Networks and security Data bases
|
|
- Joshua Hart
- 6 years ago
- Views:
Transcription
1 Networks and security Data bases
2 Networks Concepts Threats Controls Firewalls
3 Protocols A protocol abstracts the communication to a higher level. A layered architecture, a so called protocol stack is used: each layer provides a higher level of communication and hides the underlying details. The Open Systems Interconnection (OSI) model from ISO is a model of a protocol stack with seven layers.
4 Protocols, TCP/IP Used on the Internet and most wide area networks. Four layers: Application, Transport, Internet, Physical. Addressing: a unique name for each host (IP address) and an address (the port number) to each application.
5 Protocols, TCP/IP
6 Protocols, TCP/IP
7 Types of networks LAN, Local Area Network: Small distance, usually a building. Locally controlled. Isolated, physically protected(?). WAN, Wide Area Network: Larger than a LAN: more hosts, longer distances. More physically exposed. Inter-networks (internets): Example: the Internet. Heterogeneous: most operating systems are represented, etc. Physically and logically exposed.
8 Threats in networks Why: Sharing Complexity of system Unknown perimeter Many points of attack Anonymity Unknown path
9 Threats in networks Wiretapping and message confidentiality violations Interception of data transit Insertion of a repeat of a previous communication Break-ins Access to programs or data at remote hosts Running a program at a remote site Code integrity violation Modification of programs or data at remote hosts
10 Threats in networks Message integrity violation Modification of data in transit Impersonation Insertion of communication impersonating a user Denial of service Blocking of selected traffic Blocking of all traffic
11 Wiretapping Wiretap - to intercept communications Passive wiretapping: just listening Active wiretapping: injecting something into the communication Cables: easy if physical access Microwave and satellite: easy Fiber: more secure than cable Always assume that all links can be wiretapped.
12 Impersonation More significant threat in WANs and internets than in LANs. Several ways: Guess the identity and authentication details of the target Pick up the identity and authentication details of the target from a previous communication Circumvent or disable the authentication mechanism at the target computer Use a target that will not be authenticated Use a target whose authentication data is known
13 Message confidentiality violations Both wiretapping and impersonation can lead to violation of the confidentiality of a message Other vulnerabilities: Misdelivery Exposure Traffic flow analysis
14 Message integrity violations Falsification of messages: Change any part of the content of a message Replace a message entirely Reuse an old message Change the apparent source of a message Redirect a message Destroy or delete a message Sources of these attacks: Active wiretap Trojan horse Impersonation Preempted host
15 Code integrity Program threats such as trojan horses, viruses and other malicious code can become a much more serious threat due to networks. Users often download untrusted code and run it. Sometimes code is downloaded and run on a machine without the users knowledge (Java, Javascript, ActiveX, etc.)
16 Denial of Service Connectivity Flooding Routing problems Disruption of Service Erroneous code
17 Network Security Controls Physical separation If intruders can not copy the communication, they can not read it. Encryption Tunnels Authentication Data integrity Redistribution centers (traffic control) Firewalls
18 Encryption Link level encryption Between two hosts End-to-end encryption Between two applications Encrypted tunnels/vpns
19 Link level encryption Encrypted just before the physical layer A message is encrypted during transit In plaintext inside hosts Invisible to the users All messages can be encrypted
20 Link level encryption
21 End-to-end encryption Encrypted by the applications A message is encrypted at all times Covers potential flaws in lower levels User applies encryption Software implementation (can be inefficient)
22 Tunnels Traffic between two networks can be encrypted. Encrypted packets are encapsulated inside other packets. Two machines are set up as tunnel end points. All traffic need to go through these machines. Creates a Virtual Private Network (VPN).
23 Traffic control Sometimes even the existence of a communication is sensitive The attack is called traffic analysis Solutions: Pad traffic Bogus traffic generated to hide the actual traffic pattern Redistribution centers All traffic goes through a trusted third party Combined with pad traffic
24 Data integrity Protocols designed for reliable communication needs to detect messages that are: Duplicates, deleted, out of order, modified, fake Cryptographic checksums or hash values can protect against message tampering Not only the message need to be protected: sequence numbers, destination and source addresses need protection too.
