Resilient Networks Missouri S&T University CPE 6510 Network Security Overview
|
|
- Tamsyn Fleming
- 6 years ago
- Views:
Transcription
1 Resilient Networks Missouri S&T University CPE 6510 Network Security Overview Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology 2 March 2017 rev Egemen K. Çetinkaya
2 Network Security Overview Outline Overview and role in resilience Security sub-disciplines Overview of attacks and defenses Metrics and evaluation 2 March 2017 MST CPE 6510 Network Security Overview 2
3 Network Security Overview Overview and Role in Resilience Overview and role in resilience Security sub-disciplines Overview of attacks and defenses Metrics and evaluation 2 March 2017 MST CPE 6510 Network Security Overview 3
4 Security Security Definition property of a system and measures taken protect itself from unauthorized access or change subject to policy 2 March 2017 MST CPE 6510 Network Security Overview 4
5 Self-protection Self-Protection Importance to Resilience systems protect themselves from unauthorized access network control infrastructure Systems with the need to protect themselves end systems (e.g. firewalls) intermediate systems: routers, switches servers: DNS, Web, etc. enterprise networks (e.g. firewalls) virtual enclaves network realms that define trust boundaries 2 March 2017 MST CPE 6510 Network Security Overview 5
6 Self-protection Self-Protection Importance to Resilience systems protect themselves from unauthorized access network control infrastructure Network control infrastructure signalling (e.g. ICMP, RSVP/MPLS) routing protocols (e.g. S-BGP, OSPF, IS-IS) network services (e.g. DNSSEC, ICP) 2 March 2017 MST CPE 6510 Network Security Overview 6
7 Vulnerability Security Vulnerability flaw or weakness in system design, implementation, controls, operation, or management could be exploited to violate security policy [CNSS ] [S2007] note relation to definition with respect to faults internal fault that allows an external fault to cause an error [Laprie-1994], [ALR+2004] 2 March 2017 MST CPE 6510 Network Security Overview 7
8 Threat Security Threats entity, circumstance, capability, action, or event with potential to violate security and cause harm [CNSS ] [S2007] potential challenge that might exploit a vulnerability 2 March 2017 MST CPE 6510 Network Security Overview 8
9 Threat Security Threat Analysis entity, circumstance, capability, action, or event with potential to violate security and cause harm [CNSS ] [S2007] potential challenge that might exploit a vulnerability Threat analysis examination of information and analysis of actions to identify potential threats identifying probability of occurrence and consequences [CNSS ] [S2007] 2 March 2017 MST CPE 6510 Network Security Overview 9
10 Security Challenges Challenge : adverse event or condition that might violate security policy including availability impact dependability impact performability three aspects of trustworthiness 2 March 2017 MST CPE 6510 Network Security Overview 10
11 Security Discipline Evolution 1960s: computer system security security among multiple users on timesharing systems operating system security (e.g. Multics) 1980s: computer network security security among computers sharing enterprise network 1990s: Internet security security against (almost) universal access to Global Internet 2000s: privacy issues and wireless security security of mobile wireless networks critical infrastructures: power-grid, nuclear 2020s: privacy and smart environment security security of IoT, autonomous vehicles, cloud, SDN, NFV 2 March 2017 MST CPE 6510 Network Security Overview 11
12 Network Security Overview Security Sub-disciplines Overview and role in resilience Security sub-disciplines Overview of attacks and defenses Metrics and evaluation 2 March 2017 MST CPE 6510 Network Security Overview 12
13 Security Relationship to Resilience Disciplines Egemen K. Çetinkaya Survivability many targetted failures Fault Tolerance (few random) Challenge Tolerance Traffic Tolerance Disruption Tolerance environmental delay connectivity energy mobility Robustness Complexity confidentiality Trustworthiness Dependability reliability maintainability safety availability auditability Security AAA authenticity integrity nonrepudiability authorisability legitimate flash crowd attack DDoS Performability QoS measures 2 March 2017 MST CPE 6510 Network Security Overview 13
14 Confidentiality AAA (triple-a) Security Security Properties and Attributes accounting or auditability (sometimes AAAA) authorisation authentication Attributes shared with dependability availability integrity Nonrepudiation note: all stated as -ilities in diagram for consistency 2 March 2017 MST CPE 6510 Network Security Overview 14
15 Confidentiality Security Confidentiality information is not made available or disclosed to unauthorized individuals, entities, processes, devices [X ] [CNSS ] [S2007] dependability with respect to the absence of unauthorized disclosure of information [Laprie-1994] Mechanisms for confidentiality? 2 March 2017 MST CPE 6510 Network Security Overview 15
