Network Security - ISA 656 Review

Transcription

1 Network Security - ISA 656 Review Material Test Conditions 7:20pm - 9:30pm, Thursday, Dec 11th, in the Lab (STI-128) Same style of questions as the midterm I m not asking you to write programs Angelos Stavrou December 4, / 31 Material Test Conditions Material Test Conditions If it s in my slides or I said it in class, you re responsible for it There may be some questions based on the Labs You re responsible for the assigned Labs and Homeworks at about the level of class coverage. Material Test Conditions Open book Open notes, posted code, manuals, Labs... You can bring a calculator but save your energy; you won t need it No laptops, IM, Chatting, or phones... 3 / 31 4 / 31

2 Terminology Kinds of Threats Terminology Kinds of Threats Assets Confidentiality, integrity, availability Threats, attacks, and vulnerabilities Terminology Kinds of Threats Assets Joy hackers Criminals Competitors Nation states Insiders 5 / 31 6 / 31 Assets Ciphers Terminology Kinds of Threats Assets Protect what? Bandwidth, CPU, data, identity Attacker powers? Ciphers Public Key Certificates What is a cryptosystem? What is a block cipher? What are generic properties of block ciphers? What are the different modes of operation? What are their properties? When would you use each mode? What is a stream cipher? 7 / 31 8 / 31

3 Public Key Certificates Ciphers Public Key Certificates What is it? What is it good for? Limitations? How are public key systems used? Random numbers and where they come from Digital signatures Ciphers Public Key Certificates Trust properties CAs Authorization versus identity certificates Web of trust Types of certificates Revocation 9 / / 31 What is? Client authentication types Root certificates The browser vendor s role Properties and requirements Uses Trust model Bindings Human factors 11 / / 31

4 Why is it a problem? Active content Cookies Embedded values Javascript ActiveX Cryptographically sealing data 13 / / 31 Why? Trust model Usual evaluation How to sign and encrypt? Scripts and their dangers Injection attacks Permissions Details Threats: eavesdropping, password theft, spool file 15 / / 31

5 What is it? How it s done Mutual authentication Personalization Tracing DKIM Non-reusable credentials (MITM attacks; human factors) 17 / / 31 Packet Processing What is, and why? ESP and AH Outbound and inbound SPD and SADB Packet Processing Attacking SPI SAs Tunnel and transport mode Packet Processing Attacking Rule characteristics 19 / / 31

6 Attacking Cut-and-paste attacks Probable plaintext SSH SIP Packet Processing Attacking Interactions with other layers SSH SIP Networked storage 21 / / 31 SSH SIP Features Security model SIP architecture What s at risk? Client authentication Protecting voice versus signaling SSH SIP Connection-forwarding SSH Agent SSH SIP What type of crypto is used where Complex scenarios 23 / / 31

7 What is IDS? Limits of Network IDS Purpose Host versus network IDS Insertion and evasion attack Checksum errors Logs and traces TTLs What is IDS? Limits of Network IDS IDS Architecture What is IDS? Limits of Network IDS IDS Architecture TCP normalization 25 / / 31 IDS Architecture Detector Database versus viruses Spread: program versus social engineering Analyzer Payloads What is IDS? Limits of Network IDS IDS Architecture Countermeasure Signature versus anomaly Denial Spam Detection 27 / / 31

8 Denial Types of DOS attack TCP attacks Why they happen Goals DDoS SBGP, SO-BGP Denial Denial 29 / / 31 Denial Evil twin Battery lifetime WEP why the crypto is bad War-driving Access control 31 / 31