Chapter 8 Network Security
|
|
- Felicity Gardner
- 7 years ago
- Views:
Transcription
1 8: Network Security 81 and Intranet Protocols and pplications Lecture 7: Security 2 Feb 21, 2006 rthur Goldberg oputer Science Departent New York University artg@csnyuedu ssuing that you ve learned the rest fro the reading, in class we will only cover slides with titles in italics 8: Network Security 82 hapter 8 Network Security note on the use of these ppt slides: We re aking these slides freely available to all (faculty, students, readers) They re in PowerPoint for so you can add, odify, and delete slides (including this one) and slide content to suit your needs They obviously represent a lot of work on our part In return for use, we only ask the following: If you use these slides (eg, in a class) in substantially unaltered for, that you ention their source (after all, we d like people to use our book!) If you post any slides in substantially unaltered for on a www site, that you note that they are adapted fro (or perhaps identical to) our slides, and note our copyright of this aterial Thanks and enjoy! JFK/KWR ll aterial copyright JF Kurose and KW Ross, ll Rights Reserved oputer Networking: Top Down pproach Featuring the, 3 rd edition Ji Kurose, Keith Ross ddisonwesley, July : Network Security 83 RS: another iportant property Trusted Interediaries Key Distribution enter (KD) The following property will be very useful later: K (K ()) = = K (K ()) use key first, followed by private key use private key first, followed by key Result is the sae! Syetric key proble: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KD) acting as interediary between entities Public key proble: When lice obtains ob s key (fro web site, eail, diskette), how does she know it is ob s key, not Trudy s? Solution: trusted certification authority () lice, ob need shared syetric key KD: server shares different secret key with each registered user (any users) lice, ob know own syetric keys, K KD KD, for counicating with KD KD K PKD K KD KD K K PKD KD K XKD K YKD K ZKD KD 8: Network Security 84 8: Network Security 85 8: Network Security 86
2 8: Network Security 87 Key Distribution enter (KD) Q: How does KD allow ob, lice to deterine shared syetric secret key to counicate with each other? lice knows R1 K KD (,) K KD (R1, KD (,R1) ) KD (,R1) KD generates R1 lice and ob counicate: using R1 as session key for shared syetric encryption ob knows to use R1 to counicate with lice ertification uthorities ertification authority (): binds key to particular entity, E E (person, router) registers its key with E provides proof of identity to creates certificate binding E to its key certificate containing E s key digitally signed by says this is E s key certificate ob s digital containing signature ob s key K (encrypt) key, signed by ob s private identifying key K inforation 8: Network Security 88 ertification uthorities When lice wants ob s key: gets ob s certificate (ob or elsewhere) apply s key to ob s certificate, get ob s key digital signature (decrypt) key K ob s key 8: Network Security 89 certificate contains: Serial nuber (unique to issuer) info about certificate owner, including algorith and key value itself (not shown) info about certificate issuer valid dates digital signature by issuer hapter 8 roadap 81 What is network security? 82 Principles of cryptography 83 uthentication 84 Integrity 85 Key Distribution and certification 86 ccess control: firewalls 87 ttacks and counter easures 88 Security in any layers Firewalls firewall isolates organization s internal net fro larger, allowing soe packets to pass, blocking others adinistered network firewall 8: Network Security 810 8: Network Security 811 8: Network Security 812
3 8: Network Security 813 Firewalls: Why prevent denial of service attacks: flooding: attacker establishes any bogus TP connections, no resources left for real connections prevent illegal odification/access of internal data eg, attacker replaces I s hoepage with soething else allow only authorized access to inside network (set of authenticated users/hosts) two types of firewalls: applicationlevel packetfiltering Packet Filtering Should arriving packet be allowed in? Departing packet let out? internal network connected to via router firewall router filters packetbypacket, decision to forward/drop packet based on: source IP address, destination IP address TP/UDP source and destination port nubers IMP essage type TP and K bits 8: Network Security 814 Packet Filtering Exaple 1: block incoing and outgoing datagras with IP protocol field = 17 and with either source or dest port = 23 ll incoing