Network Security - ISA 656 Review

Transcription

1 Network Security - ISA 656 Review Angelos Stavrou December 4, 2007

2 Material Test Conditions 7:20pm - 9:30pm, Thursday, Dec 11th, in the Lab (STI-128) Same style of questions as the midterm I m not asking you to write programs 2 / 31

3 Material Material Test Conditions If it s in my slides or I said it in class, you re responsible for it There may be some questions based on the Labs You re responsible for the assigned Labs and Homeworks at about the level of class coverage. 3 / 31

4 Test Conditions Material Test Conditions Open book Open notes, posted code, manuals, Labs... You can bring a calculator but save your energy; you won t need it No laptops, IM, Chatting, or phones... 4 / 31

5 Terminology Terminology Kinds of Threats Assets Confidentiality, integrity, availability Threats, attacks, and vulnerabilities 5 / 31

6 Kinds of Threats Terminology Kinds of Threats Assets Joy hackers Criminals Competitors Nation states Insiders 6 / 31

7 Assets Terminology Kinds of Threats Assets Protect what? Bandwidth, CPU, data, identity Attacker powers? 7 / 31

8 Ciphers Ciphers Public Key Certificates What is a cryptosystem? What is a block cipher? What are generic properties of block ciphers? What are the different modes of operation? What are their properties? When would you use each mode? What is a stream cipher? 8 / 31

9 Public Key Ciphers Public Key Certificates What is it? What is it good for? Limitations? How are public key systems used? Random numbers and where they come from Digital signatures 9 / 31

10 Certificates Ciphers Public Key Certificates Trust properties CAs Authorization versus identity certificates Web of trust Types of certificates Revocation 10 / 31

11 SSL SSL Web Certificates Browser Security Continuing Authentication Web Server Security Security Phishing Defenses What is SSL? Client authentication types Properties and requirements Uses Trust model 11 / 31

12 Web Certificates SSL Web Certificates Browser Security Continuing Authentication Web Server Security Security Phishing Defenses Root certificates The browser vendor s role Bindings Human factors 12 / 31

13 Browser Security SSL Web Certificates Browser Security Continuing Authentication Web Server Security Security Phishing Defenses Why is it a problem? Active content Javascript ActiveX 13 / 31

14 Continuing Authentication SSL Web Certificates Browser Security Continuing Authentication Web Server Security Security Phishing Defenses Cookies Embedded values Cryptographically sealing data 14 / 31

15 Web Server Security SSL Web Certificates Browser Security Continuing Authentication Web Server Security Security Phishing Defenses Why? Trust model Scripts and their dangers Injection attacks Permissions 15 / 31

16 Security SSL Web Certificates Browser Security Continuing Authentication Web Server Security Security Phishing Defenses Usual evaluation How to sign and encrypt? Details Threats: eavesdropping, password theft, spool file 16 / 31

17 Phishing SSL Web Certificates Browser Security Continuing Authentication Web Server Security Security Phishing Defenses What is it? How it s done Tracing 17 / 31

18 Defenses SSL Web Certificates Browser Security Continuing Authentication Web Server Security Security Phishing Defenses Mutual authentication Personalization DKIM Non-reusable credentials (MITM attacks; human factors) 18 / 31

19 Packet Processing Attacking What is, and why? ESP and AH SPI SAs Tunnel and transport mode 19 / 31

20 Packet Processing Packet Processing Attacking Outbound and inbound SPD and SADB Rule characteristics 20 / 31

21 Attacking Packet Processing Attacking Cut-and-paste attacks Probable plaintext Interactions with other layers 21 / 31

22 SSH SIP SSH SIP Networked storage 22 / 31

23 SSH SSH SIP Features Security model Client authentication Connection-forwarding SSH Agent 23 / 31

24 SIP SSH SIP SIP architecture What s at risk? Protecting voice versus signaling What type of crypto is used where Complex scenarios 24 / 31

25 What is IDS? What is IDS? Limits of Network IDS IDS Architecture Purpose Host versus network IDS Logs and traces 25 / 31

26 Limits of Network IDS What is IDS? Limits of Network IDS IDS Architecture Insertion and evasion attack Checksum errors TTLs TCP normalization 26 / 31

27 IDS Architecture What is IDS? Limits of Network IDS IDS Architecture Detector Database Analyzer Countermeasure Signature versus anomaly 27 / 31

28 Worms Worms Denial Routing Attacks Wireless Security Worms versus viruses Spread: program versus social engineering Payloads Spam Detection 28 / 31

29 Denial Worms Denial Routing Attacks Wireless Security Types of DOS attack TCP attacks DDoS Defenses 29 / 31

30 Routing Attacks Worms Denial Routing Attacks Wireless Security Why they happen Goals SBGP, SO-BGP 30 / 31

31 Wireless Security Worms Denial Routing Attacks Wireless Security Evil twin Battery lifetime WEP why the crypto is bad War-driving Access control 31 / 31