16 Confidentiality Security Confidentiality information is not made available or disclosed to unauthorized individuals, entities, processes, devices [X ] [CNSS ] [S2007] dependability with respect to the absence of unauthorized disclosure of information [Laprie-1994] Mechanisms for confidentiality physical access restrictions encryption 2 March 2017 MST CPE 6510 Network Security Overview 16
17 Accounting Security Accounting and Auditing collecting information on access to resources generating audit trail Accounting is part of AAA auditing is sometimes separately added as AAAA 2 March 2017 MST CPE 6510 Network Security Overview 17
18 Authorization Security Authorization granting of privileges or rights [X ] [CNSS ] [S2007] Authorization is part of AAA Mechanisms for authorization? 2 March 2017 MST CPE 6510 Network Security Overview 18
19 Authorization Security Authorization granting of privileges or rights [X ] [CNSS ] [S2007] Authorization is part of AAA Mechanisms for authorization ACLs (access control lists) and capabilities authentication 2 March 2017 MST CPE 6510 Network Security Overview 19
20 Authentication Security Authentication data origin authentication: assurance that the source of data is as claimed peer-entity authentication: assurance that peer in association is as claimed [X ] [CNSS ] [S2007] Authentication is part of AAA Mechanisms for authentication? 2 March 2017 MST CPE 6510 Network Security Overview 20
21 Authentication Security Authentication data origin authentication: assurance that the source of data is as claimed peer-entity authentication: assurance that peer in association is as claimed [X ] [CNSS ] [S2007] Authentication is part of AAA Mechanisms for authentication digital certificates and signatures 2 March 2017 MST CPE 6510 Network Security Overview 21
22 Availability Security Availability property of being accessible and useable upon demand by an authorized entity [X ] [CNSS ] [S2007] Availability is also a dependability aspect probability of a system operational at a given time 2 March 2017 MST CPE 6510 Network Security Overview 22
23 Integrity Security Integrity refers to logical correctness [ATIS-T ] data integrity: not changed, lost, destroyed; maliciously or accidentally system integrity: correct operation without unauthorized manipulation source integrity: data trustworthy based on its source and handling [X ] [CNSS ] [S2007] Integrity is also a dependability aspect Mechanisms for integrity? 2 March 2017 MST CPE 6510 Network Security Overview 23
24 Integrity Security Integrity refers to logical correctness [ATIS-T ] data integrity: not changed, lost, destroyed; maliciously or accidentally system integrity: correct operation without unauthorized manipulation source integrity: data trustworthy based on its source and handling [X ] [CNSS ] [S2007] Integrity is also a dependability aspect Mechanisms for integrity message digest (e.g. MD5, SHA-1) 2 March 2017 MST CPE 6510 Network Security Overview 24
25 Nonrepudiation Security Nonrepudiation inability to deny having participated in communication [X ] [CNSS ] [S2007] Mechanisms for nonrepudiation? 2 March 2017 MST CPE 6510 Network Security Overview 25
26 Nonrepudiation Security Nonrepudiation inability to deny having participated in communication [X ] [CNSS ] [S2007] Mechanisms for nonrepudiation digital certificates and signatures 2 March 2017 MST CPE 6510 Network Security Overview 26
27 Network Security Overview Overview of Attacks and Defenses Overview and role in resilience Security sub-disciplines Overview of attacks and defenses Metrics and evaluation 2 March 2017 MST CPE 6510 Network Security Overview 27
28 Misuse of terminology Network Security Attackers Do all of the below mean a malicious entity? Adversary? Cracker? Hacker? Intruder? 2 March 2017 MST CPE 6510 Network Security Overview 28
29 Network Security Attackers Adversary? entity that attacks a system Cracker? (also spelled kracker) someone who tries to break into someone else s system Hacker? (cracker hacker) someone working on computers and make cool things Intruder? entity that tries to gain unauthorized access Packet monkey? (deprecated) someone who floods a system for a DOS condition Script kiddy? someone who uses existing scripts, but not innovative [S2007] 2 March 2017 MST CPE 6510 Network Security Overview 29
30 Application attacks Protocol attacks Operational Policy Hardware Network Security Attack Types 2 March 2017 MST CPE 6510 Network Security Overview 30
31 Application attacks Attack Types Applications attacks exploit vulnerability in end-user software Examples: attacks against web browsers 2 March 2017 MST CPE 6510 Network Security Overview 31
32 Attack Types Protocols Attacks on network protocols Examples: BGP DNS 2 March 2017 MST CPE 6510 Network Security Overview 32
33 Operational Attack Types Operational attacks exploiting operation procedures to mismanage traffic Examples: attacks on routers attacks on links DoS, DDoS 2 March 2017 MST CPE 6510 Network Security Overview 33
34 Attack Types Policy Attacks exploiting policy aspects Examples: policy about password length and character choice policy about opening attachment 2 March 2017 MST CPE 6510 Network Security Overview 34