and outgoing UDP flows and telnet connections are blocked Exaple 2: lock inbound TP segents with K=0 Prevents external clients fro aking TP connections with internal clients, but allows internal clients to connect to outside 8: Network Security 815 pplication gateways Filters packets on application data as well as on IP/TP/UDP fields Exaple: allow select internal users to telnet outside hosttogateway telnet session application gateway gatewaytoreote host telnet session router and filter 1 Require all telnet users to telnet through gateway 2 For authorized users, gateway sets up telnet connection to dest host Gateway relays data between 2 connections 3 Router filter blocks all telnet connections not originating fro gateway 8: Network Security 816 Liitations of firewalls and gateways IP spoofing: router can t know if data really coes fro claied source if ultiple app s need special treatent, each has own app gateway client software ust know how to contact gateway eg, ust set IP address of proxy in Web browser filters often use all or nothing policy for UDP tradeoff: degree of counication with outside world, level of security any highly protected sites still suffer fro attacks 8: Network Security 817 hapter 8 roadap 81 What is network security? 82 Principles of cryptography 83 uthentication 84 Integrity 85 Key Distribution and certification 86 ccess control: firewalls 87 ttacks and counter easures 88 Security in any layers 8: Network Security 818
4 8: Network Security 819 Mapping: before attacking: case the joint find out what services are ipleented on network Use ping to deterine what hosts have addresses on network Portscanning: try to establish TP connection to each port in sequence (see what happens) nap ( apper: network exploration and security auditing Mapping: countereasures record traffic entering network look for suspicious activity (IP addresses, ports being scanned sequentially) Packet sniffing: broadcast edia proiscuous NI reads all packets passing by can read all unencrypted data (eg passwords) eg: sniffs s packets ountereasures? 8: Network Security 820 ountereasures? src: dest: payload 8: Network Security 821 Packet sniffing: countereasures all hosts in organization run software that checks periodically if host interface in proiscuous ode one host per segent of broadcast edia (switched Ethernet at hub) IP Spoofing: can generate raw IP packets directly fro application, putting any value into IP source address field receiver can t tell if source is spoofed eg: pretends to be IP Spoofing: ingress filtering routers should not forward outgoing packets with invalid source addresses (eg, datagra source address not in router s network) great, but ingress filtering can not be andated for all networks src: dest: payload 8: Network Security 822 ountereasures? src: dest: payload 8: Network Security 823 src: dest: payload 8: Network Security 824
5 8: Network Security 825 hapter 8 roadap Denial of service (DOS): flood of aliciously generated packets swap receiver Distributed DOS (DDOS): ultiple coordinated sources swap receiver eg, and reote host attack ountereasures? Denial of service (DOS): countereasures filter out flooded packets (eg, ) before reaching host: throw out good with bad traceback to source of floods (ost likely an innocent, coproised achine) 8: Network Security What is network security? 82 Principles of cryptography 83 uthentication 84 Integrity 85 Key Distribution and certification 86 ccess control: firewalls 87 ttacks and counter easures 88 Security in any layers 881 Secure eail 882 Secure sockets 883 IPsec 884 Security in : Network Security 827 Secure eail Secure eail Secure eail (continued) lice wants to send confidential eail,, to ob ( ) ( ) ( ) ( ) lice: generates rando syetric private key, encrypts essage with (for efficiency) also encrypts with ob s key sends both () and ( ) to ob ( ) ( ) ( ) ( ) 8: Network Security 828 lice wants to send confidential eail,, to ob ob: ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) uses his private key to decrypt and recover uses to decrypt () to recover 8: Network Security 829 lice wants to provide sender authentication essage integrity K Ā H( ) K ( ) K (H()) K (H()) K ( ) H( ) lice digitally signs essage sends both essage (in the clear) and digital signature K H( ) copare H( ) 8: Network Security 830
