Link layer security. CS642: Computer Security. Professor Ristenpart h9p:// rist at cs dot wisc dot edu
|
|
- Brett Scott
- 6 years ago
- Views:
Transcription
1 Link layer security CS642: Computer Security Professor Ristenpart h9p:// rist at cs dot wisc dot edu University of Wisconsin CS 642
2 Announcements Reminder: homework 1 due Thursday at midnight If you can t get an exploit working, give a nice write- up about the vulnerability and your exploit a9empt for paroal credit Projects: 1 page (or less!) proposal for project Due November 1 st Undergrads can do for extra credit
3 Announcements Projects: 1 page (or less!) proposal for project Due November 1 st Undergrads can do for extra credit Proposal should be a short abstract Use latex, turn in a PDF Come up with a Otle for your project (bonus points if it is clever) 1 paragraph introducing topic area 1 paragraph on what you re going to do
4 GeXng started on network security Internet protocol stack Man- in- the- middle Address resoluoon protocol and ARP spoofing Jamming and MITM prevenoon University of Wisconsin CS 642
5 Internet Alice ISP1 ISP2 backbone Bob Local area network (LAN) Ethernet Internet TCP/IP BGP (border gateway protocol) DNS (domain name system)
6 Internet threat models ISP1 ISP2 backbone (1) Malicious hosts
7 Internet threat models ISP1 ISP2 backbone (1) Malicious hosts (2) Subverted routers or links
8 Internet threat models ISP1 ISP2 backbone (1) Malicious hosts (2) Subverted routers or links (3) Malicious ISPs or backbone
9 Internet protocol stack ApplicaOon Transport Network Link HTTP, FTP, SMTP, SSH, etc. TCP, UDP IP, ICMP, IGMP 802x (802.11, Ethernet) ApplicaOon Transport Network Link Network Link ApplicaOon Transport Network Link
10 Internet protocol stack user data ApplicaOon TCP IP Appl user data Ethernet TCP Appl user data TCP segment IP TCP Appl user data IP datagram ENet IP TCP Appl user data ENet tlr Ethernet frame to 1500 bytes
11 Ethernet Carrier Sense, MulOple Access with Collision DetecOon (CSMA/CD) Take turns using broadcast channel (the wire) Detect collisions, jam, and random backoff Security issues?
12 Ethernet ENet IP datagram ENet tlr Ethernet frame desonaoon address source address type CRC Media access control (MAC) addresses 48 bits Type = what is data payload (0x0800 = IPv4, 0x0806 = ARP, 0x86DD = IPv6) 32 bit Cyclic Redundancy Check (CRC) checksum LLC frame format slightly different, but similar ideas
13 MAC addresses Two types: universally or locally administered 3 byte 2 control bits & OID 3 byte NIC idenofier 2 LSBs of first byte are control bits: 1 st LSB: mulocast/unicast 2 nd LSB: universal/local flag Hardware (ethernet card/wifi card) inioalized with MAC address But: Most ethernet cards allow one to change address
14 MAC spoofing Many LANs, WiFis use MAC- based access controls Courtesy of wikibooks h9p://en.wikibooks.org/wiki/changing_your_mac_address/mac_os_x
15 MAC spoofing Aaron Swartz, a fellow at Harvard University's Center for Ethics and an open source programmer involved with creaong the RSS 1.0 specificaoon and more generally in the open culture movement, has been arrested and charged with wire fraud, computer fraud, unlawfully obtaining informaoon from a protected computer, and recklessly damaging a protected computer aner he entered a computer lab at MIT in Cambridge, Massachuse9s and downloaded two- thirds of the material on JSTOR, an academic journal repository. h9p://en.wikinews.org/wiki/ Aaron_Swartz_arrested_and_charged_for_do wnloading_jstor_arocles Supposedly used MAC spoofing to get onto MIT network
16 Internet protocol stack user data ApplicaOon TCP IP Appl user data Ethernet TCP Appl user data TCP segment IP TCP Appl user data IP datagram ENet IP TCP Appl user data ENet tlr Ethernet frame to 1500 bytes
17 IPv4 ENet IP data ENet tlr Ethernet frame containing IP datagram 4- bit version 8- bit Ome to live (TTL) 4- bit len 16- bit idenoficaoon 8- bit type of service 8- bit protocol 3- bit flags 32- bit source IP address 32- bit desonaoon IP address opoons (opoonal) 16- bit total length (in bytes) 13- bit fragmentaoon offset 16- bit header checksum
18 Address resoluoon protocol IP rouong: Figure out where to send an IP packet based on desonaoon address. Link layer and IP must cooperate to get things sent 32- bit IP address ARP RARP 48- bit MAC address ARP/RARP enables this cooperaoon by mapping IPs to MACs
