prev
next
out of 53

Week 15 SecuritiesManagem

Embed Size (px)

Citation preview

  • CPE 426 Computer NetworksWeek 15:PART IV in TextbookChapter 30: NW SecurityChapter 31: NW Management

  • TOPICSChapter 30 (Only Selected Topics)Criminal Exploits and AttackSecurity PolicySecurity TechnologiesHashing and MACAccess ControlEncryptionAuthentication and Digital SignatureKey Authorities and Digital CertificatesFirewallIntrusion Detection SystemDeep Packet InspectionVPNSecurities TechnologiesChapter 31 NW ManagementIntranet ManagementFCAPSNW Management ToolsSNMPMIB

  • Ch.30; Major Internet Security ProblemsPhishing Site Web Misrepresentation Scams Denial of Service (DOS) Internet Site Loss of Control Loss of Data

  • Ch.30; Major Internet Security Problems

  • Ch.30; Techniques Used in Security AttacksWiretapping Copy Packet Network Wire Tapping Replay Attack Wireless LANReplay Packet Password Login Login Buffer Overflow Buffer Buffer OverflowAddress Spoofing Source IP Address Process PacketIP MAC Address ARP Broadcast Broadcast ARP Routing Protocol DNS Message Name Spoofing Name Server IP

  • Ch.30; Techniques Used in Security AttacksDoS and DDoS Packet Site DDOS Attack SYN Flood Random TCP SYN Segment TCP Connection Key Breaking Key Password Port Scanning Protocol Port Packet Interception Packet Packet Main-in-the-Middle Attack

  • Ch.30; Techniques Used in Security Attacks

  • Ch.30; Techniques Used in Security AttacksMan-in-the middle Attack Intercept Packet Packet Server Client Client Server

  • Ch.30; Techniques Used in Security Attacks

  • Security Policy Security Policy Network Security Risk Analysis Policy Data Integrity: Data Availability: Data Confidentiality: Privacy:

  • Security Technologies

  • Access Control and Password Application Program Resource Password Access Control List (ACL) Access Control Network Standalone Wiretapping, Replay, Phishing, Spoofing etc.

  • AAA Protocol Computer Security Protocol Authentication Network 3 Authentication Password, Keycard, BiometricsAuthorization Accounting

  • Hash and Message Authentication CodeHash Hash Bit Algorithm One-Way Function Collision MAC Data Key Hash Hash KeyHASH MAC Message AuthenticationMD5, SHA-1,

  • Encryption Authentication Integrity Confidentiality EncryptionEncryption Encryption Algorithm Encryption Key Inverse Decryption Decryption Algorithm Decryption Key

  • Encryption TerminologyPlaintext, MCyphertext, CEncryption Key, K1Bit String Decryption Key, K2Bit String C = encrypt(K1,M)M = decrypt(K2,C)M = decrypt(K2, encrypt(K1,M))

  • Private Key EncryptionSymmetric CryptographyConventional Cryptography Key Share Key DES, 3DES, AES

  • Public Key EncryptionAsymmetric Key CryptographyKey Public Key Key Private KeyRSA, Diffie-Hellman, ECC Digital Signature

  • Authentication With Digital Signature Private Key Public Key Key Ciphertext Ciphertext Digital Signature Authentication Electronics RSA, DSS

  • Key Authorities and Digital Certificates Public Key Public Key Public Key Authentication Public Key Public Key Public Key Public Key Bob Key Bob Bob Private Key Copy (Wiretapped) Private Key Key Key Distribution Problem

  • Key Authorities and Digital Certificates Server Key () Key Distribution Center Key Authority Public Key Public Key Server Key Authority Server Down Digital Certificate Public Key Digital Signature Certification AuthorityCertificate User Certificate User Certificate Key Authority Online

  • Key Authorities and Digital CertificatesSignSignPublic Key of Site W

  • Firewalls Computer Network Traffic Firewall Firewall Traffic Network Network Internet ()

  • Firewall Traffic Firewall Traffic Network Firewall Traffic Firewall Firewall Security Policy Drop Packet Firewall Attack Firewall Secure Perimeter ()

  • FirewallPacket Filtering Router/Gateway Packet MAC Address, IP Address, Port Number, Protocol Header Packet = StatelessApplication Level Gateway Proxy Application Application Application Proxy Stateful Packet Function Packet Filter Circuit Level Gateway Relay Connection Proxy Gateway

  • Firewall Implementation with a Packet Filter Traffic Public Server -

  • Intrusion Detection SystemIDS Intrusion Detection System Packet Site Packet Firewall Network IDS Configure Pattern Attack Port Scanning Firewall Firewall Block Packet SYN FloodIDS Stateful Connection