25 Authentication Host-to-host authentication User-to-host authentication Examples: Kerberos Certification hierarchies
26 Kerberos Purpose: to allow users and services to authenticate themselves to each other Passwords are never sent over the network Uses symmetric and public key cryptography (depending on version)
27 Kerberos First step: establish a session with the Kerberos server: The user sends the username to the Kerberos server. The kerberos server randomly generates a session key and returns it to the requesting user, encrypting the key with some information derived from the user's password. The session key is then forwarded to the Ticket Granting Server (TGS) If the user can decrypt the session key, the user is authenticated.
28 Kerberos
29 Kerberos Next, using a service Using the session key, the user requests a ticket for the service from the TGS. The TGS verifies the user's access permissions. A ticket for the service and a session key (used for communicating with the service) is returned to the user. The ticket is encrypted with a key known by the TGS and the service.
30 Kerberos
31 Kerberos No passwords are sent over the network. The Ticket Granting Server and the Kerberos server must be trusted and available at all time. Password guessing still works. Limited period of validity. Time stamps to prevent replay attacks. All applications need to be changed to use Kerberos
32 Certification hierarchies Host to host certification Public key cryptography Each host has a certificate (a digital signature of a public key) of their identity The certificate is signed by a certification agency Other host can verify the certificate with the agency The public key is either: retrieved from the other host and verified if necessary retrieved from the certification agency How to trust the certification agencies? Certify them at a "higher" certification agency.
33 Firewalls A process that filters all traffic between a protected and a less trustworthy network. A special form of reference monitor. A firewall should be Always invoked Tamper-proof Small and simple enough for rigorous analysis All (sensitive) network traffic must pass through the firewall
34 Firewalls Two default modes: "what is not explicitly forbidden is permitted" and "what is not explicitly permitted is forbidden". Users prefer the former, security administrators the latter. Different kinds of firewalls: Screening router, network level firewall, etc. Proxy gateways, guards, application level firewalls, etc.
35 Network level firewalls Often in hardware Makes decisions based on the source, destination addresses and ports in individual packets A specially configured router Very fast Transparent to users
36 Application level firewalls More advanced. Can make decisions based on the actual content of the packets, not just the headers. Acts as a proxy: must "understand" the application protocols used. Needs a proxy server for each application type such as HTTP, FTP, Telnet, etc. Can contain extra authentication and do more logging. Can provide access control.
37 Demilitarized zone A part of the network that is neither directly part of the internal nor external network.
38 Firewalls What firewalls can not block: Can not protect against attacks that doesn't go through the firewall. Information leaks on floppys. Firewalls can easily be bypassed from the inside by using tunnels. Can't protect very well against viruses. Can give a false sense of security: users trusts the firewall. No excuse for bad security internally.
39 Network Intrusion Detection Systems NIDS, IDS Checks traffic against known attacks and attack patterns Keeps a database of attacks and patterns For a large network, it can be a big problem to go through all warnings For a single host on the campus network About 4 alerts per hour in the last days Much more when worms are spreading
40 Databases and security Overview Security requirements Reliability and integrity Sensitive data Multilevel data bases
41 Data bases Why: Shared access Minimal redundancy Data consistency Data integrity Controlled access Operating systems maintain data, a data base maintain information Contents of file is not important for an OS
42 Relational data bases A data base based on the relational model developed by E.F. Codd. Other models: Hierarchical data bases Network data bases Object data bases
43 Tables Each row is called a record, and each column is a field (or element) of that record. A table must only contain one type of records. Each record in a table is unique; there is no duplicates. The possible values of a column is called the domain.
44 Tables Salesforce table: Salesman Name Sales Area Target Number 01 Jones London Smith Paris King New York 25000
45 Relational operations Selection: creates a subset of all the rows in the table. Projection: creates a subset of all the columns in the table. Join: combines two tables. The result is always a new table
46 Selection Select records with a target of or more to produce a new table: Salesman Name Sales Area Target Number 02 Smith Paris King New York 25000
47 Projection A new table is created by selecting some columns: Name JONES SMITH KING Target
48 Join A join combines information from different tables. The join is done by matching values occurring in a pair of columns. The two different columns would usually represent some similar attribute, such as an employee number.
