View
218
Download
0
Tags:
Embed Size (px)
Citation preview
02/06/06Hofstra University – Network Security Course, CSC290A 1
CSC290A – Network Security
02/06/06Hofstra University – Network Security Course, CSC290A 2
FAQs
How Do Corporations Prevent Intrusions Into There Networks?
What Does SHA1 And MD5 Mean When You Download?
What Is A Certificate And How Does It Secure Your Internet Transaction?
Do You Really Have Privacy On The Internet?
These are just a few of the many questions related to Network Security, one of the most active and rewarding areas in Information Technology. These and many other questions will be examined in this topical graduate seminar. This class uses slides, the Web, and hands-on demonstrations to explore a range of topics from the foundations of cryptography to the latest research concerning security on the Internet, while maintaining a healthy balance between theory and practice.
02/06/06Hofstra University – Network Security Course, CSC290A 3
Course Description
Survey of current issues, techniques, software, hardware and architectures related to network security. Examination of the protocols used for Internet services, their vulnerabilities and how they can be secured. Analysis of firewall design, cryptographic techniques, intrusion detection, port scanning, viruses, trojan horses and denial of services attacks. Basic principles of secure networking and application design will be studied and discussed.
Prerequisites: None
02/06/06Hofstra University – Network Security Course, CSC290A 4
Text
Required TextWilliam Stallings, Network Security Essentials: Applications and Standards – 2/e, Prentice-Hall, 2003, 432 pp., ISBN 0-13-035128-8
ReferenceWilliam Stallings, Business Data Communications, 5/e, Prentice-Hall, 2005, 608 pp., ISBN 0-13-144257-0
Cheswick, W. and Bellovin, S., Firewalls and Network Security: Repelling the Wiley Hacker, Addison Wesley, 2003, 464 pp., ISBN 0-201-63466-X
William Stallings, Cryptography and Network Security: Principles and Practice, 4/e, Prentice Hall, 2006, 569 pp., ISBN 0-13-187316-4
Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2/e, Wiley, 1996, 784 pp., ISBN 047-111709-9
02/06/06Hofstra University – Network Security Course, CSC290A 5
Grading
Several assignments, three countmid-term and end-termClass participationFinal project or paperNo make-up test or extended deadlines
02/06/06Hofstra University – Network Security Course, CSC290A 6
Point Allocation
Assignments 1-3: 5% eachFinal Project: 30% Mid-Term: 25%End-Term: 25%Participation: 5%
02/06/06Hofstra University – Network Security Course, CSC290A 7
Attendance
Not Mandatory, but……you’ll probably fail!Participation is very importantLet me know if you can’t make it
02/06/06Hofstra University – Network Security Course, CSC290A 8
Course Schedule
End-Term Exam Due5/1514
Intrusion Detection / Special Topics/Review5/813
Network Management Security - Final Project/Paper Due5/112
Intruder, Viruses and Denial of Service4/2411
Electronic Commerce4/1910
Web Security4/39
Firewalls3/278
IP Security, Networking, Tools - Mid-Term Exam Due3/207
IP Security, Networking, Tools 3/136
E-Mail Security3/65
Authentication Applications2/274
Cryptography 2/133
Cryptography 2/062
Introduction1/301
02/06/06Hofstra University – Network Security Course, CSC290A 9
Slides, Links & News
www.cs.hofstra.edu/~cscvjc/Spring06
02/06/06Hofstra University – Network Security Course, CSC290A 10
Class Rules
Assignments are to be completed individuallyAcademic honesty taken very seriouslyAny attempt to gain unauthorized access to any system will be dealt with harshly
02/06/06Hofstra University – Network Security Course, CSC290A 11
Introduction
Network Security
02/06/06Hofstra University – Network Security Course, CSC290A 12
Information Security
PhysicalAdministrative“Lockup the file cabinet”
02/06/06Hofstra University – Network Security Course, CSC290A 13
Private Networks
Isolated to individual organizationsEmergence of computer securitySharing a systemProtecting data
02/06/06Hofstra University – Network Security Course, CSC290A 14
NetworkingNetworks start talking to each otherGatewaysArpanetTCP/IP EverywhereVinton Cerf, “IP On Everything!”
02/06/06Hofstra University – Network Security Course, CSC290A 15
Maturing of the Internet
Telephones used by 50% of worlds populationInternet attains similar level of growth by 2010 – max growthConnecting computers and programmable devicesMore devices than people
02/06/06Hofstra University – Network Security Course, CSC290A 16
Early Hacking
Cap’n Crunch cereal prizeGiveaway whistle produces 2600 MHz toneBlow into receiver – free phone calls“Phreaking” encouraged by Abbie HoffmanDoesn’t hurt anybody
02/06/06Hofstra University – Network Security Course, CSC290A 17
Captain Crunch
John Draper`71: Bluebox built by many Jobs and Wozniak were early implementersDeveloped “EasyWriter” for first IBM PCHigh-tech hoboWhite-hat hacker
02/06/06Hofstra University – Network Security Course, CSC290A 18
The Eighties
1983 – “War Games” movieFederal Computer Fraud and Abuse Act - 1986Robert Morris – Internet worm -1988Brings over 6000 computers to a halt$10,000 fineHis Dad worked for the NSA!!!
