Nertwork Management Security Lecture Compendium
-
Upload
palisoc-irish-ann -
Category
Documents
-
view
223 -
download
0
Transcript of Nertwork Management Security Lecture Compendium
-
8/9/2019 Nertwork Management Security Lecture Compendium
1/128
Before we start
Being ethical is not necessarily following ones feelings;feelings frequently deviate from what is ethicalOften because of the way one is raised, ethics and religion are coupled;but ethics is not confined to religion nor is the same as religionBeing ethical is not solely following the law.
lements of practical ethics through basic philosophy! thical thought thical definition thical values
"ample! #f a person conceives of engineering activity as only ma$ingmoney, then one%s definition of practical ethics, one%s actions and valueswill, be guided by this basic philosophical position.
-
8/9/2019 Nertwork Management Security Lecture Compendium
2/128
&ecurity in!
'lient ( )or$station ( *erminal
#ntra+networ$s
#nter+networ$s
#n terms of!
hysical &ecurity
-on+hysical &ecurity
-
8/9/2019 Nertwork Management Security Lecture Compendium
3/128
&ecurity *hreats sources, causes, people behind/!
0ac$ers 'rac$ers &cript 1iddies 2nethical mployees logic bombs, bac$door,/ 'yberterrorists 'orporate &py )orm ( 3irus ( *ro4an incl. $eyloggers,/ &poofing ( &niffing ( hishing 5o& ( 55o& attac$s 0oa" ( &pam ...
-
8/9/2019 Nertwork Management Security Lecture Compendium
4/128
"amples!
-
8/9/2019 Nertwork Management Security Lecture Compendium
5/128
"amples cont/!
6emote 7ccess 3- &ite to &ite 6outer to 6outer/ 3-
3irtual rivate -etwor$ 3-/
8eneric 6outing ncapsulation 86/ ncapsulation &ecurity ayload &/
-
8/9/2019 Nertwork Management Security Lecture Compendium
6/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
7/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
8/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
9/128
"ample of hishing!
-
8/9/2019 Nertwork Management Security Lecture Compendium
10/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
11/128
"Above all else, do no harm"Protect Privacy"Waste not, want not."
Exceed LimitationsThe Communicational ImerativeLeave !o Traceshare#
el$ %e$ense&ac'in( &els ecurityTrust, but Test#
-ew 'ode of thics
-
8/9/2019 Nertwork Management Security Lecture Compendium
12/128
0ac$ers 'ode of thics!
Old code vs new code7re new hac$ers aware of the original
hac$er ethicsC
7re new hac$ers aware of any hac$erethicsC
#nfluence of technology and social issues
on changes in hac$er ethics&imilarity between the old and new ethics
and ethical continuity
-
8/9/2019 Nertwork Management Security Lecture Compendium
13/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
14/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
15/128
thical #ssues in &ecurity 'ourses
?aturity 9evel
?a4ority of computer hac$ers are under theage of DE and many of them are college
students
'ourse material some include! trying55O&, writing and spreading a virus,/
'omfort 9evel
6esponsible presentation
-
8/9/2019 Nertwork Management Security Lecture Compendium
16/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
17/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
18/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
19/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
20/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
21/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
22/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
23/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
24/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
25/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
26/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
27/128
Virus and Worms
-
8/9/2019 Nertwork Management Security Lecture Compendium
28/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
29/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
30/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
31/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
32/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
33/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
34/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
35/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
36/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
37/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
38/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
39/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
40/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
41/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
42/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
43/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
44/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
45/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
46/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
47/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
48/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
49/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
50/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
51/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
52/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
53/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
54/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
55/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
56/128
5efining 'ryptography
-
8/9/2019 Nertwork Management Security Lecture Compendium
57/128
Ob4ectives
5efine cryptography
5escribe hashing
9ist the basic symmetric cryptographicalgorithms
5escribe how asymmetric cryptography
wor$s
9ist types of file and file system
cryptography
-
8/9/2019 Nertwork Management Security Lecture Compendium
58/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
59/128
&teganography
-
8/9/2019 Nertwork Management Security Lecture Compendium
60/128
'aesar 'ipher
2sed by Fulius 'aesar
'aesar shifted each letter of
his messages to his generalsthree places down in the
alphabet
&o B26- *0 B6#58becomes
G2H )10 21I#8
AD
B E
CF
DG
EH
FI
GJ
HK
-
8/9/2019 Nertwork Management Security Lecture Compendium
61/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
62/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
63/128
'ryptography and &ecurity
'ryptography can provide! Con$identialityof information Inte(rityof the information Availabilityof the data
*o users with the $ey
8uarantee Authenticityof the sender nforce !on)reudiation
&ender cannot deny sending the message
#nformation rotection by
-
8/9/2019 Nertwork Management Security Lecture Compendium
64/128
#nformation rotection by
'ryptography
-
8/9/2019 Nertwork Management Security Lecture Compendium
65/128
'ryptographic 7lgorithms
-
8/9/2019 Nertwork Management Security Lecture Compendium
66/128
'ryptographic 7lgorithms
*here are three categories of
cryptographic algorithms!
