isa 656 f07 review
TRANSCRIPT
-
8/8/2019 ISA 656 F07 Review
1/31
Network Security - ISA 656Review
Angelos Stavrou
December 4, 2007
-
8/8/2019 ISA 656 F07 Review
2/31
The Exam
The ExamThe Exam
Material
Test Conditions
Introduction
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
2 / 31
s 7:20pm - 9:30pm, Thursday, Dec 11th, in theLab (STI-128)
s Same style of questions as the midterm
s Im not asking you to write programs
-
8/8/2019 ISA 656 F07 Review
3/31
Material
The ExamThe Exam
Material
Test Conditions
Introduction
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
3 / 31
s If its in my slides or I said it in class, youreresponsible for it
s There may be some questions based on the
Labss Youre responsible for the assigned Labs and
Homeworks at about the level of class
coverage.
-
8/8/2019 ISA 656 F07 Review
4/31
Test Conditions
The ExamThe Exam
Material
Test Conditions
Introduction
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
4 / 31
s Open books Open notes, posted code, manuals, Labs. . .
s You can bring a calculator but save yourenergy; you wont need it
s No laptops, IM, Chatting, or phones. . .
-
8/8/2019 ISA 656 F07 Review
5/31
Terminology
The ExamIntroduction
Terminology
Kinds of Threats
Assets
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
5 / 31
s Confidentiality, integrity, availabilitys Threats, attacks, and vulnerabilities
-
8/8/2019 ISA 656 F07 Review
6/31
Kinds of Threats
The ExamIntroduction
Terminology
Kinds of Threats
Assets
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
6 / 31
s Joy hackerss Criminals
s Competitors
s Nation states
s Insiders
-
8/8/2019 ISA 656 F07 Review
7/31
Assets
The ExamIntroduction
Terminology
Kinds of Threats
Assets
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
7 / 31
s Protect what?s Bandwidth, CPU, data, identity
s Attacker powers?
-
8/8/2019 ISA 656 F07 Review
8/31
Ciphers
The ExamIntroduction
Cryptography
Ciphers
Public KeyCryptography
Certificates
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
8 / 31
s What is a cryptosystem?s What is a block cipher? What are generic
properties of block ciphers?
s What are the different modes of operation?What are their properties? When would youuse each mode?
s What is a stream cipher?
-
8/8/2019 ISA 656 F07 Review
9/31
Public Key Cryptography
The Exam
Introduction
Cryptography
Ciphers
Public KeyCryptography
Certificates
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
9 / 31
s What is it? What is it good for? Limitations?s How are public key systems used?
s Random numbers and where they come from
s Digital signatures
-
8/8/2019 ISA 656 F07 Review
10/31
Certificates
The Exam
Introduction
Cryptography
Ciphers
Public KeyCryptography
Certificates
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
10 / 31
s Trust propertiess CAs
s Authorization versus identity certificates
s Web of trust
s Types of certificates
s Revocation
-
8/8/2019 ISA 656 F07 Review
11/31
SSL
The Exam
Introduction
Cryptography
Web Security
SSL
Web Certificates
Browser Security
ContinuingAuthentication
Web Server Security
Email Security
Phishing
Defenses
IPsec
Applications
Intrusion Detection
Worms and Denial
of Service
11 / 31
s What is SSL?s Client authentication types
s Properties and requirements
s Uses
s Trust model
-
8/8/2019 ISA 656 F07 Review
12/31
Web Certificates
The Exam
Introduction
Cryptography
Web Security
SSL
Web Certificates
Browser Security
ContinuingAuthentication
Web Server Security
Email Security
Phishing
Defenses
IPsec
Applications
Intrusion Detection
Worms and Denial
of Service
12 / 31
s Root certificatess The browser vendors role
s Bindings
s Human factors
-
8/8/2019 ISA 656 F07 Review
13/31
Browser Security
The Exam
Introduction
Cryptography
Web Security
SSL
Web Certificates
Browser Security
ContinuingAuthentication
Web Server Security
Email Security
Phishing
Defenses
IPsec
Applications
Intrusion Detection
Worms and Denial
of Service
13 / 31
s Why is it a problem?s Active content
s Javascript
s ActiveX
-
8/8/2019 ISA 656 F07 Review
14/31
Continuing Authentication
The Exam
Introduction
Cryptography
Web Security
SSL
Web Certificates
Browser Security
ContinuingAuthentication
Web Server Security
Email Security
Phishing
Defenses
IPsec
Applications
Intrusion Detection
Worms and Denial
of Service
14 / 31
s Cookiess Embedded values
s Cryptographically sealing data
-
8/8/2019 ISA 656 F07 Review
15/31
Web Server Security
The Exam
Introduction
Cryptography
Web Security
SSL
Web Certificates
Browser Security
ContinuingAuthentication
Web Server Security
Email Security
Phishing
Defenses
IPsec
Applications
Intrusion Detection
Worms and Denial
of Service
15 / 31
s Why?s Trust model
s Scripts and their dangers
s Injection attacks
s Permissions
-
8/8/2019 ISA 656 F07 Review
16/31
Email Security
The Exam
Introduction
Cryptography
Web Security
SSL
Web Certificates
Browser Security
ContinuingAuthentication
Web Server Security
Email Security
Phishing
Defenses
IPsec
Applications
Intrusion Detection
Worms and Denial
of Service
16 / 31
s Usual evaluations How to sign and encrypt?