  • Content Scanning and Deep Packet Inspection Firewall Virus Packet Virus E-mail Attachment Content AnalysisFile Scanning Security Software PCFile Scanner File Pattern String Byte Finger Print False Positive False NegativeDeep Packet Inspection(DPI) Packet File Packet - Header Payload Firewall High-Speed Network

  • Virtual Private Network (VPN) Technology Secure Access Remote Site Internet Leased Circuit (Private Network) Security Internet Security Internet Public Network Encryption Router Firewall Host Technology Virtual Private Network VPN Internet Security Private Network

  • Virtual Private Network (VPN)

  • The Use of VPN Technology for TelecommutingVPN Stand-Alone Device VPN Router Internet VPN Server Encrypt Packet Decrypt Packet Internet LAN IP DHCP VPN Software Run VPN Software Host Network Internet VPN Software Packet Host Decryption Encryption

  • Packet Encryption vs. Tunneling Encryption VPN Payload Encryption Payload Datagram Encrypt Address Port Number Datagram Header Datagram IP-in-IP Tunneling Datagram Encrypt Packet Encrypt Datagram IP Address IP Router Encryption Decryption Datagram Datagram

  • Packet Encryption vs. TunnelingRemote NWINTERNETCorporate NWR1R2R1R2XYVPN Tunnel

  • Packet Encryption vs. Tunneling Encryption VPN Payload EncryptionIP-in-IP TunnelingIP-in-TCP Tunneling IP Packet Encrypt TCP Segment TCP IP TCP Packet Connection TCP Decrypt IP

  • VPN Tunneling Performance VPN Performance Latency VPN Site VPN Site Delay Throughput VPN LAN Internet Throughput LAN Overhead and Fragmentation Tunnel Overhead Datagram Packet MTU Fragmentation

  • Security Technologies PGP (Pretty Good Privacy) Application SSH (Secure Shell) Application Layer Protocol Remote login Telnet PlaintextSSL (Secure Socket Layer) Netscape Communication Authentication Layer Application Socket API (Transport Layer) Web Financial TransactionTLS (Transport Layer Security) IETF SSL SSL v.3 SSL TLS HTTPS

  • Security Technologies HTTPS (HTTP Security) HTTP SSL TLS Certificate Web HTTPS TCP Port 443 80IPsec (IP Security) Security IP Datagram Authentication Confidentiality (Encryption)RADIUS (Remote Authentication Dial-In User Service) Protocol Authentication, Authorization Accounting (AAA) Dialup VPN Remote UserWEP (Wired Equivalent Privacy) Wi-Fi WLAN Standard WPA (Wi-Fi Protection Access)

  • Chapter 31: Network Management (SNMP)NW Manager NW Administrator PlanningInstallingOperatingMonitoringControllingNW Manager / HW SW NW

  • Chapter 31: 31.3 NW Management Standard ModelIndustry Standard ModelFCAPSFault Detection and CorrectionConfiguration and OperationAccounting and BillingPerformance Assessment and OptimizationSecurity Assurance and Protection

  • Chapter 31: 31.4 Network Elements Service Network

  • Chapter 31: 31.5 Network Management ToolsPhysical Layer TestingOne-Touch, DSP 4000, Cable Tester, RF Signal MeterReachability and ConnectivityPingPacket AnalysisPacket Analyzer (Protocol Analyzer) Ethereal, Wireshark, SnifferNetwork Discovery NW MapDevice Interrogation Tool

  • Chapter 31: 31.5 Network Management ToolsEvent Monitoring Alert Performance Monitoring NWFlow Analysis NetFlow Analyzer Traffic Link Application NW

  • Chapter 31: 31.5 Network Management ToolsRouting and Traffic Engineering General Configuration ToolsRouting Configuration Routing ProtocolTraffic Engineering Configuration QoS General Configuration Tool Configuration

  • Chapter 31: 31.5 Network Management ToolsSecurity Enforcement NW Security PolicyNetwork Planning NW NW Optimization NW Architecture Traffic Engineering

  • Chapter 31: 31.6 NW Management Application Application Layer Client-Server Client PC Manager Server NW AgentManager Agent NW Management Protocol (Application Layer Protocol)

  • Chapt 31: 31.7 Simple Network Management Protocol (SNMP) Internet SNMPv3 Format Manager Agent ASN.1Abstract Syntax Notation 1

  • Chapter 31: 31.8 SNMPs Fetch-Store ParadigmSNMP Primitive Command Fetch-Store ParadigmFetch Store Operation Object Object Name

