Introduction to Computer Security

Similar documents
Introduction to Computer Security

CS 4803 Computer and Network Security

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

IP Security. Ola Flygt Växjö University, Sweden

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Virtual Private Networks

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Lecture 10: Communications Security

Chapter 7 Transport-Level Security

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

How To Understand And Understand The Security Of A Key Infrastructure

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Protocol Security Where?

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Solution of Exercise Sheet 5

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Chapter 32 Internet Security

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Fundamentals

Lecture 17 - Network Security

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Chapter 9. IP Secure

Security vulnerabilities in the Internet and possible solutions

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

21.4 Network Address Translation (NAT) NAT concept

Exam Questions SY0-401

Chapter 10. Network Security

Virtual Private Networks: IPSec vs. SSL

Computer Networks. Secure Systems

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Securing IP Networks with Implementation of IPv6

Network Security Essentials Chapter 5

Network Security Part II: Standards

Transport Level Security

Internet Protocol Security IPSec

Computer and Network Security

ICTTEN8195B Evaluate and apply network security

Transport Layer Security Protocols

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Why SSL is better than IPsec for Fully Transparent Mobile Network Access

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

T Cryptography and Data Security

Chapter 17. Transport-Level Security

Linux Network Security

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Chapter 4: Security of the architecture, and lower layer security (network security) 1

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Network Access Security. Lesson 10

CS5008: Internet Computing

Lecture 23: Firewalls

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

finger, ftp, host, hostname, mesg, rcp, rlogin, rsh, scp, sftp, slogin, ssh, talk, telnet, users, w, walla, who, write,...

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Network Security. Lecture 3

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Computer security Lecture 9

Web Security Considerations

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

CCNA Security 1.1 Instructional Resource

Firewalls. Network Security. Firewalls Defined. Firewalls

Overview. Protocols. VPN and Firewalls

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Insecure network services. Firewalls. Two separable topics. Packet filtering. Example: blocking forgeries. Example: blocking outgoing mail

LinkProof And VPN Load Balancing

Protocols. Packets. What's in an IP packet

Securing an IP SAN. Application Brief

Security Technology: Firewalls and VPNs

VPN. VPN For BIPAC 741/743GE

Secure SCADA Network Technology and Methods

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

Chapter 5: Network Layer Security

Steelcape Product Overview and Functional Description

Secure Sockets Layer

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Laboratory Exercises V: IP Security Protocol (IPSec)

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

Virtual Private Networks

IPV6 vs. SSL comparing Apples with Oranges

Post-Class Quiz: Telecommunication & Network Security Domain

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

12. Firewalls Content

VPN. Date: 4/15/2004 By: Heena Patel

Protocol Rollback and Network Security

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Case Study for Layer 3 Authentication and Encryption

Transcription:

Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science

Circuit switching vs. packet switching

OSI and TCP/IP layered models

TCP/IP encapsulation

TCP connection synchronization Initial handshake Termination Host Host Host Host Send SYN seq=x Send FIN seq=x Receive SYN Receive FIN Send SYN seq=y, CK x+1 Send CK x+1 Receive SYN + CK Receive CK Send CK y+1 Send FIN seq=y, CK x+1. data transmission Receive CK Receive FIN + CK Send CK y+1 Receive CK

What can go wrong: TCP session hijacking C() Seq: x PSH/CK: y (60) Seq: y PSH/CK: x+60 (20) Seq: x+60 PSH/CK: y+20 (30) Seq: y+20 PSH/CK: x+90 (20) Seq: x+90 PSH/CK: y+40 (30) Seq: y+40 PSH/CK: x+120 (20)

Example: SYN flood Normal TCP handshake SYN flood

Placement of security instruments Network layer Transport layer pplication layer

IP layer security: IPsec Objectives: secure connectivity of branch offices secure remote access dvantages: bypass resistence transparency to end users and applications Disadvantages: infrastructure support needed performance degradation

IPsec application example User system with IPSec IP IPSec Header Header Secure IP Payload Public (Internet) or Private Network Networking device with IPSec IP Header IPSec Header Secure IP Payload IP IPSec Header Header Secure IP Payload Networking device with IPSec IP Header IP Payload IP Header IP Payload Figure 6.1 n IP Security Scenario