19 Address resoluoon protocol enet dest enet src type hw type prot type hw size prot size op enet sender ip sender enet target frame type = 0x0806 (ARP) or 0x8035 (RARP) ip target pad enet dest is all 1 s, 0xFFFFFFFFFFFF for broadcast CRC hw type, prot(ocol) type specify what types of addresses we re looking up op specifies whether this is an ARP request, ARP reply, RARP request, RARP reply
20 ARP caches Hosts maintain cache of ARP data just a table mapping between IPs and MACs
21 ARP has no authenocaoon Easy to sniff packets on (non- switched) ethernet What else can we do? Easy Denial of Service (DoS): Send ARP reply associaong gateway with a non- used MAC address
22 ARP has no authenocaoon Easy to sniff packets on (non- switched) ethernet What else can we do? AcOve Man- in- the- Middle: ARP reply to MAC > MAC MAC1 ARP reply to MAC > MAC MAC MAC3 Now traffic routed through malicious box
23 ARP and switched networks Switches do not broadcast, but transfer traffic through appropriate ports Inhibits traffic sniffing ARP poisoning MitM inhibioed (one MAC address per port) Some switches allow MAC flooding a9acks Flood ARP replies to switch Switch can t store all values, fails to broadcast
24 DetecOon and prevenoon ARPWATCH logs ARP mapping changes s admin if something suspicious comes up Switched networks with real authenocaoon David Parter will give guest lectures in two weeks. Ask him what the CSL does
25 STA = staoon BSS = basic service set DS = distribuoon service ESS = extended service set SSID (service set idenofier) idenofies the network h9p://technet.microson.com/en- us/library/cc757419(ws.10).aspx
26 STA = staoon BSS = basic service set DS = distribuoon service ESS = extended service set SSID (service set idenofier) idenofies the network Infrastructure mode (top) versus Ad- hoc (bo9om) h9p://technet.microson.com/en- us/library/cc757419(ws.10).aspx
27 Images from h9p://technet.microson.com/en- us/library/cc757419(ws.10).aspx
28 security issues AP Wired versus wireless Wireless can (try to) compensate via cryptography - WEP = epic failure - WPA = be9er but not great - WPA2 = be9er yet We ll see more on this in crypto secoon Images from h9p://technet.microson.com/en- us/library/cc757419(ws.10).aspx
29 security issues AP WPA- personal - Pre- shared key mode - User types in a password to gain access h9p://en.wikipedia.org/wiki/linksys_wrt54g_series
30 security issues AP WPA- personal - Pre- shared key mode - User types in a password to gain access WPA- enterprise - Extended AuthenOcaOon Protocol (EAP) - Centralized AuthenOcaOon, AuthorizaOon, and AccounOng (AAA) RADIUS (Remote AuthenOcaOon Dial In User Service) authenocaoon server Client- server protocol over UDP 1) AuthenOcate users/devices before granong access to network 2) Authorize users/devices to access certain network services 3) Account for usage of services Many security issues idenofied
31 evil twins AP Basic idea: - A9acker pretends to be an AP to intercept traffic or collect data associaoon Evil twin Probe request SSID: linksys, BSSID: MAC1 Auth request MAC1 Auth response Associate request MAC1 Associate response
32 evil twins AP Basic idea: - A9acker pretends to be an AP to intercept traffic or collect data Two APs for same network Evil twin Choose one of MAC1, MAC2 Probe request SSID: linksys, BSSID: MAC1 SSID: linksys, BSSID: MAC2 Auth request MAC2 MAC1 MAC2
33 evil twins AP Basic idea: - A9acker pretends to be an AP to intercept traffic or collect data Basic a9ack: rogue AP Evil twin Choose one of MAC1, MAC2 Probe request SSID: linksys, BSSID: MAC1 SSID: linksys, BSSID: MAC2 Auth request MAC2 MAC1 MAC2
34 evil twins AP Basic idea: - A9acker pretends to be an AP to intercept traffic or collect data Evil twin: spoof MAC1 Evil twin Choose one of MAC1, MAC2 A9acker can send forged disassociate message to vicom to get it to look for new connecoon VicOm might send out probe requests for parocular SSIDs, giving a9acker info MAC1 Probe request SSID: linksys, BSSID: MAC1 MAC1 SSID: linksys, BSSID: MAC1 Auth request MAC2 Conceptually similar to ARP poisoning
35 Push- bu9on configuraoon (PBC) AP Problems with WPA- personal: - Uses are scared of passwords - Passwords usually weak - New devices lack keypads Push bu9on shared secret PBC probe PBC probe PBC probe PBC response Diffie- Hellman Key exchange Push bu9on shared secret
