Intruders and Intrusion Detection. Mahalingam Ramkumar
|
|
- William Scott
- 6 years ago
- Views:
Transcription
1 Intruders and Intrusion Detection Mahalingam Ramkumar
2 Intruders A significant issue for networked systems hostile or unwanted access either via network or local Classes of intruders: masquerader misfeasor clandestine user Varying levels of competence
3 Intruders Growing and much publicized problem Wily Hacker in 1986/87 escalating CERT stats May seem benign, but still costs resources May use compromised system to launch other attacks
4 The Wily Hacker Lawrence Berkeley Lab (LBL) Decided to observe attacker after detection Collaborative efforts of FBI and many military organizations Off-line monitors to track everything done by the attacker Analyzed by computers loosely coupled to the LAN Not a very sophisticated attacker
5 The Wily Hacker... Just used known and widely reported flaws in O/S es and applications (emacs, vi) Traceback was probably a lot simpler in those days Not too many entry points into the Internet Entry points were usually banks of modems Attacker simultaneously using several entry points Phone records!
6 The Wily Hacker... Provided various baits to the attacker to enable traceback Traced back to many locations Ultimately traced back to Germany Using LBL as the base of operations WH had compromised computers in various other organizations and universities. Spy??? Rumored to have been funded by KGB Three arrests made in 1988.
7 Intrusion Techniques Aim - to increase privileges on a system Basic attack methodology target acquisition and information gathering initial access privilege escalation covering tracks First step is to acquire passwords then exercise access rights of owner
8 Password Guessing One of the most common attacks Attacker knows a login ID (from /web page etc) Then attempts to guess password try default passwords shipped with systems try all short passwords searching dictionaries of common words intelligent searches - try passwords associated with the user (variations on names, birthday, phone, common words/interests) exhaustive search of all possible passwords Check by login attempt or against stolen password file Success depends on password chosen by user Many users choose poorly
9 Password Capture Another attack involves password capture watching over shoulder as password is entered using a trojan horse program to collect monitoring an insecure network login (eg. telnet, FTP, web, ) extracting recorded info after successful login (web history/cache, last number dialed etc) Using valid login/password, can impersonate user Users need to be educated to use suitable precautions/countermeasures
10 Intrusion Detection Not perfect - inevitably will have security failures Need to detect intrusions block access / processes if detected quickly act as deterrent collect info for improving security Assumption - intruder behaves differently (from a legitimate user) may not always be a valid assumption
11 Approaches to Intrusion Detection Statistical anomaly detection threshold profile based Rule-based detection anomaly penetration identification
12 Audit Records Fundamental tool for intrusion detection Native audit records part of all common multi-user O/S already available for use may not have the required info in desired form Detection-specific audit records created specifically to collect required info at cost of additional overhead on the system subject, action, object, exception-conditions, resource-usage, time-stamp
13 Statistical Anomaly Detection Threshold detection Count occurrences of specific event over time if exceeds a reasonable value - assume intrusion By itself a crude & ineffective detector profile based characterize past behavior of users detect significant deviations from this profile usually multi-parameter
14 Audit Record Analysis Foundation of statistical approaches Analyze records to get metrics over time counter, gauge, interval timer, resource use Use various tests on these to determine if current behavior is acceptable mean & standard deviation, multivariate, markov process, time series, operational No prior knowledge used
15 Rule-Based Intrusion Detection Observe events on system & apply rules to decide if activity is suspicious or not Rule-based anomaly detection analyze historical audit records to identify usage patterns & auto-generate rules for them observe current behavior & match against rules like statistical anomaly detection - does not require prior knowledge of security flaws
16 Rule-Based Intrusion Detection Rule-based penetration identification rules identify known penetration, weakness patterns, or suspicious behavior rules usually machine & O/S specific rules are generated by experts who interview & codify knowledge of security admins quality depends on how well this is done compare audit records or states against rules
17 Base-Rate Fallacy An intrusion detection system needs to detect a substantial percentage of intrusions with few false alarms if too few intrusions detected -> false sense of security if too many false alarms -> admins will start ignoring alarms This is very hard to do Existing systems do not seem to have a good record!
