Documente Academic
Documente Profesional
Documente Cultură
Countermeasures
Patch Management System
Intrusion Prevention Systems
Intrusion Detection Systems
Anti-Virus
Content Management
Firewalls
VPN
PKI
Patch Management :
Why reaction time matters
Worm
11 days
16 days
24 days
53 days
58 days
64 days
172 days
180 days
208 days
Lessons Learned
10
11
12
Prevention
Network Segmentation
Network-Level Detection
Periodic polling against a standard database of IP,
h/w address, name, location - raise alerts
SNMP agent based monitoring
RMON Protocol -- RFC 1271
BTNG ( Beholder the Next Gen) is an RMON agent- avail
from Delft Univ
Ticklet an SNMP based monitoring and management
system
arpmon (Ohio-state) , ArpWatch (lbl)
16
17
Firewalls
Packet Filter
Application Level Firewall
Packets from inside the network are passed outside
unchanged
This makes a packet filter susceptible to spoofing
Packets passed through the firewall are rewritten with the
firewalls IP address
All internal IP addresses are completely hidden
18
Firewalls
19
20
10
21
Additional Measures
Good and effective Anti-Virus Server and Anti
22
11
Send email
Make purchases
Distribute software
Inventory control & order entry
Integrity
Interception
Modification
Is my communication private?
Authentication
Non-repudiation
?
Fabrication
Not
Sent
Claims
Not
Received
12
Secret
Public
Secret Key
Public Key
Specialized uses of cryptography:
Digital Signature
Digital Certificates
Digital
Certificate
25
Cryptography involves:
encryption
decryption
Secret Key
algorithm
Secret Key
algorithm
Secret
13
INTERNET
27
Public Key
algorithm
Public Key
algorithm
Private
14
INTERNET
29
Digital Signature
Everyone has a Signature Key Pair
Public Network
or Directory
1) A provides
copy of Public
Key to B
2) A signs
information
using Private
Key
(either
method)
Public Key
Signed Data
3) B verifies
signature using
As Public Key
15
A Closer Look at
Digital Signature
Digital Signature:
Electronic (digital) stamp
appended to data before sending
The result of encrypting the Hash
of the data to be sent on the network
Any change (to data or signature) will
cause the signature verification to fail
Data with
electronic
stamp
Hash - or Digest:
Speeds up the signing (encrypting) process
One-way conversion of the data to a fixed length field that
uniquely represents the original data
Hash
Function
Hash Result
Signing
Function
Digital
Signature
Signed Data
Private
of A
32
16
Digital
Signature
Hash
Function
Hash Result
Verify
Function
Hash Result
So the receiver
can compare
hashes to
verify the
signature
Valid compare
Yes / No ?
Signed Data
Public
of A
33
Security Solutions
Some security mechanisms:
Secret Key encryption
Public Key encryption
Digital signature
Hashing
Confidentiality
Integrity
Authentication
Non-repudiation
34
17
Non-Repudiation
Digital Signature
Integrity
Digital
Signature
Authentication
???
Authentication
Identification:
How you tell someone who you are
Authentication:
How you prove to someone you are who
you say you are
36
18
Electronic Solution:
Digital
Certificates
Digital Certificates
. . . Because a trusted third party has authenticated
that the Public Key belongs to A:
Certification Authority (CA)
Signed Message
containing
As Name
&
Public Key
Digital Certificate
38
19
Certification Authority
Certification Authority assumes the responsibility of
authenticating Certificate identity information
Like a Government for passports
CA authentication techniques:
Check against existing records
Employee databases
Background check
Government databases
20
Information Checkpoint
How do we solve the 4 security needs?
Confidentiality
Encryption:
Secret key
Public key
Non-Repudiation
Digital Signature
Integrity
Digital
Signature
Authentication
Digital Certificates
21