6 8: Network Security 831 Secure eail (continued) Pretty good privacy (PGP) Secure sockets layer (SSL) lice wants to provide secrecy, sender authentication, essage integrity K Ā H( ) K (H()) K ( ) ( ) lice uses three keys: her private key, ob s key, newly created syetric key ( ) ( ) eail encryption PGP signed essage: schee, defacto standard EGIN PGP SIGNED MESSGE uses syetric key Hash: SH1 cryptography, key ob:my husband is out of town cryptography, hash tonightpassionately yours, function, and digital lice signature as described EGIN PGP SIGNTURE provides secrecy, sender Version: PGP 50 authentication, integrity harset: noconv inventor, Phil Zieran, yhhjrhhgjghgg/12epjlo8ge4v3qjh FEvZP9t6n7G65Gw2 was target of 3year END PGP SIGNTURE federal investigation transport layer security to any TPbased app using SSL services used between Web browsers, servers for ecoerce (shttp) security services: server authentication data encryption client authentication (optional) server authentication: SSLenabled browser includes keys for trusted s rowser requests server certificate, issued by trusted rowser uses s key to extract server s key fro certificate check your browser s security enu to see its trusted s 8: Network Security 832 8: Network Security 833 SSL (continued) Encrypted SSL session: rowser generates syetric session key, encrypts it with server s key, sends encrypted key to server Using private key, server decrypts session key rowser, server know session key ll data sent into TP socket (by client or server) encrypted with session key SSL: basis of IETF Transport Layer Security (TLS) SSL can be used for nonweb applications, eg, IMP lient authentication can be done with client certificates 8: Network Security 834
Network Security in Practice
Network Security in Practice Practices of Network Security ccess control: firewalls ttacks and counter measures Security protocol case studies Kai Shen 12/8/2014 CSC 257/457 - Fall 2014 1 12/8/2014 CSC
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationTCP/IP Performance over Wireless Networks
TP ongestion ontrol (2) hapter 6 n example of the congestion algorithm. TP/IP Performance over Wireless Networks Objectives ontents Gain a high-level overview of the most widely used wireless networks
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationFIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others
FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker
More informationChapter 8 Network Security
[Computer networking, 5 th ed., Kurose] Chapter 8 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 84Securing 8.4 e-mail 8.5 Securing TCP connections: SSL 8.6 Network
More informationFirewall Tutorial. KAIST Dept. of EECS NC Lab.
Firewall Tutorial KAIST Dept. of EECS NC Lab. Contents What is Firewalls? Why Firewalls? Types of Firewalls Limitations of firewalls and gateways Firewalls in Linux What is Firewalls? firewall isolates
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication
More informationCS 3251: Computer Networking 1 Security Protocols I
Georgia Tech CS 3251: Computer Networking 1 Security Protocols I Brad Reaves, PhD Student 11/21/13 (slides from Prof. Patrick Traynor) CS 3251 - Computer Networks I Last Time Trying to prove who you are
More informationSecurity & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173
Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationNetwork Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering
Network Security by David G. Messerschmitt Supplementary section for Understanding Networked Applications: A First Course, Morgan Kaufmann, 1999. Copyright notice: Permission is granted to copy and distribute
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationINTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002
INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationInternet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering
Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationProtocol Security Where?
IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos
More informationNetzwerksicherheit: Anwendungen
Internet-Technologien (CS262) Netzwerksicherheit: Anwendungen 22. Mai 2015 Christian Tschudin & Thomas Meyer Departement Mathematik und Informatik, Universität Basel Chapter 8 Security in Computer Networks
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationChapter 8 Network Security
Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationVLAN und MPLS, Firewall und NAT,
Internet-Technologien (CS262) VLAN und MPLS, Firewall und NAT, 15.4.2015 Christian Tschudin Departement Mathematik und Informatik, Universität Basel 6-1 Wiederholung Unterschied CSMA/CD und CSMA/CA? Was
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationPrinciples of Network Applications. Dr. Philip Cannata
Principles of Network Applications Dr. Philip Cannata 1 Chapter 2 Application Layer A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers).