18 Base-Rate Fallacy - Example Accuracy of a test for detecting disease D is 85% If D, Pr{+} is 0.85 If not D (or W) Pr{+} is 0.15 D occurs only amongst 1% of the population Let us say some one test positive for D what is the probability of false alarm? False alarm occurrence = A = Pr{+ / W} Pr{W} Total occurrences = B =[Pr{+ / W} Pr{W}] + [Pr{+ / D}Pr{D}] A = 0.15*0.99 = , B = *0.01 = A/B = Pr{False Alarm} = 94.6% If Pr{+ / W} = 0.99 then Pr{False Alarm} = 0.5
19 Distributed Intrusion Detection Traditional focus is on single systems but typically systems are networked More effective defense has these working together to detect intrusions Issues dealing with varying audit record formats integrity & confidentiality of networked data centralized or decentralized architecture
20 Distributed Intrusion Detection Architecture (UC Davis)
21 Distributed Intrusion Detection Agent Implementation
22 Honeypots Decoy systems to lure attackers away from accessing critical systems and collect information of their activities and to encourage attacker to stay on system so administrator can respond (or traceback) Fabricated information Instrumented to collect detailed information on attackers activities May be single or multiple networked systems
23 Password Management Front-line defense against intruders Users supply both: login determines privileges of that user password to authenticate them Passwords often stored encrypted Unix uses multiple DES (crypt(3) DES variant with salt) more recent systems use cryptographic hash functions
24 Managing Passwords Need policies and good user education Ensure every account has a default password different default passwords for different privelege levels Ensure users change the default passwords to something they can remember Protect password file from general access Set technical policies to enforce good passwords minimum length (>6) require a mix of upper & lower case letters, numbers, punctuation block know dictionary words
25 Managing Passwords... May reactively run password guessing tools note that good dictionaries exist for almost any language/interest group May enforce periodic changing of passwords Have system monitor failed login attempts, & lockout account if too many attempts are seen in a short period Need to educate users and get support Balance requirements with user acceptance Be aware of social engineering attacks
26 Proactive Password Checking Most promising approach to improving password security Allow users to select own password But have system verify it is acceptable simple rule enforcement compare against dictionary of bad passwords use algorithmic models (markov model or bloom filter) to detect poor choices.
27 Protecting Passwords SSL/TLS Send username/passwords only over protected channels One-time passwords User generates a hash chain User starts with x 0, computes x 1 =h(x 0 ), x 2 =h( x 1 ) x n =h( x n 1 ) x n stored by the server First login user sends x n 1 Server verifies h( x n 1 )=x n and stores x n 1 Next login user sends x n 2 Server verifies h( x n 2 )=x n 1 and stores x n 2 and so on for n logins
28 Challenge-Response Protocols With Weak Secrets Challenge-response using weak secrets (like passwords) Challenge-response should not reveal weak-secret Convenient to use the weak secret to establish a strong secret. Assume client and server share a weak secret (password) W C-> S: K_W=E(W,K). Encrypt a secret K using the weak secret W as key S: K=(W,K_W); h_k= h(k) S->C: h_k, indicating server has decrypted K as it has access to secret W Issues?
29 Brute Forcing Weak Secrets Attacker has access to K_W=E(W,K) and h_k Attacker can easily brute force the weak weak secret. For every possible weak secret W' Check if h(d(w',k_w))=h_k The value W' for which the above relationship is satisfied is the actual weak secret.
