ANALYSIS OF PORT KNOCKING MECHANISM A MASTER S THESIS. Computer Engineering. Atılım University MEHMET ÜLKEM DEMİRCİOĞLU.

Size: px
Start display at page:

Download "ANALYSIS OF PORT KNOCKING MECHANISM A MASTER S THESIS. Computer Engineering. Atılım University MEHMET ÜLKEM DEMİRCİOĞLU."

Transcription

1 ANALYSIS OF PORT KNOCKING MECHANISM A MASTER S THESIS in Computer Engineering Atılım University by MEHMET ÜLKEM DEMİRCİOĞLU January 2009

2 ANALYSIS OF PORT KNOCKING MECHANISM A THESIS SUBMITTED TO THE GRADUATE SCHOOL OF NATURAL AND APPLIED SCIENCES OF ATILIM UNIVERSITY BY MEHMET ÜLKEM DEMİRCİOĞLU IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN THE DEPARTMENT OF COMPUTER ENGINEERING JANUARY 2009

3 Approval of the Graduate School of Natural and Applied Sciences, Atılım University. Prof.Dr.Abdurrahim Özgenoğlu Acting Director I certify that this thesis satisfies all the requirements as a thesis for the degree of Master of Science. Prof. Dr. İbrahim Akman Head of Department This is to certify that we have read the thesis Analysis of Port Knocking Mechanism submitted by Mehmet Ülkem DEMİRCİOĞLU and that in our opinion it is fully adequate, in scope and quality, as a thesis for the degree of Master of Science. Asst. Prof. Dr. Çiğdem Turhan Supervisor Examining Committee Members Assoc. Prof. Dr. Y. Murat Erten Assoc. Prof. Dr. Mohammed Rehan Asst. Prof. Dr. Çiğdem Turhan Dr. Kasım Öztoprak Instructor Aylin Akça Okan Date:

4 I declare and guarantee that all data, knowledge and information in this document has been obtained, processed and presented in accordance with academic rules and ethical conduct. Based on these rules and conduct, I have fully cited and referenced all material and results that are not original to this work. M.Ülkem DEMİRCİOĞLU

5 ABSTRACT ANALYSIS OF PORT KNOCKING MECHANISM Demircioğlu, Mehmet Ülkem M.S., Department of Computer Engineering Supervisor: Asst. Prof. Dr. Çiğdem TURHAN January 2009, 63 pages Today's computer systems have far more complex structures than in the past. As the systems and software that are used get larger, they become more complex and the vulnerabilities increase. As a consequence, the need for protecting those systems more effectively and accessing to those systems in more secure ways arise. In this area, Port Knocking Mechanism is becoming more popular and is being discussed for some time. In this study, Port Knocking Mechanism has been analyzed by considering basic network security principals. Network threats in Port Knocking concept have been examined by considering the basic network attacks and also the technical difficulties. The aim of this study is to reveal the usability of Port Knocking Mechanism within the production environment as well as its positive and negative effects. Keywords: Port Knocking, Network Security iii

6 ÖZ PORT KNOCKING MEKANİZMASININ ANALİZİ Demircioğlu, Mehmet Ülkem Yüksek Lisans, Bilgisayar Mühendisliği Bölümü Tez Yöneticisi: Yrd. Doç. Dr. Çiğdem TURHAN Ocak 2009, 63 sayfa Günümüzdeki bilgisayar sistemleri geçmiştekine oranla daha karmaşık bir yapıya sahiptir. Kullanılan sistemler ve yazılımlar büyüdükçe aynı oranda karmaşıklaşmakta ve güvenlik zafiyetleri de yine aynı oranda artmaktadır. Bu sebeple, sistemleri daha etkin şekilde koruma ve sistemlere daha güvenli yollarla erişme gereksinimi doğmaktadır. Bu alanda Port Knocking, popülerlik kazanmakta ve güvenlik arenasında bir süredir tartışılmaktadır. Bu çalışmada Port Knocking Mekanizması, ağ güvenliği prensipleri göz önüne alınarak analiz edilmiştir. Port Knocking konseptindeki olası zafiyetler, temel ağ saldırıları göz önüne alınarak incelenmiş, ayrıca teknik zorluklar da analiz edilmiştir. Bu çalışmanın amacı, Port Knocking Mekanizmasının üretim ortamlarında kullanılabilirliği ile birlikte olumlu ve olumsuz etkilerini ortaya koymaktır. Anahtar Kelimeler: Port Knocking, Ağ güvenliği iv

