Network Security

Lecture 1 Course Overview http://web.uettaxila.edu.pk/CMS/coeCCNbsSp09/index.asp

Waleed Ejaz waleed.ejaz@uettaxila.edu.pk

Overview

Goal of this course Grading Prerequisites Tentative Schedule Security Goals

Goal of This Course

Comprehensive course on network security Includes both theory and practice Theory: Cryptography, Hashes, key exchange, Email Security, Web Security Practice: Hacking and Anti-Hacker techniques Graduate course: (Advanced Topics)

Lot of independent reading and writing Project/Survey paper

CERT

Computer emergency response team (CERT) Security is a #1 concern about Internet. Significant industry and government investment in security

Prerequisites

Computer Communication & Networks

Prerequisites

ISO/OSI reference model TCP/IP protocol stack Full-Duplex vs half-duplex UTP vs Wireless Cyclic Redundancy Check (CRC) CRC Polynomial Ethernet IEEE 802 MAC Addresses Bridging and Routing IEEE 802.11 LAN

Prerequisites (contd.)

IP Address Subnets Private vs Public Addresses Address Resolution Protocol (ARP) Internet Control Message Protocol (ICMP) Routing - Dijkstra's algorithm Transport Control Protocol (TCP) User Datagram Protocol (UDP) TCP connection setup TCP Checksum Hypertext Transfer Protocol (HTTP)

Text Book

Charlie Kaufman, Radia Perlman, and Mike Speciner, "Network Security: Private Communication in a Public World," 2nd Edition, Prentice Hall, 2002, ISBN: 0130460192.

Reference Book

Cryptography and Network Security, by William Stallings, Prentice Hall, 4th Edition, 2006
Few topics from this book will be followed during this course. All relevant material will be provided as notes or as part of the class slides.

Course Outline

Course Overview Security Concepts TCP/IP Security Attacks Security Key Cryptography (Chapter 3) Modes of Operation (Chapter 4) Hashes and Message Digest (Chapter 5) Public Key Cryptography (Chapter 6) Authentication: Passwords, Biometrics (Chapter 10) Kerberos (Chapter 14) Public Key Infrastructure (Chapter 15) IPSec (Chapter 17)

10

Course Outline (contd.)

Internet Key Exchange (IKE) (Chapter 18) Web Security: SSL/TLS (Chapter 19) Email Security: PGP (Chapter 22) Firewalls (Chapter 23) VPNs DNS Security Network Access Controls: AAA Wireless Security Intrusion Detection DMZ (LAN->WAN)

11

Grading

Assignments Quizzes Grand Quiz Labs Final Exam

5 10 10 25 100

12

Term Project

A survey paper on a network security topic " Wireless Network Security " Key Exchange Protocols " Comprehensive Survey: Technical Papers, Industry Standards, Products A real attack and protection exercise on the security of a system (web server, Mail server, ) Groups of 2 students (Hacker and Administrator) Recent Developments: Last 5 to 10 years Not in books Better ones may be submitted to magazines or journals

13

Project Schedule

Topic Selection/Proposal References Due Outline Due First Draft/Demo Due Reviews/comments Returned Final Report Due

14

Office Hours

Thursday: 1:30 PM to 3:00 PM Office: Room 9 Contact Office: +92-51-9047573 Best way to communicate with me in other then office hours is email: waleed.ejaz@uettaxila.edu.pk

15

FAQs

Yes, I do use curve. Your grade depends upon the performance of the rest of the class. All homeworks are due on the following Friday unless specified otherwise. Any late submissions, if allowed, will *always* have a penalty. All exams are closed-book and extremely time limited. Exams consist of numerical and may be multiple-choice (truefalse) questions.

16

Security Goals

Security Goals

Confidentiality: Need access control, Cryptography, Existence of data Integrity: No change, content, source, prevention mechanisms, detection mechanisms Availability: Denial of service attacks,

Confidentiality, Integrity and Availability (CIA)

17

Security Attacks
Security Attacks

Snooping

Modification

Denial of Service Threat to Availability

Traffic Analysis
Threat to Confidentiality

Masquerading
Replaying

Repudiation
Threat to Integrity

18

Passive Versus Active Attacks

Bob

Alice

Alice and Bob want to communicate in presence of adversaries

Adversaries:

Passive just looking Active may change msgs

19

Categorization of passive and active attacks

Attacks Snooping Traffic Analysis Modification Masquerading Replaying Repudiation Denial of Service Passive/Active Passive Threatening Confidentiality

Active

Integrity

Active

Availability

20

Student Questionnaire

Name: _________________________________________ Email: _________________________________________ Phone: _________________________________________ Degree: ______________ Expected Date: _________________ Technical Interest Area(s): _____________________________ Prior networking related courses/activities:________________ Prior security related courses: _________________________ If you have a laptop or desktop, its operating system: _______ Do you have a WiFi interface? _____ I agree to abide by the rules and will not use the techniques on any computer other than mine or Network security lab. Signature: _______________________ Date: _____________

21

Lab Home Work 1: Gathering Information

Learn about IPconfig, ping, arp, nslookup, whois, tracert, netstat, route, hosts file 1. Find the IP addresses of www.google.com 2. Modify the hosts file to map www.google.com to 128.252.166.33 and do a google search. Remove the modification to the host file and repeat. 3. Find the domain name of 128.272.165.7 (reverse the address and add .inaddr. arpa) 4. Find the owner of www.google.com domain 5. Find route from your computer to www.google.com 6. Find the MAC address of your computer 7. Print your ARP cache table. Find a server on your local network. Change its ARP entry in your computer to point to your computers MAC address. Print new ARP cache table. Now use the service and see what happens. 8. Print your routing table and explain each line (up to line #20 if too many) 9. What is the number of packets sent with destination unreachable 10. Find the location of 128.252.166.33 (use www.ipaddresslocation.org)

22

Quiz 0: Prerequisites
1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

True or False? Subnet mask of 255.255.255.254 will allow 254 nodes on the LAN. Time to live (TTL) of 8 means that the packet can travel at most 8 hops. IP Address 128.256.210.12 is an invalid IP address CRC Polynomial x32+x15+1 will produce a 32 bit CRC. DHCP server is required for dynamic IP address assignment DNS helps translate an name to MAC address Port 80 is used for FTP. IPv6 addresses are 32 bits long. New connection setup message in TCP contains a syn flag. 192.168.0.1 is a public address. Marks = Correct Answers _____ - Incorrect Answers _____ = ______

23

Quiz 0: Prerequisites (Solution)

1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

True or False? Subnet mask of 255.255.255.254 will allow 254 nodes on the LAN. False Time to live (TTL) of 8 means that the packet can travel at most 8 hops. True IP Address 128.256.210.12 is an invalid IP address. True CRC Polynomial x32+x15+1 will produce a 32 bit CRC. True DHCP server is required for dynamic IP address assignment. True DNS helps translate an name to MAC address. False Port 80 is used for FTP. False IPv6 addresses are 32 bits long. False New connection setup message in TCP contains a syn flag. True 192.168.0.1 is a public address. False Marks = Correct Answers _____ - Incorrect Answers _____ = ______

24

Questions!

25