30 Encrypted Key Exchange Client generates asymmetric key pair (R,U) Encrypts public key U using password W C->S: U_W=E(W,U) Server decrypts public key as U=D(W,U_W) Server choose secret K, encrypts using public key U of client; C->S: K' = E_U(K). Client can decrypt K=D_R(K') Server and client Have confirmed that they both have access to the password Have established a strong secret K
31 EKE Attacker has access to U_W=E(W,U) and K'=E_U(K). Attacker brute forces different values of W to get different candidate U's However this does not help attacker determine K Not so fast! Attacker may only need to know U_W IF the public key U has a known structure
32 EKE If the public key is easily distinguishable from a random value Only the correct W' will yield a valid public key For example, let public key U be RSA modulus For different choice of W' attacker will get different random U' But a random U' will not have the structure required for a RSA modulus A large number that is almost impossible to factorize And can be easily recognized as not being a prime (by doing Fermat's test)
33 EKE Work Around Generate RSA with large encryption exponent e Do not encrypt modulus n, only encrypt exponent e Most random numbers cannot be distinguished from a valid encryption exponent (any odd number can be an encryption exponent) Use Diffie Hellman Any number can be a valid public key α=g a mod p Bottom line... Do not encrypt any known value or any non random value using a weak secret Else, weak secret can be brute-forced easily.
Intruders and Intrusion Detection. Mahalingam Ramkumar
Intruders and Intrusion Detection Mahalingam Ramkumar Intruders A significant issue for networked systems hostile or unwanted access either via network or local Classes of intruders: masquerader misfeasor
More informationIntruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:
Intruders significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders: masquerader misfeasor clandestine user varying levels of competence
More informationRaj Jain. Washington University in St. Louis
Intrusion Detection Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationCryptography and Network Security. Chapter 9 Intruders. Lectured by Nguyễn Đức Thái
Cryptography and Network Security Chapter 9 Intruders Lectured by Nguyễn Đức Thái Outline Intruders Intrusion Detection Password Management 2 Key Points Unauthorized intrusion into a computer system or
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 22-1 1. Intruders 2. Intrusion
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 6 Intrusion Detection First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Intruders significant issue hostile/unwanted
More informationIntruders, Human Identification and Authentication, Web Authentication
Intruders, Human Identification and Authentication, Web Authentication David Sanchez Universitat Pompeu Fabra 06-06-2006 Lecture Overview Intruders and Intrusion Detection Systems Human Identification
More informationIntrusion Detection. Daniel Bosk. Department of Information and Communication Systems, Mid Sweden University, Sundsvall.
Intrusion Detection Daniel Bosk Department of Information and Communication Systems, Mid Sweden University, Sundsvall. intrusion.tex 2093 2014-11-26 12:20:57Z danbos Overview 1 Intruders Intruders Behaviour
More informationOverview of Security Principles
Overview of Security Principles Wireless Network Security Principles and Practices CSE 713 (Lecture 3) 1 Outline Basic Encryption Methodology Message Authentication and Integrity Program Security Network
More informationINTRUDERS. Tran Song Dat Phuc Department of Computer Science and Engineering SeoulTech 2014
INTRUDERS Tran Song Dat Phuc Department of Computer Science and Engineering SeoulTech 2014 Intruders Is one of the two most publicized threats to security (the other is viruses) Intruders Anderson [ANDE80]
More informationCS419 Spring Computer Security. Vinod Ganapathy Lecture 13. Chapter 6: Intrusion Detection
CS419 Spring 2010 Computer Security Vinod Ganapathy Lecture 13 Chapter 6: Intrusion Detection Security Intrusion & Detection Security Intrusion a security event, or combination of multiple security events,
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationMODULE NO.28: Password Cracking
SUBJECT Paper No. and Title Module No. and Title Module Tag PAPER No. 16: Digital Forensics MODULE No. 28: Password Cracking FSC_P16_M28 TABLE OF CONTENTS 1. Learning Outcomes 2. Introduction 3. Nature
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Intruders & Attacks Cyber criminals Activists State-sponsored organizations Advanced Persistent
More informationUnit 5. System Security
Unit 5 System Security Intrusion Techniques The password file can be protected in one of two ways: One-way function: The system stores only the value of a function based on the user's password. When the
More informationIntrusion Detection & Password Management
Intrusion Detection & Password Management Intruders, Intrusions Intruders significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 3 User Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown User Authentication fundamental security building
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationCIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm
CIS 4360 Introduction to Computer Security Fall 2010 WITH ANSWERS in bold Name:.................................... Number:............ First Midterm Instructions This is a closed-book examination. Maximum
More informationChapter 3: User Authentication
Chapter 3: User Authentication Comp Sci 3600 Security Outline 1 2 3 4 Outline 1 2 3 4 User Authentication NIST SP 800-63-3 (Digital Authentication Guideline, October 2016) defines user as: The process
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationSession objectives. Identification and Authentication. A familiar scenario. Identification and Authentication
Session objectives Background Identification and Authentication CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2008 Week 3 Recognise the purposes of (password) identification.
