AIT 682: Network and Systems Security

Similar documents
CIS 6930/4930 Computer and Network Security. Final exam review

CIS 6930/4930 Computer and Network Security. Topic 8.2 Internet Key Management

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Authentication Handshakes

CSCE 715: Network Systems Security

CSC/ECE 574 Computer and Network Security. Outline. Key Management. Key Management. Internet Key Management. Why do we need Internet key management

Outline. CSC/ECE 574 Computer and Network Security. Key Management. Security Principles. Security Principles (Cont d) Internet Key Management

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Outline. Key Management. Security Principles. Security Principles (Cont d) Escrow Foilage Protection

Outline. Key Management. CSCI 454/554 Computer and Network Security. Key Management

CSCI 454/554 Computer and Network Security. Topic 8.2 Internet Key Management

IP Security II. Overview

CSC 6575: Internet Security Fall 2017

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Chapter 5: Network Layer Security

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

Cryptography and Network Security. Sixth Edition by William Stallings

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

Trusted Intermediaries

AIT 682: Network and Systems Security

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

INFS 766 Internet Security Protocols. Lectures 7 and 8 IPSEC. Prof. Ravi Sandhu IPSEC ROADMAP

CSC 474/574 Information Systems Security

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Outline. 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE

Information Security & Privacy

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Chapter 6/8. IP Security

Configuring VPN from Proventia M Series Appliance to Proventia M Series Appliance

Table of Contents 1 IKE 1-1

CMSC 414 S09 Exam 2 Page 1 of 6 Name:

Virtual Private Network

Transport Level Security

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

Network Security Chapter 8

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Sample excerpt. Virtual Private Networks. Contents

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router

Application Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer

IP Security IK2218/EP2120

Cisco Live /11/2016

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Configuration of an IPSec VPN Server on RV130 and RV130W

CSE509: (Intro to) Systems Security

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

Configuring VPN from Proventia M Series Appliance to NetScreen Systems

8. Network Layer Contents

CSC Network Security

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1

Introduction to IPsec. Charlie Kaufman

Firewalls, Tunnels, and Network Intrusion Detection

Network Security and Cryptography. December Sample Exam Marking Scheme

Network Security: IPsec. Tuomas Aura

IP Security. Cunsheng Ding HKUST, Kong Kong, China

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11

VPN Auto Provisioning

Information Security CS 526

Index. Numerics 3DES (triple data encryption standard), 21

Fun with Crypto keys and protocols. some Bishop, some Jim, some RA

Virtual Private Networks

Security Handshake Pitfalls

CS 494/594 Computer and Network Security

INDEX. Symbols. 3DES over4 mechanism to4 mechanism...101

VPNs and VPN Technologies

Network Encryption 3 4/20/17

Real-time protocol. Chapter 16: Real-Time Communication Security

CSC Network Security

CIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols

CTS2134 Introduction to Networking. Module 08: Network Security

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Securing Networks with Cisco Routers and Switches

IP Security Part 1 04/02/06. Hofstra University Network Security Course, CSC290A

EEC-682/782 Computer Networks I

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.

IPSec. Overview. Overview. Levente Buttyán

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Introduction and Overview. Why CSCI 454/554?

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Network Security - ISA 656 Review

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

David Wetherall, with some slides from Radia Perlman s security lectures.

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

CIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries

review of the potential methods

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

Chapter 11 The IPSec Security Architecture for the Internet Protocol

IPSec Network Applications

Information Security: Principles and Practice Second Edition. Mark Stamp

Transcription:

AIT 682: Network and Systems Security Final Exam Review Instructor: Dr. Kun Sun

Topics covered by Final Topic before Midterm 10% Topic after Midterm 90% Date: 12/13/2017 7:30am 10:15am Place: the same classroom Open book/notes exam No laptop/tablet/smartphones etc. 2

Topics covered by MidTerm Topic 1. Basic Concepts Topic 2. Basic Cryptography Topic 3. Secret Key Cryptography Topic 4. Hash Functions Topic 5. Basic Number Theory and Public Key Cryptography 3

Topics covered after MidTerm Topic 6. Identification and Authentication Topic 7. Trusted Intermediaries Topics 8.1-2 IPsec and IKE Topic 8.3 SSL/TLS Topic 8.4 Firewalls and IDS 4

Topic 6. Identification and Authentication Be able to explain the concepts of authentication and identification. Be able to give examples of authentication mechanisms. Be able to explain general approaches for authentication in large networks using trusted intermediaries (KDC and CA), and explain what are KDC, CA, and CRL. Be able to explain the general basis of user authentication (what the user knows, where the user can be reached, what the user is, and what the user has). 5

