IT443 – Network Security Administration Week 1 – Introduction Instructor: Alfred J Bird, Ph.D., NBCT abird@cs.umb.edu http://it443-s14-bird.wikispaces.umb.edu/ Door Key: 643478* Office – McCormick 3rd floor 607 (617.287.3827) Office Hours – Tuesday and Thursday, 4:00 pm to 5:15pm 1 Basic Information • Textbook: – Network Security: Private Communications in a Public World – by Charlie Kaufman, Radia Perlman and Mike Speciner – 2nd Edition, Prentice Hall, ISBN 0-13-046019-2 • Location and time of classes – Section 1 • Web Lab S-3-028 • Monday and Wednesday 4:00pm to 5:15pm – Section 2 • IT Lab S-3-143 • Tuesday and Thursday 5:30 to 6:45pm 2 Course Outline • • • • • • • • • Network Basics Cryptography Basics Authentication Public Key Infrastructure IPsec SSL/TLS Firewall / Intrusion Detection Email Security Wireless security / Worm (backup) 3 Course Work • 6~7 Lab Assignments (50%) – Team of 2 students – Lab Notebook (Individual) – Lab report (Individual) • Written Projects (25%) • Final Exam (25%) 4 Potential Labs • • • • • • • • • Understanding network packets Encryption/decryption Password cracking Intrusion detection System monitoring Implementing certificate Implementing VPN Configuring a firewall Wireless security / Worm (backup) 5 Policies • Lab reports – Partial points will be given for incomplete work – Late submissions will be accepted for reduced credit. • Honor code • No makeup exam without prior permission • Accommodations – Ross Center for Disability Service • Campus Center Room 211, 617.287.7430 6 Some Network Security Websites • CERT @ Carnegie Mellon University – http://www.cert.org/ • Trend Micro Threat Tracker – http://apac.trendmicro.com/apac/ • CERT @ Dept of Homeland Security – http://www.us-cert.gov/ • Symantec Threat Explorer – http://us.norton.com/security_response/threatexplorer/index.jsp 7 Some Postulates about Network Security • You can never prove something perfect, all you can do is fail to prove that it has some faults! Keep looking! • If a lot of smart people have failed to solve the problem, then it probably won’t be solved (soon!) (p41 in the text) • Security people need to remember that most people regard security as a nuisance rather than as needed protection and left to their own devices they often carelessly give up the security that someone worked so hard to provide. (p245 in the text) 8 Introduction to Network Security • Security threats – Malware: Virus, worm, spyware – Spam – Botnet – DDoS attacks – Phishing – Cross-site scripting (XSS) – Theft and/or Whistleblowers –… 9 Introduction to Network Security • Security breaches in 2011 – Sony's PlayStation Network (77M clients) – Epsilon (60M clients) – Fidelity National ($13M loss) – Sega's online gaming network (1.3M clients) – Citigroup (210K clients) – MA Executive Office of Labor and Workforce Development (210K records) – SF Subway, Health Net, … 10 Contributing Factors • Lack of awareness of threats and risks of information systems – Security measures are often not considered until an Enterprise has been penetrated by malicious users • Wide-open network policies – Many Internet sites allow wide-open Internet access • Lack of security in TCP/IP protocol suite – Most TCP/IP protocols not built with security in mind • Complexity of security management and administration • Software vulnerabilities – Example: buffer overflow vulnerabilities • Cracker skills keep improving 11 Security Objectives (CIA) 12 Security Objectives (CIA) • Confidentiality — Prevent/detect/deter improper disclosure of information • Integrity — Prevent/detect/deter improper modification of information • Availability — Prevent/detect/deter improper denial of access to services provided by the system 13 OSI Security Architecture • ITU-T X.800 “Security Architecture for OSI” • Defines a systematic way of defining and providing security requirements • It provides a useful, if abstract, overview of concepts we will study 14 Aspects of Security • 3 aspects of security: – security attack • Any action that compromises the security of information owned by an organization – security mechanism • A process that is designed to detect, prevent, or recover from a security attack – security service • Counter security attacks: make use of one or more security mechanisms to provide the service 15 Threat Model and Attack Model • Threat model and attack model need to be clarified before any security mechanism is developed • Threat model – Assumptions about potential attackers – Describes the attacker’s capabilities • Attack model – Assumptions about the attacks – Describe how attacks are launched 16 Passive Attacks 17 Active Attacks 18 Security Mechanism (X.800) • Specific security mechanisms: – encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization • Pervasive security mechanisms: – trusted functionality, security labels, event detection, security audit trails, security recovery 19 Security Service • Enhance security of data processing systems and information transfers of an organization • Intended to counter security attacks • Using one or more security mechanisms • Often replicates functions normally associated with physical documents – For example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed 20 Security Service • Authentication - assurance that communicating entity is the one claimed • Access Control - prevention of the unauthorized use of a resource • Data Confidentiality –protection of data from unauthorized disclosure • Data Integrity - assurance that data received is as sent by an authorized entity • Non-Repudiation - protection against denial by one of the parties in a communication • Availability – resource accessible/usable 21 For Next Time • Prepare a 500 word essay on the topic: – In your view what is meant by the term “Network Security”? – An essay is not a research paper but is a written work expressing and defending your views! – What do you think about the topic and why! • Be prepared to discuss the topic on Wednesday. We will be having a class discussion and you (each and every one) will be expected to participate! 22