Link layer security. CS642: Computer Security. Professor Ristenpart h9p:// rist at cs dot wisc dot edu
|
|
- Millicent Montgomery
- 6 years ago
- Views:
Transcription
1 Link layer security CS642: Computer Security Professor Ristenpart h9p:// rist at cs dot wisc dot edu University of Wisconsin CS 642
2 GeFng started on network security Internet protocol stack Man- in- the- middle Address resolumon protocol and ARP spoofing Jamming and MITM prevenmon University of Wisconsin CS 642
3 Internet Alice ISP1 ISP2 backbone Bob Local area network (LAN) Ethernet Internet TCP/IP BGP (border gateway protocol) DNS (domain name system)
4 Internet threat models ISP1 ISP2 backbone (1) Malicious hosts
5 Internet threat models ISP1 ISP2 backbone (1) Malicious hosts (2) Subverted routers or links
6 Internet threat models ISP1 ISP2 backbone (1) Malicious hosts (2) Subverted routers or links (3) Malicious ISPs or backbone
7
8 Internet protocol stack ApplicaMon Transport Network Link HTTP, FTP, SMTP, SSH, etc. TCP, UDP IP, ICMP, IGMP 802x (802.11, Ethernet) ApplicaMon Transport Network Link Network Link ApplicaMon Transport Network Link
9 Internet protocol stack user data ApplicaMon TCP IP Appl user data Ethernet TCP Appl user data TCP segment IP TCP Appl user data IP datagram ENet IP TCP Appl user data ENet tlr Ethernet frame to 1500 bytes
10 Ethernet Carrier Sense, MulMple Access with Collision DetecMon (CSMA/CD) Take turns using broadcast channel (the wire) Detect collisions, jam, and random backoff Security issues?
11 Ethernet ENet IP datagram ENet tlr Ethernet frame desmnamon address source address type CRC Media access control (MAC) addresses 48 bits Type = what is data payload (0x0800 = IPv4, 0x0806 = ARP, 0x86DD = IPv6) 32 bit Cyclic Redundancy Check (CRC) checksum LLC frame format slightly different, but similar ideas
12 MAC addresses Two types: universally or locally administered 3 byte 2 control bits & OID 3 byte NIC idenmfier 2 LSBs of first byte are control bits: 1 st LSB: mulmcast/unicast 2 nd LSB: universal/local flag Hardware (ethernet card/wifi card) inimalized with MAC address But: Most ethernet cards allow one to change address
13 MAC spoofing Many LANs, WiFis use MAC- based access controls Courtesy of wikibooks h9p://en.wikibooks.org/wiki/changing_your_mac_address/mac_os_x
14 MAC spoofing Aaron Swartz, a fellow at Harvard University's Center for Ethics and an open source programmer involved with creamng the RSS 1.0 specificamon and more generally in the open culture movement, has been arrested and charged with wire fraud, computer fraud, unlawfully obtaining informamon from a protected computer, and recklessly damaging a protected computer aler he entered a computer lab at MIT in Cambridge, Massachuse9s and downloaded two- thirds of the material on JSTOR, an academic journal repository. h9p://en.wikinews.org/wiki/ Aaron_Swartz_arrested_and_charged_for_do wnloading_jstor_armcles Supposedly used MAC spoofing to get onto MIT network
15
16 Internet protocol stack user data ApplicaMon TCP IP Appl user data Ethernet TCP Appl user data TCP segment IP TCP Appl user data IP datagram ENet IP TCP Appl user data ENet tlr Ethernet frame to 1500 bytes
17 IPv4 ENet IP data ENet tlr Ethernet frame containing IP datagram 4- bit version 8- bit Mme to live (TTL) 4- bit len 16- bit idenmficamon 8- bit type of service 8- bit protocol 3- bit flags 32- bit source IP address 32- bit desmnamon IP address opmons (opmonal) 16- bit total length (in bytes) 13- bit fragmentamon offset 16- bit header checksum
18 Address resolumon protocol IP roumng: Figure out where to send an IP packet based on desmnamon address. Link layer and IP must cooperate to get things sent 32- bit IP address ARP RARP 48- bit MAC address ARP/RARP enables this cooperamon by mapping IPs to MACs
19 Address resolumon protocol enet dest enet src type hw type prot type hw size prot size op enet sender ip sender enet target frame type = 0x0806 (ARP) or 0x8035 (RARP) ip target pad enet dest is all 1 s, 0xFFFFFFFFFFFF for broadcast CRC hw type, prot(ocol) type specify what types of addresses we re looking up op specifies whether this is an ARP request, ARP reply, RARP request, RARP reply
20 ARP caches Hosts maintain cache of ARP data just a table mapping between IPs and MACs
