chapter 19: computer and network security techniques
DESCRIPTION
Chapter 19: Computer and Network Security Techniques. Business Data Communications, 6e. IPSec Functions. Authentication Header (AH) Encapsulating Security Payload (ESP) Key exchange. ESP Transport and Tunnel Mode. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/1.jpg)
Chapter 19:Computer and Network Security
TechniquesBusiness Data Communications, 6e
![Page 2: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/2.jpg)
2
IPSec Functions
• Authentication Header (AH)• Encapsulating Security Payload (ESP)• Key exchange
![Page 3: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/3.jpg)
3
ESP Transport and Tunnel Mode
• Transport mode: provides protection primarily for upper-layer protocols. Typically used for end-to-end communications between two hosts. Payload is encrytped but not the header.
• Tunnel mode: provides protection for the entire IP packet. The entire packet is placed within a new outer IP packet. Used when one destination is a security gateway.
![Page 4: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/4.jpg)
4
Scope of ESP Encryption and Authentication
![Page 5: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/5.jpg)
5
Key Management
• Manual: system administrator manually configures each system with its own keys and with the keys of other communicating systems.
• Automatic: An automated system enables the on-demand creation of keys and facilitates the use of keys. Used in large system configurations.
![Page 6: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/6.jpg)
6
Advantages of IPSec
• Provides managers with a standard means of implementing security for VPNs.
• Encryption and authentication algorithms and security protocols are well studied.
• Users can be confident that IPSec provides strong security.
• Can be implemented in firewalls and routers owned by the organization, giving network managers control over security.
![Page 7: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/7.jpg)
7
SSL Architecture
• Provides reliable end-to-end secure service.• Uses two layers of protocols.• SSL Record Protocol provides basic security
services to higher layer protocols such as HTTP• SSL includes:
-Handshake Protocol-Change Cipher Spec Protocol-Alert Protocol
![Page 8: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/8.jpg)
8
SSL Protocol Stack
![Page 9: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/9.jpg)
9
Key SSL Concepts
• Connection: a transport that provides a suitable type of service. Every connection is associated with one session.
• Session: an association between client and server. Defien a set of sryptographic security parameters which can be sharedby multiple connections.
![Page 10: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/10.jpg)
10
SSL Record Protocol Operation
![Page 11: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/11.jpg)
11
SSL Protocols
• Change Cipher Spec Protocol: simplest protocol, consists of a single byte with a value of 1; causes the pending state to be copied into the current state.
• Alert Protocol: used to convey SSL related alerts to the peer entity. Each message consisst of 2 bytes; the first denotes a warning or fatal error.
![Page 12: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/12.jpg)
12
Handshake Protocol
• The most complex part of SSL.• Allows for servers and clients to
authenticate each other, negotiate an encryption and MAC algorithm and cryptographic keys to protect data.
• Used before any application data is transmitted.
![Page 13: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/13.jpg)
13
Handshake Protocol Phases
• Phase 1: Initiates logical connection• Phase 2: passes certificate, additional key
information and request for client certificate. Also passes server-done message.
• Phase 3: client sends message to server depending on underlying public-key scheme.
• Phase 4: completes setting up the secure connection.
![Page 14: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/14.jpg)
14
802.11i Operational Phases
![Page 15: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/15.jpg)
15
802.11i Architecture
• Authentication: protocol used to define an exchange between a user and an AS
• Access control: function that enforces the use of the authentication function, routes messages properly and facilitates key exchange.
• Privacy with message integrity: MAC-level data are encrypted along with a message integrity code that ensures that the data have not been altered.
![Page 16: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/16.jpg)
16
802.11i Access Control
![Page 17: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/17.jpg)
17
Intrusion Detection
• Security Intrusion: a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so.
• Intrusion Detection: A security service that monitors and analyzes system events for the purpose of finding and providing real-time or near-real-time warning of, attempts to access system resources in an unauthorized manner.
• Intrusion Detection System Classification:-Host-based IDS-Network-based IDS
![Page 18: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/18.jpg)
18
IDS Logical Components
• Sensors• Analyzers• User Interface
![Page 19: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/19.jpg)
19
Approaches to Host-Based IDSs
• Anomaly Detection: involves the collection of data relating to the behavior of legitimate users over time.-Threshold Detection-Profile based
• Signature Detection: involves an attempt to define a set of rules or attack patterns that can be used to decide an intruders behavior.
![Page 20: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/20.jpg)
20
Firewalls
• Provides an additional layer of defense between internal systems and external networks
• Firewalls use four techniques:-Service Control-Direction Control-User Control-Behavior Control
![Page 21: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/21.jpg)
21
Firewall Capabilities
• Defines a single choke point that keeps unauthorized users out of the protected network.
• Provides a location for monitoring security-related events.
• Provides a platform for several Internet functions.
• Serves as a platform for IPSec.
![Page 22: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/22.jpg)
22
Firewall Limitations
• Cannot protect against attacks that bypass the firewall.
• May not protect against all internal threats.• A wireless LAN may be accessed from
outside.• A client (Laptop, PDA, portable storage
device, etc) may be infected outside and then attached internally
![Page 23: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/23.jpg)
23
Firewall Types
![Page 24: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/24.jpg)
24
Antivirus Approaches
• Prevention: Do not all the virus to get into the system.
• Detection: Once infection has occurred, determine that it has occurred and locate the virus.
• Identification: Once detection has been achieved, identify the specific virus that has infected a program.
• Removal: Remove all traces of the virus and restore the program to its original state.
![Page 25: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/25.jpg)
25
Generic Decryption
• Enables antivirus programs to detect complex polymorphic viruses.
• Generic Decryption elements:-CPU emulator-Virus signature scanner-Emulation control module
• The most difficult design issue is to determine how long to run the scanner.
![Page 26: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/26.jpg)
26
Digital Immune System
• Developed first by IBM, then refined by Symantec.
• Provides a general purpose emulation and virus detection system.
• Detects new viruses, analyze them, adds detection and shielding for it, removes it and passes information on about that virus to other systems.
![Page 27: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/27.jpg)
27
Digital Immune System
![Page 28: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/28.jpg)
28
Behavior Backbone Software
• Integrates with the operating system and monitors program behavior in real-time for malicious actions.
• Blocks potentially malicious actions.• Suspicious software is also blocked.
![Page 29: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/29.jpg)
29
Behavior-Blocking Software Operation
![Page 30: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/30.jpg)
30
Requirements for Worm Countermeasures
• Generality• Timeliness• Resiliency• Minimal denial-of-service costs• Transparency• Global and local coverage
![Page 31: Chapter 19: Computer and Network Security Techniques](https://reader035.vdocuments.site/reader035/viewer/2022062316/568168cd550346895ddfba8a/html5/thumbnails/31.jpg)
31
Classes of Worm Defense
• Signature-based worm scan filtering• Filter-based worm containment• Payload-classification-based worm
containment• Threshold random walk (TRW) scan detection• Rate limiting• Rate halting