IPsec services and protocols Services / Protocols H ESP ESP + auth. ccess control Connectionless integrity Data origin authentication Replay protection Confidentiality Traffic flow confidentiality

Transport mode Protection of packet payload Used for end-to-end communication Small performance overhead Tunnel mode Protection of entire packet (payload and headers) Communication between gateways Invisible to intermediate routers Considerable performance overhead IPsec modes

(a) efore pplying H orig IP IPv4 TCP Data authenticated except for mutable fields H service IPv6 orig IP extension orig IP headers IPv4 (if present) H TCP Data IPv6 Transport mode orig IP (a) efore pplying H authenticated except for mutable fields authenticated except for mutable fields hop-by-hop, dest, routing, fragment H dest TCP Data orig IP IPv4 H TCP Data (b) Transport Mode IPv6 Tunnel mode orig IP authenticated except for mutable fields authenticated except for mutable fields in the new IP header hop-by-hop, dest, routing, fragment H dest TCP Data New IP orig IP IPv4 H TCP Data (b) Transport Mode IPv6 new IP ext headers authenticated except for mutable fields in new IP header and its extension headers authenticated except for mutable orig IP fields extin the new IP header H headers TCP Data New IP orig IP IPv4 H TCP Data

IPv4 orig IP ESP TCP authenticated encrypted Data ESP ESP service trlr auth IPv6 Transport mode orig IP hop-by-hop, dest, routing, fragment ESP authenticated encrypted authenticated dest TCP encrypted Data ESP ESP trlr auth IPv4 orig IP ESP (a) TCP Transport Mode Data ESP ESP trlr auth IPv6 Tunnel mode orig IP authenticated authenticated encrypted encrypted hop-by-hop, dest, ESP dest TCP Data routing, New fragment IP ESP orig IP IPv4 TCP Data (a) Transport Mode ESP ESP ESP trlr auth ESP trlr auth authenticated encrypted new IP ext ESP authenticated orig IP ext ESP ESP

Transport layer security: SSL/TLS Objectives: secure information transmission in Internet applications mutual authentication in Internet applications dvantages: secure end-to-end communication over TCP (not limited to HTTP) Disadvantages: PKI support needed potential use of weak cryptographic algorithms (e.g. RC4)

SSL architecture SSL connection corresponds to TCP connections. SSL sessions represent an association between a cliend and a server. Sessions define parameters that can be share between connections.

SSL Record Protocol Carries out information transfer Provides confidentiality and message integrity services.

SSL handshake protocol Client Server Random number Crypto info Random number Crypto info Server certificate Request client auth. Extract server public key Client certificate Hash over prev. messages Extract client public key Random pre-master secret Calculate master secret Calculate master secret Switch to master secret End handshake Switch to master secret End handshake

pplication layer security: SSH pplications secure remote login secure services (e.g. FTP, copy) over an insecure network secure port forwarding dvantages various authentication methods a neat way to circumvent firewalls Disadvantages point-to-point only some security vulnerabilities

SSH architecture

SSH functionality Remote Login Username / password Public key Remote command execution Remote copying (rcp) Secure ftp service (sftp) Remote synchronization (rsync) Port forwarding and tunneling Secure file system mounting (sshfs)

SSH port forwarding Syntax: Local forwarding: ssh -L 1521:localhost:23 username@host Remote forwarding: ssh -R 1521:localhost:23 username@host

SSH port forwarding: examples IMP requiests for an intermal IMP server: ssh -L 8143:exchange.first.fraunhofer.de:993 laskov@vnc00.first.fraunhofer.de Sending mail over an internal server: ssh -L 8025:smtpserv.uni-tuebingen.de:25 laskov@smb1.cs.uni-tuebingen.de rowsing with an external IP address: ssh -L 8081:proxy0.first.fraunhofer.de:3128 -L 8080:proxy0.first.fraunhofer.de:3128 laskov@vnc00.first.fraunhofer.de

Summary Network security technologies can be deployed at all layers of network protocols. IP layer security provides a transparent security service; needs, however, infrastructure support. Trasport layer security provides a reliable end-to-end security services. pplication layer security mechanisms can be tailored to specific application needs.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information