36 Push- bu9on configuraoon (PBC) PBC probe PBC probe Push bu9on PBC response PBC response Push bu9on Diffie- Hellman Key exchange Diffie- Hellman Key exchange shared secret 1 shared secret 2 shared secret 1 shared secret 2 But this is on wireless, so all messages are seen by all paroes A9acker can jam messages, overpower legiomate messages
37 Can we prevent MitM? Gollakata et al., Secure In- Band Wireless Pairing, Security 2011 Basic observaoons: - Assume all paroes in range of each other (all honest broadcasts seen) - Jamming can be made detectable
38 Can we prevent MitM? Gollakata et al., Secure In- Band Wireless Pairing, Security 2011 Tamper- evident Announcement: 85/'( )./0123(0+45)+(0%67) :*.;)(;.<=$!! ""#"#"$!!$#"!"#!$$%&'()& *+,- Figure 1: The format of a tamper-evident announcement (TEA). SynchronizaOon: long random data to make overpowering detectable Payload: key exchange data (public key, etc.) On- Off slots: Encode cryptographic hash of payload in a manipulaoon- detectable way
39 Can we prevent MitM? Gollakata et al., Secure In- Band Wireless Pairing, Security 2011 On- Off slots: Encode cryptographic hash of payload in a manipulaoon- detectable way A9acker can only turn 0 s to 1 s b1 b2 h1 h2 h Receiver detects if channel in use, concludes a 1 Otherwise concludes a 0 Checks that # of 1 s = # of 0 s Checks hash of payload Encode in a way that balances number of 0 s and 1 s TransmiXng a 1: send packet with random data TransmiXng a 0: send nothing To change payload, a9acker must change hash value, but can t
40 Discussion What a9acks aren t prevented? PBC relies on what physical assumpoons? How easy are such jamming based a9acks?
41
Link layer security. CS642: Computer Security. Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu
Link layer security CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642 GeFng started on network security Internet protocol
More informationnetwork security s642 computer security adam everspaugh
network security s642 adam everspaugh ace@cs.wisc.edu computer security today Announcement: HW3 to be released WiFi IP, TCP DoS, DDoS, prevention 802.11 (wifi) STA = station AP = access point BSS = basic
More informationCIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationAssignment - 1 Chap. 1 Wired LAN s
Assignment - 1 Chap. 1 Wired LAN s 1. (1 Mark) 1. Draw the frame format of Ethernet. 2. What is unicast, multicast and broadcast address? 3. State the purpose of CRC field. 2. (5 Marks) 1. Explain how
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationComputer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2009 Lecture 7 Announcements First project: Due: TOMORROW at 11:59 p.m. http://www.cis.upenn.edu/~cis551/project1.html Plan for Today: Networks:
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 8 Announcements Reminder: Project 1 is due on tonight by midnight. Midterm 1 will be held next Thursday, Feb. 8th. Example midterms
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 12 2/28/08 CIS/TCOM 551 1 Announcements Reminder: Project 2 is due Friday, March 7th at 11:59 pm 2/28/08 CIS/TCOM 551 2 Internet Protocol
More informationECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition
ECPE / COMP 177 Fall 2012 Some slides from Kurose and Ross, Computer Networking, 5 th Edition Application Layer Transport Layer Network Layer Link Layer Physical Layer 2 Application Layer HTTP DNS IMAP
More informationARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1
ARP, IP, TCP, UDP CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1 IP and MAC Addresses Devices on a local area network have IP addresses (network layer) MAC addresses (data
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationWireless technology Principles of Security
Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the
More informationOutline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
More informationECE4110 Internetwork Programming. Introduction and Overview
ECE4110 Internetwork Programming Introduction and Overview 1 EXAMPLE GENERAL NETWORK ALGORITHM Listen to wire Are signals detected Detect a preamble Yes Read Destination Address No data carrying or noise?
