1. Trang chủ
  2. » Công Nghệ Thông Tin

Tài liệu Network Security I CSCI 4971 / 6968 doc

99 311 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 99
Dung lượng 514,45 KB

Nội dung

Network Security I CSCI 4971 / 6968 www cs rpi edu/~yener/TEACHING/Netsec/Spring11/ www . cs . rpi . edu/~yener/TEACHING/Netsec/Spring11/ B ü lent Yener B ü lent Yener yener@cs.rpi.edu Lecture 1 Lecture - 1 1/26/11 This presentation is in part based on the slides of W. Stallings Outline • Class information Network security I and II – Network security I and II Bk d ditdti • B ac k groun d an d i n t ro d uc ti on • Basic concepts: attacks, services, mechanisms 2 Aim of the Courses • Our focus is on both Network & Internet Our focus is on both Network & Internet Security and Cryptography • NetSec I is focusing on a cryptography • NetSec I is focusing on a cryptography and basics NtS IIbild Nt I d • N e tS ec II b u ild s upon N e t sec I an d covers advance topics. 3 CSCI-4971 and 6968 NkSi N etwor k S ecur i ty • Basic Cryptography Basic Cryptography • Basic Number Theory • Security Goals Security Goals – Authentication, Privacy, Integrity, Key exchange • Security Solutions Security Solutions – SSL, PGP, SSH, IPSEC • Security Practice Security Practice – E-mail, IP security, Web security, … • And more: Internet and Network securit y issues 4 y Definitions • Computer Security - generic name for Computer Security generic name for the collection of tools designed to protect data and to thwart hackers data and to thwart hackers • Network Security - measures to protect data during their transmission data during their transmission • Internet Security - measures to protect dt d i thit i i d a t a d ur i ng th e i r t ransm i ss i on over a collection of interconnected networks 5 Standards Organizations Standards Organizations  National Institute of Standards &  National Institute of Standards & Technology (NIST)  Internet Society (ISOC)  Internet Society (ISOC) International Telecommunication Union Tl i ti St d di ti T e l ecommun i ca ti on St an d ar di za ti on Sector (ITU-T) International Organization for Standardization (ISO) Example XXX bank wants to provide web banking XXX bank wants to provide web banking service to its customers. They have alread y p ro g rammed web p a g es and yp g p g applications. Every customer has an id and password to access their account if ti i n f orma ti on. – What are the threats? Wh t th it h i t t – Wh a t are th e secur it y mec h an i sms t o preven t them? What are the security services? 7 – What are the security services? Case Study Attacker Banking Server Bank Customer Internet Bank Network Internet Web Serve r Bank Network Dial-up A 8 A ccess Server Security Attacks • Passive attacks - eavesdropping on, or Passive attacks eavesdropping on, or monitoring of, transmissions to: – obtain message contents, or – Intercept, or monitor traffic flows • Active attacks – modification of data stream to: – masquerade of one entity as some other – fabricate a message – replay previous messages – modify messages in transit denial of service 9 – denial of service Threats Banking Server Attacker Bank Customer Attacker Bank Network Bank Network carrier Web Serve r Customer ISP Bank ISP 10 Internet Backbone carrier carrier [...]... whether it is a real ID: – Is it like a real license of the NY DMV? – Does picture and name match? – Expiration date? • Your browser checks whether it is a real certificate: – Is it like a real certificate of the certificate authority under consideration? – Does ID, Name and/or other information match? ID – Expiration date? 25 Digital Certificates (cont…) • Just like a driver’s license: driver s – (issued... Authentication – UserID/Password: “you know” – Cli t C tifi t “ i Client Certificate: “given t you” to ” – Prevent stolen client certificates • Short life time, not feasible! • Associate certificate to User ID Accept a certificate if: – It is valid » Check authority » Check expiration date » Check black list (certificate revoke list) » Has user correctly proven his knowledge of the private key associated... (issued to): Stores information about the owner – (issued by): Stores information about the Authority issuing the ID – Stores validity information • Also stores Fingerprints 26 Digital Certificates Signature 27 Digital Certificates (cont…) • Fingerprint – Generated by the issuer (Verisign) • Issuer has two keys – An encryption key (private) – A decryption key ( (public) ) • Public key is known to every... methods to distribute and share the secret information – specify protocols enabling the principals to use the transformation and secret information for a security service y 20 Model for Network Access Security 21 Model for Network Access Security • Using this model requires us to: – select appropriate gatekeeper functions to identify users – implement security controls to ensure only authorised users... with the certificate – User entered matching user ID (stored in certificate) and correct password – Server certificate – Generate one time session key (we do not want to use our password or private key to provide confidentiality!) 15 Customer-Web Server Comm • Confidentiality & Integrity – Key exchange • Authenticated must be part of the authentication Authenticated, process • One time for life time... a picture ID (Driver’s License, Passport) • Your browser as s a ce t cate ou b o se asks certificate – They both trust the issuer of ID • Bank teller trusts Department of Motor Vehicle – DMV checks bi h certificate to i h k birth ifi issue the li h license • Your browser trusts certificate authorities – VeriSign, Entrust, Entrust, RSA, AOL 24 SSL – Authentication (cont…) – They both validate the ID... session – Strong crypto algorithms • Access co t o at custo e a d ba s de ccess control customer and bank side 16 Customer-Web Server Comm Client Hello Server Server Certificate Client Certificate Proof : Server Certificate Proof: Client Certificate Secret key exchange Communication with Confidentiality & Integrity with the secret Looks like SSL! 17 SSL • What is SSL? – Secure Sockets Layer – Provides... communication between you and the server – How do you know that it is active: • The lock shown by your browser – When the lock is close or unbroken • Web address starting with HTTPS 18 Model for Network Security 19 Model for Network Security • Using this model requires us to: – design a suitable algorithm for the security transformation – generate the secret information (keys) used by the algorithm... as root certificates 28 Digital Certificates (Cont…) • Your browser trusts issuer (Verisign) • Your browser knows the public key of the issuer • Your browser knows that a public key can only decrypt a fingerprint encrypted by matching yp g p yp y g private key • Your browser verifies that the certificate is given by the trusted authority • Your browser authenticates the owner of the certificate 29 SSL... programs IP spoofing Unsafe Services Malicious codes: Virus and worms DoS: SYN attack, ping flooding • Bank Network and Servers – – – – – – – – Use backdoor to access Eavesdropping Man-in-the-middle : Web Server to Banking Server Session hijacking DoS DNS attack Use unsafe services in other servers Install malicious codes in other servers 12 Targets (cont.) • DNS servers – DNS cache poisoning – DNS . Network Security I CSCI 4971 / 6968 www cs rpi edu/~yener/TEACHING/Netsec/Spring1 1/ www . cs . rpi . edu/~yener/TEACHING/Netsec/Spring1 1/ B ü lent. Authentication, Privacy, Integrity, Key exchange • Security Solutions Security Solutions – SSL, PGP, SSH, IPSEC • Security Practice Security Practice –

Ngày đăng: 14/02/2014, 08:20

TỪ KHÓA LIÊN QUAN