1 / 81

Course Review

Course Review. Examination Format. Two Sections: Section A: Compulsory (25%) : Generic areas Section B: Choose Three questions out of four questions (75%) Specialised areas such as: In-line encryptor, IPSEC, SSL/SET, Server side. Firewall, Policy NO Multiple Choice. Examination Content.

Sharon_Dale
Télécharger la présentation

Course Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Course Review Y KChoi

  2. Examination Format • Two Sections: • Section A: Compulsory (25%) : Generic areas • Section B: Choose Three questions out of fourquestions (75%) Specialised areas such as: • In-line encryptor, IPSEC, SSL/SET, Server side. Firewall, Policy • NO Multiple Choice Y KChoi

  3. Examination Content • Test your • General awareness: definition • Understanding: description, calculation, drawing • In-depth knowledge : application • In-depth skill: problem solving Y KChoi

  4. Examination Hour • 2 hours: 120 minutes • Time management: • 100 minutes to work out your questions • 20 minutes: to review your work and read questions • Please note that 1 minute == 1 mark Y KChoi

  5. Examination Techniques • State or define: give the definition only, no need to say anything that is not relevant. For example, state the definition of security, no need to mention security is important to the Internet, pad lock is used to protect door etc. • Briefly describe or list: simply list out the points, no need to comment. For example, list two means to physically protect your server room. Install a pad lock and security alarm, no need to say that digital lock is better etc. • Compare: write sown the similarities and differences. For example, compare the pad lock and digital lock, you should write down the similarity : to protect the system, the difference: the former is to use a key while the latter is to use a password etc. Y KChoi

  6. Examination Techniques • Draw/sketch: draw a block diagram. • Suggest/give a solution: write down solution together with at least one sentence to explain why it works. • Determine/calculate: compute the values. • Describe: put down your detailed explanation. Y KChoi

  7. Suggestion for your review 1) Go through each lecture 2) Work out the on-line questions 3) Go through the materials from the textbook or additional information on the web 4) repeat 1 to 3, unless you finish all lectures 5) review the examination techniques 6) attempt the examination specimen to see whether you know how to do it. Y KChoi

  8. What is Computer Security? – L1 Computer security is a protection that is afforded to an information system in order to attain the applicable objectives or preserving the integrity, availabilityandconfidentiality of information system resources. The information resources include hardware, software, information and data. Computer security Three objectives Y KChoi

  9. Three layers on Security • Physical security • Layer 2 – in line encryptor, point to point • Layer 3 – IPSEC • Layer 4 – SSL/SET • PKI, symmetric key • Server • Firewall • Contents and Language, Java Technology Procedure or Policy Law Y KChoi

  10. Areas of Vulnerability There are four basic items • Hardware: physical devices • Software: without the OS, applications and network, it cannot run • Data: the essence of computer systems • People: can cause a great deal of damage Y KChoi

  11. People – Computer Criminals Four areas of computer crime • Theft of computer time: common practice to remote log into the system (not common in the Internet). This includes the time it takes to repair the computer system after infected by virus, bomb etc. • Theft of data: physical remove data from files • Manipulation of computer programs: change or insert/delete program • Software piracy: illegal copying of software Y KChoi

  12. Threats to security • Natural disasters: such as fire, floods, windstorms, earthquakes etc. We can do little to prevent natural disasters • Malfunctions: It cause much less damage, but occur frequently such as power surges, stray electrical forces, dust, operation error etc. Y KChoi

  13. Security Measures • Passwords: the most common means of user authentication. Generally used. Rules of choosing password: • Encryption: Encrypt the data. There are many standards such as Data Encryption Standard (DES) by IBM • Control: from planning to final implementation. This involves the progress review and acceptance test, post-installation review and periodic audits • Contingency planning: It is the backup plan in case an event my or may not occur. For example, if the application cannot operate, what should you do? (go back to manual system) Y KChoi

  14. Physical Protection – L2 Identify the natural disasters that threaten systems Determine the damage assessment and reconstruction techniques Design and select the physical location of a computer servers Measure the air conditioning and power supply sources for computer center, servers and communication equipment Describe the various access control mechanisms Y KChoi

  15. Type of Natural Disasters in Hong Kong Storms Radiation Fire Floods Y KChoi

  16. Computer Room • A typical computer room with protection Y KChoi

  17. Web Security – L3 From ordinary users: it means the ability to browse the web in peace For advanced users: it means the ability to conduct commercial transaction safely. For example, you are buying a toy over the Internet and is entering your visa number. You don’t want this information to be tapped by unauthorized persons. Y KChoi

  18. Three Parts of Web security Browser • Web browser • The internet • Server Browser Internet Server Y KChoi

  19. Web security – three parts • Client-side security – To protect users’ privacy and integrity of his/her computer (browser) • Server-side security – To protect the server from break-ins and denial-of-service (sends huge garbage to make it unavailable) • Document confidentiality – To protect private information from being disclosed to third parties. . Y KChoi