More informationCSc 466/566. Computer Security. 18 : Network Security Introduction
1/81 CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:57:28 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer
Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also
More informationCS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis
CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE
More informationIntroduction to Computer Networks. CS 166: Introduction to Computer Systems Security
Introduction to Computer Networks CS 166: Introduction to Computer Systems Security Network Communication Communication in modern networks is characterized by the following fundamental principles Packet
More informationLecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015
Lecture 6 Internet Security: How the Internet works and some basic vulnerabilities Thursday 19/11/2015 Agenda Internet Infrastructure: Review Basic Security Problems Security Issues in Routing Internet
More informationAddress Resolution Protocol (ARP), RFC 826
Address Resolution Protocol (ARP), RFC 826 Prof. Lin Weiguo Copyleft 2009~2017, School of Computing, CUC Sept. 2017 ARP & RARP } Note: } The Internet is based on IP addresses } Data link protocols (Ethernet,
More informationCS 43: Computer Networks The Link Layer. Kevin Webb Swarthmore College November 28, 2017
CS 43: Computer Networks The Link Layer Kevin Webb Swarthmore College November 28, 2017 TCP/IP Protocol Stack host host HTTP Application Layer HTTP TCP Transport Layer TCP router router IP IP Network Layer
More informationAN INTRODUCTION TO ARP SPOOFING
AN INTRODUCTION TO ARP SPOOFING April, 2001 Sean Whalen Sophie Engle Dominic Romeo GENERAL INFORMATION Introduction to ARP Spoofing (April 2001) Current Revision: 1.8 Available: http://chocobospore.org
More informationReview. Error Detection: CRC Multiple access protocols. LAN addresses and ARP Ethernet. Slotted ALOHA CSMA/CD
Review Error Detection: CRC Multiple access protocols Slotted ALOHA CSMA/CD LAN addresses and ARP Ethernet Some slides are in courtesy of J. Kurose and K. Ross Overview Ethernet Hubs, bridges, and switches
More informationNetwork Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015
Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan June 18, 2015 1 / 19 ARP (Address resolution protocol) poisoning ARP is used to resolve 32-bit
More informationCSCI 680: Computer & Network Security
CSCI 680: Computer & Network Security Lecture 15 Prof. Adwait Nadkarni Fall 2017 Derived from slides by William Enck and Micah Sherr 1 Grading Class Participat ion and Quizzes 10% Grade Breakdown Homewo
More informationNetwork Model. Why a Layered Model? All People Seem To Need Data Processing
Network Model Why a Layered Model? All People Seem To Need Data Processing Layers with Functions Packet Propagation Each router provides its services to support upper-layer functions. Headers (Encapsulation
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationCS61C Machine Structures Lecture 37 Networks. No Machine is an Island!
CS61C Machine Structures Lecture 37 Networks April 24, 2006 John Wawrzynek Page 1 No Machine is an Island! Computer Processor (active) Control ( brain ) Datapath ( brawn ) Memory (passive) (where programs,
More informationCSE 127: Computer Security Network Security. Kirill Levchenko
CSE 127: Computer Security Network Security Kirill Levchenko November 28, 2017 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationInternet. Organization Addresses TCP/IP Protocol stack Forwarding. 1. Use of a globally unique address space based on Internet Addresses
Internet Organization Addresses TCP/IP Protocol stack Forwarding Jörg Liebeherr, 1998-2003 1 What defines the Internet? 1. Use of a globally unique address space based on Internet Addresses 2. Support
More informationScribe Notes -- October 31st, 2017
Scribe Notes -- October 31st, 2017 TCP/IP Protocol Suite Most popular protocol but was designed with fault tolerance in mind, not security. Consequences of this: People realized that errors in transmission
More informationComputer Networks Security: intro. CS Computer Systems Security
Computer Networks Security: intro CS 166 - Computer Systems Security A very easy network 3/14/16 Computer Networks: Intro 2 Two philosophers example Translator Language Translator Engineer Communication
More informationStudy Guide. Module Two
Module Two Study Guide Study Guide Contents Part One -- Textbook Questions Part Two -- Assignment Questions Part Three -- Vocabulary Chapter 4 Data Link Layer What is the function of the data link layer?