35 Attacks on hardware Attack Types Hardware Can be more expensive as an attacker need to be involved from the design stage but the attack can be more damaging Examples: malicious design in hardware cutting fibre sniper attack on California power station [TK2010] 2 March 2017 MST CPE 6510 Network Security Overview 35
36 Network Security Defense Types Cryptographic algorithms: symmetric encryption asymmetric encryption data integrity protocols authentication protocols Security in network protocols: PGP, S/MIME, HTTPS, SSL, TLS, IPsec, S-BGP, DNSSEC i (WEP WPA WPA2) Firewall, ACL (access control list) [More in CPE5420-Introduction to Network Security] 2 March 2017 MST CPE 6510 Network Security Overview 36
37 Encryption Algorithms Symmetric Encryption Symmetric encryption: conventional or single-key Only type of encryption prior to public-key, 1970s Remains one of the two most used encryption [S2014] 2 March 2017 MST CPE 6510 Network Security Overview 37
38 Encryption Algorithms Asymmetric Encryption Egemen K. Çetinkaya Asymmetric encryption: public-key Uses two keys: public and private Harder to compromise, but doubles processing [S2014] 2 March 2017 MST CPE 6510 Network Security Overview 38
39 Hash Function Simplified Model Hash function yields a fixed-length hash value 2 March 2017 MST CPE 6510 Network Security Overview 39
40 Message Authentication Authentication and Confidentiality (a) Message plus concatenated hash code is encrypted using symmetric key encryption Message must come from A and has not been altered The hash code provides authentication Encryption on entire message + hash code provides confidentiality 2 March 2017 MST CPE 6510 Network Security Overview 40
41 Message Authentication Authentication (b) Only the hash code is encrypted using symmetric encryption This reduces the processing burden for those applications that do not require confidentiality 2 March 2017 MST CPE 6510 Network Security Overview 41
42 Message Authentication Authentication (c) It is possible to use a hash function but no encryption Sender and receiver share a common secret value S A computes the hash value over: the concatenation of M and S appends the resulting hash value to M Because B possesses S, it can recompute hash value 2 March 2017 MST CPE 6510 Network Security Overview 42
43 Message Authentication Authentication and Confidentiality (d) Confidentiality can be added to the method (c) by encrypting the entire message plus the hash code 2 March 2017 MST CPE 6510 Network Security Overview 43
44 Digital Signatures Authentication (a) The hash code is encrypted using public-key encryption with the sender s private key this provides authentication It also provides a digital signature only sender could have produced the encrypted hash code 2 March 2017 MST CPE 6510 Network Security Overview 44
45 Digital Signatures Authentication and Confidentiality (b) To achieve confidentiality and digital signature message plus the private-key-encrypted hash code can be encrypted using a symmetric secret key 2 March 2017 MST CPE 6510 Network Security Overview 45
46 Network Security Overview Metrics and Evaluation Overview and role in resilience Security sub-disciplines Overview of attacks and defenses Metrics and evaluation 2 March 2017 MST CPE 6510 Network Security Overview 46
47 Security Metrics Overview How can the security evaluated? Generally two ideas: security is binary it can be evaluated within a range Security metrics metric indicating strength/weakness of security mechanism very immature field (except for cryptanalysis) Examples confidentiality: key length, CPU time for brute-force attack 2 March 2017 MST CPE 6510 Network Security Overview 47
48 Rainbow series NIST FIPS 199 Attack graphs Attack trees [NST2004] Security Evaluation Methods 2 March 2017 MST CPE 6510 Network Security Overview 48
49 Security Evaluation Rainbow Series Rainbow series About computer security guidelines Published by DoD and NSA in early 1980s Replaced by Common Criteria in 2000s Orange book is known for security evaluation 2 March 2017 MST CPE 6510 Network Security Overview 49
50 Security Evaluation Orange Book Trusted Computer System Evaluation Criteria TCSEC Initially issued 1983, later updated in 1985 Replaced by common criteria in 2005 Evaluation criteria Class D: minimal protection Class C1: discretionary security protection Class C2: controlled access protection Class B1: labelled security protection Class B2: structured protection Class B3: security domains Class A1: verified design 2 March 2017 MST CPE 6510 Network Security Overview 50
51 NIST FIPS 199 Security Evaluation NIST FIPS 199 NIST: National Institute of Standards and Technology FIPS: Federal Information Processing Standards Pub 199: issued in Feb Evaluation criteria based on levels of impact high moderate low 2 March 2017 MST CPE 6510 Network Security Overview 51
52 Security Evaluation Attack Graphs Attack graphs also called scenario graphs More info in Chapter 9, [QTK+2008] 2 March 2017 MST CPE 6510 Network Security Overview 52
