Network Security

agreeableflounderΔίκτυα και Επικοινωνίες

21 Νοε 2013 (πριν από 4 χρόνια και 11 μήνες)

272 εμφανίσεις

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

1

Network Security

Network Security Essentials:

Applications and Standards


William Stallings
原著

(
Prentice Hall
出版
)

網路安全精要

(
蔡文能

葉義雄


)


培生教育出版社



http://williamstallings.com/NetSec.html




http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

2

Introduction


I. Cryptography


Ch2
Conventional Encryption and Message Confidentiality


Ch3
Public
-
key Cryptography and Message Authentication





http://williamstallings.com/NetSec.html




http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

3

Introduction (2)


Network Security Applications


Ch4
Authentication Applications

* Kerberos

(Project Athena at MIT)
* X.509


Ch5
Electronic Mail Security

*
PGP

(Pretty Good Privacy) *
S/MIME



Ch6
IP Secutiry

* Security at the Internet Protocol level (
IPSec
)


Ch7
Web Security
---

* SSL(TLS) * SET


Ch8
Network Management Security
---

* SNMP

http://williamstallings.com/NetSec.html




http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

4

Introduction (3)



System Security


Ch9
Intruders and Viruses


Intrusion

* Intrusion

Detection
* Virus
, Antivirus



Ch10
Firewalls

* Packet Filtering * Data Access Control






http://williamstallings.com/NetSec.html




http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

5

Outline


Attacks, services and mechanisms


Security attacks


Security services


Methods of Defense


A model for Internetwork Security


Internet standards and RFCs


http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

6

Attacks, Services and
Mechanisms




Security Attack:

Any action that
compromises the security of information.


Security Mechanism:

A mechanism that is
designed to detect, prevent, or recover from a
security attack.


Security Service:

A service that enhances
the security of data processing systems and
information transfers. A security service
makes use of one or more security mechanisms.


http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

7

Security Attacks


Interruption:

This is an attack on
availability


Interception:

This is an attack on
confidentiality


Modification:

This is an attack on
integrity


Fabrication:

This is an attack on
authenticity


http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

8

Security Attacks

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

9

Security Goals

Integrity

Confidentiality

Avalaibility

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

10

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

11

Security Services


Confidentiality (privacy)


Authentication (who created or sent the data)


Integrity (has not been altered)


Non
-
repudiation (the order is final)


Access control (prevent misuse of resources)


Availability (permanence, non
-
erasure)



Denial of Service Attacks



Virus that deletes files


http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

12

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

13

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

14

Methods of Defence


Encryption


Software Controls (access limitations
in a data base, in operating system
protect each user from other users)


Hardware Controls (smartcard)


Policies (frequent changes of
passwords)


Physical Controls

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

15

TCP/IP
網路通訊協定


TCP/IP network model


Layer



Function

Application

End
-
user application programs

Transport

Communication among programs on a net (TCP/UDP)

Network

Basic communication, addressing, and routing (IP, ICMP)

Link



Network hardware and device drivers(ARP, RARP)


4.
應用層

, 3.
傳輸層
(
Transport Layer), 2.
網路層
, 1.
鏈結層
(
Link Layer)



http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

16

TCP/IP 4 Layers











arp

rlogin, talk, ftp

NFS, DNS

traceroute

TCP

UDP

IP

ICMP

ARP, Device Drivers

Ethernet

Header

IP

Header

TCP

Header

Application

Data

Ethernet

Trailer

ETHERNET FRAME

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

17

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

18


常見名詞術語


MAC Address


00
-
D0
-
B7
-
25
-
3F
-
A8


IP Address


140.113.2.138


Prot #



TCP 21 (for FTP)


FQDN



ftp.csie.nctu.edu.tw


DNS Server


Domain Name Service


Router, Switch, Hub




http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

19

ISO OSI 7 Layers


In the OSI reference model, there are
seven numbered layers, each of which
illustrates a particular network
function. This separation of
networking functions is called
layering
.

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

20

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

21

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

22

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

23

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

24

Similarities


Both have layers


Both have application layers, though they
include very different services


Both have comparable transport and
network layers


Packet
-
switched (not circuit
-
switched)
technology is assumed


Networking professionals need to know
both

http://www.csie.nctu.edu.tw/~tsaiwn/course/ns/htt
p://www.csie.nctu.edu.tw/~tsaiwn/course/ns/

25

Differences


TCP/IP combines the presentation and session layer
issues into its application layer


TCP/IP combines the OSI data link and physical
layers into one layer


TCP/IP appears simpler because it has fewer layers


TCP/IP protocols are the standards around which
the Internet developed, so the TCP/IP model gains
credibility just because of its protocols. In contrast,
typically networks aren't built on the OSI protocol,
even though the OSI model is used as a guide