Escolar Documentos
Profissional Documentos
Cultura Documentos
Supakorn Kungpisdan
Education
PhD (Computer Science and Software Engineering), Monash University, Australia M.Eng. (Computer Engineering), KMUTT
Specializations
Information and Network Security, Electronic Commerce, Formal Methods, Computer Networking
Experiences
Associate Dean (Research), FIST Director, Master of Science in Network Engineering, MUT
http://supakorn.mut.ac.th/ http://www.msne.mut.ac.th/
NETE0519-ISEC0513 2
Course Descriptions
Textbook W. Stallings: Cryptography and Network Security, 4th Edition, Pearson Prentice Hall, ISBN 0-13-202322-9
Supplementary materials
M. E. Whitman and H. J. Mattord, Principles of Information Security, 3rd Edition, Thomson, ISBN 1-4239-0177-0 G. De Laet and G. Schauwers: Network Security Fundamentals, Cisco Press, ISBN 1-58705-167-2
http://www.msne.mut.ac.th/
NETE0519-ISEC0513
Evaluation Criteria
Quizzes 10% Lab 30% Midterm exam 20% Final exam 40%
NETE0519-ISEC0513
Course Outlines
Network Security Overview Information Security
Symmetric Cryptography, Public-key Cryptography, Hash Functions and MAC
Network Security
IP Security, Web Security, Email Security, Firewalls, Intrusion Detection Systems
Security Management
Security Standards and Policy
NETE0519-ISEC0513
The highest priority risk is getting less attention than the lower priority risk
NETE0519-ISEC0513 7
NETE0519-ISEC0513
NETE0519-ISEC0513
NETE0519-ISEC0513
10
NETE0519-ISEC0513
11
Windows: Conficker/Downadup
Attacks on Microsoft Windows operating systems were dominated by Conficker (aka Downadup) worm variants (5 variants) (first detect in Nov 2008) More than 5 million computers in 200 countries were infected For the past six months, over 90% of the attacks recorded for Microsoft targeted the buffer overflow vulnerability described in the Microsoft Security Bulletin MS08-067. Believed to be the largest computer worm infection since the 2003 SQL Slammer
NETE0519-ISEC0513
12
Conficker
NETE0519-ISEC0513
http://en.wikipedia.org/wiki/Conficker
13
NETE0519-ISEC0513
14
NETE0519-ISEC0513
15
NETE0519-ISEC0513
16
NETE0519-ISEC0513
17
NETE0519-ISEC0513
18
NETE0519-ISEC0513
19
NETE0519-ISEC0513
20
NETE0519-ISEC0513
21
NETE0519-ISEC0513
22
NETE0519-ISEC0513
23
NETE0519-ISEC0513
24
NETE0519-ISEC0513
25
Microsoft OS Vulnerabilities
NETE0519-ISEC0513
26
NETE0519-ISEC0513
27
NETE0519-ISEC0513
28
NETE0519-ISEC0513
29
NETE0519-ISEC0513
30
NETE0519-ISEC0513
31
NETE0519-ISEC0513
32
Steps 3 & 4: Dump Hashes and Use Passthe-Hash Attack to Pivot (cont.)
The attacker uses shell access of the initial victim system to load a local privilege escalation exploit program onto the victim machine. This program allows the attacker to jump from the limited privilege user account to full system privileges on this machine. The attacker uses shell access of the initial victim system to load a local privilege escalation exploit program onto the victim machine. This program allows the attacker to jump from the limited privilege user account to full system privileges on this machine. Instead of cracking the local administrator password, the attacker uses a Windows pass-the-hash program to authenticate to another Windows machine on the enterprise internal network, a fully patched client system on which this same victim user has full administrative privileges.
NETE0519-ISEC0513 33
NETE0519-ISEC0513
34
NETE0519-ISEC0513
35
NETE0519-ISEC0513
36
What is Security?
The quality or state of being secureto be free from danger A successful organization should have multiple layers of security in place:
Information Security Systems Security Network Security Security Management Physical security
NETE0519-ISEC0513
38
Security Trends
NETE0519-ISEC0513
39
C.I.A Triangle
Confidentiality
Ensure that the message is accessible only by authorized parties
Integrity
Ensure that the message is not altered during the transmission
Availability
Ensure that the information on the system is available for authorized parties at appropriate times without interference or obstruction
NETE0519-ISEC0513
40
Threat
A set of circumstances or people that potentially causes loss or harm to a system
Attack
An action or series of actions to harm a system
NETE0519-ISEC0513
41
NETE0519-ISEC0513
42
NETE0519-ISEC0513
43
NETE0519-ISEC0513
44
Types of Attacks
Interruption
Attack on Availability
Interception
Attack on Confidentiality
NETE0519-ISEC0513
45
Fabrication
Attack on Authenticity Impersonation, masquerading
NETE0519-ISEC0513
46
Active Attacks
Involve modification of the data stream or creation of a false stream E.g. Masquerade, replay, message modification, denial of services Potentially detected by security mechanisms Interruption, Modification, Fabrication
NETE0519-ISEC0513
47
Hackers
White Hat Hackers Grey Hat Hackers Script Kiddies Hacktivists Crackers or Black Hat Hackers
NETE0519-ISEC0513
48
Malicious Codes
Viruses
A destructive program code that attaches itself to a host and copies itself and spreads to other hosts Viruses replicates and remains undetected until being activated.
Trojans
Externally harmless program but contains malicious code
Spyware
Software installed on a target machine sending information back to an owning server
Worms
Unlike viruses, worms is independent of other programs or files. No trigger is needed.
NETE0519-ISEC0513 49
NETE0519-ISEC0513
50
NETE0519-ISEC0513
51
NETE0519-ISEC0513
52
NETE0519-ISEC0513
53
Security Controls
NETE0519-ISEC0513
54
NETE0519-ISEC0513
55
NETE0519-ISEC0513
56
NETE0519-ISEC0513
57
NETE0519-ISEC0513
58
NETE0519-ISEC0513
59
The most successful also involve formal development strategy referred to as systems development life cycle
NETE0519-ISEC0513
60
NETE0519-ISEC0513
61
NETE0519-ISEC0513
62
Security as Art
No hard and fast rules nor many universally accepted complete solutions No manual for implementing security through entire system
NETE0519-ISEC0513
63
Security as Science
Dealing with technology designed to operate at high levels of performance Specific conditions cause virtually all actions that occur in computer systems Nearly every fault, security hole, and systems malfunction are a result of interaction of specific hardware and software If developers had sufficient time, they could resolve and eliminate faults
NETE0519-ISEC0513 64
NETE0519-ISEC0513
65
Questions?
Next week Symmetric Cryptography and Applications