More informationChapter 32 Internet Security
Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3
More informationPrinciples of Network Security
he Network Security Model Bob and lice want to communicate securely. rudy (the adversary) has access to the channel. lice channel data, control s Bob Kai Shen data secure sender secure receiver data rudy
More informationChapter 4 Network Layer
Chapter 4 Network Layer A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and delete
More informationE-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
More informationT-79.159 Cryptography and Data Security
T-79.159 Cryptography and Data Security Lecture 11: Security systems using public keys 11.1 PGP Kaufman et al: Ch 17, 11.2 SSL/TLS 18, 19 11.3 IPSEC Stallings: Ch 16,17 1 Pretty Good Privacy Email encryption
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationChapter 6: Network Access Control
Managing and Securing Computer Networks Guy Leduc Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section 8.9) Chapter 6: Network Access Control
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationCompter Networks Chapter 9: Network Security
Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationCSE331: Introduction to Networks and Security. Lecture 12 Fall 2006
CSE331: Introduction to Networks and Security Lecture 12 Fall 2006 Announcements Midterm I will be held Friday, Oct. 6th. True/False Multiple Choice Calculation Short answer Short essay Project 2 is on
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationInternet Privacy Options
2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms
More informationSolution of Exercise Sheet 5
Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????
More informationNetwork Management: - SNMP - Software Defined networking
Internet-Technologien (CS262) Network Management: - SNMP - Software Defined networking 23.4.2014 Christian Tschudin Departement Mathematik und Informatik, Universität Basel 9-1 Chapter 9 Network Management
More informationE-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.
Copyright 2007 Pearson Education, Inc. Slide 5-1 E-commerce business. technology. society. Second Edition Kenneth C. Laudon Carol Guercio Traver Copyright 2007 Pearson Education, Inc. Slide 5-2 Chapter
More informationAPWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/
DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing
More informationIPsec Details 1 / 43. IPsec Details
Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS
More informationCMPSCI 453 Computer Networking. Professor V. Arun Department of Computer Science University of Massachusetts Amherst
CMPSCI 453 Computer Networking Professor V. Arun Department of Computer Science University of Massachusetts Amherst 1 What is this course about? introductory (first) course in computer networking q learn
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationNetwork Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec
Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More informationAPNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &
More informationNetwork Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik
Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and
More informationThis Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same.
This Lecture The Internet and Sockets Computer Security Tom Chothia How the Internet works. Some History TCP/IP Some useful network tools: Nmap, WireShark Some common attacks: The attacker controls the
More informationI. What is VPN? II. Types of VPN connection. There are two types of VPN connection:
Table of Content I. What is VPN?... 2 II. Types of VPN connection... 2 III. Types of VPN Protocol... 3 IV. Remote Access VPN configuration... 4 a. PPTP protocol configuration... 4 Network Topology... 4
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationCisco Configuring Commonly Used IP ACLs
Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow
More informationNetwork Security Fundamentals
APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationSecure Client Applications
Secure Client Applications Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 26 June 2014 Common/Reports/secure-client-apps.tex, r900 1/26 Acronyms
More informationProxy firewalls. thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/
Proxy firewalls thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Proxy Firewalls How Proxy Firewalls Work Forward / Reverse Proxies Application-Level Proxies Gateways (Circuit-Level
More informationChapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Firewall 1 Basic firewall concept Roadmap Filtering firewall Proxy firewall Network Address Translation
More informationIntranet, Extranet, Firewall
Indian Institute of Technology Kharagpur Intranet, Extranet, Firewall Prof. Indranil Sen Gupta Dept. of Computer Science & Engg. I.I.T. Kharagpur, INDIA Lecture 31: Intranet, Extranet, Firewall On completion,
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:
Managing and Securing Computer Networks Guy Leduc Chapter 3: Securing applications Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section 8.5)