02/06/06Hofstra University – Network Security Course, CSC290A 19
It Got Worse
1995 – Kevin Mitnick arrested for the 2nd timeStole 20,000 credit card numbersFirst hacker on FBI’s Most Wanted posterTools: password sniffers, spoofinghttp://www.2600.com
02/06/06Hofstra University – Network Security Course, CSC290A 20
Tracking Attacks
http://www.cert.org
02/06/06Hofstra University – Network Security Course, CSC290A 21
Services, Mechanisms, Attacks(OSI Security Architecture)
Attack – action that compromises the security of information owned by an organizationMechanisms – detect, prevent or recover from a security attackServices – enhance the security of data processing systems and xfers – counter security attacks
02/06/06Hofstra University – Network Security Course, CSC290A 22
Security Attacks
Informationsource
Informationdestination
Normal Flow
02/06/06Hofstra University – Network Security Course, CSC290A 23
Security Attacks
Informationsource
Informationdestination
Interruption
• Attack on availability
02/06/06Hofstra University – Network Security Course, CSC290A 24
Security Attacks
Informationsource
Informationdestination
Interception
• Attack on confidentiality
02/06/06Hofstra University – Network Security Course, CSC290A 25
Security Attacks
Informationsource
Informationdestination
Modification
• Attack on integrity
02/06/06Hofstra University – Network Security Course, CSC290A 26
Security Attacks
Informationsource
Informationdestination
Fabrication
• Attack on authenticity
02/06/06Hofstra University – Network Security Course, CSC290A 27
Security Attacks
Release of message contents
Trafficanalysis
• eavesdropping, monitoring transmissions
Passive threats
02/06/06Hofstra University – Network Security Course, CSC290A 28
Security Attacks
Masquerade Denial ofservice
• some modification of the data stream
Active threats
Replay Modification of message contents
02/06/06Hofstra University – Network Security Course, CSC290A 29
Security Attacks
On the Internet, nobody knows you’re a dog- by Peter Steiner, New York, July 5, 1993
02/06/06Hofstra University – Network Security Course, CSC290A 30
Security Attacks
02/06/06Hofstra University – Network Security Course, CSC290A 31
Security Services
Confidentiality – protection from passive attacksAuthentication – you are who you say you areIntegrity – received as sent, no modifications, insertions, shuffling or replays
02/06/06Hofstra University – Network Security Course, CSC290A 32
Security Services
Nonrepudiation – can’t deny a message was sent or receivedAccess Control – ability to limit and control access to host systems and appsAvailability – attacks affecting loss or reduction on availability
02/06/06Hofstra University – Network Security Course, CSC290A 33
Network Security Model
02/06/06Hofstra University – Network Security Course, CSC290A 34
Network Security Model
Design algorithmGenerate secret information to be usedDevelop methods to distribute and share infoSpecify a protocol to be used by the two principals
Four basic tasks in designing a security service:
02/06/06Hofstra University – Network Security Course, CSC290A 35
Protocols – Simple To Complex
02/06/06Hofstra University – Network Security Course, CSC290A 36
Network Access Security Model
02/06/06Hofstra University – Network Security Course, CSC290A 37
Internet Standards and RFCs
Internet Architecture Board (IAB)- overall architecture
Internet Engineering Task Force (IETF)- engineering and development
Internet Engineering Steering Group (IESG)- manages the IETF and standards process
02/06/06Hofstra University – Network Security Course, CSC290A 38
Request For Comments (RFC)
RFCs are the working notes of the Internet research and development community
02/06/06Hofstra University – Network Security Course, CSC290A 39
Standardization Process
Stable and well understoodTechnically competentSubstantial operational experienceSignificant public supportUseful in some or all parts of Internet
Key difference from ISO: operational experience
02/06/06Hofstra University – Network Security Course, CSC290A 40
RFC Publication Process
Internet
draft
Experim ental Inform ationalProposed
standard
Draft
standard
Internet
standard
H istoric
IET F
IESG
< 6 m onths
> 6 m onths
> 4 m onths
tw o independent
im plem entations
02/06/06Hofstra University – Network Security Course, CSC290A 41
Some Current Topics
http://www.aclu.org/pizza/images/screen.swf
Eavesdropping Leaps Into 21st Century – Matthew Fordahl, NY Times, 1/22/2006
Privacy for People Who Don't Show Their Navels – Jonathan D. Glater, NY Times, 1/25/2006
Why We Listen – Philip Bobbitt, NY Times, 1/30/2006
02/06/06Hofstra University – Network Security Course, CSC290A 42
Useful Websites
http://www.williamstallings.com/NetSec2e.htmlSome recommended sites by the text authorhttp://www.rfc-editor.org/rfcsearch.htmlSearch RFCshttp://www.cert.orgCenter for Internet securityhttp://www.counterpane.com/alerts.htmlSome recent alerts
02/06/06Hofstra University – Network Security Course, CSC290A 43
Homework
Read Chapter OneRead NYTimes Articles Under “Documents”http://www.cs.hofstra.edu/~cscvjc/Spring06Be Ready To Discuss
02/06/06Hofstra University – Network Security Course, CSC290A 44
Have A Nice Week!!!