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationLayer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers
Layer 4: UDP, TCP, and others based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Concepts application set transport set High-level, "Application Set" protocols deal only with how handled
More informationCSCI Networking Name:
CSCI 3335- Networking Name: Final Exam Problem 1: Error Checking and TCP (15 Points) (a) True or false: [2.5 points for circling correct answers, -1 points for each wrong answer] i. CRC can both correct
More informationComputer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic
Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition Chapter 2 Investigating Network Traffic Objectives After completing this chapter, you should be able to: Understand network
More informationProtocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS
Protocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS Mail seban649@student.liu.se Protocol Hi Hi Got the time? 2:00 time TCP connection request TCP connection response Whats
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More informationCS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang
CS 356: Computer Network Architectures Lecture 10: IP Fragmentation, ARP, and ICMP Xiaowei Yang xwy@cs.duke.edu Overview Homework 2-dimension parity IP fragmentation ARP ICMP Fragmentation and Reassembly
More informationICS 351: Networking Protocols
ICS 351: Networking Protocols IP packet forwarding application layer: DNS, HTTP transport layer: TCP and UDP network layer: IP, ICMP, ARP data-link layer: Ethernet, WiFi 1 Networking concepts each protocol
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project
More informationCS118 Discussion 1A, Week 9. Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m.
CS118 Discussion 1A, Week 9 Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m. 1 Outline Wireless: 802.11 Mobile IP Cellular Networks: LTE Sample final 2 Wireless and Mobile Network Wireless access: WIFI
More informationPrincess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content
More informationChapter 24 Wireless Network Security
Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically
More informationTable of Contents. Computer Networks and the Internet
Table of Contents Chapter 1 Computer Networks and the Internet 1.1 What Is the Internet? 1.1.1 A Nuts-and-Bolts Description 1.1.2 A Services Description 1.1.3 What Is a Protocol? 1.2 The Network Edge 1.2.1
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationEEC-684/584 Computer Networks
EEC-684/584 Computer Networks Lecture 14 wenbing@ieee.org (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Internetworking
More informationIntroduction to Information Science and Technology 2017 Networking II. Sören Schwertfeger 师泽仁
II Sören Schwertfeger 师泽仁 Outline Review Network Layer Routing Transport Layer Applications HTTP Demos Internet: Huge network of networks Billions of hosts (computers) Internet Structure Network Edge:
More informationnetwork security cs642 computer security adam everspaugh
network security cs642 computer security adam everspaugh ace@cs.wisc.edu today Reminder: HW3 due in one week: April 18, 2016 CIDR addressing Border Gateway Protocol Network reconnaissance via nmap Idle
More informationThe Interconnection Structure of. The Internet. EECC694 - Shaaban
The Internet Evolved from the ARPANET (the Advanced Research Projects Agency Network), a project funded by The U.S. Department of Defense (DOD) in 1969. ARPANET's purpose was to provide the U.S. Defense
More informationLecture 8. Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1
Lecture 8 Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1 Outline Chapter 3 - Internetworking 3.1 Switching and Bridging 3.2
More informationDDoS Testing with XM-2G. Step by Step Guide
DDoS Testing with XM-G Step by Step Guide DDoS DEFINED Distributed Denial of Service (DDoS) Multiple compromised systems usually infected with a Trojan are used to target a single system causing a Denial
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.1: Network Security Basics Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) 2 Network Security INTRODUCTION 3 What
More informationCOMS3200/7201 Computer Networks 1 (Version 1.0)
COMS3200/7201 Computer Networks 1 (Version 1.0) Assignment 3 Due 8pm Monday 29 th May 2017. V1 draft (hopefully final) Note that the assignment has three parts Part A, B & C, each worth 50 marks. Total
More informationHow Insecure is Wireless LAN?
