1 / 22

CISC 210 - Class Today

CISC 210 - Class Today. Project Schedule Upcoming Lab Recap Protocols and Layering Network Encryption Link vs Network vs Application. Project Schedule. April 22: 1 week after Easter Project Proposal DUE You want to start working on the project NOW

fauve
Télécharger la présentation

CISC 210 - Class Today

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CISC 210 - Class Today • Project Schedule • Upcoming Lab • Recap • Protocols and Layering • Network Encryption • Link vs Network vs Application R. Smith - University of St Thomas - Minnesota

  2. Project Schedule • April 22: 1 week after Easter • Project Proposal DUE • You want to start working on the project NOW • You want to have your team in place ASAP • April 27: 1 week later • Project OUTLINE Due • The outline is a bit of work • It counts for a chunk of the assignment (20% or so) • DON’T MESS IT UP R. Smith - University of St Thomas - Minnesota

  3. The Lab • Lab Objective: map the lab machines • Lab Groups • I’ve assigned groups via e-mail – I’ll also post groups • Do the labs as a group (this one and future ones) • If you want to trade group members, talk to me FIRST • Where to do it • Lab down the hall – OSS 428 • When to do it • I’ll set up a schedule • OR – do it on your own time if you have card access R. Smith - University of St Thomas - Minnesota

  4. Recap • Wireless LANs - recap • Link Encryption – book style • Link encryption – LAN style • WEP • WPA • Clipper and Escrowed Encryption R. Smith - University of St Thomas - Minnesota

  5. Protocols and Layers • We use layering for several things • Organize the software • Format the packets • What it really does: Establish a relationship between software components on different computers • Layers communicate with each other at same layer • IP – IP or TCP – TCP or HTTP – HTTP • They ‘use’ the lower layers to carry their messages R. Smith - University of St Thomas - Minnesota

  6. Protocol Layering Examples • Network class – bear with me • Pizza delivery example • How do we order pizza at a party? R. Smith - University of St Thomas - Minnesota

  7. Network Protocol Layering Usually a ‘funnel’ shape • Top level = Applications • Lots of choices: e-mail, web, file exchange, • Uses ‘socket interface’ to talk to networks • Mid levels = “The Protocol Stack” • Transport layer: UDP/TCP • Internet layer: IP • Link layer: LAN protocols • Bottom level = device driver connections • Hardware-specific software, configuration • Uses device driver interface to link to the protocol stack • Uses a cable or antenna to link to the network R. Smith - University of St Thomas - Minnesota

  8. Packets follow the layers • Upper layer data = innermoust • Lower layer data = outermost • Innermost data usually travels the network unchanged • Outermost data gets swapped with each hop through a router R. Smith - University of St Thomas - Minnesota

  9. Addressing • Reachability => what address you have • Layer 2 addresses can’t traverse Layer 3 R. Smith - University of St Thomas - Minnesota

  10. A Routing Exercise • LAN 1: hosts A, B, C • LAN 2: hosts D, E, F • LAN 3: hosts G, H, I • Layer 3 Router connects LANs 1 and 2 • Given MAC addresses • Can A reach: C, D, F, H • Can G reach I, D, A • Given IP addresses • Answer above questions again R. Smith - University of St Thomas - Minnesota

  11. The Network Security Problem • Protection is usually local • Network data travels to remote locations R. Smith - University of St Thomas - Minnesota

  12. Risk: Eavesdropping • An established social tradition (“party lines”) R. Smith - University of St Thomas - Minnesota

  13. Risk: Forgery • Who really sent the message? R. Smith - University of St Thomas - Minnesota

  14. Risk: Replay • If a message worked once, why not again, • and again? R. Smith - University of St Thomas - Minnesota

  15. How do we fix this? • Again, it depends on policy • What are we really trying to achieve (“the big picture”) • What are the real risks to that big picture? • Practical networking choices • Should/must the users control the defenses? • Can/should they choose what gets protected? • Can we isolate the users in a safe but restrictive “bubble”? • If not, what access do they need to the ‘outside’? • What external, secure connections do we need? • Are they ad-hoc, or can we anticipate them? • Risk Assessment • Which threats matter: eavesdropping, forgery, replay? R. Smith - University of St Thomas - Minnesota

  16. Security and the Protocol Stack Application • We get different results by putting protection in different places in the protocol architecture TCP/UDP Layer Protocol Stack IP Layer Link Layer Device Driver R. Smith - University of St Thomas - Minnesota

  17. Security and the Protocol Stack PGP Classic layer-oriented examples of crypto protocols • Application: PGP • encrypts application data • Trans->App: SSL • encrypts the connection • IP->Transport: IPSEC • encrypts routable packets • Link Level: WEP/WPA • encrypts LAN packets Application SSL TCP/UDP Layer IPSEC Protocol Stack IP Layer Link Layer Device Driver WEP/WPA R. Smith - University of St Thomas - Minnesota

  18. How Crypto works in the stack • “Above” a crypto layer • Data is assumed to be in plaintext form • “At” a crypto layer • We convert between plaintext and ciphertext • We have access to some keys • We generate some plaintext headers • Some header info may be encrypted or protected otherwise • “Below” the crypto layer • New network headers are added in plaintext R. Smith - University of St Thomas - Minnesota

  19. How it works Geographically • Application layer encryption • “End to end security” – routable, and inaccessible to others • Defeats intermediate virus scans, intrusion detection • Applied at the discretion of the end user (usually) • Socket layer encryption • Application-application security – similar to application layer • Often applied automatically under control of the server • Sometimes it is a user-level option • IPSEC – IP Security Protocols • Internet layer security – protects routable packets, per-packet • Protects all Internet application traffic equally • Often a substitute for inter-site leased lines R. Smith - University of St Thomas - Minnesota

  20. Diagramming the Crypto • Elements • Protocol stack elements • Where the crypto goes • What is encrypted • What is plaintext R. Smith - University of St Thomas - Minnesota

  21. Let’s visit the lab • It’s down the hall R. Smith - University of St Thomas - Minnesota

  22. That’s it • Questions? Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. R. Smith - University of St Thomas - Minnesota

More Related