Network Security Essentials 2/e

sweetlipscasteSecurity

Nov 2, 2013 (3 years and 11 months ago)

96 views

CSCE 815 Network Security





April 29, 2003

Exam Review



2



CSCE 815 Sp 03

Lecture Outlines

1.
Introduction

2.
Conventional Encryption

3.
Data Encryption Standard (DES)

4.
DES again

5.
Advanced Encryption Standard (AES)


Rijndael

6.
Public Key Encryption

7.
Message Authentication Codes and Hash Functions

8.
SHA Operation and Kerberos

9.
Digital Signatures & Authentication Applications

10.
Kerberos and X.509






3



CSCE 815 Sp 03

Lecture Outlines

11.
Email Security and PGP

12. Email Security and S/MIME

13. IP Security (IPSec)

14.
IPSec again

15.
Web Security
-

Secure Sockets Layer (SSL)

16.
SSL, TSL and SET

17.
Simple Network Management Protocol (SNMP)

18.
SNMP 3

19.
Intruders

20.
Intruders / Intrusion Detection




4



CSCE 815 Sp 03

Lecture Outlines

21.
SNMP 3

22. Intrusion Detection Systems

Make it up from here on!

23. Chroot Jails

24. Your Jail and HoneyNets (4/17/03)

25. HoneyNets II (4/22/03)

26. SSH Implementation (4/24/03)

27. Exam Review





5



CSCE 815 Sp 03

Lecture 11 Email and PGP

SMTP


Port 25; on top of TCP/IP; Commands


What is the normal sequence of packets for sending a piece
of email?

Email Security Enhancements: confidentiality,
authentication, message integrity, non
-
repudiation

PGP


What does it do and how?


What is DSS/SHA?


Explain Radix 64 and why it is necessary.


PGP Message format


PGP Key distribution




6



CSCE 815 Sp 03

Lecture 12 Email and S/MIME

PGP Operation

ZIV Compression

Multipurpose Internet Mail Extensions (MIME)


Why MIME? What problem does it address/solve?


Content
-
type


Content
-
Transfer
-
Encoding: 7bit (ASCII), binary, printable,
base64, X
-
token, 8 bit

IP Security


Authentication (AH) and Encapsulation


AH purpose vs Encryption


Tunnel vs Transport mode


Key Management ISAKMP


Int. Sec. Assoc. Key Manag.
Protocol; Oakley



7



CSCE 815 Sp 03

Lecture 13 IP Security

PGP HW

TCP/IP suite


What is MAC? Where is IPSec?

IPSec provides:
authentication, confidentiality, key management

IPv4 / IPv6 : header/fields (really 516 question)

Virtual Private Networks (VPN)


Explain how to use IPSec to build a VPN

Security Associations


what is one?

Transport mode vs Tunnel mode


What is a mutable field?


What is authenticated? What is encrypted? In IPv4? In IPv6?



8



CSCE 815 Sp 03

Lecture 14 IP Security Again

Applications/Benefits of IPSec

Encapsulating Security Payload (ESP)


Encryption


Authentication


IPv4 packets


IPv6 packets

Security Associations


Tunneling


Combinations of SAs

Oakley

ISAKMP




9



CSCE 815 Sp 03

Lecture 15 Web Security Sec. Sock. L.

Oakley Example (fig 6.11)

ISAKMP


Packet format and fields

ISAKMP Exchanges


Base exchange, Identity protection exchange, Authentication
only, Aggressive, Informational only (one
-
way)

Security in the TCP/IP hierarchy


Application layer


Transport Layer: SSL, TLS


Network Layer

SSL Architecture


Record protocol, record format, handshake protocol


TLS



10



CSCE 815 Sp 03

Lecture 16 Web Security SSL again

PGP one more time: key distribution

SSL/TLS

SSL record services:
confidentiality and message integrity

MAC calculation

Cipher Spec and Alert protocols

Handshake protocol

1.
Establish security capabilities: key exchange, cipherSpec

2.
Server authentication and key exchange

3.
Client authentication and key exchange

4.
Finish up

TLS

SET



11



CSCE 815 Sp 03

Lecture 17 SNMP

Simple Network Management Protocol

SNMP, SNMPv2, SNMPv3

SNMP


Need, Goals, management station, management agents


SNMP operations: GET/SET, TRAP

Management Information Base

SNMP protocol


On top of UDP/IP


SNMP proxies

SNMP v2

SNMP v3


SNMPv3 architecture


manager, agents, message flow, modules


User Security Model(USM): message formats


Key localization


Access control (VACM)




