Upload
sangkhone
View
11
Download
0
Embed Size (px)
Citation preview
CPE 426 Computer NetworksWeek 15:PART IV in TextbookChapter 30: NW SecurityChapter 31: NW Management
TOPICSChapter 30 (Only Selected Topics)Criminal Exploits and AttackSecurity PolicySecurity TechnologiesHashing and MACAccess ControlEncryptionAuthentication and Digital SignatureKey Authorities and Digital CertificatesFirewallIntrusion Detection SystemDeep Packet InspectionVPNSecurities TechnologiesChapter 31 NW ManagementIntranet ManagementFCAPSNW Management ToolsSNMPMIB
Ch.30; Major Internet Security ProblemsPhishing Site Web Misrepresentation Scams Denial of Service (DOS) Internet Site Loss of Control Loss of Data
Ch.30; Major Internet Security Problems
Ch.30; Techniques Used in Security AttacksWiretapping Copy Packet Network Wire Tapping Replay Attack Wireless LANReplay Packet Password Login Login Buffer Overflow Buffer Buffer OverflowAddress Spoofing Source IP Address Process PacketIP MAC Address ARP Broadcast Broadcast ARP Routing Protocol DNS Message Name Spoofing Name Server IP
Ch.30; Techniques Used in Security AttacksDoS and DDoS Packet Site DDOS Attack SYN Flood Random TCP SYN Segment TCP Connection Key Breaking Key Password Port Scanning Protocol Port Packet Interception Packet Packet Main-in-the-Middle Attack
Ch.30; Techniques Used in Security Attacks
Ch.30; Techniques Used in Security AttacksMan-in-the middle Attack Intercept Packet Packet Server Client Client Server
Ch.30; Techniques Used in Security Attacks
Security Policy Security Policy Network Security Risk Analysis Policy Data Integrity: Data Availability: Data Confidentiality: Privacy:
Security Technologies
Access Control and Password Application Program Resource Password Access Control List (ACL) Access Control Network Standalone Wiretapping, Replay, Phishing, Spoofing etc.
AAA Protocol Computer Security Protocol Authentication Network 3 Authentication Password, Keycard, BiometricsAuthorization Accounting
Hash and Message Authentication CodeHash Hash Bit Algorithm One-Way Function Collision MAC Data Key Hash Hash KeyHASH MAC Message AuthenticationMD5, SHA-1,
Encryption Authentication Integrity Confidentiality EncryptionEncryption Encryption Algorithm Encryption Key Inverse Decryption Decryption Algorithm Decryption Key
Encryption TerminologyPlaintext, MCyphertext, CEncryption Key, K1Bit String Decryption Key, K2Bit String C = encrypt(K1,M)M = decrypt(K2,C)M = decrypt(K2, encrypt(K1,M))
Private Key EncryptionSymmetric CryptographyConventional Cryptography Key Share Key DES, 3DES, AES
Public Key EncryptionAsymmetric Key CryptographyKey Public Key Key Private KeyRSA, Diffie-Hellman, ECC Digital Signature
Authentication With Digital Signature Private Key Public Key Key Ciphertext Ciphertext Digital Signature Authentication Electronics RSA, DSS
Key Authorities and Digital Certificates Public Key Public Key Public Key Authentication Public Key Public Key Public Key Public Key Bob Key Bob Bob Private Key Copy (Wiretapped) Private Key Key Key Distribution Problem
Key Authorities and Digital Certificates Server Key () Key Distribution Center Key Authority Public Key Public Key Server Key Authority Server Down Digital Certificate Public Key Digital Signature Certification AuthorityCertificate User Certificate User Certificate Key Authority Online
Key Authorities and Digital CertificatesSignSignPublic Key of Site W
Firewalls Computer Network Traffic Firewall Firewall Traffic Network Network Internet ()
Firewall Traffic Firewall Traffic Network Firewall Traffic Firewall Firewall Security Policy Drop Packet Firewall Attack Firewall Secure Perimeter ()
FirewallPacket Filtering Router/Gateway Packet MAC Address, IP Address, Port Number, Protocol Header Packet = StatelessApplication Level Gateway Proxy Application Application Application Proxy Stateful Packet Function Packet Filter Circuit Level Gateway Relay Connection Proxy Gateway
Firewall Implementation with a Packet Filter Traffic Public Server -
Intrusion Detection SystemIDS Intrusion Detection System Packet Site Packet Firewall Network IDS Configure Pattern Attack Port Scanning Firewall Firewall Block Packet SYN FloodIDS Stateful Connection
Content Scanning and Deep Packet Inspection Firewall Virus Packet Virus E-mail Attachment Content AnalysisFile Scanning Security Software PCFile Scanner File Pattern String Byte Finger Print False Positive False NegativeDeep Packet Inspection(DPI) Packet File Packet - Header Payload Firewall High-Speed Network