49 Join Salesman Name Sales Area Target Number 01 Jones London Smith Paris King New York Salesman Number Order Number X1143 X4432 X3211 Amount
50 Join Result from a join on the Salesman Number: Salesman Order Name Sales Target Amount Number Number Area 01 X1143 Jones London X4432 Jones London X3211 King New York
51 Data base management system The users interacts with a data base through a program called a data base manager or a data base management system (DBMS) The DBMS is used to read, maintain and provide security for a database. Is usually run as an normal application in an OS.
52 Security requirements Physical data base integrity Logical data base integrity Element/field integrity Auditability Access control User authentication Availability
53 Integrity of the data base Users must be able to trust the accuracy of the values in the data base. So, the DBMS must be assured that updates are performed only by authorized individuals. Data must also be protected from corruption. Malicious programs and users Erroneous code Outside force: e.g. power failures, fire
54 Element Integrity The integrity of elements of a data base is their correctness or accuracy. Examples: Years should have four digits. Salaries should be in specified range. Three ways: Field checks Access control Change log
55 Auditability Audit log, audit record, change log, etc. A log of all accesses (read and write) Two advantages: To see who changed what To see who knows what
56 User Authentication Additional authentication from the authentication performed by the operating system is often required. The DBMS is often run as a normal application, so it must do its own authentication. Addition requirements can also exists, such as time-of-day checks.
57 Access Control Possible access modes: read, change, delete, append to value, add or delete entire fields or records, or reorganized the entire data base. Can not be handled by the operating system controls.
58 Access control example, SQL Users: authenticated by the OS or/and the DBMS Actions: include SELECT, UPDATE, DELETE, INSERT Objects: tables, columns
59 Granting and revocation of privileges GRANT SELECT, UPDATE (Day, Flight) ON TABLE Diary TO Alice, Bob REVOKE UPDATE ON TABLE Diary FROM Bob GRANT SELECT ON TABLE Diary TO Alice WITH GRANT OPTION Revoke can cascade If Alice grants access to Dave, and we revoke Alice s access, Dave s access should be revoked as well
60 Access controls through views Views are derived relations (subsets of tables) Privileges can be granted to views CREATE VIEW business_trips AS SELECT * FROM Diary WHERE Status = 'business' CREATE VIEW business_trips AS SELECT * FROM Diary WHERE Status = 'business' WITH CHECK OPTION A Travel agent have access to the Diary table only through the business_trips view UPDATE business_trips SET Status = 'private' WHERE Name = 'Alice' Not possible if 'WITH CHECK OPTION' was specified, otherwise possible (called a blind write)
61 Availability A DBMS has often very high availability requirements Several problems: Concurrent access to the same records Some unprotected data might have to be withhold in order to avoid revealing protected data
62 Integrity/Confidentiality/Availability Integrity Confidentiality/Secrecy Availability
63 Reliability and integrity Data base integrity Element integrity Element accuracy
64 Protection features from the operating system Access control. I/O checks Special file systems (e.g journaling).
65 Two-Phase update What to do if a failure occur when someone was modifying data? Solution: Two phase commit
66 Two-Phase update/commit Intent phase: During the first phase, the intent phase, the DBMS gathers information necessary resources it needs to perform the update. No changes to the data base is made in this phase. The intent phase can be repeated infinite times. Commit phase: A commit flag is set in the data base. Then the changes are made to the data base. Finally the commit flag is cleared. No steps of the intent phase will be performed while the commit flag is set.
67 Redundancy/Internal consistency Error detection and correction codes Shadow fields Recovery
68 Concurrency/Consistency Data bases is often multiuser systems. Access by two users sharing the same data base must be controlled. Example: Two airline booking agents try to reserve the same seat in airline flight at the same time. One of the reservations should fail. Solution: DBMS should treat the entire queryupdate cycle as a single atomic operation.
69 Monitors A monitor is a unit of a DBMS that is responsible for the structural integrity of the data base. Range comparisons: Examples: the range of dates must be 00-99, 1-12, 1-31 Salaries must be limited to $ State Constraints Some state must always be met. Examples: the commit flag must not be set after a transaction has completed. Only one president listed in the employee data base. Transition Constraints Example: credits for a course can not be entered unless the student is registered for that course.
