@Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security Fall 2008.
Post on 30-Dec-2015
216 Views
Preview:
Transcript
@Yuan Xue (yuan.xue@vanderbilt.edu)
CS 285 Network Security
Fall 2008
@Yuan Xue (yuan.xue@vanderbilt.edu)
Course Information
When and Where Tuesday/Thursday 11am-12:15pm 209 Featheringill Hall
Instructor: Yuan Xue (yuan.xue@vanderbilt.edu) Office: 383 Jacobs Hall, Phone: 615-322-2926 Office hours: Monday/Thursday 2pm-3pm or by
appointment.
Web: http://vanets.vuse.vanderbilt.edu/~xue/cs285fall08/index.html
@Yuan Xue (yuan.xue@vanderbilt.edu)
Books and References
Textbook [WS] Cryptography and Network Security:
Principles and Practice (4th Edition) by William Stallings
Reference books [KPS] Network Security: Private Communication in
a Public World (2nd Edition), by Charlie Kaufman, Radia Perlman, Mike Speciner
[CSP] Security in Computing (3rd Edition), by Charles P. Pfleeger, Shari Lawrence Pfleeger
[MB] Computer Security: Art and Science, by Matthew A. Bishop
@Yuan Xue (yuan.xue@vanderbilt.edu)
Course Component
Lecture Slides + white board Take note Online digest/slides
Participation Discussion Presentation
Homework 5 assignments
MidtermProject
Grading Policy Participation:
10% Homework: 35% Midterm: 25% Project: 30%
@Yuan Xue (yuan.xue@vanderbilt.edu)
What you will learn from this course
What is “Security”?Where the security problems come from? Potential threats to a system
What are the solutions? Apply an appropriate mix of security measures
(protective, defensive, etc) Knowing what has worked, what has failed.
Security involves many aspects -Operating system, programming language, administration and policy
Our FocusNetwork Security
@Yuan Xue (yuan.xue@vanderbilt.edu)
Course Topics
Security Basics and Principles Symmetric/ Asymmetric Cryptography Basic concept, algorithm, mechanism, Design principles
Security Practices Secure protocols, systems and applications Hand-on experiences Secure network programming
Hot Topics and Recent Development Wireless security, DoS attack, etc.
@Yuan Xue (yuan.xue@vanderbilt.edu)
Survey and Feedback
Your input is important
Online Survey http://www.zoomerang.com/Survey/?p=WEB22873V62Y
WQ Feedback
@Yuan Xue (yuan.xue@vanderbilt.edu)
What is security?In general, security is the condition of being protected against danger or loss. (Wikipedia)In computer security and network security What are the subjects that need to be
protected?
Let’s start with some terms System
computer, network, application, data, resource Principal: an entity that participate in a
system user, person
@Yuan Xue (yuan.xue@vanderbilt.edu)
What is security?Computer Security Confidentiality means that only authorized
people or system can access the data or resource.
Integrity refers to the trustworthiness of data or resources. Data integrity means that data can only be modified
by authorized people or system in authorized ways Origin integrity means that the source of the data is
trustworthy, also called authentication. Message authentication means messages received
are exactly as sent (i.e. no modification, insertion, deletion, or replay), and the ID of the sender is valid.
Note: timing information Availability means that people has the ability to
use the information or resource desired.
@Yuan Xue (yuan.xue@vanderbilt.edu)
Where the security problem comes from?Let’s look at some example systems:
Bank Bookkeeping
Core operations customer account, journals recording the transactions
Who has the access to the information? Bank’s own staff – what if they cheat?
ATM Authenticate users based on card and ID number
Let’s go Internet The user – how do we know they are the “real” (authenticate)
user? Protect web servers and bookkeeping database
@Yuan Xue (yuan.xue@vanderbilt.edu)
Where the security problem comes from?
Hospital Patient record system
Who can access the record? – Many parties – insurance company, care giver, researcher,
etc Complicated -- role can change Privacy issue – HIPPA
Anonymize the record for research Is it sufficient?
Show me all records of 59-year-old males who were treated for a broken collarbone on September 15, 1966
Drug management Let’s go to Web
….
@Yuan Xue (yuan.xue@vanderbilt.edu)
Issues that will be addressed in this class
@Yuan Xue (yuan.xue@vanderbilt.edu)
Network Security IssuesFrom a Computer to Internet Single computer Networking environment
Secure communication in a public environment Computer system security with remote access
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Network Security
@Yuan Xue (yuan.xue@vanderbilt.edu)
Some Simple Scenarios
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Bob Alice
Darth
Read content of the messagefrom Bob to Alice
@Yuan Xue (yuan.xue@vanderbilt.edu)
Some Simple Scenarios
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Bob Alice
Darth
Modify content of the messagefrom Bob to Alice
@Yuan Xue (yuan.xue@vanderbilt.edu)
Some Simple Scenarios
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Bob Alice
Darth
capture the message from Bob to AliceAnd replay the message later
@Yuan Xue (yuan.xue@vanderbilt.edu)
Some Simple Scenarios
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Bob Alice
Darth
Pretend to be Bob tosend a message to Alice
@Yuan Xue (yuan.xue@vanderbilt.edu)
Some Simple Scenarios
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Bob Alice
Darth
Interrupt
@Yuan Xue (yuan.xue@vanderbilt.edu)
Some Simple Scenarios
Internet
Link
IP
TCP/UDP
Application
Link
IP
TCP/UDP
Application
Link
IP
Link
IP
Bob Alice
Darth
Observe message pattern
@Yuan Xue (yuan.xue@vanderbilt.edu)
What are the solutions?
@Yuan Xue (yuan.xue@vanderbilt.edu)
Why many solutions fail?
Protect wrong thingsProtect right things in the wrong way
@Yuan Xue (yuan.xue@vanderbilt.edu)
What are the solutions?
Security Basics and Principles Symmetric/ Asymmetric Cryptography Basic concept, algorithm, mechanism,
Security Practices Secure protocol designs Secure systems and applications
@Yuan Xue (yuan.xue@vanderbilt.edu)
How to study network security?
Principle of Easiest Penetration An intruder are expected to use any available
means of penetration. Computer security specialists must consider all
possible means of penetration.
Learning methodology examine all possible vulnerabilities of the system consider available countermeasures.
top related