Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Exam Review - IT443 - Network Security Administration

advertisement 
Final Exam Review
IT443 – Network Security Administration
1
Fundamental Tenet of Cryptography
What is it?
If lots of smart people have failed to solve a
problem, then it probably wont be solved
(soon).
2
Network Basics
• Network Layers
– Application layer
– Transport layer
– IP layer
– Data link layer
– TCP, UDP, IP, SSH, HTTP
– IP address, MAC address, TCP address?
– Port number
3
Layer Encapsulation
User A
User B
Get index.html
Connection ID
Source/Destination
Link Address
4
4
Network Basics
• Headers
– [ether net header [IP header [TCP header [Payload]]]]
• TCP / UDP
– TCP is reliable
• Acknowledgement, retransmission, discard duplicates, …
– TCP 3-way handshake
• SYN, ACK, FIN
5
Establishing a TCP Connection
Each host tells
its ISN to the
other host.
• Three-way handshake to establish connection
– Host A sends a SYN (open) to the host B
– Host B returns a SYN acknowledgment (SYN ACK)
– Host A sends an ACK to acknowledge the SYN ACK
6
Unreliable Message Delivery Service
• User Datagram Protocol (UDP)
– IP plus port numbers
– Optional error checking on the packet contents
SRC port
DST port
checksum
length
DATA
• Lightweight communication between processes
– Avoid overhead and delays of ordered, reliable delivery
• For example: VoIP, video conferencing, gaming
7
TCP Header
Source port
Destination port
Sequence number
Flags:
SYN
FIN
RST
PSH
URG
ACK
Acknowledgment
HdrLen
0
Flags
Advertised window
Checksum
Urgent pointer
Options (variable)
Data
8
Network Basics
• IP layer
– Routing (different paths)
– IP prefix, e.g., 12.34.158.0/24
– Classful Addressing (Class A, B, C)
– Classless Inter-Domain Routing (CIDR)
– Private networks
• 10.0.0.0/8 (255.0.0.0)
• 172.16.0.0/12 (255.240.0.0)
• 192.168.0.0/16 (255.255.0.0)
9
IP Packet
4-bit
8-bit
4-bit
Version Header Type of Service
Length (TOS)
3-bit
Flags
16-bit Identification
8-bit Time to
Live (TTL)
16-bit Total Length (Bytes)
8-bit Protocol
13-bit Fragment Offset
16-bit Header Checksum
20-byte
header
32-bit Source IP Address
32-bit Destination IP Address
Options (if any)
Payload
10
Network Basics
• DNS
– Hierarchical name space
– Local DNS server / caching
– dig / dig -x
• Data link layer
– MAC address
– ARP messages / ARP table
11
Network Basics
• Potential Questions Topics
Is 192.168.x.x globally accessible?
Which of the following header contain destination information:
A. TCP header
B. IP header
C. Ethernet header
Compare and contrast TCP and UDP and briefly describe their
similarities and differences.
12
Recon & Info Gathering
• Social Engineering: “the weakest link”,
– Physical or automated (e.g., phishing)
– Defenses: user awareness
• Physical Security
– Physical access, theft, dumpster diving
– Defenses: locks, policies (access, screen savers, etc.), encrypted file
systems, paper shredders
http://www.guardian.co.uk/politics/2008/sep/30/terrorism.ebay
• Web Searching and Online Recon
– Check company website, get contact names, look for comments in html,
etc.
– Use Search Engines: Google!, Usenet to discover technologies in use,
employee names, etc.
– Defenses: “Security Through Obscurity”, Policies
13
Crypto Basics
• Encryption/Decryption
– Plaintext, ciphertext, key
– Secret key/symmetric key crypto
• What are some of the symmetric key encryption
algorithms?
– Public key/asymmetric key crypto
• What are some of the asymmetric key encryption
algorithms?
– Hash function
• What are some of the hash algorithms?
14
Secret Key Cryptography
• Stream cipher
• Block cipher
– Converts one input plaintext block of fixed size k bits to
an output ciphertext block of k bits
– DES, IDEA, AES, …
– AES
• Selected from an open competition, organized by NSA
• Joan Daemen and Vincent Rijmen (Belgium)
• Block size=128 bits, Key Size= 128/192/256 bits
15
Electronic Code Book (ECB)
Plaintext 
M1
M2
128
Key
E
Ciphertext  C1
E
128
C2
M4
46 +
padding
128
128
E
128
M3
E
128
C3
128
C4
16
Cipher Block Chaining (CBC)
M1
M2
128
M3
M4
46 +
padding
128
128
Initialization
Vector
Key
E
128
C1
E
E
128
C2
E
128
C3
128
C4
17
Public Key Cryptography
• Public key crypto
– Public/private key pair
– Encryption/decryption (different keys)
– Sign/verify (digital signature)
– Much slower than secret key operations
• Algorithms
– DSA, RSA
18
Diffie-Hellman
•
•
•
•
Predates RSA
Does neither encryption nor signatures
What is it good for then?
How does it work?
19
Crypto Basics
• Hash function
– One way transformation
– Collision resistance
– Applications
•
•
•
•
Message digest/checksum
File integrity
Password
…
20
Modern Hash Functions
• MD5 (128 bits)
– Previous versions (i.e., MD2, MD4) have weaknesses.