12



CSCE 815 Sp 03

Lecture 18 SNMP again

SNMP proxies

MIB objects

SNMP v3


PDU processing


message processing


UD倠


I倠

MAC

SNMP Engine Modules:


Dispatcher, message processing, security and access control subsystems


SNMP Manager trace


SNMP agent trace


SNMPv3 terminology (table 8.2)

User Security Model (USM):
message format, designed for, not
designed for, USM timeliness mechanisms

View Based Access Control

Key Localization

Intruders: Unix passwords




13



CSCE 815 Sp 03

Lecture 19 Intruders

Klein’s password guessing research

Unix passwords:
files, scheme, salt, DES, access control,
shadow


Password Selecting Strategies


Computer generated, reactive, proactive password
checking


Markov model, bloom filters

Markov Model


Is this bad password?


Was 瑨is genera瑥d by Markov model?

Bloom Filters


Design hash scheme to minimize false positives

Malicious Programs




14



CSCE 815 Sp 03

Lecture 19 Intruders

Klein’s password guessing research

Unix passwords:
files, scheme, salt, DES, access control,
shadow


Password Selecting Strategies


Computer generated, reactive, proactive password
checking


Markov model, bloom filters

Markov Model


Is this bad password?


Was 瑨is genera瑥d by Markov model?

Bloom Filters


Design hash scheme to minimize false positives

Malicious Programs




15



CSCE 815 Sp 03

Lecture 20 Intruders

Stages of Network Intrusion

Denning’s Audit records

Taxonomy of malicious programs

Viruses

Trusting Trust


Ken Thompson

Buffer Overflows



16



CSCE 815 Sp 03

Lecture 21 Intrusion Detection Systems

Tools of the Trade


Reconnaissance


Social Engineeering


Port scanners


Passive operating system identification

Information Sources


SANS top 20


CERT (CMU), NIST, newsgroups

Physical Security

Protocol Review: IP, TCP, UDP, ARP, ICMP,
HTTP,SMTP,SSH, SNMP, FTP

Spoofing Attacks: ARP, IP, SMTP, DNS




17



CSCE 815 Sp 03

Lecture 22 Intrusion Detection Systems

Protocol Review: IP, TCP, UDP, ARP

Spoofing Attacks: ARP, IP, SMTP, DNS

GDB capabilities

IP Spoofing Attacks


Raw sockets


Blind spoofing how


Preventing:

ARP Spoofing Attacks: arp cache, arp command

DNS Spoofing, Email Spoofing

Firewall:


Packet filters, IP tables

Chroot Jails: jail implementation, User Mode Linux




18



CSCE 815 Sp 03

Lecture 23 Jails and such

Network Administration tools:
ifconfig, netstat, /etc, /sbin

Firewall limitations

IPtables


IPchains, netfilter, Rules

Chroot Jail Implementation


Chdir


Chroot


exec(“chRootedShell”)


Set user ID bit, adjust environment variables

User Mode Linux (the other UML):


creates virtual machine






19



CSCE 815 Sp 03

Lecture 24 Your Jail and HoneyNets

Gen II Honeynet vs Honeypot

Honeynet Bridge


eth0, eth1, eth2


Bridging kernel: avoids detection


Logs interaction


Provides data control

Detection: Tripwire

Data Capture


Snort
-
inline, system loggers (comlog for Windows)


Keystroke logging






20



CSCE 815 Sp 03

Lecture 25 Data Control in HoneyNets

Access limiting with IPtables

Connection Limiting

Rc firewall




21



CSCE 815 Sp 03

Lecture 26 SSH and SSH Implementation