s Details
s Threats: eavesdropping, password theft, spoolfile
-
8/8/2019 ISA 656 F07 Review
17/31
Phishing
The Exam
Introduction
Cryptography
Web Security
SSL
Web Certificates
Browser Security
ContinuingAuthentication
Web Server Security
Email Security
Phishing
Defenses
IPsec
Applications
Intrusion Detection
Worms and Denial
of Service
17 / 31
s What is it?s How its done
s Tracing
D f
-
8/8/2019 ISA 656 F07 Review
18/31
Defenses
The Exam
Introduction
Cryptography
Web Security
SSL
Web Certificates
Browser Security
ContinuingAuthentication
Web Server Security
Email Security
Phishing
Defenses
IPsec
Applications
Intrusion Detection
Worms and Denial
of Service
18 / 31
s
Mutual authentications Personalization
s DKIM
s Non-reusable credentials
s (MITM attacks; human factors)
IP
-
8/8/2019 ISA 656 F07 Review
19/31
IPsec
The Exam
Introduction
Cryptography
Web Security
IPsec
IPsecPacket Processing
Attacking IPsec
Applications
Intrusion Detection
Worms and Denialof Service
19 / 31
s
What is IPsec, and why?s ESP and AH
s SPI
s SAs
s Tunnel and transport mode
P k t P i
-
8/8/2019 ISA 656 F07 Review
20/31
Packet Processing
The Exam
Introduction
Cryptography
Web Security
IPsec
IPsecPacket Processing
Attacking IPsec
Applications
Intrusion Detection
Worms and Denialof Service
20 / 31
s
Outbound and inbounds SPD and SADB
s Rule characteristics
Att ki IP
-
8/8/2019 ISA 656 F07 Review
21/31
Attacking IPsec
The Exam
Introduction
Cryptography
Web Security
IPsec
IPsecPacket Processing
Attacking IPsec
Applications
Intrusion Detection
Worms and Denialof Service
21 / 31
s
Cut-and-paste attackss Probable plaintext
s Interactions with other layers
A li ti s
-
8/8/2019 ISA 656 F07 Review
22/31
Applications
The Exam
Introduction
Cryptography
Web Security
IPsec
Applications
Applications
SSH
SIP
Intrusion Detection
Worms and Denialof Service
22 / 31
s
SSHs SIP
s Networked storage
SSH
-
8/8/2019 ISA 656 F07 Review
23/31
SSH
The Exam
Introduction
Cryptography
Web Security
IPsec
Applications
Applications
SSH
SIP
Intrusion Detection
Worms and Denialof Service
23 / 31
s
Featuress Security model
s Client authentication
s Connection-forwarding
s SSH Agent
SIP
-
8/8/2019 ISA 656 F07 Review
24/31
SIP
The Exam
Introduction
Cryptography
Web Security
IPsec
Applications
Applications
SSH
SIP
Intrusion Detection
Worms and Denialof Service
24 / 31
s
SIP architectures Whats at risk?
s Protecting voice versus signaling
s What type of crypto is used where
s Complex scenarios
What is IDS?
-
8/8/2019 ISA 656 F07 Review
25/31
What is IDS?
The Exam
Introduction
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
What is IDS?Limits of NetworkIDS
IDS Architecture
Worms and Denialof Service
25 / 31
s
Purposes Host versus network IDS
s Logs and traces
Limits of Network IDS
-
8/8/2019 ISA 656 F07 Review
26/31
Limits of Network IDS
The Exam
Introduction
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
What is IDS?Limits of NetworkIDS
IDS Architecture
Worms and Denialof Service
26 / 31
s
Insertion and evasion attacks Checksum errors
s TTLs
s TCP normalization
IDS Architecture
-
8/8/2019 ISA 656 F07 Review
27/31
IDS Architecture
The Exam
Introduction
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
What is IDS?Limits of NetworkIDS
IDS Architecture
Worms and Denialof Service
27 / 31
s
Detectors Database
s Analyzer
s Countermeasure
s Signature versus anomaly
Worms
-
8/8/2019 ISA 656 F07 Review
28/31
Worms
The Exam
Introduction
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
Worms
Denial of Service
Routing Attacks
Wireless Security
28 / 31
s
Worms versus virusess Spread: program versus social engineering
s Payloads
s Spam
s Detection
Denial of Service
-
8/8/2019 ISA 656 F07 Review
29/31
Denial of Service
The Exam
Introduction
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
Worms
Denial of Service
Routing Attacks
Wireless Security
29 / 31
s
Types of DOS attacks TCP attacks
s DDoS
s Defenses
Routing Attacks
-
8/8/2019 ISA 656 F07 Review
30/31
Routing Attacks
The Exam
Introduction
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
Worms
Denial of Service
Routing Attacks
Wireless Security
30 / 31
s
Why they happens Goals
s SBGP, SO-BGP
Wireless Security
-
8/8/2019 ISA 656 F07 Review
31/31
Wireless Security
The Exam
Introduction
Cryptography
Web Security
IPsec
Applications
Intrusion Detection
Worms and Denialof Service
Worms
Denial of Service
Routing Attacks
Wireless Security
31 / 31
s
Evil twins Battery lifetime
s WEP why the crypto is bad
s War-driving
s Access control