&ashin(algorithms ymmetricencrytion
algorithms Asymmetricencrytion
algorithms
-
8/9/2019 Nertwork Management Security Lecture Compendium
67/128
0ashing 7lgorithms
0ashing 7lgorithms
-
8/9/2019 Nertwork Management Security Lecture Compendium
68/128
0ashing 7lgorithms
0ashing is a one)way process 'onverting a hash bac$ to the original data is
difficult or impossible
7 hash is a unique signature: for a set of
data *his signature, called a hashor di(est,
represents the contents
0ashing is used only for inte(rityto
ensure that! #nformation is in its original form -o unauthori@ed person or malicious software has
altered the data
-
8/9/2019 Nertwork Management Security Lecture Compendium
69/128
0ashing 7lgorithms continued/
-
8/9/2019 Nertwork Management Security Lecture Compendium
70/128
9in$ 'h a
0 hi 7l ith & it
-
8/9/2019 Nertwork Management Security Lecture Compendium
71/128
0ashing 7lgorithm &ecurity
7 hashing algorithm is considered secure if! *he cipherte"t hash is a fi"ed si@e *wo different sets of data cannot produce the
same hash, which is $nown as a collision #t should be impossible to produce a data set
that has a desired or predefined hash *he resulting hash cipherte"t cannot be
reversed to find the original data
reventing a ?an+in+the+?iddle
-
8/9/2019 Nertwork Management Security Lecture Compendium
72/128
reventing a ?an+in+the+?iddle
7ttac$ with 0ashing
-
8/9/2019 Nertwork Management Security Lecture Compendium
73/128
0ashing 7lgorithms continued/
0ash values are often posted on
#nternet sites
#n order to verify the file integrity offiles that can be downloaded
0ashing 7lgorithms Only
-
8/9/2019 Nertwork Management Security Lecture Compendium
74/128
0ashing 7lgorithms Only
nsure #ntegrity
-
8/9/2019 Nertwork Management Security Lecture Compendium
75/128
JE
?essage 5igest
7lso $nown as hash function: or one+
way transformation:.
*ransforms a message of any length
and computes a fi"ed length string.
)e want it to be hard to guess what
the message was given only the digest. 8uessing is always possible.
-
8/9/2019 Nertwork Management Security Lecture Compendium
76/128
?essage 5igest ?5/
*essa(e %i(est +*%algorithm One common hash algorithm
*hree versions ?essage 5igest D ?5D/ ?essage 5igest > ?5>/ ?essage 5igest E ?5E/
&uffer from collisions
-ot secure
-
8/9/2019 Nertwork Management Security Lecture Compendium
77/128
&ecure 0ash 7lgorithm &07/
?ore secure than ?5
7 family of hashes
&A)-
atterned after ?5>, but creates a hash thatis K bits in length instead of D= bits
&A)
'omprised of four variations, $nown as &07+DD>, &07+DEK, &07+L=>, and &07+ED 'onsidered to be a secure hash
-
8/9/2019 Nertwork Management Security Lecture Compendium
78/128
&07+L is Being 'hosen -ow
-
8/9/2019 Nertwork Management Security Lecture Compendium
79/128
assword 0ashes
7nother use for hashes is in storing passwords )hen a password for an account is created, the
password is hashed and stored
*he ?icrosoft -* family of )indows operatingsystems hashes passwords in two different
forms 9? 97- ?anager/ hash -*9? -ew *echnology 97- ?anager/ hash
?ost 9inu" systems use password+hashing
algorithms such as ?5E
7pple ?ac O& G uses &07+ hashes
-
8/9/2019 Nertwork Management Security Lecture Compendium
80/128
&ymmetric 'ryptographic7lgorithms
&ymmetric 'ryptographic
-
8/9/2019 Nertwork Management Security Lecture Compendium
81/128
&ymmetric 'ryptographic
7lgorithms
ymmetric cryto(rahic al(orithms 2se the same single $ey to encrypt and
