kittiphan techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) network...

19
Kittiphan Techakittiroj (20 ก.ก. Network Security (the Internet Security) Kittiphan Techakittiroj [email protected]

Upload: corey-lawson

Post on 26-Dec-2015

213 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Network Security(the Internet Security)

Kittiphan Techakittiroj

[email protected]

Page 2: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Goals of Security

• Ensure the only authorized individuals have ac

cess to information

• Preventing unauthorized creation, alteration, or

destruction of data

• Ensuring that legimate users are not denied acc

ess to information

• Ensuring that resources are used in legitimate

way

Page 3: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Classication of Security

• Communication security

– signal

• Computer security

– user permission

– file sharing access control

Page 4: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Classication of Security (secondary)Classication of Security

• Physical security: locks on doors, access badges, b

iometrics

• Personnel security: employee screening

• Administrative security: investigation of security b

reaches, policy

• Information/data security: controlling the reporduc

tion of sensitive material

• Online security: controlling access to online data

Page 5: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Classication of Security Violation

• Cracking

• Spoofing

• Snooping

• Social Engineering

• Denial of Service

Page 6: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Cracking

• Often called as “Hacking”

• Break through the security by using the

knowledge of

– Software Engineer

– Computer Network

– Operating System

– etc.

Classification of Security Violation

Page 7: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Cracker

• few real crackers (super crackers)

• other cracker used

– asking expert

– public available information (WWW)

• protected by

– security report

– patches, updates and hot fixes

Classification of Security Violation: Cracking

Page 8: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Spoofing• Act as the others, e.g.

– fake e-mail: e.g. sending an e-mail by pretending to b

e other (theoritical can be any name)

– fake IP: e.g. to gain accesses to the prohibit area

Classification of Security Violation

http://www.data.com/roundups/images/vpn_servers_figure1.html

Page 9: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Spoofing

• Starting point for other security violation

• False information

• protected by

– digital signature

– digital certification

Classification of Security Violation

Page 10: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Snooping

• Steal information during transmission

• Hardware:

– Packet Sniffer

– usually need access to the physical network

• Software:

– capture keystroke

Classification of Security Violation

Page 11: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Snooping cont.

• Other:

– Trashing (happened to credit card number)

• protected by:

– encryption

– security access control

Classification of Security Violation

Page 12: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Social Engineering

• Talking between user and cracker

• Serious and Common

• protected by:

– policy

– knowledge of users

Classification of Security Violation

Page 13: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Denial of Service

• attack the weakness of the network, e.g.

– spamming e-mail (mail bomb)

– spamming web request

– WinNuke

• protected by:

– hot fixes & patches

– firewall

– logging system

Classification of Security Violation

Page 14: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Benefit of Security

• Confidentiality

• Authentication (including access control)

• Message Digest (including data integrity)

– protect unknown modification, e.g. virus

– sampling keywords of the information and do the

encryption

• Non-repudiation: digital signature & certification

Page 15: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Potential Security Risk

• Lack of safeguards

• poorly configured & administered systems

• basic security problems with communication

protocol (IP, TCP, UDP)

• faulty service program

• basic security problem with service programs

(WWW, FTP)

Page 16: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

General rules for Protection

• software current & update

– fixed & patch & upgrade

• encrypt sensitive information

• train user & administrator

– password & security

– policy

• monitoring: 100% monitor --> 100% secure

Page 17: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Standard Technology on Security

• firewall: packet filtering & proxy

• Intrusion Detection Systems:

Detect the attack before it happens

• Network Address Translation:

Not design for scurity but generate a high-level o

f security

• encryption

– VPN (virtual private network)

– digital signature & certification

General rules for Protection

Page 18: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Emerging Technology on Security

• encryption

– SET, S-HTTP, IPSec (IP Security Protocol), S

SL or TLS (Transport Layer Security), CDSA

(Common Data Security Architecture), XBSS

(Baseline Security Services), XDAS (Distribut

e Audit Service), XSSO (Single Sign On)

General rules for Protection

Page 19: Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj engktc@au.ac.th

Kittiphan Techakittiroj (19 . . 2566เม ย )

Reference Books

Developing Secure Commerce Applications by Onli

ne O’Reilly Web Development Courses (http://20

8.233.153.3/oreilly/security/westnet: 1999)