EE 7376: Introduction to Computer Networks. Homework #3: Network Security, , Web, DNS, and Network Management. Maximum Points: 60

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "EE 7376: Introduction to Computer Networks. Homework #3: Network Security, Email, Web, DNS, and Network Management. Maximum Points: 60"

Transcription

1 EE 7376: Introduction to Computer Networks Homework #3: Network Security, , Web, DNS, and Network Management Maximum Points: Network security attacks that have to do with eavesdropping on, or monitoring, transmissions are called passive threats. Whereas, attacks that include the modification of the transmitted data and attempts to gain unauthorized access to computer systems are called active threats. Classify the following threats as either passive or active, and list at least one way to protect from each attack: (6 points) a. Release of message contents/ reading of message contents b. Replay c. Masquerade d. Traffic analysis (on amount of data being transmitted) e. Modification of messages f. Denial of service. 2. Suppose that someone suggests the following way to confirm that the 2 of you are both in possession of the same secret key. You create a random bit string the length the key, and send the result over the channel. Your partner XORs the incoming block with the key (which should be the same as your key) and sends it back. You check and if what you receive is your original random string, you have verified that your partner has the same secret key, yet neither of you has ever transmitted the key. Is there a flaw in this scheme? (2 points) 3. What protocols comprise SSL? What service do each of them provide? In SSL and TLS, why is there a separate Change Cipher Spec protocol rather than including a change_cipher_spec message in the Handshake protocol? (5 points) 4. A security protocol uses encryption for privacy of data exchanged. However, since any message can be decrypted to something (which might not have been sent), integrity protection is required. In the following, Mp is plain text message, Mc is encrypted message, Hp is hash of Mp, Hc is the hash of Mc, and E(Hp) is the encrypted Hp. Which of the following will ensure integrity of messages, and why (in short)? Which will also ensure privacy? (6 points) a. Mp and Hp are sent b. Mp and E(Hp) are sent c. Mp and Hc are sent d. Mc and Hp are sent

2 e. Mc and Hc are sent f. Mc and E(Hp) are sent 5. Public key cryptography: An electronic signature is used so that a user cannot repudiate later - that they are not responsible for some content. One way to electronically sign a message is to have a hash of the message, and then encrypt the hash and attach it at the end of the message. a. If Public Key Cryptography is used to encrypt the message, which of the keys: public or private is used to encrypt the hash. Which key is used to decrypt the message? (1 point) b. If Symmetric Key Cryptography is used to encrypt the hash, should the key be made public so that the others can verify the signature? How can a trusted (by all concerned) third party be used for enforcing signatures in this case? (2 points) c. What is a public key certificate (what is contained in such a certificate)? (1 point) 6. Enable full header in an that you have received. Google how to view full headers in your web based or unix based . Portions of the extended header from an are copied below. ============================= Return-Path: Delivered-To: Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_nextpart_001_01c8f640.1c2e76e7" Subject: Subject of this Date: Mon, 4 Aug :40: Message-ID: mu.edu> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: From: "Somebody Somewhere" To: ============================ Based on the header, what pattern should the receiver program try to match in the body of the to separate the various parts of the message? Are the various parts of the message required to be presented to the receiver in the

3 order they appear in the message? Why, or why not? Is it possible that all the parts of the message are plain text? (3 points) Some messages include the same content in plain text, as well as html format, and the user s program is supposed to show the message to the user in whichever format is best to the user. What MIME type and subtype are used for such messages? (1 point) 7. Please solve the following problems a. We ve seen that the character sequence <CR><LF>.<CR><LF> indicates the end of mail data to a SMTP server. What happens if the mail data itself contains that character sequence? (1 point) b. Users are free to define and use additional header fields other than the ones defined in RFC 822. Such header fields must begin with the character string X-. Why? (1 point) c. Using table in encode the following 3 octets into radix-64 code words (show the ASCII printable characters only): (2 points) , , Excluding the connection establishment and termination, what is the minimum number of network round trips to send a small message using SMTP? (2 points) 9. SNMP: A network management protocol uses get, set, and trap messages to request a parameter value, set the value of a parameter, and notify of certain changes respectively. Who (a Manager or an agent ) are the originators of these messages? (1 point) Given that a router has 4 parameter in its MIB: 1) Memory allocated for packets, 2) Average Number of Packets/sec in last 1 minute, 3) Received data in last 1 minute, and 4) forwarded data in last 1 minute. The router has an agent which communicates with the network manager. The manager monitors the router, and sets the parameter 1) to a higher value HV if any of parameters 2), 3), or 4) exceed thresholds T2, T3, or T4 respectively. Also if they exceed higher-thresholds HT2, HT3, and HT4 respectively, the agent is required to notify the manager without waiting for any query from it. On such notification, the manager is required to set the parameter 1) to a very high value VHV1. What message or messages or no messages (get, set, or trap) are sent from whom (manager or agent) AFTER the following cases happen? Also indicate briefly the content of the message. (Note: Only include messages get, set, or trap in your answers; Assume the response, if any, to the get, set, and trap messages, is always a success.) (6 points)