Page 1 of 7 How Insecure is Wireless LAN? Abstract Wireless LAN has gained popularity in the last few years due to its enormous benefits such as scalability, mobile access of the network, and reduced cost
More informationCisco 1: Networking Fundamentals
Western Technical College 10150110 Cisco 1: Networking Fundamentals Course Outcome Summary Course Information Description Career Cluster Instructional Level Total Credits 3.00 Total Hours 90.00 This course
More informationprecise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level)
Protocols precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level) all packets shipped from network to network as IP packets
More informationWireless Protocols. Training materials for wireless trainers
Wireless Protocols Training materials for wireless trainers Goals The goal of this lecture is to introduce: IEEE wireless protocols coverage 802.11 radio protocols terminology WiFi modes of operation details
More informationCSCI 1800 Cybersecurity and Interna4onal Rela4ons. Design and Opera-on of the Internet John E. Savage Brown University
CSCI 1800 Cybersecurity and Interna4onal Rela4ons Design and Opera-on of the Internet John E. Savage Brown University Outline Network security The link layer The network layer The transport layer Denial
More informationNetworking Background
Networking Background CMSC 414 October 30, 2017 General Overview We are going to take a quick look at What a network protocol is The abstract design of the network The 7-Layer network stack Protocols We
More informationTSIN02 - Internetworking
Lecture 2: Internet Protocol Literature: Forouzan: ch (4-6), 7-9 and ch 31 2004 Image Coding Group, Linköpings Universitet Lecture 2: IP Goals: Understand the benefits Understand the architecture IPv4
More informationWhen does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009
Packet Sniffers INFO 404 - Lecture 8 24/03/2009 nfoukia@infoscience.otago.ac.nz Definition Sniffer Capabilities How does it work? When does it work? Preventing Sniffing Detection of Sniffing References
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 16
CIS 551 / TCOM 401 Computer and Network Security Spring 2006 Lecture 16 Announcements Midterm II March 21st (One week from today) In class Same format as last time Will cover all material since Midterm
More informationLab 1: Packet Sniffing and Wireshark
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer
More informationLecture 8. Basic Internetworking (IP) Outline. Basic Internetworking (IP) Basic Internetworking (IP) Service Model
Lecture 8 Basic Internetworking (IP) Reminder: Homework 3, Programming Project 2 due on Tuesday. An example internet is shown at right. Routers or gateways are used to connect different physical networks.
More informationCompSci 356: Computer Network Architectures. Lecture 8: Spanning Tree Algorithm and Basic Internetworking Ch & 3.2. Xiaowei Yang
CompSci 356: Computer Network Architectures Lecture 8: Spanning Tree Algorithm and Basic Internetworking Ch 3.1.5 & 3.2 Xiaowei Yang xwy@cs.duke.edu Review Past lectures Single link networks Point-to-point,
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationChapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet
Chapter 2 - Part 1 The TCP/IP Protocol: The Language of the Internet Protocols A protocol is a language or set of rules that two or more computers use to communicate 2 Protocol Analogy: Phone Call Parties
More informationDenial of Service. EJ Jung 11/08/10
Denial of Service EJ Jung 11/08/10 Pop Quiz 3 Write one thing you learned from today s reading Write one thing you liked about today s reading Write one thing you disliked about today s reading Announcements
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationinterface Question 1. a) Applications nslookup/dig Web Application DNS SMTP HTTP layer SIP Transport layer OSPF ICMP IP Network layer
TDTS06 Computer networks, August 23, 2008 Sketched answers to the written examination, provided by Juha Takkinen, IDA, juhta@ida.liu.se. ( Sketched means that you, in addition to the below answers, need
More informationAdopting Innovative Detection Technique To Detect ICMPv6 Based Vulnerability Attacks
Adopting Innovative Detection Technique To Detect ICMPv6 Based Vulnerability Attacks Navaneethan C. Arjuman nava@nav6.usm.my National Advanced IPv6 Centre January 2014 1 Introduction IPv6 was introduced
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationSYLLABUS. osmania university CHAPTER - 3 : MEDIUM ACCESS CONTROL (MAC) SUBLAYER Standards, Bluetooth, Bridges and Routers.
