1 network security lecture 1 course overview waleed ejaz [email protected]
TRANSCRIPT
![Page 1: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/1.jpg)
1
Network Security
Lecture 1
Course Overview
http://web.uettaxila.edu.pk/CMS/coeCCNbsSp09/index.asp
Waleed [email protected]
![Page 2: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/2.jpg)
2
Overview
Goal of this course Grading Prerequisites Tentative Schedule Security Goals
![Page 3: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/3.jpg)
3
Goal of This Course
Comprehensive course on network security Includes both theory and practice Theory: Cryptography, Hashes, key exchange,
Email Security, Web Security Practice: Hacking and Anti-Hacker techniques Graduate course: (Advanced Topics)
Lot of independent reading and writing Survey paper
![Page 4: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/4.jpg)
4
CERT
Computer emergency response team (CERT) Security is a #1 concern about Internet. Significant industry and government investment in
security
![Page 5: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/5.jpg)
5
Prerequisites
Computer Communication & Networks
![Page 6: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/6.jpg)
6
Prerequisites ISO/OSI reference model TCP/IP protocol stack Full-Duplex vs half-duplex UTP vs Wireless Cyclic Redundancy Check (CRC) CRC Polynomial Ethernet IEEE 802 MAC Addresses Bridging and Routing IEEE 802.11 LAN
![Page 7: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/7.jpg)
7
Prerequisites (contd.) IP Address Subnets Private vs Public Addresses Address Resolution Protocol (ARP) Internet Control Message Protocol (ICMP) Routing - Dijkstra's algorithm Transport Control Protocol (TCP) User Datagram Protocol (UDP) TCP connection setup TCP Checksum Hypertext Transfer Protocol (HTTP)
![Page 8: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/8.jpg)
8
Text Book
Charlie Kaufman, Radia Perlman, and Mike Speciner, "Network Security: Private Communication in a Public World," 2nd Edition, Prentice Hall, 2002, ISBN: 0130460192.
![Page 9: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/9.jpg)
9
Reference Book
Cryptography and Network Security, by William Stallings, Prentice Hall, 4th Edition, 2006
Few topics from this book will be followed during this course.
All relevant material will be provided as notes or as part of the class slides.
![Page 10: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/10.jpg)
10
Course Outline Course Overview Security Concepts TCP/IP Security Attacks Security Key Cryptography (Chapter 3) Modes of Operation (Chapter 4) Hashes and Message Digest (Chapter 5) Public Key Cryptography (Chapter 6) Authentication: Passwords, Biometrics (Chapter 10) Kerberos (Chapter 14) Public Key Infrastructure (Chapter 15) IPSec (Chapter 17)
![Page 11: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/11.jpg)
11
Course Outline (contd.) Internet Key Exchange (IKE) (Chapter 18) Web Security: SSL/TLS (Chapter 19) Email Security: PGP (Chapter 22) Firewalls (Chapter 23) VPNs DNS Security Network Access Controls: AAA Wireless Security Intrusion Detection DMZ (LAN->WAN)
![Page 12: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/12.jpg)
12
Grading
Assignments 0% Quizzes 15% Research Paper 15% MID 20% Final Exam 50%
![Page 13: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/13.jpg)
13
Term Project
A survey paper on a network security topic Wireless Network Security Key Exchange Protocols Comprehensive Survey: Technical Papers, Industry
Standards, Products A real attack and protection exercise on the security of a system
(web server, Mail server, …) – Groups of 2 students(Hacker and Administrator)
Recent Developments: Last 5 to 10 years Not in books⇒ Better ones may be submitted to magazines or journals
![Page 14: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/14.jpg)
14
Project Schedule
Week 3: Topic Selection/Proposal Week 6: References Due Week 9: Outline Due Week 13: First Draft/Demo Due Week 16: Final Report Due
![Page 15: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/15.jpg)
15
Office Hours
Monday: 1:00 PM to 3:00 PM Office: Room 9 Contact Office: +92-51-9047573 Best way to communicate with me in other then
office hours is email:
[email protected] Do mention MSc Student in Subject Field
![Page 16: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/16.jpg)
16
FAQs
Yes, I do use “curve”. Your grade depends upon the performance of the rest of the class.
All exams are closed-book and extremely time limited. Exams consist of numerical and may be multiple-choice
(truefalse) questions.