– Broken; collisions published in August 2004
– Too weak to be used for serious applications
• SHA (Secure Hash Algorithm)
– Weaknesses were found
• SHA-1 (160 bits)
– Broken, but not yet cracked
– Collisions in 269 hash operations, much less than the brute-force attack
of 280 operations
– Results were circulated in February 2005, and published in CRYPTO
’05 in August 2005
• SHA-256, SHA-384, …
21
Crypto Basics
• Potential Question Topics
In secret key encryption, can the encrypted file’s size be smaller
than the original file’s?
Are the following desired properties of hash functions?
• a. One-way property, that is, it’s easy to reverse the hash
computation, but computationally infeasible to compute the hash
function itself.
• b. Collision free, that is, it’s computationally infeasible to find two
messages that have the same hash value.
• c. Only authorized parties can perform hash functions.
22
Authentication
• What’s authentication
– User authentication
• Allow a user to prove his/her identity to another
entity (e.g., a system, a device).
– Message authentication
• Verify that a message has not been altered without
proper authorization.
23
Authentication
• Threat
– Eavesdropping
– Password guessing
– Server database reading (compromised)
24
Authentication
• Challenge/response
I’m Alice
Alice
a challenge R
Bob
H(KAlice-Bob, R)
I’m Alice
Alice
R
Bob
SigAlice{R}
25
Eavesdropping & Server Database Reading
• If public key crypto is not available, protection against
both eavesdropping and server database reading is
difficult:
– Hash => subject to eavesdropping
– Challenge requires Bob to store Alice’s secret in a database
Alice
I’m Alice, H(KAlice-Bob)
Bob
I’m Alice
Alice
A challenge R
Bob
H(KAlice-Bob, R)
26
Mutual Authentication
• Reflection Attack
I’m Alice, R2
Trudy
R1, f(KAlice-Bob, R2)
Bob
f(KAlice-Bob, R1)
I’m Alice, R1
Trudy
R3, f(KAlice-Bob, R1)
Bob
27
Mutual Authentication
• Reflection Attack
I’m Alice, R2
Alice
R1, f(KAlice-Bob, R2)
Bob
f(KAlice-Bob, R1)
Countermeasure
I’m Alice
Alice
R1
Bob
f(KAlice-Bob, R1), R2
f(KAlice-Bob, R2)
28
Authentication
• Key Distribution Center
– If node A wants to communicate with node B
• A sends a request to the KDC
• The KDC securely sends to A: EKA(RAB) and EKB(RAB, A)
• Certificate
–
–
–
–
How do you know the public key of a node?
Certification Authorities (CA)
Everybody needs to know the CA public key
The CA generates certificates: Signed(A, public-key, validity
information)
[Alice’s public key is 876234]carol
[Carol’s public key is 676554]Ted & [Alice’s public key is 876234]carol
29
Authentication
• Password guessing
– Online vs. offline
– Dictionary attack
– Password salt
30
Authentication
• Potential Question Topics
Assume Alice and Bob share a secret KAlice-Bob, what is the security
flaw when they use the following protocol for Bob to authenticate Alice?
Alice
I’m Alice, H(KAlice-Bob)
Bob
31
Some Issues for Password Systems
• A password should be easy to remember
but hard to guess
– that’s difficult to achieve!
• Some questions
– what makes a good password?
– where is the password stored, and in what
form?
– how is knowledge of the password verified?
32
IPsec
• Which layer
• Why we need it
– IP spoofing
– Payload modification
– Eavesdropping
33
SSL
• Which layer
• Why we need it
– Think about https
• Main processes
– Negotiate cipher suites
– Authenticate servers
– Verify certificates
34
Firewall / IDS
• What are their roles
– Prevent vs. detect
• Firewall
– Packet filtering (stateless) vs. session filtering
(stateful)
– iptables
35
Internet Security Mechanisms
Prevent:
Firewall, IPsec, SSL
Detect:
Intrusion Detection
Survive/
Response:
Recovery, Forensics
• Goal: prevent if possible; detect quickly otherwise;
and confine the damage
36
Firewall / IDS
• IDS
– Accuracy, e.g., false alarm
– Misuse detection (signatures)
– Anomaly detection
– Host-based (e.g., aide)
– Network-based (e.g., snort)
37
Firewall
• Potential Question Topics
A stateless firewall on a server cannot limit the number of TCP
connections per client.
Describe the goal of the following firewall rule:
iptables -A INPUT -p icmp -j DROP
Compose a firewall rule to block access to a SSL connection.
38
IDS
• Questions
– Explain the following snort rule and describe how to trigger
the alert:
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80
(msg:“Test attack"; content:"test_attack"; … … )
– Compare host-based and network-based IDS, and briefly
describe the difference.
39
Related documents
Amerikanska författare i Karros bibliotek
Amerikanska författare i Karros bibliotek
Career-Lesson
Career-Lesson
Character List - Cloudfront.net
Character List - Cloudfront.net
Jeopardy Template
Jeopardy Template
RSA implementation by Tom Chiari
RSA implementation by Tom Chiari
File - 8th Grade Language Arts
File - 8th Grade Language Arts
Download
advertisement