7 To my dear wife v

8 ACKNOWLEDGMENTS I express sincere appreciation to my supervisor Asst. Prof. Dr. Çiğdem TURHAN for her guidance and insight throughout the research. I also express sincere thanks to my instructor Dr. Kasım ÖZTOPRAK for his guidance and valuable criticism throughout the research. It couldn t be possible to carry out this study without him. I would like to thank my family, for their support, patience and encouragement. I would like to thank to Burak DAYIOĞLU and all PRO-G members for their support, suggestions and comments. And finally I would like to thank to my dear wife, Beyza, I offer sincere thanks for her continuous support, patience and endless understanding during this period. vi

9 TABLE OF CONTENTS ABSTRACT... iii ÖZ.....iv DEDICATION...v ACKNOWLEDGMENTS...vi TABLE OF CONTENTS...vii LIST OF FIGURES...ix LIST OF TABLES...x CHAPTER 1. INTRODUCTION BACKGROUND Increasing Threats to Network Facing Applications Authentication is not enough Cost of Security Incidents and Importance of Proper Security Management Attack Surface Reduction Port Knocking As an Authentication and Attack Surface Reduction Technique Introduction to TCP/IP TCP, UDP, ICMP and Port Concept Transmission Control Protocol Connections Vulnerabilities of the Internet Protocol Network Access Control and Firewalls Cryptography Symmetric Key Cryptography Asymmetric Key Cryptography Hash Functions General Cryptographic Attacks Port Knocking Definition Benefits of Port Knocking Different Approaches of the Port Knocking Concept Problems in Port Knocking Previous Studies on Port Knocking...25 vii

10 3. ANALYSIS OF NETWORK ATTACKS AND TECHNICAL DIFFICULTIES OF PORT KNOCKING Threats to Port Knocking Mechanism Port Scan Brute Force Man in the Middle (MITM) Attack Replay Attacks Zero Day Attacks Denial of Service Analysis of Technical Difficulties Network Address Translation Problem Packet Loss and Out of Order Delivery Analysis Summary CONCLUSION AND FUTURE WORK REFERENCES...45 APPENDICES...49 viii

11 LIST OF FIGURES Figure 2.1 Attack sophistication vs. intruder technical knowledge... 5 Figure 2.2 Incidents from 1995 through Figure 2.3 Attack Vectors, taxonomy of network and computer attacks... 7 Figure 2.4 Port Knocking example... 9 Figure 2.5 Three-way Handshake...12 Figure 2.6 Generic cryptographic algorithms, (a) Encryption, (b) Decryption...16 Figure 2.7 Port Knocking as an additional layer of security...21 Figure 3.1 Average User/System % CPU usage under attack...36 Figure 3.2 Example network packets in NAT environment...37 Figure 3.3 % Out of Order Delivery and Packet Loss...39 ix

12 LIST OF TABLES Table 2.1 Comparable Security Strengths for Approved Algorithms...19 Table 3.1 Status of PK server, reported by vmstat during DOS attack, with time interval between measures 1 second Table 3.2 Example Network traffic of Port Knocking on NAT environment...38 Table 3.3 Brute Force on no IDS/IPS environment...40 Table 3.4 Denial of Service...40 Table 3.5 Out of Order Delivery and Packet Loss...40 Table 3.6 Captured Knock Sequence...41 x

13 CHAPTER 1 INTRODUCTION For quite some time, networking systems are in an increasing trend among all kinds of business models, thanks to the incredible growth of Internet. Early on, functionality and uses of those systems included mostly business entities, but for the last several years the scope of those systems have expanded and spread over Internet. In today's world, such systems are the operational cores of the companies, which hold critical and confidential information, transactions, data, knowledge base and management systems. Also the more improvements made in production technologies, created the more personal computers on private residences. All of them are linked to that single network called Internet. Although there are various threats, financial associations, companies and commercial entities have to develop their production systems to be accessible over Internet. Even though critical environment stands on the local network, for operational purposes administrators of those systems have to access them. Accessing mail servers, connecting business network over VPN and connecting web applications are necessary, thanks to the need of managerial issues. With each service opened up over Internet, attack surface is expanded. Each service has its own logic, architecture and weakness. Recent applications became more and more complex in order to provide features to business needs. Therefore stronger authentication mechanisms are needed in order to raise the level of security of those systems. 1