70 Sensitive Data Secrecy, confidentiality Sensitive data: data that should not be made public. The extremes are easiest: everything public or everything secret/sensitive. Factors that can make data sensitive: Inherently sensitive Declared sensitive An entire column (attribute) or row can be classified as sensitive Sensitive in relation to previously disclosed information
71 Types of disclosures Exact data Bounds Negative Result Existence Probable Value
72 Inference attacks The inference problem: how to infer or derive sensitive data from non-sensitive data. Can be hard to control. The problem arises from mathematical relationships between data and between query results. Mainly an attack against "statistical" data bases
73 Inference attacks Direct attack Form a query that yield few records. Control: Only allow statistical queries that covers a large enough subset
74 Indirect attack Seeks to infer a result based on one or more statistical results. In other words: how to get individual data from some apparently anonymous statistical data. Different kinds of attacks: Sum Count Median Tracker Attacks Linear System Vulnerability
75 Example MIS M Igor 50 7 CS M Homer MBA F Gala MIS F Flora 66 8 CS M Errol MIS M Don CS F Carol CS M Bill 63 8 MBA F Alma Grade Ave. Units Programme Sex Name
76 Example Q1: SELECT COUNT(*) FROM Students WHERE Sex = 'F' AND Programme = 'CS Q2: SELECT AVG(Grade Ave.) From Students WHERE Sex = 'F' AND Programme = 'CS' From Q1: exactly one female CS student From Q2: result of 70 = Carols grade average
77 Example Q1: SELECT COUNT(*) FROM Students WHERE Programme = 'CS' Q2: SELECT COUNT(*) FROM Students WHERE Sex = 'M' AND Programme = 'CS' Q3: SELECT AVG(Grade Ave.) From Students WHERE Programme = 'CS' Q4: SELECT AVG(Grade Ave.) From Students WHERE Sex = 'M' AND Programme = 'CS' Results: Q1 = 4, Q2 = 3, Q3 = 61, Q4 = 58 Combine the four results: 4*61-3*58 = 70
78 Controls for inference attacks Either controls are applied to the queries or to the data items. Query controls are effective primarily against direct attacks. Controls applied to the data items: Suppression: sensitive data values is not provided Concealing: the answer provided is close to the actual value
79 Multilevel data bases Dividing the data into sensitive and nonsensitive data is often not enough The security of a single element might be different from the security of other elements of the same record or column The security of an aggregate such as a sum or the average can be different than the security of the individual elements
80 Multilevel data bases Partitioning Encryption Integrity lock Sensitivity lock
81 Summary Integrity, confidentiality (secrecy) and availability are all very important to data bases. Integrity: of the data base, of the elements and element accuracy. Secrecy can often be broken by inference attacks
82 Next time Administrating security Examples of applications of computer security Secure PGP WEP - IEEE encryption DVD CSS
Overview of Information Security
Overview of Information Security Lecture By Dr Richard Boateng, UGBS, Ghana Email: richard@pearlrichards.org Original Slides by Elisa Bertino CERIAS and CS &ECE Departments, Pag. 1 and UGBS Outline Information
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationCS Paul Krzyzanowski
Question 1 Explain why hypervisor rootkits are more difficult to detect than user-mode or kernel-mode rootkits. Computer Security 2018 Exam 2 Review Paul Krzyzanowski Rutgers University Spring 2018 The
More informationComputer Security Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 2018 Exam 2 Review Paul Krzyzanowski Rutgers University Spring 2018 April 16, 2018 CS 419 2018 Paul Krzyzanowski 1 Question 1 Explain why hypervisor rootkits are more difficult to detect
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More informationCHAPTER 8 FIREWALLS. Firewall Design Principles
CHAPTER 8 FIREWALLS Firewalls can be an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationkey distribution requirements for public key algorithms asymmetric (or public) key algorithms
topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 12: Database Security Department of Computer Science and Engineering University at Buffalo 1 Review of Access Control Types We previously studied four types
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More informationComputer and Network Security
Computer and Network Security c Copyright 2000 R. E. Newman Computer & Information Sciences & Engineering University Of Florida Gainesville, Florida 32611-6120 nemo@cise.ufl.edu Network Security (Pfleeger
More informationSecurity: Focus of Control
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationDistributed Systems Principles and Paradigms
Distributed Systems Principles and Paradigms Chapter 09 (version April 7, 2008) Maarten van Steen Vrije Universiteit Amsterdam, Faculty of Science Dept. Mathematics and Computer Science Room R4.20. Tel:
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.