4 a. Manager sends set 1) to a small value SM b. Parameter 4) value increases from <T4 to >HT4 c. Parameter 2) value increases from {HT2 > parameter 2) >T2} to >HT2 d. Parameter 3) value increases from <T3 to >T3 e. Manager wishes to know the current values of MIB parameters 2) 3) and 4), and the values are 2) <T2, HT3 > 3) > T3, and 4) >HT4 f. Manager wishes to know the current values of all parameters in the routers MIB, and all of parameters 2) to 4) are less than their respective thresholds T2 to T4. Moreover, parameter 1) also has the proper value it is supposed to have. The manager also acts as an agent to an overall-manager. The overallmanager does not set any parameters, and only monitors the MIB values of the router (through the manager of course). If the overall-manager seeks to populate its own MIB values for the router, what type of message/s (get, set, trap) does it generate, and to whom? If the overall manager requests for any of the router s parameter values from the manager, is it always required to query the router for them? If not, why not? If yes, what type of messages does it use to query the router? (3 points) 10.Solve the following: a. Classify a DNS resolver and a DNS name server as either client, server, or both. (1 point) b. What s the main difference between a primary and a secondary name server? (1 point) c. What is the difference between a domain and a zone? (1 point) 11.The DIG tool is used for DNS lookups. Read about the tool on one or more of the following: a) man dig on unix/linux machines; b) Google Domain information groper or man dig. Use the DIG tool at the following website: a. What are the 3 main parameters to the dig tool? (1 point) b. Find the list of root name servers by using the tool and knowing that all root servers are authoritative for the zone.. (1 points) c. Now find the IP addresses of the k root name server. (0.5 points) d. Now use the dig tool to find the IP address of Copy what is displayed in the QUESTION SECTION and the ANSWER SECTION? (0.5 point) e. What is the TTL from your query in part d above? (0.5 points) f. Now repeat the same query. Why has the TTL field changed? (0.5 point) 12. Does a root server support recursive lookup? (0.5 point) Why or why not? (0.5 point)

5 13.List briefly 2 reasons why the current DNS system is better than maintaining a central HOSTS.txt file at a well-known IP address, and using the latest version of this HOSTS.txt file to do the name resolution. (2 points) 14.One can browse the same web page on different types of browsers such as Lynx that cannot display images etc. or IE that is more general purpose. If a browser cannot display a certain type of media, how does it tell the server from which it is requesting the URL? (1 point) 15.In the response to a request for a URL, how does the receiver know what type of media is contained in the entity? (1 point) 16.An efficient way to use web caches is for the client to request the server for the URL indicating that it respond with the entity only if the URL contents have changed since the last time the client accessed the same URL. If the URL content has not changed, and is cached at the client side, then the response can be short and does not need to carry potentially large amount of data. How can an http request message make such a request to the server? That is, identify the header field and value to be used. (2 points) 17.A website has a front page that changes in format regularly but the content (in terms of images, sounds, and videos linked on the web page) stays the same more or less. Akamai servers are used to replicate content so that a nearest Akamai server is used to download content rather than cause traffic across larger portion of the Internet. Should the Akamai servers replicate the front page or the less frequently changing content? Why? (1 point) 18. Why do clients using BitTorrent request the rarest file fragment first? (1 point) 19.Between Napster and Gnutella, which one is more susceptible to a single point of failure, and why? (1 point)

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

TLS and SRTP for Skype Connect. Technical Datasheet

TLS and SRTP for Skype Connect. Technical Datasheet TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security

More information

Email, SNMP, Securing the Web: SSL

Email, SNMP, Securing the Web: SSL Email, SNMP, Securing the Web: SSL 4 January 2015 Lecture 12 4 Jan 2015 SE 428: Advanced Computer Networks 1 Topics for Today Email (SMTP, POP) Network Management (SNMP) ASN.1 Secure Sockets Layer 4 Jan

More information

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; e-mail: SMTP.