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationOutline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication
Outline Security Handshake Pitfalls (Chapter 11 & 12.2) Login Only Authentication (One Way) Login i w/ Shared Secret One-way Public Key Lamport s Hash Mutual Authentication Shared Secret Public Keys Timestamps
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationStrong Password Protocols
Strong Password Protocols Strong Password Protocols Password authentication over a network Transmit password in the clear. Open to password sniffing. Open to impersonation of server. Do Diffie-Hellman
More informationECEN 5022 Cryptography
Introduction University of Colorado Spring 2008 Historically, cryptography is the science and study of secret writing (Greek: kryptos = hidden, graphein = to write). Modern cryptography also includes such
More information10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms
Authentication IT443 Network Security Administration Instructor: Bo Sheng Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 1 2 Authentication Authentication is
More informationAuthentication Objectives People Authentication I
Authentication Objectives People Authentication I Dr. Shlomo Kipnis December 15, 2003 User identification (name, id, etc.) User validation (proof of identity) Resource identification (name, address, etc.)
More informationComputer Security 3/20/18
Authentication Identification: who are you? Authentication: prove it Computer Security 08. Authentication Authorization: you can do it Protocols such as Kerberos combine all three Paul Krzyzanowski Rutgers
More informationSecurity Handshake Pitfalls
Hello Challenge R f(k, R f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R. f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone
More informationComputer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Authentication Paul Krzyzanowski Rutgers University Spring 2018 1 Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Protocols such
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More informationProtection and Security
Protection and Security CS 502 Spring 99 WPI MetroWest/Southboro Campus Three Circles of Computer Security Inner Circle Memory, CPU, and File protection. Middle Circle Security Perimeter. Authentication
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationComputer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/1516/ Chapter 4: 1 Chapter 4: Identification & Authentication Chapter 4: 2 Agenda User authentication Identification & authentication Passwords
More informationCSC 474 Network Security. Authentication. Identification
Computer Science CSC 474 Network Security Topic 6. Authentication CSC 474 Dr. Peng Ning 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationIntroduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras
Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 09 Now, we discuss about the insecurity of passwords.
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationChapter 2. Switch Concepts and Configuration. Part II
Chapter 2 Switch Concepts and Configuration Part II CCNA3-1 Chapter 2-2 Switch Concepts and Configuration Configuring Switch Security MAC Address Flooding Passwords Spoofing Attacks Console Security Tools
More informationIntrusion Detection Systems and Network Security
Intrusion Detection Systems and Network Security Chapter 13 Background A layered network security approach starts with a well-secured system: Up-to-date application and operating system patches. Well-chosen
More informationOverview of Honeypot Security System for E-Banking
Prajakta Shirbhate, Vaishnavi Dhamankar, Aarti Kshirsagar, Purva Deshpande & Smita Kapse Department of Computer Technology, YCCE, Nagpur, Maharashtra, India E-mail : prajakta.2888@gmail.com, vaishnavi.dhamankar@gmail.com,
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationPassword Policy Best Practices
Password Policy Best Practices 1.0 Overview Passwords are an important aspect of information security, and are the front line of protection for user accounts. A poorly chosen password may result in the
More informationAuthenticating People and Machines over Insecure Networks
Authenticating People and Machines over Insecure Networks EECE 571B Computer Security Konstantin Beznosov authenticating people objective Alice The Internet Bob Password= sesame Password= sesame! authenticate
More informationTop-Down Network Design
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer 1 Network Security Design The steps for security design are: 1. Identify
More informationNetwork Security. Course notes. Version
Network Security Course notes Version 2013.1 2 Contents 1 Firewalls 1 1.1 Location of a firewall................................... 2 2 Intrusion Detection 3 2.1 Concepts of Intrusion detection.............................
