Tutorial 3. June 8, 2015



Similar documents
Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security Awareness. Wireless Network Security

Network Security Topologies. Chapter 11

DMZ Network Visibility with Wireshark June 15, 2010

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Overview. Firewall Security. Perimeter Security Devices. Routers

- Introduction to Firewalls -

What would you like to protect?

Compter Networks Chapter 9: Network Security

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Company Network. We want to go into the Internet. Company MBK & Co. KG. von Stephanie Endlich, Thomas Hein, Stephan Gitz und Matthias Härtel

Chapter 4 Customizing Your Network Settings

Chapter 6 CDMA/802.11i

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Network Access Security. Lesson 10

Computer Networks. Secure Systems

How To Connect Xbox 360 Game Consoles to the Router by Ethernet cable (RJ45)?

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Wireless LAN Security Mechanisms

INTRUSION DETECTION SYSTEMS and Network Security

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Chapter 15. Firewalls, IDS and IPS

Cornerstones of Security

M2M Series Routers. Port Forwarding / DMZ Setup

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Wireless Encryption Protection

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

Training Course on Network Administration

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Figure 41-1 IP Filter Rules

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Owner of the content within this article is Written by Marc Grote

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Implementing Network Address Translation and Port Redirection in epipe

Cryptography and network security

12. Firewalls Content

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

GregSowell.com. Mikrotik Security

Firewall Security. Presented by: Daminda Perera

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

Security Design.

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Polycom. RealPresence Ready Firewall Traversal Tips

home networking series Advanced manual - HOME NETWORKING

Technical Support Information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Security in Wireless Local Area Network

Security perimeter. Internet. - Access control, monitoring and management. Differentiate between insiders and outsiders - Different types of outsiders

MN-700 Base Station Configuration Guide

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Firewalls, IDS and IPS

FIREWALLS & CBAC. philip.heimer@hh.se

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Chapter 11 Cloud Application Development

CSCI Firewalls and Packet Filtering

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Proxy Server, Network Address Translator, Firewall. Proxy Server

ICANWK406A Install, configure and test network security

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Security Technology: Firewalls and VPNs

The next generation of knowledge and expertise Wireless Security Basics

Top-Down Network Design

Client Server Registration Protocol

Internet Security Firewalls

CMPT 471 Networking II

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

VPN Lesson 2: VPN Implementation. Summary

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Distributed Systems. Firewalls: Defending the Network. Paul Krzyzanowski

Lab Configuring Access Policies and DMZ Settings

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

Firewalls and System Protection

Objectives. Security+ Guide to Network Security Fundamentals, Third Edition. Network Vulnerabilities. Media-Based Vulnerabilities

Developing Network Security Strategies

Chapter 4 Customizing Your Network Settings

INTRODUCTION TO FIREWALL SECURITY

CSCE 465 Computer & Network Security

SonicWALL PCI 1.1 Implementation Guide

UCIT INFORMATION SECURITY STANDARDS

- Introduction to PIX/ASA Firewalls -

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Networking Basics and Network Security

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004

Transcription:

Tutorial 3 June 8, 2015

I. Basic Notions 1. Multiple-choice (Review Questions Chapter 6, 8 and 11) 2. Answers by a small paragraph (Chapter 2: viruses: MBR, rootkits, )

Multiple choice X. Which is the preferred location of a spam filter? 1. Install the spam filter the SMTP server 2. Install the spam filter on the proxy server 3. Install the spam filter on the local host client Y.. 4.. 5.. 6 7

II. Familiar Problem Solving 3. Client side attacks, buffer overflow, )(Chapter 3) 4. Network Address Translation, Network Access Technology, (chapter 6)

Network Address Translation, Network Access Technology, Recall: Security Through Network Technologies Network address translation (NAT) in fact a technique just for substituting addresses Allows private IP addresses to be used on the public Internet (Internet routers normally drop packet with a private address) Private IP address public address Security+ Guide to Network Security Fundamentals, Fourth Edition 5

Class A 0.0.0.0 127.255.255.255 Class B 128.0.0.0 191.255.255.255 Class C 192.0.0.0 223.255.255.255 Public IP addresses Table 6-7 Private IP addresses Figure 6-9 Network address translation (NAT) Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 6

Network Address Translation, Network Access Technology, (cont d.) Port address translation (PAT) Variation of NAT Outgoing packets given same IP address but different TCP port number This allows a single public IP address to be used by several users. Advantages of NAT Masks (hides)ip addresses of internal devices Allows multiple devices to share smaller number of public IP addresses Security+ Guide to Network Security Fundamentals, Fourth Edition 7

Network Address Translation, Network Access Technology, (cont d.) Network Access Control Examines current state of system or network device: Before allowing network connection Device must meet set of criteria If not met, Network Access Control allows connection to quarantine network until deficiencies corrected Security+ Guide to Network Security Fundamentals, Fourth Edition 8

Figure 6-10 Network access control framework Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 9

5. DMZ, subnetting, (chapter 6)

DMZ, subnetting, Recall: Security Through Network Design Elements Elements of a secure network design DeMilitarized Zones (DMZ) Subnetting Virtual LANs Remote access Security+ Guide to Network Security Fundamentals, Fourth Edition 11

Demilitarized Zone (DMZ) Separate network located outside secure network perimeter Untrusted outside users can access DMZ but not secure network Security+ Guide to Network Security Fundamentals, Fourth Edition 12

Figure 6-11 DMZ with one firewall Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 13

Figure 6-12 DMZ with two firewalls Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 14

Subnetting IP address may be split anywhere within its 32 bits Network can be divided into three parts Network Subnet Host Each network can contain several subnets Each subnet can contain multiple hosts Security+ Guide to Network Security Fundamentals, Fourth Edition 15

Subnetting (cont d.) Improves network security by isolating groups of hosts Allows administrators to hide internal network layout Security+ Guide to Network Security Fundamentals, Fourth Edition 16

Figure 6-13 Subnets Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 17

6. Key stream attack, (chapter 8)

Key stream attack, Recall: Wired Equivalent Privacy (WEP) IEEE 802.11 security protocol Encrypts plaintext into ciphertext Secret key is shared between wireless client device and AP Key used to encrypt and decrypt packets WEP vulnerabilities WEP can only use 64-bit or 128-bit number to encrypt Initialization vector (IV) is only 24 of those bits Short length makes it easier to break Security+ Guide to Network Security Fundamentals, Fourth Edition 19

ICV: Integrity Check Value PRNG: pseudo-random number generator IV changes each time a packet is encrypted Figure 8-9 WEP encryption process Cengage Learning 2012 The IV is prepended to the Ciphertext Security+ Guide to Network Security Fundamentals, Fourth Edition 20

Key stream attack, (cont d) WEP vulnerabilities (cont d.) Violates cardinal rule of cryptography: avoid a detectable pattern Attackers can see duplication when IVs start repeating Keystream attack (or IV attack) Attacker identifies two packets derived from same IV Uses XOR to discover plaintext Security+ Guide to Network Security Fundamentals, Fourth Edition 21

Figure 8-10 XOR operations Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 22

Figure 8-11 Capturing packets Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 23

III. Unfamiliar Problem Solving Two questions (answer one or the other)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information