Contents i SYLLABUS osmania university UNIT - I CHAPTER - 1 : INTRODUCTION Data Communication, Network Topologies : LAN, WAN, MAN, Types : Bus, Star, Ring, Hybrid, Line Configurations, Reference Models
More informationSwitching & ARP Week 3
Switching & ARP Week 3 Module : Computer Networks Lecturer: Lucy White lbwhite@wit.ie Office : 324 Many Slides courtesy of Tony Chen 1 Ethernet Using Switches In the last few years, switches have quickly
More informationLesson 5 TCP/IP suite, TCP and UDP Protocols. Chapter-4 L05: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education
Lesson 5 TCP/IP suite, TCP and UDP Protocols 1 TCP/IP Suite: Application layer protocols TCP/IP Suite set of protocols with layers for the Internet TCP/IP communication 5 layers: L7, L4, L3, L2 and L1
More informationSecurity and Networking Basics
Security and Networking Basics Internet Security [1] VU Engin Kirda Christopher Kruegel engin@infosys.tuwien.ac.at chris@auto.tuwien.ac.at Outline Introduction and Motivation Security Threats Open Systems
More informationD. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.
More informationCSC 6575: Internet Security Fall Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers
CSC 6575: Internet Security Fall 2017 Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee
More informationThreat Pragmatics & Cryptography Basics. PacNOG July, 2017 Suva, Fiji
Threat Pragmatics & Cryptography Basics PacNOG20 3-7 July, 2017 Suva, Fiji Issue Date: [31-12-2015] Revision: [V.1] Why Security? The Internet was initially designed for connectivity Trust is assumed,
More informationICS 451: Today's plan
ICS 451: Today's plan ICMP ping traceroute ARP DHCP summary of IP processing ICMP Internet Control Message Protocol, 2 functions: error reporting (never sent in response to ICMP error packets) network
More informationCS 421: COMPUTER NETWORKS FALL FINAL January 10, minutes
CS 4: COMPUTER NETWORKS FALL 00 FINAL January 0, 0 50 minutes Name: Student No: Show all your work very clearly. Partial credits will only be given if you carefully state your answer with a reasonable
More informationWIRELESS EVIL TWIN ATTACK
WIRELESS EVIL TWIN ATTACK Prof. Pragati Goel Associate Professor, NCRD s Sterling Institute of Management Studies, Navi Mumbai Mr. Chetan Singh NCRD s Sterling Institute Of Management Studie, Navi Mumbai
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #25 Dec 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Quiz #3 is Today 40 mins instead of 30 mins Next
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationChapter 11: It s a Network. Introduction to Networking
Chapter 11: It s a Network Introduction to Networking Small Network Topologies Typical Small Network Topology IT Essentials v5.0 2 Device Selection for a Small Network Factors to be considered when selecting
More informationCS475 Networks Lecture 8 Chapter 3 Internetworking. Ethernet or Wi-Fi).
Assignments Reading for Lecture 9: Section 3.3 3.2 Basic Internetworking (IP) Bridges and LAN switches from last section have limited ability CS475 Networks Lecture 8 Chapter 3 Internetworking is a logical
More informationCMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 18
CMPE 150/L : Introduction to Computer Networks Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 18 1 Final project demo Please do the demo THIS week to the TAs. Or you are allowed to use
More informationCisco CCNA (ICND1, ICND2) Bootcamp
Cisco CCNA (ICND1, ICND2) Bootcamp Course Duration: 5 Days Course Overview This five-day course covers the essential topics of ICND1 and ICND2 in an intensive Bootcamp format. It teaches students the skills
More informationTCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12
TCP/IP Networking Training Details Training Time : 9 Hours Capacity : 12 Prerequisites : There are no prerequisites for this course. About Training About Training TCP/IP is the globally accepted group
More informationWireless Network Security Spring 2011
Wireless Network Security 14-814 Spring 2011 Patrick Tague Feb 8, 2011 Class #9 Link/MAC layer security Announcements HW #1 is due on Thursday 2/10 If anyone would like Android phones for their course
More informationReview of Important Networking Concepts
Review of Important Networking Concepts Review: ed communication architecture The TCP/IP protocol suite 1 Networking Concepts Protocol Architecture Protocol s Encapsulation Network Abstractions 2 1 Sending
More informationNetwork Security Fundamentals. Network Security Fundamentals. Roadmap. Security Training Course. Module 2 Network Fundamentals
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 2 Network Fundamentals Roadmap Network Fundamentals
More informationIntroduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu CSCE 4550/5550, Fall 2009 Lecture 7 1 Projects Groups Max 3 persons Topics Cryptography Network Security Program
More informationNetwork Security: Firewalls. Tuomas Aura T Network security Aalto University, Nov-Dec 2013
Network Security: Firewalls Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013 2 Firewalls: Stateless packet filter Firewall Perimeter defence: Divide the world into the good/safe inside
More information