14 As there is not a silver bullet [1] for software development, almost all applications have vulnerabilities. These vulnerabilities are based on coding errors or architectural problems. Because of these vulnerabilities even the most secure systems face a big threat. So the need for protecting the systems more effectively and accessing to them in more secure ways becomes important. After Port Knocking Mechanism has been suggested as another layer of security, it became more popular and has been discussed in the security arena. With all beneficial specifications and usefulness that Port Knocking that claims to be, it has to be analyzed through network security concepts. This thesis focuses on whether Port Knocking mechanism provides another layer of security as well as how it works. In the thesis, background of Port Knocking mechanism will be presented in Chapter 2, followed by analysis of the general threats on this mechanism in Chapter 3. The analyses focus on threats and technical difficulties. Threats include port scan, brute force, man in the middle, replay attacks, 0 day attacks and denial of service. Technical difficulties such as; network address translation, authentication association problem, packet loss and out of order delivery will be analyzed as well. The concluding remarks and suggestions for future work will be detailed in Chapter 4. 2

15 CHAPTER 2 BACKGROUND 2.1 Increasing Threats to Network Facing Applications As all other artifacts, computers, software and systems have some weaknesses that lead them to be seized. The way leading to a seize can be a misconfiguration or a flaw on a single program code. In addition, there are other various threats like worms, viruses or logical bombs. Worms can install backdoors on infected systems. Such compromised computer systems pose a serious threat both to the Internet and to the user of a compromised system. As an example, an attacker can use a huge amount of computer system compromised via a worm in order to launch a distributed denial of service attack against the target. The victim is bombarded with a vast amount of packets using up its network or computing resources eventually taking down the machine. Such attacks can also be launched against critical Internet infrastructure, e.g. the domain name system (DNS) root servers [2]. These servers have a crucial role of resolving domain names to network addresses. Moreover, it has been reported that spammers start to use compromised machines to send out their unwanted advertisement s. By using compromised machines, they are able to both conceal their identity and evade attempts to blacklist known sources of spam [2]. Not only the entities of systems are threatened, but also information flow on those systems is at risk. With the help of the human element, the weakest chain of the systems [3], confidential information could be disclosed among the public. That is why we sometimes come across published identities, credit card numbers etc. over 3

16 web pages. 2.2 Authentication is not enough Authentication in computer security can be stated as, confirming identity of an entity. This entity can be a person, a computer or a system. Authentication itself is also a computer program, or a part of a program which gets inputs, processes and acts according to the result. Therefore authentication mechanisms can also have weaknesses. For the last decade, different types of extensible authentication systems have been developed. Those systems differ from standard authentication systems, such as biometric scans. Authentication is a part of a secure system. With the help of authentication mechanisms, a simple defense mechanism is being used. There are lots of schemes for this purpose like Kerberos, CHAP (Challenge Handshake Authentication Protocol) [4]. etc. But when we take a closer look, there are lots of security problems on those systems, which lead to getting passwords of legitimate users or seizing the full system. So it seems although authentication is an important element of a secure system, simply it is just not enough. 2.3 Cost of Security Incidents and Importance of Proper Security Management Gurus of computers, also known as hackers [5], are focused on how those systems work and interact with each other. With the background of deep technological knowledge, they made some magical work, and messaged others that systems can be broken, rules can be changed and data can be manipulated. When we focus on today's networks, we see that systems are huge and complex and intruders do not need to have a deep knowledge to intrude to those systems. An individual who has a basic understanding of computers, networks and related technologies can penetrate to 4