1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; e-mail: SMTP. Chapter 2 Review Questions 1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; e-mail: SMTP. 2. Network architecture refers to the organization of the communication process

More information

Chapter 25 Domain Name System. 25.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Chapter 25 Domain Name System. 25.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 25 Domain Name System 25.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 25.2 Figure 25.1 Example of using the DNS service 25-1 NAME SPACE To be unambiguous,

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Network Fundamentals. 2010 Carnegie Mellon University

Network Fundamentals. 2010 Carnegie Mellon University Network Fundamentals What We Will Cover Introduction Your Network Fundamentals of networks, flow, and protocols Malicious traffic External Events & Trends Malware Networks in the Broad Working Together

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Configuring SSL Termination

Configuring SSL Termination CHAPTER 4 This chapter describes the steps required to configure a CSS as a virtual SSL server for SSL termination. It contains the following major sections: Overview of SSL Termination Creating an SSL

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

Hushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications

Hushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications Hushmail Express Password Encryption in Hushmail Brian Smith Hush Communications Introduction...2 Goals...2 Summary...2 Detailed Description...4 Message Composition...4 Message Delivery...4 Message Retrieval...5

More information

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:

More information

Computer Networks - CS132/EECS148 - Spring 2013 ------------------------------------------------------------------------------

Computer Networks - CS132/EECS148 - Spring 2013 ------------------------------------------------------------------------------ Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 2 Deadline : April 25 th 9:30pm (hard and soft copies required) ------------------------------------------------------------------------------

More information

Network Security Part II: Standards

Network Security Part II: Standards Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

More information

NETWORK ADMINISTRATION AND SECURITY

NETWORK ADMINISTRATION AND SECURITY NETWORK ADMINISTRATION AND SECURITY Unit I (NAS) (W- 10) Q. 1) What is Security Attack? Explain general categories of attack with examples. 7 Q. 2) List and define the five security services. 5 Q. 3) Define

More information

Communications Software. CSE 123b. CSE 123b. Spring 2003. Lecture 13: Load Balancing/Content Distribution. Networks (plus some other applications)

Communications Software. CSE 123b. CSE 123b. Spring 2003. Lecture 13: Load Balancing/Content Distribution. Networks (plus some other applications) CSE 123b CSE 123b Communications Software Spring 2003 Lecture 13: Load Balancing/Content Distribution Networks (plus some other applications) Stefan Savage Some slides courtesy Srini Seshan Today s class

More information

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

More information

Homework 2 assignment for ECE374 Posted: 02/20/15 Due: 02/27/15

Homework 2 assignment for ECE374 Posted: 02/20/15 Due: 02/27/15 1 Homework 2 assignment for ECE374 Posted: 02/20/15 Due: 02/27/15 ote: In all written assignments, please show as much of your work as you can. Even if you get a wrong answer, you can get partial credit

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr.

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr. Network Security - Secure upper layer protocols - Dr. John Keeney 3BA33 Question from last lecture: What s a birthday attack? might think a m-bit hash is secure but by Birthday Paradox is not the chance

More information

SSL Overview for Resellers

SSL Overview for Resellers Web Security Enterprise Security Identity Verification Services Signing Services SSL Overview for Resellers What We ll Cover Understanding SSL SSL Handshake 101 Market Opportunity for SSL Obtaining an

More information

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure

More information

Glossary of Technical Terms Related to IPv6

Glossary of Technical Terms Related to IPv6 AAAA Record An AAAA record stores a 128-bit Internet Protocol version 6 (IPv6) address, which does not fit the standard A record format. For example, 2007:0db6:85a3:0000:0000:6a2e:0371:7234 is a valid

More information

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2 Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

Is your data safe out there? -A white Paper on Online Security

Is your data safe out there? -A white Paper on Online Security Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects

More information

ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035

ECE-8843  Prof. John A. Copeland 404 894-5177 fax 404 894-0035 ECE-8843 http://www.csc.gatech.edu/copeland/jac/8813-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT Bldg 579 email or call for office visit, or call