More informationCS 356 Internet Security Protocols. Fall 2013
CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationfirewalls perimeter firewall systems firewalls security gateways secure Internet gateways
Firewalls 1 Overview In old days, brick walls (called firewalls ) built between buildings to prevent fire spreading from building to another Today, when private network (i.e., intranet) connected to public
More informationSecurity Device Roles
Kennesaw State University DigitalCommons@Kennesaw State University KSU Proceedings on Cybersecurity Education, Research and Practice 2017 KSU Conference on Cybersecurity Education, Research and Practice
More informationProxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking
NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationOperating Systems Design Exam 3 Review: Spring Paul Krzyzanowski
Operating Systems Design Exam 3 Review: Spring 2012 Paul Krzyzanowski pxk@cs.rutgers.edu 1 Question 1 An Ethernet device driver implements the: (a) Data Link layer. (b) Network layer. (c) Transport layer.
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More information5. Authentication Contents
Contents 1 / 47 Introduction Password-based Authentication Address-based Authentication Cryptographic Authentication Protocols Eavesdropping and Server Database Reading Trusted Intermediaries Session Key
More informationNetwork Security. Course notes. Version
Network Security Course notes Version 2013.1 2 Contents 1 Firewalls 1 1.1 Location of a firewall................................... 2 2 Intrusion Detection 3 2.1 Concepts of Intrusion detection.............................
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationCS Final Exam
CS 600.443 Final Exam Name: This exam is closed book and closed notes. You are required to do this completely on your own without any help from anybody else. Feel free to write on the back of any page
More informationSE420 Software Quality Assurance
SE420 Software Quality Assurance Encryption Backgrounder September 5, 2014 Sam Siewert Encryption - Substitution Re-map Alphabet, 1-to-1 and On-to (function) A B C D E F G H I J K L M N O P Q R S T U V
More informationFrom Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005
Chapter 7: Security From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edition 4 Introduction Security policies Provide for the sharing of resources within specified limits
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationChapter 19 Security. Chapter 19 Security
Chapter 19 Security Outline 19.1 Introduction 19.2 Cryptography 19.2.1 Secret-Key Cryptography 19.2.2 Public-Key Cryptography 19.3 Authentication 19.3.1 Basic Authentication 19.3.2 Biometrics and Smart
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationEEC-682/782 Computer Networks I
EEC-682/782 Computer Networks I Lecture 24 Wenbing Zhao wenbingz@gmail.com http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB
More informationSecurity and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationFeatures of a proxy server: - Nowadays, by using TCP/IP within local area networks, the relaying role that the proxy
Que: -Proxy server Introduction: Proxy simply means acting on someone other s behalf. A Proxy acts on behalf of the client or user to provide access to a network service, and it shields each side from
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
More informationCryptography and Network Security
Security Sixth Edition Chapter 1 Introduction Dr. Ahmed Y. Mahmoud Background Information Security requirements have changed in recent times traditionally provided by physical and administrative mechanisms
More informationSecurity in Computing
1111 --" iiimiitlll Security in Computing Second Edition Charles P. Pfleeger Trusted Information Systems, Inc. Prentice-Hall International, Inc. * Contents PREFACE 1 ISTHERE A SECURITY PROBLEM IN COMPUTING?