21 ARP has no authenmcamon Easy to sniff packets on (non- switched) ethernet What else can we do? Easy Denial of Service (DoS): Send ARP reply associamng gateway with a non- used MAC address
22 ARP has no authenmcamon Easy to sniff packets on (non- switched) ethernet What else can we do? AcMve Man- in- the- Middle: ARP reply to MAC > MAC MAC1 ARP reply to MAC > MAC MAC MAC3 Now traffic routed through malicious box
23 ARP and switched networks Switches do not broadcast, but transfer traffic through appropriate ports. Maintain a table of port <- > MAC bindings Inhibits traffic sniffing ARP poisoning MitM inhibited (one MAC address per port) Some switches allow MAC flooding a9acks Flood ARP replies to switch Switch can t store all values, fails to broadcast
24 DetecMon and prevenmon ARPWATCH logs ARP mapping changes s admin if something suspicious comes up Switched networks with real authenmcamon Check MACs against AAA system (authenmcamon, authorizamon, accounmng) such as RADIUS / Diameter
25 STA = stamon BSS = basic service set DS = distribumon service ESS = extended service set SSID (service set idenmfier) idenmfies the network h9p://technet.microsol.com/en- us/library/cc757419(ws.10).aspx
26 STA = stamon BSS = basic service set DS = distribumon service ESS = extended service set SSID (service set idenmfier) idenmfies the network Infrastructure mode (top) versus Ad- hoc (bo9om) h9p://technet.microsol.com/en- us/library/cc757419(ws.10).aspx
27 Images from h9p://technet.microsol.com/en- us/library/cc757419(ws.10).aspx
28 security issues AP Wired versus wireless
29 h9p://online.wsj.com/armcle/sb html?mod=googlenews_wsj InteresMng report on drone usage by US: h9p://livingunderdrones.org/
30 Parrot ARdrone
31 security issues AP Wired versus wireless Wireless can (try to) compensate via cryptography - WEP = epic failure - WPA = be9er, but not great - WPA2 = be9er yet, but not perfect We ll see more on this in crypto secmon Images from h9p://technet.microsol.com/en- us/library/cc757419(ws.10).aspx
32 aircrack- ng h9p:// ng.org/img/aircrack- ng_movie_1.png
33 security issues AP WPA- personal - Pre- shared key mode - User types in a password to gain access h9p://en.wikipedia.org/wiki/linksys_wrt54g_series
34 security issues AP WPA- personal - Pre- shared key mode - User types in a password to gain access WPA- enterprise - Extended AuthenMcaMon Protocol (EAP) - Centralized AuthenMcaMon, AuthorizaMon, and AccounMng (AAA) RADIUS (Remote AuthenMcaMon Dial In User Service) authenmcamon server Client- server protocol over UDP 1) AuthenMcate users/devices before granmng access to network 2) Authorize users/devices to access certain network services 3) Account for usage of services Many security issues idenmfied
35 evil twins AP Basic idea: - A9acker pretends to be an AP to intercept traffic or collect data associamon Evil twin Probe request SSID: linksys, BSSID: MAC1 Auth request MAC1 Auth response Associate request MAC1 Associate response
36 evil twins AP Basic idea: - A9acker pretends to be an AP to intercept traffic or collect data Two APs for same network Evil twin Choose one of MAC1, MAC2 Probe request SSID: linksys, BSSID: MAC1 SSID: linksys, BSSID: MAC2 Auth request MAC2 MAC1 MAC2
37 evil twins AP Basic idea: - A9acker pretends to be an AP to intercept traffic or collect data Basic a9ack: rogue AP Evil twin Choose one of MAC1, MAC2 Probe request SSID: linksys, BSSID: MAC1 SSID: linksys, BSSID: MAC2 Auth request MAC2 MAC1 MAC2
38 evil twins AP Basic idea: - A9acker pretends to be an AP to intercept traffic or collect data Evil twin: spoof MAC1 Evil twin Choose one of MAC1, MAC2 A9acker can send forged disassociate message to vicmm to get it to look for new connecmon VicMm might send out probe requests for parmcular SSIDs, giving a9acker info MAC1 Probe request SSID: linksys, BSSID: MAC1 MAC1 SSID: linksys, BSSID: MAC1 Auth request MAC2 Conceptually similar to ARP poisoning
39 Push- bu9on configuramon (PBC) AP Problems with WPA- personal: - Users are scared of passwords - Passwords usually weak - New devices lack keypads Push bu9on shared secret PBC probe PBC probe PBC probe PBC response Diffie- Hellman Key exchange Push bu9on shared secret
40 Push- bu9on configuramon (PBC) PBC probe PBC probe Push bu9on PBC response PBC response Push bu9on Diffie- Hellman Key exchange Diffie- Hellman Key exchange shared secret 1 shared secret 2 shared secret 1 shared secret 2 But this is on wireless, so all messages are seen by all parmes A9acker can jam messages, overpower legimmate messages
41 Can we prevent MitM? Gollakata et al., Secure In- Band Wireless Pairing, Security 2011 Basic observamons: - Assume all parmes in range of each other (all honest broadcasts seen) - Signals cannot be negated - Jamming can be made detectable
42 Can we prevent MitM? Gollakata et al., Secure In- Band Wireless Pairing, Security 2011 Tamper- evident Announcement: Figure 1: The format of a tamper-evident announcement (TEA). SynchronizaMon: long random data to make overpowering detectable Payload: key exchange data (public key, etc.) On- Off slots: Encode cryptographic hash of payload in a manipulamon- detectable way Intractable to find two payloads such that Hash(payload1) = Hash(payload2)
43 Can we prevent MitM? Gollakata et al., Secure In- Band Wireless Pairing, Security 2011 On- Off slots: Encode cryptographic hash of payload in a manipulamon- detectable way A9acker can only turn 0 s to 1 s b1 b2 h1 h2 h Receiver detects if channel in use, concludes a 1 Otherwise concludes a 0 Checks that # of 1 s = # of 0 s Checks hash of payload Encode in a way that balances number of 0 s and 1 s TransmiFng a 1: send packet with random data TransmiFng a 0: send nothing To change payload, a9acker must change hash value, but can t
44 Discussion What a9acks aren t prevented? PBC relies on what physical assumpmons? How easy are such jamming based a9acks?
45
Link layer security. CS642: Computer Security. Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu
Link layer security CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642 Announcements Reminder: homework 1 due Thursday
More informationnetwork security s642 computer security adam everspaugh
network security s642 adam everspaugh ace@cs.wisc.edu computer security today Announcement: HW3 to be released WiFi IP, TCP DoS, DDoS, prevention 802.11 (wifi) STA = station AP = access point BSS = basic
More informationAssignment - 1 Chap. 1 Wired LAN s
Assignment - 1 Chap. 1 Wired LAN s 1. (1 Mark) 1. Draw the frame format of Ethernet. 2. What is unicast, multicast and broadcast address? 3. State the purpose of CRC field. 2. (5 Marks) 1. Explain how
More informationCIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationComputer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2009 Lecture 7 Announcements First project: Due: TOMORROW at 11:59 p.m. http://www.cis.upenn.edu/~cis551/project1.html Plan for Today: Networks:
More informationARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1
ARP, IP, TCP, UDP CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1 IP and MAC Addresses Devices on a local area network have IP addresses (network layer) MAC addresses (data
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 8 Announcements Reminder: Project 1 is due on tonight by midnight. Midterm 1 will be held next Thursday, Feb. 8th. Example midterms
More informationWireless technology Principles of Security
Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 12 2/28/08 CIS/TCOM 551 1 Announcements Reminder: Project 2 is due Friday, March 7th at 11:59 pm 2/28/08 CIS/TCOM 551 2 Internet Protocol
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationCSc 466/566. Computer Security. 18 : Network Security Introduction
1/81 CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:57:28 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer
Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also
More informationIntroduction to Computer Networks. CS 166: Introduction to Computer Systems Security
Introduction to Computer Networks CS 166: Introduction to Computer Systems Security Network Communication Communication in modern networks is characterized by the following fundamental principles Packet
More informationECE4110 Internetwork Programming. Introduction and Overview
ECE4110 Internetwork Programming Introduction and Overview 1 EXAMPLE GENERAL NETWORK ALGORITHM Listen to wire Are signals detected Detect a preamble Yes Read Destination Address No data carrying or noise?
More informationNetwork Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015
Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan June 18, 2015 1 / 19 ARP (Address resolution protocol) poisoning ARP is used to resolve 32-bit
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationNetwork Model. Why a Layered Model? All People Seem To Need Data Processing
Network Model Why a Layered Model? All People Seem To Need Data Processing Layers with Functions Packet Propagation Each router provides its services to support upper-layer functions. Headers (Encapsulation
More informationCS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis
CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationInternet. Organization Addresses TCP/IP Protocol stack Forwarding. 1. Use of a globally unique address space based on Internet Addresses
Internet Organization Addresses TCP/IP Protocol stack Forwarding Jörg Liebeherr, 1998-2003 1 What defines the Internet? 1. Use of a globally unique address space based on Internet Addresses 2. Support
More informationComputer Networks Security: intro. CS Computer Systems Security
Computer Networks Security: intro CS 166 - Computer Systems Security A very easy network 3/14/16 Computer Networks: Intro 2 Two philosophers example Translator Language Translator Engineer Communication
More informationStudy Guide. Module Two
Module Two Study Guide Study Guide Contents Part One -- Textbook Questions Part Two -- Assignment Questions Part Three -- Vocabulary Chapter 4 Data Link Layer What is the function of the data link layer?
More informationLayer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers
Layer 4: UDP, TCP, and others based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Concepts application set transport set High-level, "Application Set" protocols deal only with how handled
More informationAN INTRODUCTION TO ARP SPOOFING
AN INTRODUCTION TO ARP SPOOFING April, 2001 Sean Whalen Sophie Engle Dominic Romeo GENERAL INFORMATION Introduction to ARP Spoofing (April 2001) Current Revision: 1.8 Available: http://chocobospore.org
More informationReview. Error Detection: CRC Multiple access protocols. LAN addresses and ARP Ethernet. Slotted ALOHA CSMA/CD
Review Error Detection: CRC Multiple access protocols Slotted ALOHA CSMA/CD LAN addresses and ARP Ethernet Some slides are in courtesy of J. Kurose and K. Ross Overview Ethernet Hubs, bridges, and switches
More informationCSCI Networking Name:
CSCI 3335- Networking Name: Final Exam Problem 1: Error Checking and TCP (15 Points) (a) True or false: [2.5 points for circling correct answers, -1 points for each wrong answer] i. CRC can both correct
More informationProtocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS
Protocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS Mail seban649@student.liu.se Protocol Hi Hi Got the time? 2:00 time TCP connection request TCP connection response Whats
More informationICS 351: Networking Protocols
ICS 351: Networking Protocols IP packet forwarding application layer: DNS, HTTP transport layer: TCP and UDP network layer: IP, ICMP, ARP data-link layer: Ethernet, WiFi 1 Networking concepts each protocol
More informationAddress Resolution Protocol (ARP), RFC 826
Address Resolution Protocol (ARP), RFC 826 Prof. Lin Weiguo Copyleft 2009~2017, School of Computing, CUC Sept. 2017 ARP & RARP } Note: } The Internet is based on IP addresses } Data link protocols (Ethernet,
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationCSE 127: Computer Security Network Security. Kirill Levchenko
CSE 127: Computer Security Network Security Kirill Levchenko November 28, 2017 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties
More informationECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition
ECPE / COMP 177 Fall 2012 Some slides from Kurose and Ross, Computer Networking, 5 th Edition Application Layer Transport Layer Network Layer Link Layer Physical Layer 2 Application Layer HTTP DNS IMAP
More informationCS 43: Computer Networks The Link Layer. Kevin Webb Swarthmore College November 28, 2017
CS 43: Computer Networks The Link Layer Kevin Webb Swarthmore College November 28, 2017 TCP/IP Protocol Stack host host HTTP Application Layer HTTP TCP Transport Layer TCP router router IP IP Network Layer
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationCS61C Machine Structures Lecture 37 Networks. No Machine is an Island!