53 Security Evaluation Attack Trees Describes combinatorial events leading to failure Nonleaf nodes describe attack goal Leaf nodes describe atomic attacks Uses AND and OR logic gates AND node OR node [NST2004] 2 March 2017 MST CPE 6510 Network Security Overview 53
54 References and Further Reading [L2001] Carl E. Landwehr, Computer Security, Intl. J. of Information Security, vol.1, #1, Aug. 2001, pp [CM2002] Anirban Chakrabarti and G. Manimaran, Internet Infrastructure Security: A Taxonomy, IEEE Network, vol.16, #6, Nov./Dec. 2002, pp [IW2008] Vinay M. Igure, and Ronald D. Williams, Taxonomies of Attacks and Vulnerabilities in Computer Systems, IEEE Comm. Surv. & Tut., vol.10 iss.1, 1st qtr pp [S2007] Robert W. Shirey, Internet Security Glossary, Version 2, FYI 36, RFC 4949, August [S2014] William Stallings, Cryptography and Network Security: Principles and Practice, 6th edition, Prentice Hall, Some slides are adopted from KU EECS 983 Resilient and Survivable Networking class taught by Prof. James P.G. Sterbenz 2 March 2017 MST CPE 6510 Network Security Overview 54
55 References and Further Reading [TK2010] Mohammad Tehranipoor and Farinaz Koushanfar, A Survey of Hardware Trojan Taxonomy and Detection, IEEE Design & Test of Computers, Vol. 27, No. 1, pp , [ALR+2004] Algirdas Avižienis, Jean-Claude Laprie, Brian Randell, and Carl Landwehr, Basic Concepts and Taxonomy of Dependable and Secure Computing, IEEE Transactions on Dependable and Secure Computing, Vol. 1, No. 1, pp , January-March [QTK+2008] Yi Qian, David Tipper, Prashant Krishnamurthy, and James Joshi, Information Assurance: Dependability and Security in Networked Systems, Morgan Kaufmann, [NST2004] David M. Nicol, William H. Sanders, and Kishor S. Trivedi, Model-Based Evaluation: From Dependability to Security, IEEE Transactions on Dependable and Secure Computing, Volume 1, Issue 1, pp , January-March March 2017 MST CPE 6510 Network Security Overview 55
56 End of Foils 2 March 2017 MST CPE 6510 Network Security Overview 56
Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms
Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Exam 2 Logistics
Introduction to Network Security Missouri S&T University CPE 5420 Exam 2 Logistics Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science
More informationChapter 19 Security. Chapter 19 Security
Chapter 19 Security Outline 19.1 Introduction 19.2 Cryptography 19.2.1 Secret-Key Cryptography 19.2.2 Public-Key Cryptography 19.3 Authentication 19.3.1 Basic Authentication 19.3.2 Biometrics and Smart
More informationKALASALINGAM UNIVERSITY
KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Network Access Control
Introduction to Network Security Missouri S&T University CPE 5420 Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution
Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationNetwork Security Issues and Cryptography
Network Security Issues and Cryptography PriyaTrivedi 1, Sanya Harneja 2 1 Information Technology, Maharishi Dayanand University Farrukhnagar, Gurgaon, Haryana, India 2 Information Technology, Maharishi
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationIntroduction to Security
to Security CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 31 October 2012 CSS322Y12S2L01, Steve/Courses/2012/s2/css322/lectures/introduction.tex,
More informationPrinciples of Information Security, Fourth Edition. Chapter 8 Cryptography
Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationCryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely
More informationTop-Down Network Design
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer 1 Network Security Design The steps for security design are: 1. Identify
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationObjectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Enterprise Network Security Describe the general methods used to mitigate security threats to Enterprise networks
More informationInternational Journal of Advance Research in Engineering, Science & Technology
Impact Factor (SJIF): 4.542 International Journal of Advance Research in Engineering, Science & Technology e-issn: 2393-9877, p-issn: 2394-2444 Volume 4, Issue 4, April-2017 Asymmetric Key Based Encryption
More informationCryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood of the enemy's
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationChapter 15: Security. Chapter 15: Security
Chapter 15: Security Chapter 15: Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Firewalling to Protect Systems and Networks
More informationChapter 15: Security. Operating System Concepts 8 th Edition,
Chapter 15: Security, Silberschatz, Galvin and Gagne 2009 Chapter 15: Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Implementing
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationتاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم
بنام خدا تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم امنیت بخشی به سیستمهای فناوری اطالعات Securing Information Systems 1 Learning Objectives Describe the business value of security and control.