More information

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference

More information

Email Encryption. Administrator Guide

Email Encryption. Administrator Guide Email Encryption Administrator Guide Email Encryption Administrator Guide Documentation version: 1.0 Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo,

More information

Prof. Sead Muftic Feng Zhang. Lecture 10: Secure E-mail Systems

Prof. Sead Muftic Feng Zhang. Lecture 10: Secure E-mail Systems Prof. Sead Muftic Feng Zhang Lecture 10: Secure E-mail Systems Lecture 10 : Secure E mail Systems Subjects / Topics : 1. Secure E mail systems 2. Secure, Trusted, Authorized and Reliable E Mail System

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Networking Applications

Networking Applications Networking Dr. Ayman A. Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Electronic Mail 1 Outline Introduction SMTP MIME Mail Access

More information

IBM. Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise. zenterprise System. SC Level 01b

IBM. Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise. zenterprise System. SC Level 01b IBM zenterprise System Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise SC28-6927-01 IBM zenterprise System Integrating the Hardware Management Console

More information

19531 - Telematics. 13th Tutorial - Application Layer Protocols

19531 - Telematics. 13th Tutorial - Application Layer Protocols 19531 - Telematics 13th Tutorial - Application Layer Protocols Bastian Blywis Department of Mathematics and Computer Science Institute of Computer Science 03. February, 2011 Institute of Computer Science

More information

SSL EXPLAINED SSL EXPLAINED

SSL EXPLAINED SSL EXPLAINED 1 Table of Contents Introduction... 3 What is SSL?... 4 How does SSL work?... 7 Google & SSL... 11 SSL/TLS... 13 Web Filtering SSL... 14 About Lightspeed Systems... 26 2 Introduction SSL is a challenge

More information

Security: Focus of Control. Authentication

Security: Focus of Control. Authentication Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

Web Security Considerations

Web Security Considerations CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

Chapter 6 Electronic Mail Security

Chapter 6 Electronic Mail Security Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,

More information

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Yunfeng Fei, John Jones, Kyriakos Lakkas, Yuhong Zheng Abstract: In recent years many common applications have been modified

More information

OPENID AUTHENTICATION SECURITY

OPENID AUTHENTICATION SECURITY OPENID AUTHENTICATION SECURITY Erik Lagercrantz and Patrik Sternudd Uppsala, May 17 2009 1 ABSTRACT This documents gives an introduction to OpenID, which is a system for centralised online authentication.

More information

Application Level Protocols

Application Level Protocols Application Level Protocols Nixu Oy PL 21 (Mäkelänkatu 91) 00601 Helsinki, Finland tel. +358 9 478 1011 fax. +358 9 478 1030 info@nixu.fi http://www.nixu.fi Contents Client-Server Store and Forward Push

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

1 Introduction: Network Applications

1 Introduction: Network Applications 1 Introduction: Network Applications Some Network Apps E-mail Web Instant messaging Remote login P2P file sharing Multi-user network games Streaming stored video clips Internet telephone Real-time video

More information

Distributed Systems 19. Content Delivery Networks (CDN) Paul Krzyzanowski pxk@cs.rutgers.edu

Distributed Systems 19. Content Delivery Networks (CDN) Paul Krzyzanowski pxk@cs.rutgers.edu Distributed Systems 19. Content Delivery Networks (CDN) Paul Krzyzanowski pxk@cs.rutgers.edu 1 Motivation Serving web content from one location presents problems Scalability Reliability Performance Flash

More information

HTTP. Internet Engineering. Fall 2015. Bahador Bakhshi CE & IT Department, Amirkabir University of Technology

HTTP. Internet Engineering. Fall 2015. Bahador Bakhshi CE & IT Department, Amirkabir University of Technology HTTP Internet Engineering Fall 2015 Bahador Bakhshi CE & IT Department, Amirkabir University of Technology Questions Q1) How do web server and client browser talk to each other? Q1.1) What is the common

More information

Email Electronic Mail

Email Electronic Mail Email Electronic Mail Electronic mail paradigm Most heavily used application on any network Electronic version of paper-based office memo Quick, low-overhead written communication Dates back to time-sharing

More information

Lightweight DNS for Multipurpose and Multifunctional Devices

Lightweight DNS for Multipurpose and Multifunctional Devices IJCSNS International Journal of Computer Science and Network Security, VOL.13 No.12, December 2013 71 Lightweight DNS for Multipurpose and Multifunctional Devices Yogesh A. Wagh 1, Prashant A. Dhangar