17 the very heart of those systems with the help of some public tools/programs. As a consequence, the risk is very high. Figure 2.1 [6] is a good example of how far came the attack types and used tools. By the year 2000, every script kiddie could form a big threat for the systems, causing a huge increase in the risk. Figure 2.1 Attack sophistication vs. intruder technical knowledge Hackers with good sophisticated programming capabilities write tools which an average attacker can use with a little background. That is why we have seen a big trend on the number of incidents, from 1995 till 2003 (Figure 2.2) [6]. 5

18 Figure 2.2 Incidents from 1995 through 2003 Most of the incidents are the attack types which trigger IDS alerts or loud attacks in which system administrators can easily realize that something is going on wrong. Especially intrusive type attacks cannot be easily realized due to the nature of the attack. 2.4 Attack Surface Reduction Developing flawless software is not possible [1]; almost all applications have vulnerabilities. These vulnerabilities are based on coding errors or architectural problems. The time, between exploit of a vulnerability released to public and the patch released by the vendor, is called zero day. Zero day exploits are very critical for systems, because in usual cases the production systems cannot be easily shut down. If we analyze the attack vectors on Figure 2.3 [6], most of the attack vectors are based on TCP/IP protocol (66%). This type of attack can only be prevented by TCP/IP based protections, which are usually firewall and/or intrusion detection systems. 6

19 Figure 2.3 Attack Vectors, taxonomy of network and computer attacks As Bruce Schneier mentioned, security is not a product, it's a process [7]. In the beginning security is considered by many communities as a one-time operation that can be conducted on systems. Unfortunately as all systems and technologies are in a cycle of development, attack methods are as well. New attack techniques, growing process power of computers, usage of complex systems will be the enemies of a secure system forever. Defense in depth [8] approach is usage of multiple computer security techniques to help mitigate the risk of one component of the defense being compromised or circumvented. Usage of anti-virus software installed on individual workstations when there is already virus protection on the servers and firewalls within the same environment, is a good example. Also various security products from multiple vendors may be deployed to defend different potential vectors within the network. The goal is to prevent penetration of the others, when one of the defense layers is penetrated. Unfortunately security is not just a product that you can pick up and install. It is rather a group of continuous operations. Beside that, no security product acts as a magical dust. They all require time and expertise to work properly. We can consider every input point of an application or service as a contact point to that system. The more contact points means the more risk the system has. Each point 7

20 can lead to a different problem on that system. Every unnecessary service on a system causes a threat. And threats can lead to system compromise whenever a problem is found on that service. For example SSH version suffered from remote buffer overflow vulnerability [9]. With a successful exploitation, an attacker could gain system level privileges. Although SSH has a strong authentication, there was no way to protect from such an exploitation, only closing the service or patching it by the vendor hotfix. As we know it will take some time for publishing the hotfix (0 day vulnerabilities) for the vendor. Until that time, system has to face that threat. For quite some time, system administrators used to conceal their entrance point to systems. One of the methods is sending knock requests in order to open a desired port on their server with closed ports. This concept was brought forward by a paper [10] which is the ancestor of port knocking concept. 2.5 Port Knocking As an Authentication and Attack Surface Reduction Technique Having concealed and lightweight authentication methods, is empowering network administrators to shelter critical services from attackers. In 2003 Linux journal magazine [11], a new idea was born for reducing attack surface with a creative authentication mechanism which is knocking the ports with the right sequence in order to get access to the services. This idea became popular among the system administrators, since it was simple and easy to implement. The most important benefit of port knocking system is claimed to be the great reduction of the attack surface. Supported with a TCP/IP authentication layer, the concealed service cannot be seen through any port scanners. 8

21 Figure 2.4 Port Knocking example [42] A quote from Martin Krzywinski in his official web site is a good example of base approach of Port Knocking Mechanism [12]: To discriminate between trusted and untrusted users - something that firewalls cannot natively do - an authentication method called port knocking is used. Port knocking is a system which uses light but effective concealment, with authentication scheme adding another layer to the system. 2.6 Introduction to TCP/IP The base of Port Knocking (PK) schemes depend on TCP protocol. For this reason, it is important to understand the base of the protocol. There are various communication protocol schemes created in order to bind computers to computers and networks to networks. If we think of the networking devices and technologies as human, for sure networking protocols can be thought the languages we use. Among these languages none of them achieved the popularity and usability of TCP/IP. In the 9