![Page 17: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/17.jpg)
17
Quiz 0: Prerequisites True or False?1. Subnet mask of 255.255.255.254 will allow 254 nodes on the
LAN.2. Time to live (TTL) of 8 means that the packet can travel at most 8
hops.3. IP Address 128.256.210.12 is an invalid IP address4. CRC Polynomial x32+x15+1 will produce a 32 bit CRC.5. DHCP server is required for dynamic IP address assignment6. DNS helps translate an name to MAC address7. Port 80 is used for FTP.8. IPv6 addresses are 32 bits long.9. New connection setup message in TCP contains a syn flag.10. 192.168.0.1 is a public address. Marks = Correct Answers _____ - Incorrect Answers _____ =
______
![Page 18: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/18.jpg)
18
Quiz 0: Prerequisites (Solution) True or False?
1. Subnet mask of 255.255.255.254 will allow 254 nodes on the LAN. False
2. Time to live (TTL) of 8 means that the packet can travel at most 8 hops. True
3. IP Address 128.256.210.12 is an invalid IP address. True4. CRC Polynomial x32+x15+1 will produce a 32 bit CRC. True5. DHCP server is required for dynamic IP address assignment. True6. DNS helps translate an name to MAC address. False7. Port 80 is used for FTP. False8. IPv6 addresses are 32 bits long. False9. New connection setup message in TCP contains a syn flag. True10. 192.168.0.1 is a public address. False Marks = Correct Answers _____ - Incorrect Answers _____ =
______
![Page 19: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/19.jpg)
19
Network Security
Lecture 1
TCP/IP Security Attacks
http://web.uettaxila.edu.pk/CMS/coeCCNbsSp09/index.asp
Waleed [email protected]
![Page 20: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/20.jpg)
20
Overview
TCP Segment Format, Connection Setup, Disconnect IP: Address Spoofing, Covert Channel, Fragment Attacks, ARP, DNS TCP Flags: Syn Flood, Ping of Death, Smurf, Fin UDP Flood Attack Connection Hijacking Application: E-Mail, Web spoofing
Ref: Gert De Laet and Gert Schauwers, “Network Security Fundamentals,” Cisco Press, 2005, ISBN:1587051672
![Page 21: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/21.jpg)
21
Security Goals
Security Goals Confidentiality: Need access control,
Cryptography, Existence of data Integrity: No change, content, source, prevention
mechanisms, detection mechanisms Availability: Denial of service attacks,
Confidentiality, Integrity and Availability (CIA)
![Page 22: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/22.jpg)
22
Security Attacks
Security Attacks
Snooping
Traffic Analysis
Modification
Masquerading
Replaying
Repudiation
Traffic Analysis
Snooping
Traffic Analysis
Snooping
Traffic Analysis
Snooping
Traffic Analysis
Snooping
Traffic Analysis
Snooping
Traffic Analysis
Security Attacks
Snooping
Traffic Analysis
Security Attacks
Snooping
Traffic Analysis
Security Attacks
Snooping
Traffic Analysis
Security Attacks
Snooping
Traffic Analysis
Modification
Security Attacks
Snooping
Traffic Analysis Masquerading
Modification
Security Attacks
Snooping
Traffic Analysis
Replaying
Masquerading
Modification
Security Attacks
Snooping
Traffic Analysis
Threat to Confidentiality
Threat to Availability
Threat to Integrity
Denial of Service
![Page 23: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/23.jpg)
23
Passive Versus Active Attacks
Alice and Bob want to communicate in presence of adversaries Adversaries:
Passive – just looking Active – may change msgs
AliceAlice
BobBob
![Page 24: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/24.jpg)
24
Categorization of passive and active attacks
Attacks Passive/Active Threatening
Snooping
Traffic Analysis
Passive Confidentiality
Modification
Masquerading
Replaying
Repudiation
Active Integrity
Denial of Service Active Availability
![Page 25: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/25.jpg)
25
TCP segment format20 to 60 Byte header
![Page 26: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/26.jpg)
26
Connection establishment using three-way handshaking A SYN segment
cannot carry data, but it consumes one sequence number.
A SYN + ACK segment cannot carry data, but does consume one sequence number.
An ACK segment, if carrying no data, consumes no sequence number.
![Page 27: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/27.jpg)
27
Connection termination using three-way handshaking The FIN segment
consumes one sequence number if it does not carry data.
