Network security what is it? A
 What is the purpose of a

Network? -Move Bits -From A -To B -Securely ….

Network B

Securely means  Confidentiality A -Only A and B see bits  Integrity -Message intact -Really from A -Order?  Availability -B gets it in time C Network B .

Network Security  Confidentiality -Encryption  Integrity -Digital Signature -Retransmission -Order?  Availability -Quality of service .

Security environment: threats  Operating systems have goals -Confidentiality -Integrity -Availability  Someone attempts to subvert the goals -Fun -Commercial gain .

What kinds of intruders are there?  Casual prying by nontechnical users -Curiosity  Snooping By insiders -Often motivated by curiosity  Determined attempt to make money -May not even be an insider  Commercial or military espionage -This is very big business! .

Cryptography  Goal: Keep information from those who aren’t supposed to see it -Do this by “scrambing” the data  Use a well-known algorithm to scramble data -Algorithm has two inputs: data & key -key is known only to “authorized” users .

Kd) may be less widely distributed  For this to be effective the ciphertext should be the only information that’s available to the world  Plaintext is known only to the people with the keys ( in an ideal world ) Encryption Key Ke E PlainText Encryption Decryption CipherText Kd D Decryption Key PlainText .D) are widely known  Keys (Ke.Cryptography basics  Algorithms (E.

Example.Classical Encryption Techniques  Substitution Techniques -The letters of the message are replaced by other letters or by numbers or symbols.Caesar Cipher  Transposition techniques -Performing some sort of permutation on the messages letters Example.Monoalphabetic Cipher .

for example: -Military orders=1 hour to 3 years -Check transaction=1 year -Business agreement=10-15 years .Computational Security  An encryption scheme is secure if it takes very long time to break the ciphertext  “Lifetime” is defined in each application .

Modern encryption Algorithm  Data Encryption Standard(DES) -Uses 56 bit keys -Same key is used to encrypt & decrypt -Key used to be difficult to guess .

on average to find the right one -At 10^15 keys per second .•Current algorithm (AES) -Use 128 bit keys -Adding one bit to the key makes it twice as hard to guess -Must try 2^ 127 keys . this would require over 10^21 seconds or 1000 billion years .

Public Key  Asymmetric key  Two keys: -Public key -Private key  Trapdoor one way function -Having fk(m) it is so hard to find either k or m .

Digital Signature  A handwritten signature is a function of the signer only. not the message  Handwritten signature can be copied and forged  The digital equivalent of a handwritten signature would be useless in eCommerce  How can A prove his identity over the internet? .

Digital Signature  A digital signature is a function of both the signer and the message  A digital signature is a digest of the message encryted with the signer’s private key One way hash function Original document Hash result encrypted Digital signature Original Original document document Hash Receiver gets Digital Signature Key .

Network Security  Firewalls -Solve poor internal security using the network  Intrusion Detection -Detect non-network security breaches accomplished via the network -Early start on forensics .

Network Security: What is interesting?  Distributed Authentication -Scaling issues -Autonomy  Distributed Cooperation -Commit -Fault tolerance  Availability -Denial of service .

“Typical” corporate network Firewall intranet Mail Forwading Web server DNS(DMZ) File Server Web server Firewall Mail server DNS(internal) Internet User Machine .

Typical network : Term  Network Regions -Internet -Intranet -DMZ  Network Boundaries -Firewall ---Filtering firewall: Based on packet headers ---Audit mechanism -Proxy ---Proxy firewall: Gives external views that hides intranet .

c.d.Issues  IP: Intranet hidden from outside world -Internal addresses can be real -Proxy maps between real address and firewall -Fake addresses: 10.c.c. 172.[16-31].b.d -Network Address Translation Protocol maps internal to assigned address  Mail Forwarding -Hide internal addresses -Map incoming mail to “real” server -Additional incoming /outgoing checks .d 192.168.

g.What type of traffic : Port ( e. HTTP) -Proxy between DMZ servers and internet -Proxy between inner and outer firewall  Internal Firewall -Traffic restriction: Ports. From/to IP -Proxy between intranet and outside .Firewalls: Configuration  External Firewall -What traffic allowed . SMTP.External source: IP restrictions .

DMZ Administration  Direct console access requires? -Real hassle  “Special” access -SSH connections allowed from internal to DMZ “administration” connections -Only from specified internal IPs -Only through internal firewall .

Network Attacks  Flooding -Overwhelm TCP stack on target machine -Prevent legitimate connections  Routing -Misdirect traffic  Spoofing -Imitate legitimate source .

Solution Ideas  Limit connection from one source? -But source is in packet. can be faked  Ignore connection from illegitimate source -If you know who is legitimate -Can figure it quickly -And the attacker doesn’t know this  Drop oldest connection attempts -Adaptive timeout .

Netwok Solution  TCP intercept -Router establishes connection to client -When connected establish with server  Synkill -Monitor machine as “firewell” -Good addresses: history of successful connections -Bad adresses: previous timeout attempt -Block and terminate attempts from bad addresses .

Sign up to vote on this title
UsefulNot useful