22 following sections, some basics of TCP/IP will be introduced TCP, UDP, ICMP and Port Concept Transmission Control Protocol (TCP) is a reliable protocol [13] that offers error-free data transfer, flow control, congestion control [14] and ordered data transfer. Also it is a stateful protocol that deals with the connection operations between the two IP nodes [15]. TCP handles connection statistics in order to synchronize the entities. This behavior can be simply explained as awareness between network entities, in order to know in what condition the communication is. Such a connection conducted by three-way handshake [16] is explained in section Three-way handshake can be described as mutual agreement to communicate. Most of the applications use this communication infrastructure. User Datagram Protocol (UDP) is simpler but a 'connectionless' communication protocol [17] and is widely used on real-time media stream protocols, in which reliability is not the primary goal. Also sometimes performance critic services use this protocol for faster communication [18]. In UDP, the entities of the communication do not know whether the packet is received or not. This makes UDP much faster but also unreliable. Internet Control Message Protocol (ICMP) [19] is a supporter type protocol in order to make operational duties. It is based on error messages that are used to inform the network devices and/or computers. For example ICMP Source Quench error message indicates that the host cannot process the data fast enough. Applications do not use ICMP directly, ping being one of the exceptions. Port is a logical number which is included within the packet. A single computer has of those [20]. The first 1024 ports (0-1023) are reserved for usage of specific services [21]. But there is no restriction on using a port number on a specific service. For example 'TCP 80' is used for web service, but one can also configure this port in order to use some other service such as FTP, reserved as TCP 21 or a custom 10

23 application [21]. In TCP/IP there are ports in order to identify the routes to the services. For example while one service is watching over incoming connections from 'TCP 80', another one can listen on 'TCP 25'. Ports are used to identify which packet is to be directed to the right application. There are ports used by TCP and UDP [21]. Ports can be considered as a door. When the packet arrives at the right door, the application handles the data within the packet. Port numbers are 16-bit integers which are embedded on the packet. Therefore this data is not only interpreted by hosts that the packet is addressed to, but also many networking devices (routers, firewalls, gateways etc.) can read them. A firewall can be configured to deny or allow packets to their destinations, based on IP addresses and/or port numbers. In order to accomplish a connection, destination host s port has to be 'open'. In order to open a port, a program/service running on that host has to be configured to listen through that port Transmission Control Protocol Connections In order to perform a connection, Transmission Control Protocol (TCP) must be used. Within TCP, a mutual handshake has to be performed in order to create a stateful connection which is called three-way handshake. Three-way handshake is conducted through the following steps: A ---> Host A B ---> Host B P(Flag) ---> Packet with the Flag flag set in. 1. A P(SYN)---> B 2. B P(SYN,ACK)---> A 3. A P(ACK)---> B First host A sends a TCP packet with the syn flag set, which means I want to create 11

24 a synchronized connection with you. Then host B answers with another TCP packet with the flags 'syn & ack' set in, which means I acknowledge your synchronization request, but I need a synchronization for myself too. Then the last TCP packet with the flag ack set in is sent from host B which means I acknowledge your synchronization request. Both of the hosts A and B use different synchronization numbers because the streams are bidirectional [16]. Figure 2.5 Three-way Handshake Simple Mail Transfer Protocol (SMTP) service would be a good example of how an application uses this handshake model. When we open the SMTP mail client program, such as Thunderbird or Outlook Express, the client program tries to make a connection through mail server via TCP port '25'. In order to perform the operation, the client program sends a 'syn' request to mail server s TCP port '25'. If the packet is received and there is no restriction, mail server answers with a syn-ack packet. After the client sends the last ack packet, the mails and other related data are transferred over the TCP connection which we created Vulnerabilities of the Internet Protocol With the birth of Internet, many protocols, which are widely used as core protocols also were designed, without security concerns. Internet was thought to be a rather 12

