Tài liệu Network Security I CSCI 4971 / 6968 doc

Network Security I

CSCI 4971 / 6968

www cs rpi edu/~yener/TEACHING/Netsec/Spring11/ www.cs.rpi.edu/~yener/TEACHING/Netsec/Spring11/

B

ülent Yener lent Yener

[email protected]

Lecture

-

1

1/26/11

This presentation is in part based on the slides of W. Stallings

Outline

• Class information

– Network security I and II Network security I and II

• B k d d i t d ti Background and introduction

• Basic concepts: attacks, services,

mechanisms

2

Aim of the Courses

• Our focus is on both Our focus is on both Network Network

& Internet Internet

Security and Cryptography

• NetSec I is focusing on a cryptography NetSec I is focusing on

a cryptography

and basics

• N tS II b ild N t I N

etSec II

b

uilds upon

N

e

tsec I an

d covers

advance topics.

3

CSCI-4971 and 6968

N kS i etwor

k

Secur

ity

• Basic Cryptography Basic Cryptography

• Basic Number Theory

• Security Goals Security Goals

– Authentication, Privacy, Integrity, Key exchange

• Security Solutions Security Solutions

– SSL, PGP, SSH, IPSEC

• Security Practice Security Practice

– E-mail, IP security, Web security, …

• And more: Internet and Network securit

y issues

4

Definitions

• Computer Security Computer Security - generic name for generic name for

the collection of tools designed to protect

data and to thwart hackers data and to thwart hackers

• Network Security - measures to protect

data during their transmission data during their transmission

• Internet Security - measures to protect

d t d i th i t i i data during their transmission over a

collection of interconnected networks

5

Standards Organizations Standards Organizations

¾National Institute of Standards & National Institute of Standards

&

Technology (NIST)

¾Internet Society (ISOC) Internet Society (ISOC)

¾International Telecommunication Union

T l i ti St d di ti T

elecommunication Stan

dardization

Sector (ITU-T)

¾International Organization for

Standardization (ISO)

Example

XXX bank wants to provide web banking XXX bank wants to provide web banking

service to its customers. They have

alreadyp g p g programmed web pages and

applications. Every customer has an id

and password to access their account

i f ti n ormation.

– What are the threats?

– Wh t th it h i t t What are the security mechanisms to prevent

them?

What are the security services?

7

– What are the security services?

Case Study

Attacker

Banking Server

Bank Customer

Internet Bank Network

Web Server

Bank Network

Dial-up

A

8

ccess

Server

Security Attacks

• Passive attacks Passive attacks

- eavesdropping on, or eavesdropping on, or

monitoring of, transmissions to:

– obtain message contents, or

– Intercept, or monitor traffic flows

• Active attacks – modification of data stream to:

– masquerade of one entity as some other

– fabricate a message

– replay previous messages

– modify messages in transit

denial of service

9

– denial of service