CS61C Machine Structures Lecture 37 Networks April 24, 2006 John Wawrzynek Page 1 No Machine is an Island! Computer Processor (active) Control ( brain ) Datapath ( brawn ) Memory (passive) (where programs,
More informationOutline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
More informationThe Interconnection Structure of. The Internet. EECC694 - Shaaban
The Internet Evolved from the ARPANET (the Advanced Research Projects Agency Network), a project funded by The U.S. Department of Defense (DOD) in 1969. ARPANET's purpose was to provide the U.S. Defense
More informationLecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015
Lecture 6 Internet Security: How the Internet works and some basic vulnerabilities Thursday 19/11/2015 Agenda Internet Infrastructure: Review Basic Security Problems Security Issues in Routing Internet
More informationDDoS Testing with XM-2G. Step by Step Guide
DDoS Testing with XM-G Step by Step Guide DDoS DEFINED Distributed Denial of Service (DDoS) Multiple compromised systems usually infected with a Trojan are used to target a single system causing a Denial
More informationPrincess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content
More informationCS118 Discussion 1A, Week 9. Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m.
CS118 Discussion 1A, Week 9 Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m. 1 Outline Wireless: 802.11 Mobile IP Cellular Networks: LTE Sample final 2 Wireless and Mobile Network Wireless access: WIFI
More informationComputer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic
Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition Chapter 2 Investigating Network Traffic Objectives After completing this chapter, you should be able to: Understand network
More informationprecise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level)
Protocols precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level) all packets shipped from network to network as IP packets
More informationCSCI 1800 Cybersecurity and Interna4onal Rela4ons. Design and Opera-on of the Internet John E. Savage Brown University
CSCI 1800 Cybersecurity and Interna4onal Rela4ons Design and Opera-on of the Internet John E. Savage Brown University Outline Network security The link layer The network layer The transport layer Denial
More informationNetworking Background
Networking Background CMSC 414 October 30, 2017 General Overview We are going to take a quick look at What a network protocol is The abstract design of the network The 7-Layer network stack Protocols We
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More informationEEC-684/584 Computer Networks
EEC-684/584 Computer Networks Lecture 14 wenbing@ieee.org (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Internetworking
More informationIntroduction to Information Science and Technology 2017 Networking II. Sören Schwertfeger 师泽仁
II Sören Schwertfeger 师泽仁 Outline Review Network Layer Routing Transport Layer Applications HTTP Demos Internet: Huge network of networks Billions of hosts (computers) Internet Structure Network Edge:
More informationTable of Contents. Computer Networks and the Internet
Table of Contents Chapter 1 Computer Networks and the Internet 1.1 What Is the Internet? 1.1.1 A Nuts-and-Bolts Description 1.1.2 A Services Description 1.1.3 What Is a Protocol? 1.2 The Network Edge 1.2.1
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationChapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet
Chapter 2 - Part 1 The TCP/IP Protocol: The Language of the Internet Protocols A protocol is a language or set of rules that two or more computers use to communicate 2 Protocol Analogy: Phone Call Parties
More informationinterface Question 1. a) Applications nslookup/dig Web Application DNS SMTP HTTP layer SIP Transport layer OSPF ICMP IP Network layer
TDTS06 Computer networks, August 23, 2008 Sketched answers to the written examination, provided by Juha Takkinen, IDA, juhta@ida.liu.se. ( Sketched means that you, in addition to the below answers, need
More informationCS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang
CS 356: Computer Network Architectures Lecture 10: IP Fragmentation, ARP, and ICMP Xiaowei Yang xwy@cs.duke.edu Overview Homework 2-dimension parity IP fragmentation ARP ICMP Fragmentation and Reassembly
More informationHow Insecure is Wireless LAN?
Page 1 of 7 How Insecure is Wireless LAN? Abstract Wireless LAN has gained popularity in the last few years due to its enormous benefits such as scalability, mobile access of the network, and reduced cost
More informationD. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.
More informationSYLLABUS. osmania university CHAPTER - 3 : MEDIUM ACCESS CONTROL (MAC) SUBLAYER Standards, Bluetooth, Bridges and Routers.