25 'private' network, which can be used among a restricted group. Some of these protocols are TCP, IP, UDP, telnet, SMTP. The first problem of these protocols is using clear-text during transmission. When an attacker somehow intercepts the traffic e.g. Man in the Middle Attack, he can easily read the content. This problem is overcome mostly by using encrypted protocols, or by adding encryption to these protocols. The design of TCP/IP can be fragile to malicious usage, such as; Entities trust the received packet, which means, when host A receives a packet indicating that it is coming from host B, simply host A trusts that this packet is coming from host B. There are various ways in order to forge packets such as IP spoof, MAC spoof, etc. The first TCP implementations which used a predictable sequence number, were easy to be guessed and when combined with IP spoof, a legitimate connection can be taken over. For example a legitimate telnet session could be overtaken by attacker easily e.g. Hunt [22]. IP packets can be fragmented. This helps attackers split their attacks in order to evade Intrusion Detection Systems. Another usage is conducting DOS (Denial of Service) based on host s defragmenting behaviour. By defragmenting the packets, most portion of CPU utilization, goes to defragmenting operation Network Access Control and Firewalls Access Control of Network is a huge and important part of IT operations for all companies. Thus, a big portion of IT budgets are spent over firewalls and ids devices. Firewalls are important part of network components, which control access to sources. They can either be hardware or software depending on the purpose and usually are placed to split trusted networks (internal or part of internal network) from untrusted (internet or another untrusted source) ones. 13

26 Firewalls run many administrative rules, which help to control access to resources. These rules can be determined as which network addresses are in destination or source' or 'which ports are in destination or source'. Using these rules a firewall can accept or reject the communication attempt. There are two behaviours when firewall rejects the connection attempt. DENY/REJECT: When a firewall is set with this behavior, it simply sends a 'reset' flag set packet to the host that attempts a connection, by which the host understands that the server is up but denying communication. DROP: This option is usually preferred to DENY, because it gives an advantage of concealment. With this option set, firewall silently drops the packet, therefore the host cannot realize if the host is up and servicing. Firewalls alone cannot be one single bullet for all security needs. The most important lack on a firewall is, it has no idea if an attack is being conducted or not. It just blindly applies the rule set, and if there is a problem on other layers of network it just can do nothing more. Firewalls can be used for full restricted access or unrestricted access. Firewalls can be configured based on the least privilege principle [23] for attack surface reduction. Granting permission to only the authentic entities prevents others to access the system which results in lowering the risk. 14

27 2.7 Cryptography Cryptography or cryptology is the science of corrupting the data with a known rule. The rule is known to anyone but 'the key' used in the rule is known to no one accept the adversaries (in secret key cryptography). In security, what to conceal is always a matter of discussion (see 2.11 Obscurity in Security). Today modern cryptosystems are widely used on authentication mechanisms. Most of the secure communication principles depend on the usage of encryption within [24]. There are four main purposes of using modern cryptography [25]. Authentication: The process of proving one's identity. The primary forms of host-to-host authentication on the Internet today are name-based or addressbased, both of which are notoriously weak. Confidentiality: Ensuring that no one can read the message except the intended receiver. Integrity: Assuring that the received message has not been altered in any way from the original. Non-repudiation: Proving that the sender really sent this message. In Figure 2.6 how cryptographic algorithms work can be seen, showing a secret key or a password used to encrypt and decrypt the content. 15

28 (a) Key Plaintext message Crypto Algorithm Encrypted message (b) Key Encrypted message Crypto Algorithm Plaintext message Figure 2.6 Generic cryptographic algorithms, (a) Encryption, (b) Decryption Symmetric Key Cryptography In symmetric key cryptography, the keys that are used for both encryption and decryption are the same or they can be calculated from each other. Usually the key is used as a 'shared secret' between the entities. Well known and widely used examples are DES (Data Encryption Standard), FIPS (Federal Information Processing Standard), and AES (Advanced Encryption Standard) [26]. In symmetric key cryptography, the security mostly depends on the key. So the longer keys offer more security but more processing budget. 16