  20. end user connecting to Internet Service Provider (ISP) Y KChoi

  21. Risk to the Web server – three types • Webjacking – The website is redirected to other location or the content is modified. The term is similar hi-jacking. • Server break-ins – The server is broken by intruders. You can use firewall to protect your server. • Denial-of-service (Dos) attack – A hacker cannot break your site but can send a huge garbage to make your site unavailable. Y KChoi

  22. What is Cryptography? (L3) • The word comes from the Greek. It means “secret writing”. Y KChoi

  23. Four basic parts DES Algorithm How are you? IUt670,. Plaintext Ciphertext 1234 Key Y KChoi

  24. How to Crack? (means break) (1) • Cryptanalysis: try to analyse the ciphertext to guess the meaning. For example, if the plaintext” How are you?” is converted to “uyi89rty89qwe89=“, we understand that “89” is used to replace the “space”. Of course, most of them are complicate and cannot be analyzed in this way. • Brute-force attack:Guess the key Y KChoi

  25. How to Crack? • If the key is two-digit number from 00 to 99, we can try 100 times, then we know the key. The average attempt is 100/2 = 50 times, as the key might be 12 or 86, we don’t need to try all of them. (In this case, the lock is an algorithm.) • An example, a numerical lock consists of three digits and you take 3 seconds to attempt one combination. How long you think you can break this lock? 3 x 1000/2 = 1500s = 25 minutes Y KChoi

  26. Types of Cryptography • Symmetric: use the same key to encrypt and decrypt the message • Asymmetric: sender uses recipients’ public key to encrypt and the recipient uses private key to decrypt. Y KChoi

  27. Symmetric Cryptography Y KChoi

  28. Asymmetric Cryptography • It is also called public key cryptography. • It uses two keys separately to encrypt and decrypt message which is safer than symmetric cryptography as the key cannot be reproduced. Y KChoi

  29. Digital Signature • The reversal of public key encryption • It uses sender’s private and public key rather than recipients’ public and private key. Y KChoi

  30. Example - encryption • Assume the plaintext is 1 1 0 0 • And the key is 1 0 1 0 • The encrypted message (ciphertext) using exclusive-or is: 1 1 0 0 (plaintext) 1 0 1 0 (key) 0 1 1 0 (Ciphertext) Y KChoi

  31. Type of Ciphers • Stream cipher: • It is designed to accept a crypto key and a steam of plaintext to produce a stream of ciphertext • Block cipher • It is designed to take a block of a particular size, encrypt them with a key of a particular size and yield a block of cipertext block that is the same size of he plaintext block. Y KChoi

  32. Diagram of Electronic Code Book Y KChoi

  33. Cipher Block Chaining Y KChoi

  34. Cipher Feedback Y KChoi

  35. Output Feedback Y KChoi

  36. Message Digest Functions • Message digest mean: Authentication without Encryption • Some times we only want authentication, but do not care about whether has been encrypted or not. • e.g., Message broadcast from authorized source (from Mr. Tung of SAR) Y KChoi

  37. Digital Envelope Send both the ciphertext and digital envelope Y KChoi

  38. Certifying Authorities and the Public Key Infrastructure • The public key cryptography works well only the sender knows the recipient’s public key. • You can image the problem. If you have 100 recipients, you have to keep a small database of the 100’s public keys in your PC or ask the recipient to send you the public key. Y KChoi

  39. How you handle a signed certificate • Before the sender sends a secure message, the sender ask the recipients to present a signed certificate. (This has been certified by CA) • The sender decrypts the signed hash with the CA’s known public key to verify that the public key, name, and other identifying information. • The sender now uses the public key to send a message with confidence that it is the correct one. Y KChoi

  40. Link Encryption (L5) What is Link Security? Link security objectives by link encryption In-line encryptor hardware Point to point deployment IP-routed development Y KChoi

  41. What is link security protocol? • Designed to hide secrets • Development to protect data against forgery (false data). • Can simply fit into existing Internet applications. • In Data link layer (layer 2) Y KChoi

  42. Inside in-line encryptor Y KChoi

  43. Example of Replay Attacks False Y KChoi

  44. How to solve this? • Each plaintext message must have an extra information such as message number. Y KChoi

  45. Example of Rewrite • Here, the encrypted message is modified via a switcher. Y KChoi

  46. Deployment – Point to point • This deployment uses a pair of trusted lines between a pair of hosts. • There is no need to connect to the Internet. • For example, you can apply for a leased line via Pacific Century Cyber Work (PCCW) between two computers (example from Central to Kowloon Tong) or use VPN Y KChoi

  47. Point to point – Connection • Each host’s data link is connected to the plaintext port of in-line encryptor. It is commonly used in military applications. Protect Y KChoi

  48. Ip routed network diagram Y KChoi

  49. Site Protection – Unsafe arrangement • The workstation out of physical protection is unsafe. Y KChoi

  50. IPSec (Security at the IP Layer) L6 • Security Objectives and issues associated with IPSEC • Overview of Network-Layer IP security • Cryptographic checksums for message integrity protection • IPSEC encryption and authentication headers Y KChoi

More Related