Introduction
IT443 – Network Security Administration
Instructor: Bo Sheng
1
Basic Information
• Location and time
– S-3-028,
– Tuesdays and Thursdays 5:30~6:45pm
• Instructor (Bo Sheng)
– Bo.Sheng@umb.edu
– 617-287-6468
– Office: S-3-167
– Office hours: Tu & Th, 2~4pm
2
Course Outline
• Network Basics
– Network layers, headers, services, …
– TCP/IP, MAC, DNS, ARP, …
• Cryptography Basics
– Secret key encryption, Public key encryption, Hash
function
– Doesn’t cover theoretical foundation
• Authentication
– Password, challenge/response, mutual
authentication, …
3
Course Outline
• Public Key Infrastructure
– PKI architecture, certificates, …
• IPsec
– Secure IP layer protocol
• SSL/TLS
– Secure transport layer protocol
• Firewall
– Prevent attacks, iptables, …
4
Course Outline
• Intrusion Detection System
– Host-based IDS and network-based IDS
• Email Security
• Wireless security / Worm (backup)
– Rouge AP attacks, WEP crack, Worm
propagation/detection, …
5
Course Work
• 6~7 lab assignments (70%)
– Team of 2 students
– Lab report
• Final exam (30%)
• Lecture + Lab
– Virtual machines
6
Lab Outline
• Understanding network packets
– IP prefix, DNS service
• Encryption/decryption
– Conduct file encryption (openssl)
– Distinguish cryptographic algorithms
• Password cracking
– Dictionary attack, john-the-ripper
• Network attacks
– SYN flood, ARP poisoning
7
Lab Outline
• Implementing certificate
– Set up https service
• Configuring a firewall
– iptables
• System monitoring
– Remote logging
• Intrusion detection
– Aide and Snort
• SQL injection (backup)
8
Other Info
• Course web page
– http://www.cs.umb.edu/~shengbo/teaching/it443.html
• Prerequisite
– IT341
– If you take IT341 later, you will lose the credits
of this course.
9
Policies
• Lab reports
– Partial points will be given, but no later
submissions are accepted.
• Honor code
• No makeup exam
• Accommodations
– Ross Center for Disability Service
• Campus Center Room 211
• 617-287-7430
10
Information
• Door code: 254646*
• Login: Your windows account
• If you use your own laptop, install
– Vmware workstation 10
• key: J0283-LK3E0-K8X65-032RH-2ER14
– Virtualbox
– Image: NSF SEED project
• \\weblab00\users\shengbo\documents\it443
11
Introduction to Network Security
• Security Breaches
– http://www.informationisbeautiful.net/visualizations/worlds-biggest-databreaches-hacks/
• Symantec Threat Explorer
– http://us.norton.com/security_response/threatexplorer/index.jsp
• Email Spam
12
Introduction to Network Security
• Security threats
– Malware: Virus, worm, spyware
– Spam
– Botnet
– DDoS attacks
– Phishing
– Cross-site scripting (XSS)
–…
13
Contributing Factors
• Lack of awareness of threats and risks of information
systems
– Security measures are often not considered until an Enterprise
has been penetrated by malicious users
• Wide-open network policies
– Many Internet sites allow wide-open Internet access
• Lack of security in TCP/IP protocol suite
– Most TCP/IP protocols not built with security in mind
• Complexity of security management and administration
• Software vulnerabilities
– Example: buffer overflow vulnerabilities
• Cracker skills keep improving
14
Security Objectives (CIA)
15
Security Objectives (CIA)
• Confidentiality — Prevent/detect/deter
improper disclosure of information
• Integrity — Prevent/detect/deter improper
modification of information
• Availability — Prevent/detect/deter
improper denial of access to services
provided by the system
16
OSI Security Architecture
• ITU-T X.800 “Security Architecture for OSI”
• Defines a systematic way of defining and
providing security requirements
• It provides a useful, if abstract, overview of
concepts we will study
17
Aspects of Security
• 3 aspects of security:
– security attack
• Any action that compromises the security of
information owned by an organization
– security mechanism
• A process that is designed to detect, prevent, or
recover from a security attack
– security service
• Counter security attacks: make use of one or more
security mechanisms to provide the service
18
Threat Model and Attack Model
• Threat model and attack model need to be
clarified before any security mechanism is
developed
• Threat model
– Assumptions about potential attackers
– Describes the attacker’s capabilities
• Attack model
– Assumptions about the attacks
– Describe how attacks are launched
19
Passive Attacks
20
Active Attacks
21
Security Mechanism (X.800)
• Specific security mechanisms:
– encipherment, digital signatures, access
controls, data integrity, authentication
exchange, traffic padding, routing control,
notarization
• Pervasive security mechanisms:
– trusted functionality, security labels, event
detection, security audit trails, security
recovery
22
Security Service
• Enhance security of data processing systems
and information transfers of an organization
• Intended to counter security attacks
• Using one or more security mechanisms
• Often replicates functions normally associated
with physical documents
– For example, have signatures, dates; need protection
from disclosure, tampering, or destruction; be
notarized or witnessed; be recorded or licensed
23
Security Service
• Authentication - assurance that communicating entity is the one
claimed
• Access Control - prevention of the unauthorized use of a resource
• Data Confidentiality –protection of data from unauthorized
disclosure
• Data Integrity - assurance that data received is as sent by an
authorized entity
• Non-Repudiation - protection against denial by one of the parties in
a communication
• Availability – resource accessible/usable
24
• Check network connection
– ping google.com
– sudo apt-get update
• Log out
25