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationIntegrated Key Exchange Protocol Capable of Revealing Spoofing and Resisting Dictionary Attacks
Integrated Key Exchange Protocol Capable of Revealing Spoofing and Resisting Dictionary Attacks David Lai and Zhongwei Zhang Department of Mathematics and Computing, University of Southern Queensland,
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationSecurity and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More informationOutline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution
Outline V22.0202-001 Computer Systems Organization II (Honors) (Introductory Operating Systems) Lecture 21 Language-Based Protection Security April 29, 2002 Announcements Lab 6 due back on May 6th Final
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAuthentication. Identification. AIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAuthentication. Strong Password Protocol. IT352 Network Security Najwa AlGhamdi
Authentication Strong Password Protocol 1 Strong Password Protocol Scenario : Alice uses any workstation to log to the server B, using a password to authenticate her self. Various way to do that? Use Ur
More informationInformation Security & Privacy
IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 8 Feb 24, 2015 Authentication, Identity 1 Objectives Understand/explain the issues related to, and utilize
More informationDetecting Lateral Movement in APTs ~Analysis Approach on Windows Event Logs~ June 17, 2016 Shingo ABE ICS security Response Group JPCERT/CC
Detecting Lateral Movement in APTs ~Analysis Approach on Windows Event Logs~ June 17, 2016 Shingo ABE ICS security Response Group JPCERT/CC Agenda Introduction to JPCERT/CC About system-wide intrusions
More informationWho We Are! Natalie Timpone
Who We Are! Natalie Timpone Manager of Security Business Management Office Enterprise Security Awareness Manager Carmelo Walsh Security, Risk, and Compliance Security Awareness Subject Matter Expert Who
More informationEngineering Robust Server Software
Engineering Robust Server Software Defense In Depth You Are Building YourAwesomeSite.com Django Built In Authen Sanitization Distrust clients Use all the best practices you know 2 You Are Building YourAwesomeSite.com
More informationDNA Intrusion Detection Methodology. James T. Dollens, Ph.D Cox Road Roswell, GA (678)
DNA Intrusion Detection Methodology by James T. Dollens, Ph.D. 1675 Cox Road Roswell, GA 30075 JTDDGC@aol.com (678) 576-3759 Copyright 2001, 2004 James T. Dollens Page 1 of 1 Introduction Computer viruses,
More informationProving who you are. Passwords and TLS
Proving who you are Passwords and TLS Basic, fundamental problem Client ( user ) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 13
CIS 551 / TCOM 401 Computer and Network Security Spring 2006 Lecture 13 Announcements Talk today: 3:00 Wu & Chen Auditorium Boon Thau Loo "Declarative Networking: Extensible Networks with Declarative Queries"
More information6. Security Handshake Pitfalls Contents
Contents 1 / 45 6.1 Introduction 6.2 Log-in Only 6.3 Mutual Authentication 6.4 Integrity/Encryption of Data 6.5 Mediated Authentication (with KDC) 6.6 Bellovin-Merrit 6.7 Network Log-in and Password Guessing
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationCOMPUTER PASSWORDS POLICY
COMPUTER PASSWORDS POLICY 1.0 PURPOSE This policy describes the requirements for acceptable password selection and maintenance to maximize security of the password and minimize its misuse or theft. Passwords
More informationDoS Attacks. Network Traceback. The Ultimate Goal. The Ultimate Goal. Overview of Traceback Ideas. Easy to launch. Hard to trace.
