Download
cs 285 network security n.
Skip this Video
Loading SlideShow in 5 Seconds..
CS 285 Network Security PowerPoint Presentation
Download Presentation
CS 285 Network Security

CS 285 Network Security

145 Vues Download Presentation
Télécharger la présentation

CS 285 Network Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. CS 285 Network Security Fall 2008

  2. Course Information • When and Where • Tuesday/Thursday 11am-12:15pm • 209 Featheringill Hall • Instructor: Yuan Xue (yuan.xue@vanderbilt.edu) • Office: 383 Jacobs Hall, Phone: 615-322-2926 • Office hours: Monday/Thursday 2pm-3pm or by appointment. • Web: http://vanets.vuse.vanderbilt.edu/~xue/cs285fall08/index.html

  3. Books and References • Textbook • [WS] Cryptography and Network Security: Principles and Practice (4th Edition) by William Stallings • Reference books • [KPS] Network Security: Private Communication in a Public World (2nd Edition), by Charlie Kaufman, Radia Perlman, Mike Speciner • [CSP] Security in Computing (3rd Edition), by Charles P. Pfleeger, Shari Lawrence Pfleeger • [MB] Computer Security: Art and Science, by Matthew A. Bishop

  4. Course Component • Lecture • Slides + white board • Take note • Online digest/slides • Participation • Discussion • Presentation • Homework • 5 assignments • Midterm • Project Grading Policy • Participation: 10% • Homework: 35% • Midterm: 25% • Project: 30%

  5. What you will learn from this course • What is “Security”? • Where the security problems come from? • Potential threats to a system • What are the solutions? • Apply an appropriate mix of security measures (protective, defensive, etc) • Knowing what has worked, what has failed. • Security involves many aspects • Operating system, programming language, administration and policy • Our Focus • Network Security

  6. Course Topics • Security Basics and Principles • Symmetric/ Asymmetric Cryptography • Basic concept, algorithm, mechanism, • Design principles • Security Practices • Secure protocols, systems and applications • Hand-on experiences • Secure network programming • Hot Topics and Recent Development • Wireless security, DoS attack, etc.

  7. Survey and Feedback • Your input is important • Online Survey • http://www.zoomerang.com/Survey/?p=WEB22873V62YWQ • Feedback

  8. What is security? • In general, security is the condition of being protected against danger or loss. (Wikipedia) • In computer security and network security • What are the subjects that need to be protected? • Let’s start with some terms • System • computer, network, application, data, resource • Principal: an entity that participate in a system • user, person

  9. What is security? • Computer Security • Confidentiality means that only authorized people or system can access the data or resource. • Integrity refers to the trustworthiness of data or resources. • Data integrity means that data can only be modified by authorized people or system in authorized ways • Origin integrity means that the source of the data is trustworthy, also called authentication. • Message authentication means messages received are exactly as sent (i.e. no modification, insertion, deletion, or replay), and the ID of the sender is valid. • Note: timing information • Availability means that people has the ability to use the information or resource desired.

  10. Where the security problem comes from? Let’s look at some example systems: • Bank • Bookkeeping • Core operations • customer account, journals recording the transactions • Who has the access to the information? • Bank’s own staff – what if they cheat? • ATM • Authenticate users based on card and ID number • Let’s go Internet • The user – how do we know they are the “real” (authenticate) user? • Protect web servers and bookkeeping database

  11. Where the security problem comes from? • Hospital • Patient record system • Who can access the record? – • Many parties – insurance company, care giver, researcher, etc • Complicated -- role can change • Privacy issue – HIPPA • Anonymize the record for research • Is it sufficient? • Show me all records of 59-year-old males who were treated for a broken collarbone on September 15, 1966 • Drug management • Let’s go to Web • ….

  12. Issues that will be addressed in this class

  13. Network Security Issues Network Security • From a Computer to Internet • Single computer • Networking environment • Secure communication in a public environment • Computer system security with remote access Application Application TCP/UDP TCP/UDP IP IP IP IP Link Link Link Link Internet

  14. Some Simple Scenarios Alice Bob Read content of the message from Bob to Alice Darth Application Application TCP/UDP TCP/UDP IP IP IP IP Link Link Link Link Internet

  15. Some Simple Scenarios Alice Bob Modify content of the message from Bob to Alice Darth Application Application TCP/UDP TCP/UDP IP IP IP IP Link Link Link Link Internet

  16. Some Simple Scenarios Alice Bob capture the message from Bob to Alice And replay the message later Darth Application Application TCP/UDP TCP/UDP IP IP IP IP Link Link Link Link Internet

  17. Some Simple Scenarios Alice Bob Pretend to be Bob to send a message to Alice Darth Application Application TCP/UDP TCP/UDP IP IP IP IP Link Link Link Link Internet

  18. Some Simple Scenarios Alice Bob Interrupt Darth Application Application TCP/UDP TCP/UDP IP IP IP IP Link Link Link Link Internet

  19. Some Simple Scenarios Alice Bob Observe message pattern Darth Application Application TCP/UDP TCP/UDP IP IP IP IP Link Link Link Link Internet

  20. What are the solutions?

  21. Why many solutions fail? • Protect wrong things • Protect right things in the wrong way

  22. What are the solutions? • Security Basics and Principles • Symmetric/ Asymmetric Cryptography • Basic concept, algorithm, mechanism, • Security Practices • Secure protocol designs • Secure systems and applications

  23. How to study network security? • Principle of Easiest Penetration • An intruder are expected to use any available means of penetration. • Computer security specialists must consider all possible means of penetration. • Learning methodology • examine all possible vulnerabilities of the system • consider available countermeasures.