29 Block ciphers are symmetric ciphers that deal with data in fixed-size blocks, generally 64 or 128 bit lengths. They can be used in various modes, such as electronic codebook (ECB), counter (CTR) and cipher block chaining (CBC), [25] differing primarily in how they handle messages longer than a single block. Neither form of symmetric cipher typically ensures data integrity or message authentication [26]. That is why the term 'modern cryptography' is used for asymmetric cryptography or 'Public Key Cryptography' Asymmetric Key Cryptography Asymmetric key cryptography, also known as Public Key Cryptography, uses different key combinations for encryption and decryption [25]. The public key means that the key is reachable to anyone, and private key to only the identity holder. Both keys are related in terms of mathematics, but private key cannot be derived from public key. When a public key is used for encryption, only the private key can decrypt it. This concept is also used widely in operating systems, e.g., Windows 2000, Windows 2003 as EFS -Encrypting File System. AKC bears an important functionality that Symmetric Key Cryptography does not. With Digital Signature, sender can sign the message and claim that he really signed the message [25]. Also the signature is unforgable, not reusable and the message is unalterable and the sender cannot deny that he sent the message Hash Functions The primary goal of cryptographic hash functions is integrity. Hash functions are mathematically one-way functions where input cannot be derived from output. Hash functions get various sizes of input data, but outputs fixed-size texts (hash). Hash functions are expected to have the following attributes: 17

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Secure Software Programming and Vulnerability Analysis

Secure Software Programming and Vulnerability Analysis Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Compter Networks Chapter 9: Network Security

Compter Networks Chapter 9: Network Security Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau

More information

Networks: IP and TCP. Internet Protocol

Networks: IP and TCP. Internet Protocol Networks: IP and TCP 11/1/2010 Networks: IP and TCP 1 Internet Protocol Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments

More information

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection

More information

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

Abstract. Introduction. Section I. What is Denial of Service Attack?

Abstract. Introduction. Section I. What is Denial of Service Attack? Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

TCP/IP and Encryption. CIT304 University of Sunderland Harry R. Erwin, PhD

TCP/IP and Encryption. CIT304 University of Sunderland Harry R. Erwin, PhD TCP/IP and Encryption CIT304 University of Sunderland Harry R. Erwin, PhD Resources Garfinkel and Spafford, 1996, Practical UNIX and Internet Security, O Reilly, ISBN: 1-56592-148-8 B. Schneier, 2000,

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding? Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against

More information

Topics in Network Security

Topics in Network Security Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028 Review Final Exam 12/10/2015 Thursday 5:30~6:30pm Science S-3-028 IT443 Network Security Administration Instructor: Bo Sheng True/false Multiple choices Descriptive questions 1 2 Network Layers Application

More information

co Characterizing and Tracing Packet Floods Using Cisco R

co Characterizing and Tracing Packet Floods Using Cisco R co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012 Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret

More information

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

Network Security and Firewall 1

Network Security and Firewall 1 Department/program: Networking Course Code: CPT 224 Contact Hours: 96 Subject/Course WEB Access & Network Security: Theoretical: 2 Hours/week Year Two Semester: Two Prerequisite: NET304 Practical: 4 Hours/week

More information

ΕΠΛ 674: Εργαστήριο 5 Firewalls

ΕΠΛ 674: Εργαστήριο 5 Firewalls ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized

More information

Network Defense Tools

Network Defense Tools Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

83-10-41 Types of Firewalls E. Eugene Schultz Payoff

83-10-41 Types of Firewalls E. Eugene Schultz Payoff 83-10-41 Types of Firewalls E. Eugene Schultz Payoff Firewalls are an excellent security mechanism to protect networks from intruders, and they can establish a relatively secure barrier between a system

More information

Safeguards Against Denial of Service Attacks for IP Phones

Safeguards Against Denial of Service Attacks for IP Phones W H I T E P A P E R Denial of Service (DoS) attacks on computers and infrastructure communications systems have been reported for a number of years, but the accelerated deployment of Voice over IP (VoIP)

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

General Network Security

General Network Security 4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Security Type of attacks Firewalls Protocols Packet filter

Security Type of attacks Firewalls Protocols Packet filter Overview Security Type of attacks Firewalls Protocols Packet filter Computer Net Lab/Praktikum Datenverarbeitung 2 1 Security Security means, protect information (during and after processing) against impairment

More information

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant What infrastructure security really means? Infrastructure Security is Making sure that your system services are always running

More information

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology

More information

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Internet (In)Security Exposed Prof. Dr. Bernhard Plattner With some contributions by Stephan Neuhaus Thanks to Thomas Dübendorfer, Stefan

More information

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013 the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