DoS Attacks Network Traceback Eric Stone Easy to launch Hard to trace Zombie machines Fake header info The Ultimate Goal Stopping attacks at the source To stop an attack at its source, you need to know
More informationAuthentication. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Authentication Murat Kantarcioglu Authentication Overview Basics Passwords Challenge-Response Biometrics Location Multiple Methods Basics
More information5. Authentication Contents
Contents 1 / 47 Introduction Password-based Authentication Address-based Authentication Cryptographic Authentication Protocols Eavesdropping and Server Database Reading Trusted Intermediaries Session Key
More informationLecture 9 User Authentication
Lecture 9 User Authentication RFC 4949 RFC 4949 defines user authentication as: The process of verifying an identity claimed by or for a system entity. Authentication Process Fundamental building block
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationUsing Game Theory To Solve Network Security. A brief survey by Willie Cohen
Using Game Theory To Solve Network Security A brief survey by Willie Cohen Network Security Overview By default networks are very insecure There are a number of well known methods for securing a network
More informationSecurity Hardening Checklist for Cisco Routers/Switches in 10 Steps
Security Hardening Checklist for Cisco Routers/Switches in 10 Steps Network infrastructure devices (routers, switches, load balancers, firewalls etc) are among the assets of an enterprise that play an
More informationOverview Intrusion Detection Systems and Practices
Overview Intrusion Detection Systems and Practices Chapter 13 Lecturer: Pei-yih Ting Intrusion Detection Concepts Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationSecurity Awareness. Chapter 2 Personal Security
Security Awareness Chapter 2 Personal Security Objectives After completing this chapter, you should be able to do the following: Define what makes a weak password Describe the attacks against passwords
More informationIdeal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012
Ideal Security Protocol Satisfies security requirements Requirements must be precise Efficient Small computational requirement Small bandwidth usage, network delays Not fragile Works when attacker tries
More informationInformation Security CS 526
Information Security CS 526 Topic 7: User Authentication CS526 Topic 7: User Authentication 1 Readings for This Lecture Wikipedia Password Password strength Salt_(cryptography) Password cracking Trusted
More informationThe Kerberos Authentication Service
The Kerberos Authentication Service By: Cule Stevan ID#: 0047307 SFWR 4C03 April 4, 2005 Last Revision: April 5, 2005 Stevan Cule 0047307 SOFTWARE ENGINEERING 4C03 WINTER 2005 The Kerberos Authentication
More informationChapter 3 Process Description and Control
Operating Systems: Internals and Design Principles Chapter 3 Process Description and Control Seventh Edition By William Stallings Operating Systems: Internals and Design Principles The concept of process
More informationPASSWORD POLICY. Policy Statement. Reason for Policy/Purpose. Who Needs to Know This Policy. Website Address for this Policy.
Responsible University Administrator: Vice Provost for Academic Affairs Responsible Officer: Chief Information Officer Origination Date: N/A Current Revision Date: 02/19/13 Next Review Date: 02/19/17 End
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationLogging. Steven M. Bellovin December 6,
Logging Steven M. Bellovin December 6, 2009 1 Shadow Hawk Shadow Hawk Busted Again As many of you know, Shadow Hawk (a/k/a Shadow Hawk 1) had his home searched by agents of the FBI... When he was tagged
More informationSecurity and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1
Security and Privacy Xin Liu Computer Science University of California, Davis Introduction 1-1 What is network security? Confidentiality: only sender, intended receiver should understand message contents
More informationSumy State University Department of Computer Science
Sumy State University Department of Computer Science Lecture 1 (part 2). Access control. What is access control? A cornerstone in the foundation of information security is controlling how resources are
More informationIntrusion Detection. Comp Sci 3600 Security. Introduction. Analysis. Host-based. Network-based. Distributed or hybrid. ID data standards.
or Detection Comp Sci 3600 Security Outline or 1 2 3 4 5 or 6 7 8 Classes of or Individuals or members of an organized crime group with a goal of financial reward Their activities may include: Identity
More informationOnline Threats. This include human using them!
Online Threats There are many dangers from using the web (and computer in general). One should watch out for malware, automated programs designed to cause harm to you, your data, and your system. You are
More informationCS System Security 2nd-Half Semester Review
CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More information200 IT Security Job Interview Questions The Questions IT Leaders Ask
200 IT Security Job Interview Questions The Questions IT Leaders Ask IT security professionals with the right skills are in high demand. In 2015, the unemployment rate for information security managers
More information