Contents i SYLLABUS osmania university UNIT - I CHAPTER - 1 : INTRODUCTION Data Communication, Network Topologies : LAN, WAN, MAN, Types : Bus, Star, Ring, Hybrid, Line Configurations, Reference Models
More informationWhat is mobility? Mobile IP. Mobility Impact on Protocol Stack (cont.) Advanced Topics in Computer Networks
Advanced Topics in Computer Networks What is mobility? spectrum of mobility, from the perspective: Mobile IP no mobility high mobility Chalermek Intanagonwiwat Slides courtesy of James F. Kurose, Keith
More informationLesson 5 TCP/IP suite, TCP and UDP Protocols. Chapter-4 L05: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education
Lesson 5 TCP/IP suite, TCP and UDP Protocols 1 TCP/IP Suite: Application layer protocols TCP/IP Suite set of protocols with layers for the Internet TCP/IP communication 5 layers: L7, L4, L3, L2 and L1
More informationScribe Notes -- October 31st, 2017
Scribe Notes -- October 31st, 2017 TCP/IP Protocol Suite Most popular protocol but was designed with fault tolerance in mind, not security. Consequences of this: People realized that errors in transmission
More informationComputer Systems and Networks. ECPE 170 Jeff Shafer University of the Pacific. Computer Networks
ECPE 170 Jeff Shafer University of the Pacific Computer Networks 2 Schedule Exam 3 Tuesday, December 6 th Caches Virtual Memory Input / Output OperaMng Systems Compilers & Assemblers Processor Architecture
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationAttacks on WLAN Alessandro Redondi
Attacks on WLAN Alessandro Redondi Disclaimer Under the Criminal Italian Code, articles 340, 617, 617 bis: Up to 1 year of jail for interrupting public service 6 months to 4 years of jail for installing
More informationChapter 24 Wireless Network Security
Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically
More informationCS 421: COMPUTER NETWORKS FALL FINAL January 10, minutes
CS 4: COMPUTER NETWORKS FALL 00 FINAL January 0, 0 50 minutes Name: Student No: Show all your work very clearly. Partial credits will only be given if you carefully state your answer with a reasonable
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationTCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12
TCP/IP Networking Training Details Training Time : 9 Hours Capacity : 12 Prerequisites : There are no prerequisites for this course. About Training About Training TCP/IP is the globally accepted group
More informationReview of Important Networking Concepts
Review of Important Networking Concepts Review: ed communication architecture The TCP/IP protocol suite 1 Networking Concepts Protocol Architecture Protocol s Encapsulation Network Abstractions 2 1 Sending
More informationTSIN02 - Internetworking
Lecture 2: Internet Protocol Literature: Forouzan: ch (4-6), 7-9 and ch 31 2004 Image Coding Group, Linköpings Universitet Lecture 2: IP Goals: Understand the benefits Understand the architecture IPv4
More informationInterconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1
Interconnecting Networks with TCP/IP 2000, Cisco Systems, Inc. 8-1 Objectives Upon completion of this chapter you will be able to perform the following tasks: Identify the IP protocol stack, its protocol
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.1: Network Security Basics Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) 2 Network Security INTRODUCTION 3 What
More informationWhat is Eavedropping?
WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks
More informationCSCI 680: Computer & Network Security
CSCI 680: Computer & Network Security Lecture 15 Prof. Adwait Nadkarni Fall 2017 Derived from slides by William Enck and Micah Sherr 1 Grading Class Participat ion and Quizzes 10% Grade Breakdown Homewo
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition
ECPE / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking, 5 th Edition Course Organization Top-Down! Starting with Applications / App programming Then Transport Layer (TCP/UDP) Then
More informationThreat Pragmatics & Cryptography Basics. PacNOG July, 2017 Suva, Fiji
Threat Pragmatics & Cryptography Basics PacNOG20 3-7 July, 2017 Suva, Fiji Issue Date: [31-12-2015] Revision: [V.1] Why Security? The Internet was initially designed for connectivity Trust is assumed,
More informationPacket Header Formats
A P P E N D I X C Packet Header Formats S nort rules use the protocol type field to distinguish among different protocols. Different header parts in packets are used to determine the type of protocol used
More informationCS 43: Computer Networks Switches and LANs. Kevin Webb Swarthmore College December 5, 2017
CS 43: Computer Networks Switches and LANs Kevin Webb Swarthmore College December 5, 2017 Ethernet Metcalfe s Ethernet sketch Dominant wired LAN technology: cheap $20 for NIC first widely used LAN technology
