Upload
dangthuan
View
224
Download
4
Embed Size (px)
Citation preview
Network SecurityNYIT Vancouver - Fall 2017
Course Information• Me: Pooya Jaferian
• Prerequisites:
• Computer Networks
• Familiarity with Unix based operating systems
• Some programming experience can be good
• Familiarity with setting up virtual machines
• Should have: bring your laptop to the class or a smartphone
Learning Objectives
• Identify important components in network security
• Design defence in depth strategy for a network
• Evaluate security of a network
GradingInstruments Percentage of Total
GradeIn-class quizzes 10 + 5
Group Based Projects ( two projects ) 20
Midterm Exam 20
Final Exam 35
Topic Presentation 10
Total 100
Policy• Attendance: Students are required to attend the
classes
• Late assignment/projects: 30% deduction for each day late
• Academic integrity: http://www.nyit.edu/images/ uploads/academics/AcademicIntegrityPolicy.pdf
Resources• Optional: Mark Stamp, Information Security:
Principles and Practice, 2011
• Optional: William Stallings “Cryptography and Network Security, Principles and Practices,” Pearson, 6th edition
• Optional: Stephen Northcutt, Lenny Zeltser, Scott Wintters, Karen Kent, Ronald W Ritchney “Inside Network Perimeter Security,” Sams Publishing, 2nd edition, 2005, ISBN: 0-672-32737-6
Course Topics• Fundamentals
• Symmetric & Asymmetric Crypto
• Key-exchange, mutual authentication, etc.
• Network Security
• Protocol security issues ( TCP, DNS, routing, etc.)
• Network defense (Firewalls, VPNs, IDS, filters, etc.)
• Web Security
• Web application security, user authentication, HTTPS, browser security
Projects
• Part I: Setup your personal network security lab
• Part II: Analyze network traffic
Presentation Topic• Protocols
• TCP protocol stack
• Using wireshark and nmap
• DNS protocol
• DNS cache poisoning and DNS rebinding attacks
• NAT
• Firewalls
Presentation Topic• iptables demo
• Intrusion Detection Systems
• Honeypots
• Denial of service attacks
• OWASP top 10
Introduction
• “The field of network and Internet security consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information.” — Stallings
Security
• Confidentiality• Keeping data and resources hidden
• Integrity• Data integrity (integrity) • Origin integrity (authentication)
• Availability• Enabling access to data and resources
Network
• A network can be defined as a group of computers and other devices connected in some ways so as to be able to exchange data.
OSI Security Architecture
• Security Attacks
• Security Services
• Security Mechanisms
Security Attacks (Passive)
Security Attacks (Active)
Security Services• Authentication
• Peer entity authentication
• Data origin authentication
• Access Control
• Data Confidentiality
• Data Integrity
• Nonrepudiation
• Availability
Security Mechanisms• Encipherment
• Digital Signature
• Access Control
• Data Integrity
• Authentication Exchange
• Traffic Padding
• Routing Control
• Notarization
• Trusted Functionality
• Security Label
• Event Detection
• Security Audit Trail
• Security Recovery
Security Services &
Mechanisms