Topic 6. Identification and Authentication (cont d) Be able to explain what is password based user authentication, threats to password based authentication, how to store user passwords in computer systems. Be able to explain dictionary attacks (both online and offline). Be able to describe the password salt mechanism used to mitigate dictionary attacks and its effectiveness against online and offline dictionary attacks. Be able to explain the one-time password mechanisms, including S/Key and time synchronized authentication tokens. Be able to explain biometrics based user authentication and give examples of such approaches. Be able to explain the key metrics for biometrics authentication, including false positives and false negatives. 6

Topic 6. Identification and Authentication (cont d) Be able to explain typical attacks against authentication protocols, including eavesdropping, deleting, forging, modifying, replaying, reflection attacks, and delaying attacks. Be able to illustrate the above attacks using examples. Be able to describe defenses against the above attacks. Be able to describe the Needham-Schroeder protocol. Be able to explain the "old-key attack" against the Needham- Schroeder protocol and the three countermeasures (timestamp, expanded N-S, and Ottay-Ree protocol). 7

Topic 7. Trusted Intermediaries Be able to explain the general way KDC based trusted intermediaries are used. Be able to describe the Kerberos V4 protocol, and explain which parts of the protocol help achieve (1) centralized authentication service, (2) protection of user passwords, and (3) anti-replay attack capability. Be able to describe Kerberos inter-realm authentication. 8

Topic 7. Trusted Intermediaries (cont d) Be able to explain the general way PKI is used. Be able to explain what is a CA, and describe the ways that multiple CAs are organized in large networks. Be able to explain what is CRL and delta CRL. 9

Topics 8.1-2 IPsec and IKE Be able to describe the IPsec architecture, IPsec Security Association (SA), SA bundle, Security Parameter Index (SPI). Explain the purpose of Security Policy Database (SPD), Secure Association Database (SAD), and Internet Key Exchange (IKE) modules in the IPsec architecture. Be able to describe the IPsec Authentication Header (AH) and Encapsulating Security Payload (ESP) protocols as well as Tunnel and Transport modes. Be able to describe the difference in the authentication capabilities provided by AH and ESP. 10

Topics 8.1-2 IPsec and IKE (cont d) Be able to describe the anti-replay feature in IPsec ESP. Be able to explain the IPsec outbound processing and inbound processing. Be able to explain the security principles for Internet key management, particularly the property of Perfect Forward Secrecy (PFS). Be able to describe the (only known) way to achieve PFS (ephemeral D-H). Be able to describe the separation of key establishment and key management in Internet key management. Be able to describe the SKIP protocol for sessionless IPsec key management. 11

Topics 8.1-2 IPsec and IKE (cont d) Be able to describe the Oakley key establishment protocol and explain the mechanisms to defeat (1) resource clogging attacks (i.e., Cookie), (2) replay attacks (i.e., nonce), and (3) man-in-the-middle attacks (i.e., with authentication). Be able to explain high-level issues of ISAKMP protocol, including the protocol structure (2 phases), protocol message construction (i.e., with different types of payloads), and exchange types. Be able to explain the following ISAKMP exchanges: basic exchange, ID protection exchange, authentication only exchange, aggressive exchange, and informational exchange. 12

Topics 8.1-2 IPsec and IKE (cont d) Be able to explain the IKE protocol, including the phase 1 exchanges using (1) signature authentication, (2) authentication with public key encryption, (3) authentication with revised public key encryption, and (4) authentication with preshared key in both main mode and aggressive mode. In each case, be able to explain how authentication is achieved, how PFS is achieved, and how ID protection is achieved. 13

Topic 8.3 SSL/TLS Be able to explain the basic facts of SSL/TLS, including its protocol architecture, its subprotocols and their objectives, basic SSL functionalities (authentication, secrecy, compression, generation and distribution of keys, security parameter negotiation), and SSL connection and session. Be able to describe the SSL record protocol operations (outbound and inbound). Be able to describe the SSL handshake protocol operations (4 phases), the generation of master secret and cryptographic parameters. 14

Topic 8.3 SSL/TLS (cont d) Be able to describe the change cipher spec protocol, and explain how the cryptographic parameters negotiated in the handshake protocol take effect through the change cipher spec protocol. Be able to give examles of application protocols that run on top of SSL (https, smtps, nntps, ftps, pop3s, imaps). 15

Topic 8.4 Firewalls and IDS Be able to explain the following concepts: firewall DMZ firewall capabilities, including logging traffic, network address translation, encryption/decryption, application payload transformation limitations of firewalls Be able to explain basic firewall technologies packet filters session filters application-level proxies circuit level proxies 16

Topic 8.4 Firewalls and IDS (cont d) Be able to explain the following basic concepts on IDS Anomaly detection misuse detection (or signature-based detection, rule-based detection) False positive rate False negative rate Host-based IDS Network-based IDS Base rate fallacy 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback