|
1
|
|
|
2
|
- In an idealized computing environment, all data can be open to all
parties on a network and if not all parties are trusted to keep
sensitive information private.
|
|
3
|
- The goals for protecting any network are to assure all parties that the
following criteria are met:
|
|
4
|
- Threats to network security typically come in any of four forms:
|
|
5
|
|
|
6
|
- Eavesdropping
- - Easy to do on broadcast networks.
- - This normally involves setting the network interface controller of a
host into "promiscuous mode". This allows the host to
observe all traffic on the local subnet which would otherwise not be
visible to this host.
- Masquerading
- IP masking techniques operations, Man-in-the-Middle attacks.
- Message Tampering
- Simple store and forward operations.
- Difficult with broadcast networks.
- Replay
- Interception and duplication of transmissions at a later time.
|
|
7
|
- Effective Cryptography RSA, DES
- Software Controls - firewall
- Hardware Controls -
- Physical Controls smartcards, biometrics
- Security Policies & Procedures
- User Education
- Penalty of Law
|
|
8
|
- Cryptosystems can be as simple as a table of symbols offset by a fixed
value. This table can then be
used to encode a plaintext message.
The result is a ciphertext message that is not clearly readable.
- Most modern cryptography is done using methods where decipherment is not
feasible without the use of computers.
|
|
9
|
- Cryptography in general represents the process of encrypting a
plain-text message into an unreadable cipher so that it can be sent
through a network to be decrypted/deciphered by the intended recipient.
|
|
10
|
- Sequence of YES or NO decisions as {1,0}
- -concatenated together as 0101110001010001
- Alpha-numerical as the same {A
Z,0
9,
}
- -ex: CDSDFJFKSLJFDICJXLVKJD
- Alpha-numeric as ASCII bit code {0,1}
- -concatenated together as 0101110001010001
- Numeric values as binary base code{1,0}
- -concatenated together as 0101110001010001
|
|
11
|
- Systems based on the exchange of keys to ensure that messages sent can
be decoded/decrypted by the intended recipient only.
- Difference between private and public is the method in which the keys
are exchanged.
|
|
12
|
- Keys exchanged prior to communications.
Parties verified at that time.
- Key to encrypt message is the same as key to decrypt.
- Encryption Algorithm different from Decryption Algorithm (inverse
operation).
- DES encryption is an example of Private Key Cryptography.
|
|
13
|
- No shared secret key.
- Public key different from private key.
- Encryption Algorithm different from Decryption Algorithm (inverse
operation).
- RSA encryption is an example of Public Key Cryptography.
|
|
14
|
- DES Key is encrypted using Public Key of User2 (end user).
- Both users end up with a shared DES Key.
- Encryption Algorithm different from Decryption Algorithm (inverse
operation).
- RSA encryption is an example of Public Key Cryptography.
|
|
15
|
- No shared secret key.
- Key to encrypt message is different key to decrypt.
- Encryption Algorithm different from Decryption Algorithm (inverse
operation).
- RSA encryption is an example of Public Key Cryptography.
|
|
16
|
- Offer similar protections as hand-written signatures in the real world.
|
|
17
|
- Digitally signed messages can have clearly viewed plaintext in the body
of the message, the objective is to verify the sender.
- Can use the following structures:
- Public Key RSA, Diffe Hellman
- Private/Secret Key DES
- Message Digests One-Way Hashing
|
|
18
|
|
|
19
|
|
|
20
|
- Firewalls filter information that passes from the outside world into a
private network.
- A firewall can restrict certain types of traffic activity on a network.
- All connections to the outside must pass through the firewall.
- Physical & IP Address accepts or rejects traffic to certain
network addresses.
- Port numbers accepts or rejects traffic to certain port numbers.
- TCP functions accepts or rejects connections from outside.
|
|
21
|
- Created as a method for secure client to server interaction over an
insecure network.
- Widely used throughout the internet.
- ISPs use PPTP to verify its members.
- VPNs (Virtual Private Networks) can be created using PPTP.
|
|
22
|
- Organizations needing to connect local networks at distant locations can
use PPTP technology to create the illusion of a private network.
- Less expensive than adding new infrastructure.
- System allows for easy setup of any potential networks using the global
Internet.
- Security risks are high:
- Open to Man-In-The-Middle Attacks, Spoofing, Masquerading, etc
|
|
23
|
- Internet Protocol Security (IPSec) is an alternative technology that
works in a similar manner to PPTP.
|
|
24
|
- Three (3) technologies offered by IPSec in coordination together.
|
|
25
|
- Secure Sockets Layer
- Also known as Transport Layer Security.
|
|
26
|
- To establish an encrypted, not necessarily authenticated, communication
channel between client and server.
- To authenticate the server, and establish a secure channel (using crypto
algorithm).
- To authenticate the server AND the client, and establish an
authenticated & secure channel.
|
|
27
|
- Authenticates the server to the client.
- Allows the server and client to select the cryptographic algorithms they
support.
- Optionally authenticate client to server.
- Use public key encryption to generate shared secrets.
- Establish an encrypted SSL connection.
|
|
28
|
|
|
29
|
|
|
30
|
|
|
31
|
- AKA Cerberus
- - Three headed guardian of the underworld in Greek mythology
- Client/Server Authentication Service.
- For mutual authentication.
- Client only uses single password for authentication.
- Combines the benefits of 3rd party authentication and
digital time stamping.
- Currently uses only symmetric keys.
- Keys to encrypt and decrypt must be the same.
- Can be used as a key distribution protocol.
|
|
32
|
- Kerberos as a key distribution protocol.
|
|
33
|
- Transactions only allowed once.
|
|
34
|
- Clients and servers must keep passwords secure.
- Security of messages sent between any hosts outside of Kerberos do not
apply.
- Poor passwords are vulnerable to attack.
|
Notes