Network Security Using Hybrid Port Knocking

Network Security Using Hybrid Port Knocking 8 Network Security Using Hybrid Port Knocking Dr. Hussein Al-Bahadili and Dr. Ali H. Hadi, Arab Academy for Financial Sciences, faculty of Information Technology, Amman Jordan Arab Academy for Financial

More information

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests

More information

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software CEN 448 Security and Internet Protocols Chapter 19 Malicious Software Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE

CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE Due to the encouraging feedback this series of articles has received, we decided to explore yet another type of cyber intrusionthe Man In The Middle (MITM)

More information

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall. Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and

More information

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall

More information

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized Internet users

More information

Security principles Firewalls and NAT

Security principles Firewalls and NAT Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network

More information

Three attacks in SSL protocol and their solutions

Three attacks in SSL protocol and their solutions Three attacks in SSL protocol and their solutions Hong lei Zhang Department of Computer Science The University of Auckland zhon003@ec.auckland.ac.nz Abstract Secure Socket Layer (SSL) and Transport Layer

More information

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs Network Security Ola Lundh ola.lundh@hh.se Schedule/ time-table: landris.hh.se/ (NetwoSec) Course home-page: hh.se/english/ide/education/student/coursewebp ages/networksecurity cisco.netacad.net Packet

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html

More information

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

SECURITY FLAWS IN INTERNET VOTING SYSTEM

SECURITY FLAWS IN INTERNET VOTING SYSTEM SECURITY FLAWS IN INTERNET VOTING SYSTEM Sandeep Mudana Computer Science Department University of Auckland Email: smud022@ec.auckland.ac.nz Abstract With the rapid growth in computer networks and internet,

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Analysis of Computer Network Attacks

Analysis of Computer Network Attacks Analysis of Computer Network Attacks Nenad Stojanovski 1, Marjan Gusev 2 1 Bul. AVNOJ 88-1/6, 1000 Skopje, Macedonia Nenad.stojanovski@gmail.com 2 Faculty of Natural Sciences and Mathematics, Ss. Cyril

More information

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and

More information

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT Track 2 Workshop PacNOG 7 American Samoa Firewalling and NAT Core Concepts Host security vs Network security What is a firewall? What does it do? Where does one use it? At what level does it function?

More information

A1.1.1.11.1.1.2 1.1.1.3S B

A1.1.1.11.1.1.2 1.1.1.3S B CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security

More information

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer

More information

Overview. Packet filter

Overview. Packet filter Computer Network Lab 2015 Fachgebiet Technische h Informatik, Joachim Zumbrägel Overview Security Type of attacks Firewalls Protocols Packet filter Security Security means, protect information (during

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

Firewalls. Chapter 3

Firewalls. Chapter 3 Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border

More information

Protocol Rollback and Network Security

Protocol Rollback and Network Security CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

More information

Firewalls Overview and Best Practices. White Paper

Firewalls Overview and Best Practices. White Paper Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not

More information

Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering.

Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering. CSE 127 Computer Security Fall 2011 More on network security Todays outline NAT, Firewalls IDS DDoS Chris Kanich (standing in for Hovav) [some slides courtesy Dan Boneh & John Mitchell] TCP/IP Protocol

More information

Second-generation (GenII) honeypots

Second-generation (GenII) honeypots Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they

More information

18-731 Midterm. Name: Andrew user id:

18-731 Midterm. Name: Andrew user id: 18-731 Midterm 6 March 2008 Name: Andrew user id: Scores: Problem 0 (10 points): Problem 1 (10 points): Problem 2 (15 points): Problem 3 (10 points): Problem 4 (20 points): Problem 5 (10 points): Problem

More information

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services Firewalls What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services only authorized traffic is allowed Auditing and

More information

Solution of Exercise Sheet 5

Solution of Exercise Sheet 5 Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????

More information

Security in IEEE 802.11 WLANs

Security in IEEE 802.11 WLANs Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh

More information

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

E-BUSINESS THREATS AND SOLUTIONS

E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were

More information

Networking Basics and Network Security

Networking Basics and Network Security Why do we need networks? Networking Basics and Network Security Shared Data and Functions Availability Performance, Load Balancing What is needed for a network? ISO 7-Layer Model Physical Connection Wired:

More information

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order

More information