More informationThe Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,
1 The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME, PGP), client/server (Kerberos), Web access (Secure Sockets
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationFirewalls 1. Firewalls. Alexander Khodenko
Firewalls 1 Firewalls Alexander Khodenko May 01, 2003 Firewalls 2 Firewalls Firewall is defined as a linkage in a network, which relays only those data packets that are clearly intended for and authorized
More informationDO NOT OPEN UNTIL INSTRUCTED
CS 378 - Network Security and Privacy Spring 2017 FINAL May 3, 2017 DO NOT OPEN UNTIL INSTRUCTED YOUR NAME: Collaboration policy No collaboration is permitted on this exam. Any cheating (e.g., submitting
More informationCHAPTER 8 SECURING INFORMATION SYSTEMS
CHAPTER 8 SECURING INFORMATION SYSTEMS BY: S. SABRAZ NAWAZ SENIOR LECTURER IN MANAGEMENT & IT SEUSL Learning Objectives Why are information systems vulnerable to destruction, error, and abuse? What is
More informationNetwork Security Chapter 8
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More informationSECURITY IN COMPUTING, FIFTH EDITION
1 SECURITY IN COMPUTING, FIFTH EDITION Chapter 7: Database Security 2 Database Terms Database administrator Database management system (DBMS) Record Field/element Schema Subschema Attribute Relation 3
More informationDistributed Systems. Fall 2017 Exam 3 Review. Paul Krzyzanowski. Rutgers University. Fall 2017
Distributed Systems Fall 2017 Exam 3 Review Paul Krzyzanowski Rutgers University Fall 2017 December 11, 2017 CS 417 2017 Paul Krzyzanowski 1 Question 1 The core task of the user s map function within a
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationFundamentals of Network Security v1.1 Scope and Sequence
Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationProtection and Security
Protection and Security CS 502 Spring 99 WPI MetroWest/Southboro Campus Three Circles of Computer Security Inner Circle Memory, CPU, and File protection. Middle Circle Security Perimeter. Authentication
More informationComputer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 10. Exam 2 Review Paul Krzyzanowski Rutgers University Spring 2017 March 23, 2018 CS 419 2017 Paul Krzyzanowski 1 Question 1(a) Suppose you come across some old text in the form GEPPQ
More informationProf. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG
Lecture 13: Security Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 13-1 Network Assets and Security Threats Assets: Hardware (PC, workstation,
More informationChapter 5: Database Security
i Chapter 5: Comp Sci 3600 Outline i 1 2 i 3 4 5 Outline i 1 2 i 3 4 5 What is a i Structured collection of data stored for use by one or more applications Contains the relationships between data items
More informationSystem Structure. Steven M. Bellovin December 14,
System Structure Steven M. Bellovin December 14, 2015 1 Designing a System We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin December 14, 2015
More informationCSC 6575: Internet Security Fall 2017
CSC 6575: Internet Security Fall 2017 Network Security Devices IP Security Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee Tech University 2 IPSec Agenda Architecture
More informationTest 2 Review. (b) Give one significant advantage of a nonce over a timestamp.
Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x)
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationWired internetworking devices. Unit objectives Differentiate between basic internetworking devices Identify specialized internetworking devices
Wired internetworking devices Unit objectives Differentiate between basic internetworking devices Identify specialized internetworking devices Topic A Topic A: Basic internetworking devices Topic B: Specialized
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationSirindhorn International Institute of Technology Thammasat University
Name.............................. ID............... Section...... Seat No...... Sirindhorn International Institute of Technology Thammasat University Course Title: IT Security Instructor: Steven Gordon
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationComputer Security and Privacy
CSE P 590 / CSE M 590 (Spring 2010) Computer Security and Privacy Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationTest 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.
Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x)
More informationNetwork Security - ISA 656 IPsec IPsec Key Management (IKE)
Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating
More informationAuthentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005
Authentication in real world: Kerberos, SSH and SSL Zheng Ma Apr 19, 2005 Where are we? After learning all the foundation of modern cryptography, we are ready to see some real world applications based
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationAgenda of today s lecture. Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall
Agenda of today s lecture Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall Firewalls in General S-38.153 Security of Communication Protocols Antti Lehtonen 29.4.2003 firewalls
More informationMalware, , Database Security
Malware, E-mail, Database Security Malware A general term for all kinds of software with a malign purpose Viruses, Trojan horses, worms etc. Created on purpose Can Prevent correct use of resources (DoS)
More informationSystems and Network Security (NETW-1002)
Systems and Network Security (NETW-1002) Dr. Mohamed Abdelwahab Saleh IET-Networks, GUC Spring 2017 Course Outline Basic concepts of security: Attacks, security properties, protection mechanisms. Basic
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationCS 425 / ECE 428 Distributed Systems Fall 2017
CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy) Dec 5, 2017 Lecture 27: Security All slides IG Security Threats Leakage Unauthorized access to service or data E.g., Someone knows your
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationOverview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter
Computer Network Lab 2017 Fachgebiet Technische Informatik, Joachim Zumbrägel Overview Security Type of attacks Firewalls Protocols Packet filter 1 Security Security means, protect information (during
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationOperating Systems Design Exam 3 Review: Spring 2011
Operating Systems Design Exam 3 Review: Spring 2011 Paul Krzyzanowski pxk@cs.rutgers.edu 1 1. Why does an IP driver need to use ARP, the address resolution protocol? IP is a logical network. An IP address
More information