### Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:

### Communication Systems SSL

Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security

### Name: 1. CSE331: Introduction to Networks and Security Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35.

Name: 1 CSE331: Introduction to Networks and Security Final Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35 Total /135 Do not begin the exam until you are told to do so. You

### EXAM questions for the course TTM4135 - Information Security May 2013. Part 1

EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

### CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

### Overview. SSL Cryptography Overview CHAPTER 1

CHAPTER 1 Secure Sockets Layer (SSL) is an application-layer protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

### ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035

ECE-8843 http://www.csc.gatech.edu/copeland/jac/8813-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT Bldg 579 email or call for office visit, or call

### Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

OS Appl. CSC/ECE 574 Computer and Network Security Outline I. Overview II. The Record Protocol III. The Handshake and Other Protocols Topic 8.3 /TLS 1 2 Reminder: What Layer? Overview of 3 4 Protocols

### We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,

### Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator

### Communication Security for Applications

Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer

### Overview of CSS SSL. SSL Cryptography Overview CHAPTER

CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

### Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

### , ) I Transport Layer Security

Secure Sockets Layer (SSL, ) I Transport Layer Security _ + (TLS) Network Security Products S31213 UNCLASSIFIED Location of SSL -L Protocols TCP Ethernet IP SSL Header Encrypted SSL data= HTTP " Independent

### co Characterizing and Tracing Packet Floods Using Cisco R

co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1

### Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

### Web Security. Mahalingam Ramkumar

Web Security Mahalingam Ramkumar Issues Phishing Spreading misinformation Cookies! Authentication Domain name DNS Security Transport layer security Dynamic HTML Java applets, ActiveX, JavaScript Exploiting

### CSC 774 -- Network Security

CSC 774 -- Network Security Topic 6: Transport Layer Security Dr. Peng Ning CSC 774 Network Security 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version

### Wireless Network Security 14-814 Spring 2014

Wireless Network Security 14-814 Spring 2014 Patrick Tague Class #8 Broadcast Security & Key Mgmt 1 Announcements 2 Broadcast Communication Wireless networks can leverage the broadcast advantage property

### CSC 474 Information Systems Security

CSC 474 Information Systems Security Topic 4.5 Transport Layer Security CSC 474 Dr. Peng Ning 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version

### Practice Questions. CS161 Computer Security, Fall 2008

Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice

### CSE 473 Introduction to Computer Networks. Exam 2 Solutions. Your name: 10/31/2013

CSE 473 Introduction to Computer Networks Jon Turner Exam Solutions Your name: 0/3/03. (0 points). Consider a circular DHT with 7 nodes numbered 0,,...,6, where the nodes cache key-values pairs for 60

### CS 3251: Computer Networking 1 Security Protocols I

Georgia Tech CS 3251: Computer Networking 1 Security Protocols I Brad Reaves, PhD Student 11/21/13 (slides from Prof. Patrick Traynor) CS 3251 - Computer Networks I Last Time Trying to prove who you are

### CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter

### High-speed cryptography and DNSCurve. D. J. Bernstein University of Illinois at Chicago

High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing Internet mail: easy! Given a mail message: Your mail software sends a DNS request, receives a server address,

### THE UNIVERSITY OF TRINIDAD & TOBAGO

THE UNIVERSITY OF TRINIDAD & TOBAGO FINAL ASSESSMENT/EXAMINATIONS DECEMBER 2013 ALTERNATE Course Code and Title: TCOM3003 Communication Security and Privacy Programme: Bachelor of Applied Science in Computer

### Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

### Sage 300 ERP Online. Mac Resource Guide. (Formerly Sage ERP Accpac Online) Updated June 1, 2012. Page 1

Sage 300 ERP Online (Formerly Sage ERP Accpac Online) Mac Resource Guide Updated June 1, 2012 Page 1 Table of Contents 1.0 Introduction... 3 2.0 Getting Started with Sage 300 ERP Online using a Mac....

Ariadne A Secure On-Demand Routing Protocol for Ad-Hoc Networks Authors: Yih-Chun Hu, Adrian Perrig, David B Johnson Presenter: Sameer Korrapati Date: 4/21/2003 Overview of presentation Introduction :

### Sage ERP Accpac Online

Sage ERP Accpac Online Mac Resource Guide Thank you for choosing Sage ERP Accpac Online. This Resource Guide will provide important information and instructions on how you can get started using your Mac

### Network Security Part II: Standards

Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

### Implementing Cisco IOS Network Security

Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles

### Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Managing and Securing Computer Networks Guy Leduc Chapter 4: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section

### THE UNIVERSITY OF AUCKLAND

COMPSCI 742 THE UNIVERSITY OF AUCKLAND SECOND SEMESTER, 2008 Campus: City COMPUTER SCIENCE Data Communications and Networks (Time allowed: TWO hours) NOTE: Attempt all questions. Calculators are NOT permitted.

### Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

### Chapter 7 Transport-Level Security

Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

### Three attacks in SSL protocol and their solutions

Three attacks in SSL protocol and their solutions Hong lei Zhang Department of Computer Science The University of Auckland zhon003@ec.auckland.ac.nz Abstract Secure Socket Layer (SSL) and Transport Layer

### 7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

### Configuring SSL Termination

CHAPTER 4 This chapter describes the steps required to configure a CSS as a virtual SSL server for SSL termination. It contains the following major sections: Overview of SSL Termination Creating an SSL

### How the Great Firewall discovers hidden circumvention servers. Roya Ensafi David Fifield Philipp Winter Nick Weaver Nick Feamster Vern Paxson

How the Great Firewall discovers hidden circumvention servers Roya Ensafi David Fifield Philipp Winter Nick Weaver Nick Feamster Vern Paxson Much already known about GFW Numerous research papers and blog

### Network Security. Mobin Javed. October 5, 2011

Network Security Mobin Javed October 5, 2011 In this class, we mainly had discussion on threat models w.r.t the class reading, BGP security and defenses against TCP connection hijacking attacks. 1 Takeaways

### Network Security Course Specifications2011-2012

Assiut University Faculty of Computers & Information Department of Information Technology Quality Assurance Unit Network Security Course Specifications2011-2012 Relevant program B.Sc. in Computers and

### GlobalSCAPE DMZ Gateway, v1. User Guide

GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical

### Security: Focus of Control. Authentication

Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

### Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering.

CSE 127 Computer Security Fall 2011 More on network security Todays outline NAT, Firewalls IDS DDoS Chris Kanich (standing in for Hovav) [some slides courtesy Dan Boneh & John Mitchell] TCP/IP Protocol

### Final for ECE374 05/06/13 Solution!!

1 Final for ECE374 05/06/13 Solution!! Instructions: Put your name and student number on each sheet of paper! The exam is closed book. You have 90 minutes to complete the exam. Be a smart exam taker -

### Virtual Private Networks

Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication

### Transport and Network Layer

Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

### HTTP Reverse Proxy Scenarios

Sterling Secure Proxy HTTP Reverse Proxy Scenarios Version 3.4 Sterling Secure Proxy HTTP Reverse Proxy Scenarios Version 3.4 Note Before using this information and the product it supports, read the information

### Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

### Packet Sniffing on Layer 2 Switched Local Area Networks

Packet Sniffing on Layer 2 Switched Local Area Networks Ryan Spangler ryan@packetwatch.net Packetwatch Research http://www.packetwatch.net December 2003 Abstract Packet sniffing is a technique of monitoring