  • Chapter 31: 31.9 SNMP MIB and Object Names Object SNMP Manager Agent Object Set Object SNMP MIBManagement Information Base MIB SNMPMIB

  • Chapter 31: 31.9 SNMP MIB and Object NamesObject MIB ASN.1 Object Prefix Object Datagram Iso.org.dod.internet.mgmt.mib.ip.ipInReceives Object Message SNMP Integer 1.3.6.1.2.1.4.3

  • Chapter 31: 31.10 MIB VariablesSNMP Set MIB MIB MIB UDP, TCP, IP, ARP EthernetMIB Switch, Router, Modem, Printer Protocol MIB SNMP MIB Extension

  • Chapter 31: 31.11 MIB Variable Array MIB Variable Integer MIB Array MIB Routing Table (Forwarding Table) ASN.1 Index Array Object Index Object Name IP Forwarding TableStandard MIB prefix.ip.ipRoutingTable Field Standard MIB prefix.ip.ipRoutingTable.ipRouteEntry..IPdestaddr

  • End of Chapter 30-31 (Week 15)HW 9 Download

  • End of Week 15Week 16: Ch. 16 WLAN TechnologiesCourse Ends Next Week


Week 15 PowerPoint

Week 15 PowerPoint

Documents
Week 15 Storytelling Assessment

Week 15 Storytelling Assessment

Documents
Rozenburgse Courant week 15

Rozenburgse Courant week 15

Documents
Weyburn This Week Classifieds - May 15/15

Weyburn This Week Classifieds - May 15/15

Documents
Property Week 15

Property Week 15

Documents
Week 15 media literacy - 2014-15

Week 15 media literacy - 2014-15

Education
Sketch Up Week 15

Sketch Up Week 15

Documents
Music 15 Week Three

Music 15 Week Three

Documents
Starfall Kindergarten - Week 15

Starfall Kindergarten - Week 15

Documents
Vocabulary Week 15

Vocabulary Week 15

Documents
Week 11-15 Stems

Week 11-15 Stems

Documents
De week van twenterand week 15

De week van twenterand week 15

Documents
Monsterse Courant week 15

Monsterse Courant week 15

Documents
Chemistry Week 15 - Weebly

Chemistry Week 15 - Weebly

Documents
WEEK 15 TOK AGENDA - ONLINE LEARNING WEEK 5 · 2020-04-24 · WEEK 15 WEEK 15 TOK AGENDA - ONLINE LEARNING WEEK 5: *Please copy this page into your TOK notebook as you would normally

WEEK 15 TOK AGENDA - ONLINE LEARNING WEEK 5 · 2020-04-24 · WEEK 15 WEEK 15 TOK AGENDA - ONLINE LEARNING WEEK 5: *Please copy this page into your TOK notebook as you would normally

Documents
Week 15 Sponges

Week 15 Sponges

Technology
Week 15: Summary

Week 15: Summary

Documents
Hist1302 Week 15

Hist1302 Week 15

Education
NTUT Writing Week 15

NTUT Writing Week 15

Documents
Week 15 Vibration

Week 15 Vibration

Documents
Week 15-16 Overview

Week 15-16 Overview

Documents
Week 15: van Gogh

Week 15: van Gogh

Documents
Week 15 - Media

Week 15 - Media

Education
Y3 Week 15 Day 2 DM Week 15 Day 2.pdf · Title Microsoft Word - Y3 Week 15 Day 2 DM.docx Created Date 20200622160759Z

Y3 Week 15 Day 2 DM Week 15 Day 2.pdf · Title Microsoft Word - Y3 Week 15 Day 2 DM.docx Created Date 20200622160759Z

Documents
God Views Week 15

God Views Week 15

Documents
nfl WEEK 15

nfl WEEK 15

Documents
MUSIC 15 Week 6

MUSIC 15 Week 6

Documents
Hist1301 Week 15

Hist1301 Week 15

Education
Program week 15

Program week 15

Documents
harmonyed.com · 2019. 6. 6. · WEEK 1 WEEK 2 WEEK 7 WEEK 8 WEEK 9 WEEK 10 WEEK 14 WEEK 15 WEEK 4 WEEK 5 WEEK 6 WEEK 10 WEEK 11 WEEK 12 WEEK 13 Aug 20-24 Aug 27-30 Oct 1-5 Oct 15-19

harmonyed.com · 2019. 6. 6. · WEEK 1 WEEK 2 WEEK 7 WEEK 8 WEEK 9 WEEK 10 WEEK 14 WEEK 15 WEEK 4 WEEK 5 WEEK 6 WEEK 10 WEEK 11 WEEK 12 WEEK 13 Aug 20-24 Aug 27-30 Oct 1-5 Oct 15-19

Documents