More information

CSE/EE 461 Lecture 23

CSE/EE 461 Lecture 23 CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data

More information

loss-tolerant and time sensitive loss-intolerant and time sensitive loss-intolerant and time insensitive

loss-tolerant and time sensitive loss-intolerant and time sensitive loss-intolerant and time insensitive CS326e Quiz 5 The first correct 10 answers will be worth 1 point each. Each subsequent correct answer will be worth 0.2 points. Circle the correct answer. UTEID The transfer of an html file from one host

More information

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement

More information

Chap. 1: Introduction

Chap. 1: Introduction Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed

More information

Networking Domain Name System

Networking Domain Name System System i Networking Domain Name System Version 5 Release 4 System i Networking Domain Name System Version 5 Release 4 Note Before using this information and the product it supports, read the information

More information

Network Security - ISA 656 Email Security

Network Security - ISA 656 Email Security Network Security - ISA 656 Angelos Stavrou November 13, 2007 The Usual Questions The Usual Questions Assets What are we trying to protect? Against whom? 2 / 33 Assets The Usual Questions Assets Confidentiality

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt 1 Lecture 10: Application Layer 2 Application Layer Where our applications are running Using services provided by

More information

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP Abstract Message Format. The Client/Server model is used:

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP Abstract Message Format. The Client/Server model is used: Evolution of the WWW Communication in the WWW World Wide Web (WWW) Access to linked documents, which are distributed over several computers in the History of the WWW Origin 1989 in the nuclear research

More information

Secure Sockets Layer

Secure Sockets Layer SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated

More information

The Application Layer. CS158a Chris Pollett May 9, 2007.

The Application Layer. CS158a Chris Pollett May 9, 2007. The Application Layer CS158a Chris Pollett May 9, 2007. Outline DNS E-mail More on HTTP The Domain Name System (DNS) To refer to a process on the internet we need to give an IP address and a port. These

More information

DNS at NLnet Labs. Matthijs Mekking

DNS at NLnet Labs. Matthijs Mekking DNS at NLnet Labs Matthijs Mekking Topics NLnet Labs DNS DNSSEC Recent events NLnet Internet Provider until 1997 The first internet backbone in Holland Funding research and software projects that aid the

More information

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network. Elements of Email Email Components There are a number of software components used to produce, send and transfer email. These components can be broken down as clients or servers, although some components

More information

Lecture 2 CS 3311. An example of a middleware service: DNS Domain Name System

Lecture 2 CS 3311. An example of a middleware service: DNS Domain Name System Lecture 2 CS 3311 An example of a middleware service: DNS Domain Name System The problem Networked computers have names and IP addresses. Applications use names; IP uses for routing purposes IP addresses.

More information

DNS and BIND Primer. Pete Nesbitt pete @ linux1.ca. April 2012

DNS and BIND Primer. Pete Nesbitt pete @ linux1.ca. April 2012 DNS and BIND Primer Pete Nesbitt pete @ linux1.ca April 2012 1 When we access the Internet we typically do so by accessing systems using a somewhat meaningful hostname often in the form of a web based

More information

Environmental Monitoring Unit

Environmental Monitoring Unit Environmental Monitoring Unit AP9312TH AP9312THi User s Guide Contents Environmental Monitoring Unit Managing the Unit............................ 1 Introduction.................................. 1 Available

More information

Network Security Essentials Chapter 5

Network Security Essentials Chapter 5 Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got

More information

SSL/TLS: The Ugly Truth

SSL/TLS: The Ugly Truth SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-layer protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

Compter Networks Chapter 9: Network Security

Compter Networks Chapter 9: Network Security Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau

More information

Homework 2 assignment for ECE374 Posted: 02/21/14 Due: 02/28/14

Homework 2 assignment for ECE374 Posted: 02/21/14 Due: 02/28/14 1 Homework 2 assignment for ECE374 Posted: 02/21/14 Due: 02/28/14 Note: In all written assignments, please show as much of your work as you can. Even if you get a wrong answer, you can get partial credit

More information

The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate.

