itec4621 network security dr. supakorn kungpisdan [email protected]

ITEC4621 Network Security

Dr. Supakorn [email protected]

ITEC4621 Network Security 2

Supakorn Kungpisdan

Education PhD (Computer Science and Software Engineering), Monash University,

Australia M.Eng. (Computer Engineering), KMUTT

Specializations Information and Network Security, Electronic Commerce, Formal Methods,

Computer Networking Experiences

Director, Master of Science in Network Engineering, MUT External Research Advisor, Network Security Research Group, Monash

University, Australia http://www.mut.ac.th/~supakorn/ http://www.msit.mut.ac.th/


Course Descriptions

Saturday 9.00 AM – 12.00 PM Textbook

W. Stallings: Cryptography and Network Security, 4th Edition, Pearson Prentice Hall, ISBN 0-13-202322-9

Supplementary materials M. E. Whitman and H. J. Mattord, Principles of Information

Security, 3rd Edition, Thomson, ISBN 1-4239-0177-0 G. De Laet and G. Schauwers: Network Security

Fundamentals, Cisco Press, ISBN 1-58705-167-2

http://www.msit.mut.ac.th/


Evaluation Criteria

Quizzes 10% Assignment 30% Midterm exam 20% Final exam 40%

Course Outlines

Network Security Overview Information Security

Symmetric Cryptography, Public-key Cryptography, Hash Functions and MAC

Network Security IP Security, Web Security, Email Security, Firewalls, Intrusion

Detection Systems


Lecture 01 Network Security Overview

Dr. Supakorn [email protected]


What is Security?

“The quality or state of being secure—to be free from danger”

A successful organization should have multiple layers of security in place: Information Security Systems Security Network Security Security Management Physical security


Security Trends


C.I.A Triangle

Confidentiality Ensure that the message is accessible only by authorized parties

Integrity Ensure that the message is not altered during the transmission

Availability Ensure that the information on the system is available for

authorized parties at appropriate times without interference or obstruction


Vulnerabilities, Threats, and Attacks

Vulnerability A weakness in the security system E.g. a program flaw, poor security configuration, bad

password policy Threat

A set of circumstances or people that potentially causes loss or harm to a system

Attack An action or series of actions to harm a system


Relationships among Different Security Components


Relationship of Threats and Vulnerabilities


How Hackers Exploit Weaknesses


Types of Attacks

Interruption Attack on Availability

Interception Attack on Confidentiality


Types of Attacks (cont.)

Modification Attack on Integrity Tampering a resource

Fabrication Attack on Authenticity Impersonation,

masquerading


Passive VS Active Attacks

Passive Attacks The goal is to obtain information that is being

transmitted. E.g. Release of confidential information and Traffic

analysis Difficult to detect not alter data nobody realizes

the existence of the third party Initiative to launch an active attack Interception May be relieved by using encryption


Passive VS Active Attacks (cont.)

Active Attacks Involve modification of the data stream or creation of a

false stream E.g. Masquerade, replay, message modification, denial

of services Potentially detected by security mechanisms Interruption, Modification, Fabrication


Direct VS Indirect Attacks

Computer can be subject of an attack and/or the object of an attack

When the subject of an attack, computer is used as an active tool to conduct attack indirect attack

When the object of an attack, computer is the entity being attacked direct attack


Direct VS Indirect Attacks (cont.)


Hackers

White Hat Hackers Grey Hat Hackers Script Kiddies Hacktivists Crackers or Black Hat Hackers


Hackers’ Steps

1. Gather information Telephone conversation, password crackers

2. Gain initial system access Often limited access and rights

3. Increase privileges and expand access Try to get root privilege

4. Carry out purpose of the attack Steal or destroy information

5. Install backdoors Build entrance for the next visit

6. Cover tracks and exit Remove all traces. Usually modifying log files


Malicious Codes

Viruses A destructive program code that attaches itself to a host and copies

itself and spreads to other hosts Viruses replicates and remains undetected until being activated.

Worms Unlike viruses, worms is independent of other programs or files. No

trigger is needed. Trojans

Externally harmless program but contains malicious code Spyware

Software installed on a target machine sending information back to an owning server


Security at Each Layer


Security at Each Layer (cont.) Firewall combats a range of attacks including some DoS attacks Proxy protects the application layer. It combats against unauthorized access and

packet spoofing NAT hides LAN addresses and topology STP cabling helps against network eavesdropping and signal interference NIDS sensor monitors traffic at the network layer for known attack signatures IPSec is configured for VPN connections. It protects against masquerading, data

manipulation, and unauthorized access Web server is configured against unauthorized access Mail server with antivirus protects against viruses and DoS attacks


A Model for Network Security


A Model for Network Access Security


Security Controls


NSTISSC Security Model


Balancing Information Security and Access

Impossible to obtain perfect security—it is a process, not a goal

Security should be considered balance between protection and availability

To achieve balance, level of security must allow reasonable access, yet protect against threats

Give an example of a completely secure information system !!!


Approaches to Information Security Implementation: Bottom-Up Approach

Grassroots effort: systems administrators attempt to improve security of their systems

Key advantage: technical expertise of individual administrators

Seldom works, as it lacks a number of critical features:

Participant support

Organizational staying power


Approaches to Information Security Implementation: Top-Down Approach

Initiated by upper management

Issue policy, procedures, and processes

Dictate goals and expected outcomes of project

Determine accountability for each required action

The most successful also involve formal development strategy referred to as systems development life cycle


Information Security: Is it an Art or a Science?

Implementation of information security often described as combination of art and science

“Security artesan” idea: based on the way individuals perceive systems technologists since computers became commonplace


Security as Art

No hard and fast rules nor many universally accepted complete solutions

No manual for implementing security through entire system


Security as Science

Dealing with technology designed to operate at high levels of performance

Specific conditions cause virtually all actions that occur in computer systems

Nearly every fault, security hole, and systems malfunction are a result of interaction of specific hardware and software

If developers had sufficient time, they could resolve and eliminate faults


Security as a Social Science

Social science examines the behavior of individuals interacting with systems

Security begins and ends with the people that interact with the system

Security administrators can greatly reduce levels of risk caused by end users, and create more acceptable and supportable security profiles

Questions?

Next weekSymmetric Cryptography 1

itec4621 network security dr. supakorn kungpisdan [email protected]

Documents

network security fundamentals

network security overviewdr

network engineering

web security

email security

security systeme

itec4621 network securitydr

macnetwork securityip