Virtual Private Network (VPN) Technology Secure Access Remote Site Internet Leased Circuit (Private Network) Security Internet Security Internet Public Network Encryption Router Firewall Host Technology Virtual Private Network VPN Internet Security Private Network
Virtual Private Network (VPN)
The Use of VPN Technology for TelecommutingVPN Stand-Alone Device VPN Router Internet VPN Server Encrypt Packet Decrypt Packet Internet LAN IP DHCP VPN Software Run VPN Software Host Network Internet VPN Software Packet Host Decryption Encryption
Packet Encryption vs. Tunneling Encryption VPN Payload Encryption Payload Datagram Encrypt Address Port Number Datagram Header Datagram IP-in-IP Tunneling Datagram Encrypt Packet Encrypt Datagram IP Address IP Router Encryption Decryption Datagram Datagram
Packet Encryption vs. TunnelingRemote NWINTERNETCorporate NWR1R2R1R2XYVPN Tunnel
Packet Encryption vs. Tunneling Encryption VPN Payload EncryptionIP-in-IP TunnelingIP-in-TCP Tunneling IP Packet Encrypt TCP Segment TCP IP TCP Packet Connection TCP Decrypt IP
VPN Tunneling Performance VPN Performance Latency VPN Site VPN Site Delay Throughput VPN LAN Internet Throughput LAN Overhead and Fragmentation Tunnel Overhead Datagram Packet MTU Fragmentation
Security Technologies PGP (Pretty Good Privacy) Application SSH (Secure Shell) Application Layer Protocol Remote login Telnet PlaintextSSL (Secure Socket Layer) Netscape Communication Authentication Layer Application Socket API (Transport Layer) Web Financial TransactionTLS (Transport Layer Security) IETF SSL SSL v.3 SSL TLS HTTPS
Security Technologies HTTPS (HTTP Security) HTTP SSL TLS Certificate Web HTTPS TCP Port 443 80IPsec (IP Security) Security IP Datagram Authentication Confidentiality (Encryption)RADIUS (Remote Authentication Dial-In User Service) Protocol Authentication, Authorization Accounting (AAA) Dialup VPN Remote UserWEP (Wired Equivalent Privacy) Wi-Fi WLAN Standard WPA (Wi-Fi Protection Access)
Chapter 31: Network Management (SNMP)NW Manager NW Administrator PlanningInstallingOperatingMonitoringControllingNW Manager / HW SW NW
Chapter 31: 31.3 NW Management Standard ModelIndustry Standard ModelFCAPSFault Detection and CorrectionConfiguration and OperationAccounting and BillingPerformance Assessment and OptimizationSecurity Assurance and Protection
Chapter 31: 31.4 Network Elements Service Network
Chapter 31: 31.5 Network Management ToolsPhysical Layer TestingOne-Touch, DSP 4000, Cable Tester, RF Signal MeterReachability and ConnectivityPingPacket AnalysisPacket Analyzer (Protocol Analyzer) Ethereal, Wireshark, SnifferNetwork Discovery NW MapDevice Interrogation Tool
Chapter 31: 31.5 Network Management ToolsEvent Monitoring Alert Performance Monitoring NWFlow Analysis NetFlow Analyzer Traffic Link Application NW
Chapter 31: 31.5 Network Management ToolsRouting and Traffic Engineering General Configuration ToolsRouting Configuration Routing ProtocolTraffic Engineering Configuration QoS General Configuration Tool Configuration
Chapter 31: 31.5 Network Management ToolsSecurity Enforcement NW Security PolicyNetwork Planning NW NW Optimization NW Architecture Traffic Engineering
Chapter 31: 31.6 NW Management Application Application Layer Client-Server Client PC Manager Server NW AgentManager Agent NW Management Protocol (Application Layer Protocol)
Chapt 31: 31.7 Simple Network Management Protocol (SNMP) Internet SNMPv3 Format Manager Agent ASN.1Abstract Syntax Notation 1
Chapter 31: 31.8 SNMPs Fetch-Store ParadigmSNMP Primitive Command Fetch-Store ParadigmFetch Store Operation Object Object Name
Chapter 31: 31.9 SNMP MIB and Object Names Object SNMP Manager Agent Object Set Object SNMP MIBManagement Information Base MIB SNMPMIB
Chapter 31: 31.9 SNMP MIB and Object NamesObject MIB ASN.1 Object Prefix Object Datagram Iso.org.dod.internet.mgmt.mib.ip.ipInReceives Object Message SNMP Integer 1.3.6.1.2.1.4.3
Chapter 31: 31.10 MIB VariablesSNMP Set MIB MIB MIB UDP, TCP, IP, ARP EthernetMIB Switch, Router, Modem, Printer Protocol MIB SNMP MIB Extension
Chapter 31: 31.11 MIB Variable Array MIB Variable Integer MIB Array MIB Routing Table (Forwarding Table) ASN.1 Index Array Object Index Object Name IP Forwarding TableStandard MIB prefix.ip.ipRoutingTable Field Standard MIB prefix.ip.ipRoutingTable.ipRouteEntry..IPdestaddr
End of Chapter 30-31 (Week 15)HW 9 Download
End of Week 15Week 16: Ch. 16 WLAN TechnologiesCourse Ends Next Week