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationCompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals
CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals This course contains copyrighted material used by permission of Logical Operations, Inc. Slide 1 Course 01: Security Fundamentals The Information
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,
More informationISO/IEC Common Criteria. Threat Categories
ISO/IEC 15408 Common Criteria Threat Categories 2005 Bar Biszick-Lockwood / QualityIT Redmond, WA 2003 Purpose This presentation introduces you to the threat categories contained in ISO/IEC 15408, used
More informationEthics and Information Security. 10 주차 - 경영정보론 Spring 2014
Ethics and Information Security 10 주차 - 경영정보론 Spring 2014 Ethical issue in using ICT? Learning Outcomes E-policies in an organization relationships and differences between hackers and viruses relationship
More informationE-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.
E-Commerce Security 2008 Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al. Learning Objectives 1. Explain EC-related crimes and why they cannot be stopped. 2. Describe an EC security
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Anomaly Detection
Introduction to Network Security Missouri S&T University CPE 5420 Anomaly Detection Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More information10EC832: NETWORK SECURITY
10EC832: NETWORK SECURITY Objective: In this electronic age, security and privacy are two of the issues whose importance cannot be stressed enough. How do we ensure the systems we use are resistant to
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 22-1 1. Intruders 2. Intrusion
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More informationWireless Attacks and Countermeasures
Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections
More informationRaj Jain. Washington University in St. Louis
Intrusion Detection Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationLecture 1: Introduction to Security Architecture. for. Open Systems Interconnection
Lecture 1: Introduction to Security Architecture for Open Systems Interconnection 1. Purpose of Document This document includes notes to guide the self-study of the students of the lectures on Network
More informationNetwork Security. Chapter 8. MYcsvtu Notes.
Network Security Chapter 8 Network Security Some people who cause security problems and why. Cryptography Introduction Substitution ciphers Transposition ciphers One-time pads Fundamental cryptographic
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationSMart esolutions Information Security
Information Security Agenda What are SMart esolutions? What is Information Security? Definitions SMart esolutions Security Features Frequently Asked Questions 12/6/2004 2 What are SMart esolutions? SMart
More informationNIST Security Certification and Accreditation Project
NIST Security Certification and Accreditation Project An Integrated Strategy Supporting FISMA Dr. Ron Ross Computer Security Division Information Technology Laboratory 1 Today s Climate Highly interactive
More informationThreat Pragmatics & Cryptography Basics. PacNOG July, 2017 Suva, Fiji
Threat Pragmatics & Cryptography Basics PacNOG20 3-7 July, 2017 Suva, Fiji Issue Date: [31-12-2015] Revision: [V.1] Why Security? The Internet was initially designed for connectivity Trust is assumed,
More informationT Salausjärjestelmät (Cryptosystems) Introduction to the second part of the course. Outline. What we'll cover. Requirements and design issues
T-110.470 Salausjärjestelmät (Cryptosystems) Requirements and design issues Introduction to the second part of the course 25.10.2004 1 3 Outline What we'll cover Introduction to the second part of the
More informationPoint ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core Version 1.02 POINT TRANSACTION SYSTEMS AB Box 92031,
More informationTowards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things
Towards Trustworthy Internet of Things for Mission-Critical Applications Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things Internet of Things is a game changer Organizations are benefiting from
More informationAuthentication CHAPTER 17
Authentication CHAPTER 17 Authentication Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources. getting entrance
More informationWHITE PAPER. Secure communication. - Security functions of i-pro system s
WHITE PAPER Secure communication - Security functions of i-pro system s Panasonic Video surveillance systems Table of Contents 1. Introduction... 1 2. Outline... 1 3. Common security functions of the i-pro
More informationChapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010
Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationCNT4406/5412 Network Security Introduction
CNT4406/5412 Network Security Introduction Zhi Wang Florida State University Fall 2013 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2013 1 / 35 Introduction What is Security? Protecting information
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Next Topic in Cryptographic Tools Symmetric key encryption Asymmetric key encryption Hash functions and
More informationCybersecurity glossary. Please feel free to share this.