More informationLab 1: Packet Sniffing and Wireshark
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer
More informationWireless Network Security
Wireless Network Security Why wireless? Wifi, which is short for wireless fi something, allows your computer to connect to the Internet using magic. -Motel 6 commercial 2 but it comes at a price Wireless
More informationProblem Set 10 Due: Start of class December 11
CS242 Computer Networks Handout # 20 Randy Shull December 4, 2017 Wellesley College Problem Set 10 Due: Start of class December 11 Reading: Kurose & Ross, Sections 7.1 7.3, 8.1 8.4 Wireshark Lab [16] Recall
More informationNeed For Protocol Architecture
Chapter 2 CS420/520 Axel Krings Page 1 Need For Protocol Architecture E.g. File transfer Source must activate communications path or inform network of destination Source must check destination is prepared
More informationnetwork security cs642 computer security adam everspaugh
network security cs642 computer security adam everspaugh ace@cs.wisc.edu today Reminder: HW3 due in one week: April 18, 2016 CIDR addressing Border Gateway Protocol Network reconnaissance via nmap Idle
More informationCisco CCNA (ICND1, ICND2) Bootcamp
Cisco CCNA (ICND1, ICND2) Bootcamp Course Duration: 5 Days Course Overview This five-day course covers the essential topics of ICND1 and ICND2 in an intensive Bootcamp format. It teaches students the skills
More informationWireless Protocols. Training materials for wireless trainers
Wireless Protocols Training materials for wireless trainers Goals The goal of this lecture is to introduce: IEEE wireless protocols coverage 802.11 radio protocols terminology WiFi modes of operation details
More informationTCP/IP Networking Basics
TCP/IP Networking Basics 1 A simple TCP/IP Example A user on host argon.tcpip-lab.edu ( Argon ) makes a web access to URL http://neon.tcpip-lab.edu/index.html. What actually happens in the network? 2 HTTP
More informationNeed For Protocol Architecture
Chapter 2 CS420/520 Axel Krings Page 1 Need For Protocol Architecture E.g. File transfer Source must activate communications path or inform network of destination Source must check destination is prepared
More informationICS 451: Today's plan
ICS 451: Today's plan ICMP ping traceroute ARP DHCP summary of IP processing ICMP Internet Control Message Protocol, 2 functions: error reporting (never sent in response to ICMP error packets) network
More informationMobility Support in Internet and Mobile IP. Gianluca Reali
Mobility Support in Internet and Mobile IP Gianluca Reali 1 Problem We have seen that mobile users can change point of attachment In a WLAN, a mobile may change access point. In a cellular network, a mobile
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA
More informationPART X. Internetworking Part 1. (Concept, IP Addressing, IP Routing, IP Datagrams, Address Resolution)
PART X Internetworking Part 1 (Concept, IP Addressing, IP Routing, IP Datagrams, Address Resolution) CS422 Part 10 1 Spring 1999 Motivation For Internetworking LANs Low cost Limited distance WANs High
More informationLesson 10. Circuit Boards and Devices Ethernet and Wi-Wi Connectivity with the Internet
Lesson 10 Circuit Boards and Devices Ethernet and Wi-Wi Connectivity with the Internet 1 Connecting Arduino USB to Internet Arduino board IDE supports USB. USB port connects to a mobile or computer or
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More informationInterconnecting Networks with TCP/IP
Chapter 8 Interconnecting s with TCP/IP 1999, Cisco Systems, Inc. 8-1 Introduction to TCP/IP Internet TCP/IP Early protocol suite Universal 1999, Cisco Systems, Inc. www.cisco.com ICND 8-2 TCP/IP Protocol
More informationIntroduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu CSCE 4550/5550, Fall 2009 Lecture 7 1 Projects Groups Max 3 persons Topics Cryptography Network Security Program
More informationNetwork Security Fundamentals. Network Security Fundamentals. Roadmap. Security Training Course. Module 2 Network Fundamentals
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 2 Network Fundamentals Roadmap Network Fundamentals
More informationRAJIV GANDHI COLLEGE OF ENGINEERING AND TECHNOLOGY
RAJIV GANDHI COLLEGE OF ENGINEERING AND TECHNOLOGY DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING QUESTION BANK SUBJECT NAME: COMPUTER NETWORKS SUBJECT CODE: CST52 UNIT-I 2 MARKS 1. What is Network? 2.
More informationCompSci 356: Computer Network Architectures. Lecture 8: Spanning Tree Algorithm and Basic Internetworking Ch & 3.2. Xiaowei Yang
CompSci 356: Computer Network Architectures Lecture 8: Spanning Tree Algorithm and Basic Internetworking Ch 3.1.5 & 3.2 Xiaowei Yang xwy@cs.duke.edu Review Past lectures Single link networks Point-to-point,
More information