More informationChapter 6 Wireless and Mobile Networks
Chapter 6 Wireless and Mobile Networks A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations;
More informationVirtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN
Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts
More informationIs your data safe out there? -A white Paper on Online Security
Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects
More informationCSCI 454/554 Computer and Network Security. Topic 8.1 IPsec
CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationNetwork Security. Raj Jain. The Ohio State University. Columbus, OH 43210 Jain@CIS.Ohio-State.Edu http://www.cis.ohio-state.edu/~jain/ Raj Jain 31-1
Network Security Columbus, OH 43210 Jain@CIS.Ohio-State.Edu http://www.cis.ohio-state.edu/~jain/ 31-1 Overview Security Aspects Secret Key and Public Key Encryption Firewalls: Packet Filter, Bastion Host,
More informationSOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall
SOFTWARE ENGINEERING 4C03 Computer Networks & Computer Security Network Firewall HAO WANG #0159386 Instructor: Dr. Kartik Krishnan Mar.29, 2004 Software Engineering Department of Computing and Software
More informationNetwork Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)
Network Security Securing communications (SSL/TLS and IPSec) Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Network communication Who are you
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationInternet Ideal: Simple Network Model
Middleboxes Reading: Ch. 8.4 Internet Ideal: Simple Network Model Globally unique identifiers Each node has a unique, fixed IP address reachable from everyone and everywhere Simple packet forwarding Network
More informationTECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK
TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK 2002 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation to the Centre
More informationIntroduction to Computer Security
Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation
More informationLecture G1 Privacy, Security, and Cryptography. Computing and Art : Nature, Power, and Limits CC 3.12: Fall 2007
Lecture G1 Privacy, Security, and Cryptography Computing and Art : Nature, Power, and Limits CC 3.12: Fall 2007 Functionalia Instructor Chipp Jansen, chipp@sci.brooklyn.cuny.edu Course Web Page http://www.sci.brooklyn.cuny.edu/~chipp/cc3.12/
More informationETSF10 Part 3 Lect 2
ETSF10 Part 3 Lect 2 DHCP, DNS, Security Jens A Andersson Electrical and Information Technology DHCP Dynamic Host Configuration Protocol bootp is predecessor Alternative: manual configuration IP address
More informationCISCO IOS NETWORK SECURITY (IINS)
CISCO IOS NETWORK SECURITY (IINS) SEVENMENTOR TRAINING PVT.LTD [Type text] Exam Description The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification.
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationOutline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg
Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright
More informationHow To Stop A Ddos Attack On A Network From Tracing To Source From A Network To A Source Address
Inter-provider Coordination for Real-Time Tracebacks Kathleen M. Moriarty 2 June 2003 This work was sponsored by the Air Force Contract number F19628-00-C-002. Opinions, interpretations, conclusions, and
More informationInternet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011
Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationContent Distribution Networks (CDN)
229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the
More informationLecture 2-ter. 2. A communication example Managing a HTTP v1.0 connection. G.Bianchi, G.Neglia, V.Mancuso
Lecture 2-ter. 2 A communication example Managing a HTTP v1.0 connection Managing a HTTP request User digits URL and press return (or clicks ). What happens (HTTP 1.0): 1. Browser opens a TCP transport
More informationChapter 8 Network Security. Slides adapted from the book and Tomas Olovsson
Chapter 8 Network Security Slides adapted from the book and Tomas Olovsson Roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity Security protocols and measures: Securing
More informationOverview of Network Security
Overview of Network Security from à Computer Networking: A Top Down Approach, 4 th edition. Jim Kurose, Keith Ross AddisonWesley, July 2007. 81 Roadmap: What is network security? Principles of cryptography
More informationProtecting Small Keys in Authentication Protocols for Wireless Sensor Networks
Protecting Sall Keys in Authentication Protocols for Wireless Sensor Networks Kalvinder Singh Australia Developent Laboratory, IBM and School of Inforation and Counication Technology, Griffith University
More informationFirewalls (IPTABLES)
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
More informationChapter 37. Secure Networks
Chapter 37 Network Security (Access Control, Encryption, Firewalls) Secure Networks Secure network is not an absolute term Need to define security policy for organization Network security policy cannot
More informationFirewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.
Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and
More information