The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate. Course Assessment Answers-1 Course Assessment The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate. 1. A person

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

9025- TCP/IP Networking. History and Standards. Review of Numbering Systems. Local Signaling. IP Addressing

9025- TCP/IP Networking. History and Standards. Review of Numbering Systems. Local Signaling. IP Addressing 9025- TCP/IP Networking History and Standards ARPA NCP TCP, IP, ARPANET PARC Collaborative Network Requirements One Protocol? Peer-to-Peer Protocols Documentation and RFCs RFC Categories Where to Find

More information

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,

More information

Webmail Using the Hush Encryption Engine

Webmail Using the Hush Encryption Engine Webmail Using the Hush Encryption Engine Introduction...2 Terms in this Document...2 Requirements...3 Architecture...3 Authentication...4 The Role of the Session...4 Steps...5 Private Key Retrieval...5

More information

SSL Guide. (Secure Socket Layer)

SSL Guide. (Secure Socket Layer) SSL Guide (Secure Socket Layer) To find basic information about network and advanced network features of your Brother machine: uu Network User's Guide. To download the latest manual, please visit the Brother

More information

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...

More information

544 Computer and Network Security

544 Computer and Network Security 544 Computer and Network Security Section 1: Introduction Dr. E.C. Kulasekere Sri Lanka Institute of Information Technology - 2005 Background Information Security requirements have changed in recent times

More information

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610 Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS

More information

Topics in Network Security

Topics in Network Security Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure

More information

Teldat Router. DNS Client

Teldat Router. DNS Client Teldat Router DNS Client Doc. DM723-I Rev. 10.00 March, 2003 INDEX Chapter 1 Domain Name System...1 1. Introduction...2 2. Resolution of domains...3 2.1. Domain names resolver functionality...4 2.2. Functionality

More information

Domain Name System (DNS)

Domain Name System (DNS) Application Layer Domain Name System Domain Name System (DNS) Problem Want to go to www.google.com, but don t know the IP address Solution DNS queries Name Servers to get correct IP address Essentially

More information

mod_ssl Cryptographic Techniques

mod_ssl Cryptographic Techniques mod_ssl Overview Reference The nice thing about standards is that there are so many to choose from. And if you really don t like all the standards you just have to wait another year until the one arises

More information

SECURITY TRENDS-ATTACKS-SERVICES

SECURITY TRENDS-ATTACKS-SERVICES SECURITY TRENDS-ATTACKS-SERVICES 1.1 INTRODUCTION Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements

More information

Web Server Management: Securing Access to Web Servers. Jon Warbrick University of Cambridge Computing Service

Web Server Management: Securing Access to Web Servers. Jon Warbrick University of Cambridge Computing Service Web Server Management: Securing Access to Web Servers Jon Warbrick University of Cambridge Computing Service Introduction Course Outline Introduction Course Outline What is HTTPS? Introduction Course Outline

More information

Overlay Networks. Slides adopted from Prof. Böszörményi, Distributed Systems, Summer 2004.

Overlay Networks. Slides adopted from Prof. Böszörményi, Distributed Systems, Summer 2004. Overlay Networks An overlay is a logical network on top of the physical network Routing Overlays The simplest kind of overlay Virtual Private Networks (VPN), supported by the routers If no router support

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 02 Overview on Modern Cryptography

More information

Internet security. Fact of the week. The tools of Internet Security

Internet security. Fact of the week. The tools of Internet Security Internet security Fact of the week In 2000, RSA securities web site was defaced by crackers, in what could have been a serious embarrassment for the well known security company. The crackers did not crack

More information

Computer Networks: Domain Name System

Computer Networks: Domain Name System Computer Networks: Domain Name System Domain Name System The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses DNS www.example.com 208.77.188.166 http://www.example.com

More information

Domain Name System E-mail WWW. Application Layer. Mahalingam Ramkumar Mississippi State University, MS. September 15, 2014.

Domain Name System E-mail WWW. Application Layer. Mahalingam Ramkumar Mississippi State University, MS. September 15, 2014. Application Layer Mahalingam Mississippi State University, MS September 15, 2014 Outline 1 DNS Records DNS Components 2 Message Transfer Fetching Emails 3 Applications We will focus on 3 applications DNS

More information

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012 Winter Term 2011/2012 Chapter 7: Transport Layer Security Protocol Key Questions Application context of TLS? Which security goals shall be achieved? Approaches? 2 Contents Overview Record Protocol Cipher

More information