decrypt a message 7lso called private $ey cryptography
tream ciher *a$es one character and replaces it with one
character ) )ired quivalent rotocol/ is a stream
cipher
ubstitution ciher
-
8/9/2019 Nertwork Management Security Lecture Compendium
82/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
83/128
GO6 G l i O6/
-
8/9/2019 Nertwork Management Security Lecture Compendium
84/128
GO6 eGclusive O6/
)ith most symmetric ciphers, the final
step is to combine the cipher stream with
the plainte"t to create the cipherte"t *he process is accomplished through
the e"clusive O6 GO6/ binary logic
operation
/ne)time ad +/TP 'ombines a truly random $ey with the
plainte"t
GO6
-
8/9/2019 Nertwork Management Security Lecture Compendium
85/128
GO6
-
8/9/2019 Nertwork Management Security Lecture Compendium
86/128
Bloc$ 'ipher
?anipulates an entire bloc$ of plainte"t at onetime
lainte"t message is divided into separate
bloc$s of = to K bytes
7nd then each bloc$ is encrypted independently
&tream cipher advantages and disadvantages Iast when the plainte"t is short ?ore prone to attac$ because the engine that
generates the stream does not vary
0loc'cihersare more secure than stream
cihers
-
8/9/2019 Nertwork Management Security Lecture Compendium
87/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
88/128
5& and L5&%ata Encrytion tandard +%E 5eclared as a standard by the 2.&
8overnment 5& is a bloc$ cipher and encrypts data in
K>+bit bloc$s2ses EK+bit $ey, very insecure
0as been bro$en many times
Trile %ata Encrytion tandard +1%E 2ses three rounds of 5& encryption ffective $ey length D bits
'onsidered secure
-
8/9/2019 Nertwork Management Security Lecture Compendium
89/128
7dvanced ncryption &tandard
-
8/9/2019 Nertwork Management Security Lecture Compendium
90/128
7dvanced ncryption &tandard
7&/
7pproved by the -#&* in late
D as a replacement for 5& Official standard for 2.&.
8overnment
'onsidered secure++has notbeen crac$ed
7nimation of 7& 7lgorithm
-
8/9/2019 Nertwork Management Security Lecture Compendium
91/128
7nimation of 7& 7lgorithm
-
8/9/2019 Nertwork Management Security Lecture Compendium
92/128
Other 7lgorithms
&everal other symmetriccryptographic algorithms are also
used!
6ivest 'ipher 6'/ family from 6'to 6'K
#nternational 5ata ncryption
7lgorithm #57/ Blowfish
*wofish
-
8/9/2019 Nertwork Management Security Lecture Compendium
93/128
7symmetric 'ryptographic7lgorithms
7symmetric 'ryptographic
-
8/9/2019 Nertwork Management Security Lecture Compendium
94/128
7symmetric 'ryptographic
7lgorithmsAsymmetric cryto(rahic al(orithms7lso $nown as ublic 'ey
cryto(rahy 2ses two $eys instead of one
*he ublic 'eyis $nown to everyone and
can be freely distributed
*he rivate 'eyis $nown only to the
recipient of the message
7symmetric cryptography can also be
used to create a di(ital si(nature
-
8/9/2019 Nertwork Management Security Lecture Compendium
95/128
*ransmitting over an insecure
-
8/9/2019 Nertwork Management Security Lecture Compendium
96/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
97/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
98/128
-
8/9/2019 Nertwork Management Security Lecture Compendium
99/128
7lice can sign her messageM
-
8/9/2019 Nertwork Management Security Lecture Compendium
100/128
7lice can sign her messageM
7lice can create a digital signature and
prove she sent the message or
someone with $nowledge of her private
$ey/.
*he signature can be a message
digest encrypted with 7rivate.
