1 / 12

Computer and Network Security

Computer and Network Security. Mini Lecture by Milica Barjaktarovic. Why do we need computer security?. Potentially very costly loss of data and/or equipment due to: Hardware and software failures Natural disasters External attacks: From the Internet Internal attacks: From employees.

joy-nolan
Télécharger la présentation

Computer and Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer and Network Security Mini Lecture by Milica Barjaktarovic

  2. Why do we need computer security? • Potentially very costly loss of data and/or equipment due to: • Hardware and software failures • Natural disasters • External attacks: • From the Internet • Internal attacks: • From employees

  3. Disaster prevention and recovery • Disaster scenarios • Backup/restore procedures • Network fault tolerance • Attack protection: • Network-based intrusion detection • Detect dangers coming into our network from the outside and going from our network to the outside • Host-based intrusion detection • Detect tampering with individual hosts

  4. Protecting Data and Networks • Data/file types: • Public, internal, confidential, secret • On UNIX: set file permission with chmod • On PC: file permission window • Network access levels: • Local, remote, public • Solution: LAN behind a firewall

  5. Attacks 101 • Types: • Internal attack • Organizational attacks • Accidental security breaches • Ways of attacking: • Social engineering • Denial of Service (DoS) • Automated computer attacks • Probing (precursor to a real attack) • SATAN, ISS tools • Spoofing • Viruses, worms, trojan horses • Spamming • Steganography • Players: • Hackers • Security analysts • Security watchdogs (e.g. CERT) and resources (e.g. SANS)

  6. Organizational Attacks and Defense • Organizational attacks: • For (financial) crime • For terrorism/espionage • Organizational defense: • By the military: mandatory access controls, levels of security, Orange Book, professional and numerous security analysts • By corporations: system administrators often doubling as security analysts • Firewalls • Network and host intrusion detection • Tight grip on employees • Security evaluation and certification • Cryptographic services

  7. Cryptography 101 • Cryptography allows production and exchange of “secret messages” • Cryptography is used to provide security services: • Privacy • Only the intended recipient can access data • Authentication • The identity of communicating parties can be verified • Message integrity • Nobody tampered with the message • Cryptography utilizes: • cryptographic hash functions: • provide a way to “scramble” data. No possibility of unscrambling. • cryptographic algorithms: • provide a way to “scramble” data using a specific key. The data can be “unscrambled” only with another specific key.

  8. Cryptographic Hash Functions • A hash functionH is a mathematical transformation that takes an input message m and returns a fixed-size string, which is called the hash value h • h = H(m) • A cryptographic hash function is a hash function with additional properties: • The input can be of any length. • The output has a fixed length. • H(x) is relatively easy to compute for any given x. • H(x) is one-way. • H(x) is collision-free. • A hash function H is said to be one-way if it is hard to invert, where ``hard to invert'' means that given a hash value h, it is computationally infeasible to find some input x such that H(x) = h. • A hash function H is said to be a weakly collision-free if, given a message x, it is computationally infeasible to find a message y not equal to x such that H(x) = H(y). • A hash function H is said to be strongly collision-free if it is computationally infeasible to find any two messages x and y such that H(x) = H(y).

  9. Cryptographic Algorithms • Secret key (e.g. DES) • The same secret key is used to scramble and unscramble data • Pros: only one key • Cons: both parties must share the same key • Public key (e.g. RSA) • The sender scrambles with receiver’s public key, the receiver unscrambles with his private key • Pros: the public keys can be publicly posted • Cons: how do you distribute public keys in a trustworthy manner • PKI (Public Key Infrastructure) and X.509 standard for public key distribution • Chain of trust of Certification Authorities (CAs)

  10. Protecting a Message: Levels of Protection Strength • CRC • Message digest (i.e. message hash) • Message digest is the string obtained by applying a cryptographic hash function to message • Cryptographic hash function is an irreversible, collision-free hash function that takes as input data of any length and produces a fixed length string • Sample algorithms: MD2, MD5, SHA. • Encrypted message • Obtained by applying a cryptographic algorithm (public or secret key) to message • Sample algorithms: RSA, DES, Blowfish, IDEA, etc. • Crypto++ library http://www.amasci.com/~weidai/cryptlib.html

  11. Cryptographic Applications • Message Integrity Code (MIC): • A fixed-length quantity generated cryptographically and associated with the message. Usually: compute message digest (i.e. message hash) and encrypt it, usually using secret key cryptography. • Digital Signature (Digital Signature Algorithm (DSA)) • the sender encrypts message using his private key, recipient verifies it using sender’s public key. Usually: compute message digest and then encrypt it. • Secure email • PGP assumes that each user decides whom to trust • PEM assumes a rigid hierarchy of CAs • Transmitting over insecure channel (virtual encrypted tunnel) • Tunneling protocols: • Point-to-point • Layer 2 tunneling protocol (L2TP) / IPsec • Secure storage on insecure media • Authentication • 3-way handshake • Third trusted party • Digital signature: the sender signs using his private key, others verify it using the sender’s public key

  12. Network Security • Firewalls: • Filter based • Proxy based • Application level security (e.g. HTTPS) • Transport layer security • TSL (Secure Transport Layer) • E-commerce, public key, 3-way handshake • Network Layer Security: • IPsec • SSL (Secure Sockets Layer)

More Related