security in computing security in networks. i.threats in networks a. vulnerabilities 1.anonymity...
TRANSCRIPT
![Page 1: Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity](https://reader030.vdocuments.net/reader030/viewer/2022032722/56649f425503460f94c61781/html5/thumbnails/1.jpg)
Security in ComputingSecurity in Computing
Security in Networks
![Page 2: Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity](https://reader030.vdocuments.net/reader030/viewer/2022032722/56649f425503460f94c61781/html5/thumbnails/2.jpg)
I.I. Threats in networksThreats in networks
A. Vulnerabilities
1. Anonymity
2. Shared resources
3. Size (many points of attack)
4. Complexity
5. Unknown perimeter
6. Unknown path
![Page 3: Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity](https://reader030.vdocuments.net/reader030/viewer/2022032722/56649f425503460f94c61781/html5/thumbnails/3.jpg)
I.I. Threats in networksThreats in networks
B. Attackers
1. for the challenge
2. for money, reward, espionage; organised crime because of reward
3. for ideology
![Page 4: Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity](https://reader030.vdocuments.net/reader030/viewer/2022032722/56649f425503460f94c61781/html5/thumbnails/4.jpg)
I.I. Threats in networksThreats in networks
C. Steps in an attack
1. reconnaissance
a) port scan
b) social engineering
2. attacking the network itself: eavesdropping and active wiretapping
3. attacking the infrastructure: protocol attacks
![Page 5: Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity](https://reader030.vdocuments.net/reader030/viewer/2022032722/56649f425503460f94c61781/html5/thumbnails/5.jpg)
I.I. Threats in networksThreats in networks4. attacking an endpoint
a) defeating authentication1) guessing (spoofing); masquerade,
phishing, hijacking; man-in-the middle attack
b) defeating confidentiality
1) delivery problems
c) defeating integrity
1) message forgery
2) noise
![Page 6: Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity](https://reader030.vdocuments.net/reader030/viewer/2022032722/56649f425503460f94c61781/html5/thumbnails/6.jpg)
I.I. Threats in networksThreats in networksd) website attacks
1) defacement
2) buffer overflow on a host of server
3) compromising applications on a host server, e.g.:
http:// www.CDs-r-us.com/buy.asp?i1=459012&p1=1599
http:// www.CDs-r-us.com/buy.asp?i1=459012&p1=1599&i2=365217&p2=1499
![Page 7: Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity](https://reader030.vdocuments.net/reader030/viewer/2022032722/56649f425503460f94c61781/html5/thumbnails/7.jpg)
I.I. Threats in networksThreats in networks
e) denial of service
1) flooding
2) distributed denial of service
![Page 8: Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity](https://reader030.vdocuments.net/reader030/viewer/2022032722/56649f425503460f94c61781/html5/thumbnails/8.jpg)
I.I. Threats in networksThreats in networksf) hostile code
1) active code (or mobile code)
2) bots (or robots) – similar to Distributed denial of Service
3) script kiddies – people who download and run attack scripts – simple scripts for many of the popular attacks
![Page 9: Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity](https://reader030.vdocuments.net/reader030/viewer/2022032722/56649f425503460f94c61781/html5/thumbnails/9.jpg)
II.II. Network controlsNetwork controlsA. Architecture
1) segmented (idea similar to OS) – one server to handle Http, another for application code , another to handle DB request
2) redundant – function to run on more than one node
3) protected against single points of failure – fault tolerance
4) segment controlled by firewall
![Page 10: Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity](https://reader030.vdocuments.net/reader030/viewer/2022032722/56649f425503460f94c61781/html5/thumbnails/10.jpg)
II.II. Network controlsNetwork controls
A. Encryption
1. link – encryption at layer 1 and 2 of the OSI model
2. end-to-end – security from one end of transmission to the other
3. “virtual” private network – a sense of a “private” although part of public network
4. IPSEc (IP Layer) - similar to SSL
![Page 11: Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity](https://reader030.vdocuments.net/reader030/viewer/2022032722/56649f425503460f94c61781/html5/thumbnails/11.jpg)
II.II. Network controlsNetwork controlsC. Content integrity check (detect, not
prevent)
1. error codes, checksums, cryptographic checksums
D. Authentication
E. Wireless security protocols
1. WEP (Wired Equivalent Privacy)
2. WPA - WPA2 extends WPA (WiFi Protected Access) – alternative to WEP
![Page 12: Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity](https://reader030.vdocuments.net/reader030/viewer/2022032722/56649f425503460f94c61781/html5/thumbnails/12.jpg)
III.III. OtherOtherA. Firewalls
B. Intrusion detection systems
C. Secure email