The FIN + ACK segment consumes one sequence number if it does not carry data.
![Page 28: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/28.jpg)
28
IP address Spoofing Send requests to server with someone X's IP
address. The response is received at X and discarded. Both X and server can be kept busy DoS attack⇒
![Page 29: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/29.jpg)
29
TCP Flags
Invalid combinations
May cause recipient to crash or hang
![Page 30: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/30.jpg)
30
Syn Flood A sends Syn request with IP address of X to Server
V. V sends a syn+ack to X X discards syn+ack leaving an half open connection
at V. Many open connections exhausts resources at V ⇒
DoS
![Page 31: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/31.jpg)
31
Ping of Death
Send a ping with more than 64kB in the data field.
Most systems would crash, hang or reboot.
![Page 32: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/32.jpg)
32
Smurf
Send a broadcast echo request with the V's source address.
All the echo replies will make V very busy.
![Page 33: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/33.jpg)
33
Fin
In the middle of conversation between X and V.
H sends a packet with Fin flag to V. V closes the connection and disregards all
further packets from X. RST flag can be used similarly
![Page 34: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/34.jpg)
34
Connection Hijacking H sends packets to server X which increments
the sequence number at X. All further packets from V are discarded at X. Responses for packets from H are sent to V -
confusing him.
![Page 35: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/35.jpg)
35
Address Resolution Protocol
![Page 36: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/36.jpg)
36
ARP: Address Resolution Protocol Mapping from IP addresses to MAC addresses
Request
192.168.0
.1 .2 .3 .4 .508:00:20:03:F6:42 00:00:C0:C2:9B:26
Reply
192.168.0
.1 .2 .3 .4 .508:00:20:03:F6:42 00:00:C0:C2:9B:26
arp req | target IP: 192.168.0.5 | target eth: ?
arp rep | sender IP: 192.168.0.5 | sender eth: 00:00:C0:C2:9B:26
![Page 37: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/37.jpg)
37
ARP Spoofing X tries to find the MAC address of Victim V Hacker H responds to ARP request
pretending to be V. All communication for V is captured by H. Countermeasure: Use static ARP
![Page 38: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/38.jpg)
38
DNS Spoofing
DNS server is compromised to provide H's IP address for V's name.
Countermeasure
![Page 39: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/39.jpg)
39
Email Spoofing From address is spoofed. Malware attachment comes from a friendly
address. From: [email protected]
![Page 40: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/40.jpg)
40
Web Spoofing
The web site looks like another Southwest Airline,
http://airlines.ws/southwest-airline.htm For every .gov site there is a .com, .net giving
similar information For misspellings of popular businesses, there
are web sites.
![Page 41: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/41.jpg)
41
Summary1. TCP port numbers, Sequence numbers, ack, flags2. IP addresses are easy to spoof. ARP and DNS are
not secure.3. Flags: Syn Flood, Ping of Death, Smurf, Fin,
Connection Hijacking4. UDP Flood Attack5. Application addresses are not secure
![Page 42: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/42.jpg)
42
References
1. Gert De Laet and Gert Schauwers, “Network Security Fundamentals,” Cisco Press, 2005, ISBN:1587051672
![Page 43: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/43.jpg)
43
Lab Home Work 1: Gathering Information
Learn about IPconfig, ping, arp, nslookup, whois, tracert, netstat, route, hosts file 1. Find the IP addresses of www.google.com 2. Modify the hosts file to map www.google.com to 128.252.166.33 and do a
google search. Remove the modification to the host file and repeat. 3. Find the domain name of 128.272.165.7 (reverse the address and
add .inaddr. arpa) 4. Find the owner of www.google.com domain 5. Find route from your computer to www.google.com 6. Find the MAC address of your computer 7. Print your ARP cache table. Find a server on your local network. Change its
ARP entry in your computer to point to your computer’s MAC address. Print new ARP cache table. Now use the service and see what happens.
8. Print your routing table and explain each line (up to line #20 if too many) 9. What is the number of packets sent with “destination unreachable” 10. Find the location of 128.252.166.33 (use www.ipaddresslocation.org)
![Page 44: 1 Network Security Lecture 1 Course Overview Waleed Ejaz waleed.ejaz@uettaxila.edu.pk](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649e055503460f94af1dae/html5/thumbnails/44.jpg)
44
Questions!