5i i l &i
-
8/9/2019 Nertwork Management Security Lecture Compendium
101/128
5igital &ignature
7 digital signature can! 3erify the sender rove the integrity of the message revent the sender from disowning
the message non)reudiation/
7 digital signature does not encrypt
the message, it only signs it
-
8/9/2019 Nertwork Management Security Lecture Compendium
102/128
#nformation rotections by
-
8/9/2019 Nertwork Management Security Lecture Compendium
103/128
#nformation rotections by
7symmetric 'ryptography
6&7
-
8/9/2019 Nertwork Management Security Lecture Compendium
104/128
6&7
*he most common asymmetric cryptographyalgorithm
6&7 ma$es the public and private $eys by
multiplying two large prime numbersp and q *o compute their product n=pq/ #t is very difficult to $actor the number nto find
pand q
Iinding the private $ey from the public $eywould require a factoring operation
6&7 is comple" and slow, but secure
times slower than 5&
5iffi 0 ll
-
8/9/2019 Nertwork Management Security Lecture Compendium
105/128
5iffie+0ellman
7 $ey e"change algorithm, not an
encryption algorithm
7llows two users to share a secret $eysecurely over a public networ$
Once the $ey has been shared
*hen both parties can use it to encryptand decrypt messages using symmetric
cryptography
0**&
-
8/9/2019 Nertwork Management Security Lecture Compendium
106/128
0**&
&ecure )eb ages typically use 6&7,5iffie+0ellman, and a symmetric algorithm
li$e 6'>
6&7 is used to send the private $ey for thesymmetric encryption
6&7 2sed by eBay
-
8/9/2019 Nertwork Management Security Lecture Compendium
107/128
6&7 2sed by eBay
6'> 2sed by eBay
-
8/9/2019 Nertwork Management Security Lecture Compendium
108/128
6'> 2sed by eBay
lli ti ' ' t h
-
8/9/2019 Nertwork Management Security Lecture Compendium
109/128
lliptic 'urve 'ryptography
7n elliptic curve is a function drawn on an
G+A a"is as a gently curved line By adding the values of two points on the
curve, you can arrive at a third point on the
curve
*he public aspect of an elliptic curve
cryptosystem is that users share an ellipticcurve and one point on the curve
-ot common, but may one day replace
6&7
-
8/9/2019 Nertwork Management Security Lecture Compendium
110/128
2sing 'ryptography on Iilesand 5is$s
ncrypting Iiles! 8 and
-
8/9/2019 Nertwork Management Security Lecture Compendium
111/128
yp g
88
Pretty 2ood Privacy +P2P One of the most widely used
asymmetric cryptography system forfiles and e+mail messages on )indows
systems
2!3 Privacy 2uard +2P27 similar open+source program
8 and 88 use both asymmetric and
symmetric cryptography
ncrypting Iiles! ncrypting
-
8/9/2019 Nertwork Management Security Lecture Compendium
112/128
yp g yp g
Iile &ystem I&/
art of )indows
2ses the )indows -*I& file system
Because I& is tightly integrated with thefile system, file encryption and decryption
are transparent to the user
I& encrypts the data as it is written todis$
On ?acs, 4ilevault encrypts a user%s
home folder
)hole 5is$ ncr ption
-
8/9/2019 Nertwork Management Security Lecture Compendium
113/128
)hole 5is$ ncryption
Windows 0itLoc'er 7 hardware+enabled data encryption feature 'an encrypt the entire )indows volume
#ncludes )indows system files as well as all user
files
ncrypts the entire system volume, including
the )indows 6egistry and any temporary filesthat might hold confidential information
TrueCryt Open+source, free, and can encrypt folders or
*rusted latform ?odule *?/
-
8/9/2019 Nertwork Management Security Lecture Compendium
114/128
*rusted latform ?odule *?/
7 chip on the motherboard of thecomputer that provides cryptographic
services
#f the computer does not supporthardware+based *? then the encryption
$eys for securing the data on the hard
drive can be stored by Bit9oc$er on a 2&Bflash drive
'old Boot 7ttac$
-
8/9/2019 Nertwork Management Security Lecture Compendium
115/128
'old Boot 7ttac$
'an defeat all currently available wholedis$ encryption techniques lin$ 'h i/
2nderstanding 'ryptographic
-
8/9/2019 Nertwork Management Security Lecture Compendium
116/128
K
7ttac$s
&niffing and port scanning are passiveattac$s N 4ust watching
7ctive attac$s attempt to determine the
secret $ey being used to encrypt plainte"t'ryptographic algorithms are usually
public
Iollows the open+source culture "cept the -&7 and '#7 and etc.
Birthday 7ttac$
-
8/9/2019 Nertwork Management Security Lecture Compendium
117/128
J
Birthday 7ttac$
#f DL people are in the room, what is thechance that they all have differentbirthdaysC
LKE LK> LKL LKL LK LK L>LLKE
"LKE
"LKE
"LKE
"LKE
"LKE
" . . .LKE
>
-
8/9/2019 Nertwork Management Security Lecture Compendium
118/128
=
Birthday 7ttac$
#f there are - possible hash values, Aoull find collisions when you have
calculated .D " sqrt-/ values
&07+ uses a K+bit $ey *heoretically, it would require D=
computations to brea$
&07+ has already been bro$en, because of
other wea$nesses
?athematical 7ttac$s
-
8/9/2019 Nertwork Management Security Lecture Compendium
119/128