Cybersecurity glossary Please feel free to share this.. A B C Antivirus Software designed to prevent viruses entering a computer system or network. Access Control Mechanism Security measures designed to
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More informationSecurity Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)
Security Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Lecture Outline Network Attacks Attive Attacks Passive Attacks TCP Attacks Contermeasures IPSec SSL/TLS Firewalls
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationTrusted Third Party Authentication in Cloud Computing
Trusted Third Party Authentication in Cloud Computing Susmita J A Nair 1, Anitha K L 2, Rosita F Kamala 3 Assistant Professor, 1,2,3 Department of MCA, Acharya Institute of Technology, Bangalore - India
More informationProtecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures MIS5206 Week 11 Identity and Access Control Week 10 continued Cryptography, Public Key Encryption and
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationSecuring Internet of things Infrastructure Standard and Techniques
Securing Internet of things Infrastructure Standard and Techniques Paper Author : Zubair A. Baig Name: Farooq Abdullah M.Sc Programming and Networks University of Oslo. Security internet of Things Standards
More informationInformation Security for Mail Processing/Mail Handling Equipment
Information Security for Mail Processing/Mail Handling Equipment Handbook AS-805-G March 2004 Transmittal Letter Explanation Increasing security across all forms of technology is an integral part of the
More informationProf. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG
Lecture 13: Security Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 13-1 Network Assets and Security Threats Assets: Hardware (PC, workstation,
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More informationCS System Security 2nd-Half Semester Review
CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This
More informationAwareness Technologies Systems Security. PHONE: (888)
Awareness Technologies Systems Security Physical Facility Specifications At Awareness Technologies, the security of our customers data is paramount. The following information from our provider Amazon Web
More informationChapter 8 Information Technology
CRIM 2130 Introduction to Critical Infrastructure Protection Spring 2016 Chapter 8 Information Technology School of Criminology and Justice Studies University of Massachusetts Lowell Enterprise systems
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationEEC-682/782 Computer Networks I
EEC-682/782 Computer Networks I Lecture 24 Wenbing Zhao wenbingz@gmail.com http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More informationBlackBerry Enterprise Solution Security
Release 4.1 Technical Overview 2006 Research In Motion Limited. All rights reserved. Contents Wireless security... 4 BlackBerry Enterprise Solution security... 4 New security features...6 BlackBerry encryption
More informationMessage Authentication Codes and Cryptographic Hash Functions
Message Authentication Codes and Cryptographic Hash Functions Readings Sections 2.6, 4.3, 5.1, 5.2, 5.4, 5.6, 5.7 1 Secret Key Cryptography: Insecure Channels and Media Confidentiality Using a secret key
More informationSecurity System and COntrol 1
Security System and COntrol 1 Security Management By: Joseph Ronald Canedo It is a Risky World Vulnerabilities Security objectives: Prevent attacks Detect attacks Recover from attacks Attacks: against
More informationSecurity: Focus of Control
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-541 Title : VPN and Security Cisco SAFE Implementation Exam (CSI) Vendors : Cisco
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More informationApplied IT Security. Device Security. Dr. Stephan Spitz 10 Development Security. Applied IT Security, Dr.
Applied IT Security Device Security Dr. Stephan Spitz Stephan.Spitz@gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System Security
More informationIntroduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria
Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria Evaluation: assessing whether a product has the security properties claimed for it. Certification: assessing whether a
More informationCertification Report
Certification Report EAL 4+ Evaluation of Firewall Enterprise v8.2.0 and Firewall Enterprise Control Center v5.2.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationA policy that the user agrees to follow before being allowed to access a network.
Part IV: Appendixes Appendix A. Glossary THESE DEFINITIONS WILL GIVE YOU A BASIC understanding of the terms used throughout this book. As with many technical definitions, more information may be required
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More information