Upload
hoangduong
View
220
Download
4
Embed Size (px)
Citation preview
CC 551 Computer and Network Security
Computer and Communication Engineering Department
Specialized Scientific Programs (SSP)
Fall 2015
Bassem Mokhtar, Ph.D.
Assistant Professor
Department of Electrical Engineering
Faculty of Engineering
Alexandria University Introduction 1-1
Course Information Instructor: Dr. Bassem Mokhtar
Office hours: Thursdays (10:30 am to 11:30 am)
Location: office room 4-4-F132
Teaching Assistants: Eng. Ahmed Shokry and Eng. Noran Ossama
Lecture hours: 2 One lecture weekly (Thursdays)
Location: C39
Tutorial and lab hours: 4 One tutorial class and lab weekly
Course website: http://eng.alexu.edu.eg/~bmokhtar/courses/network_security/fall_2015/net_security.htm Introduction 1-3
Course Outline
Covering principles of computer systems and
network security
Discussing various attack techniques and how to
defend against them
Topics include network attacks and defenses,
operating system holes, web security, e-mail,
botnet, malware, social engineering attacks,
privacy, and digital rights management
Introduction 1-4
Course Objectives Having successfully completed this course, the student will
be able to describe :
(a) The basics of network and computer security (architecting for security):
- Securing applications and operating systems - Isolation, authentication, and access control
(b) Network security (defending against a network attacker)
- Security within an IP network at different levels (physical, transport, application, …. )
- Monitoring and architecting secure networks.
(c) Web security (defending against a web attacker)
- Building robust web sites
- Understanding the browser security model
Introduction 1-5
Prerequisites
Course: CC 451 Computer Networks
Basic understanding of:
Operating systems and networking
protocols
Programming languages (C++, JavaScript,
etc.)
Introduction 1-7
References
Lecture notes
J. Joshi et al., Network Security: Know It All, Morgan Kaufmann, 2008 used for a portion of the course
C. Kaufman, R. Perlman, and M. Speciner, Network Security: Private Communication in a Public World, 2nd Edition, Prentice Hall, 2002 used for a portion of the course
W. Stallings, Cryptography and Network Security, 5th Edition, 2011 used for a portion of the course
Other supplementary readings
Introduction 1-8
Assessment
Quizzes: 5%
Assignments: 10%
Midterm exam: 20%
Project: 15% Submitting a project paper and related codes and
simulation results
Final exam: 50%
Introduction 1-9
Project The final project will run in parallel with the course. Each team (up to five
students per team) will choose freely a network security-related topic (not covered in the course)
The topic will be chosen by the team on a first-come first-serve (FCFS) basis (no more than one team per topic)
The team will need to do more extensive searching for the latest research work concerning the selected topic
Each team will prepare and submit a project paper (using WORD, LATEX) which provides qualitative study for the their topic via including: Motivation for selecting the topic
Discussion of the current research contributions related to the selected topic
Discussion of the major challenges related to the selected topic
Table of performance measure metrics for the related topic
Table of comparison which compare existing solutions/work concerning the selected topic
Showing evaluation scenarios which describe case studies related to the topic
Designing a simple simulation scenario using any simulation tool or programming language and submitting the code
Citation of all referenced work, figures, etc
-> You can add other issues based on your selected topic
Each team must work on a different topic
Teams will present their project and they will be discussed Introduction 1-10
Project Topics and Related Tools (Examples) Account and password management; PAM, password
cracking.
Logging and Auditing. Setting up a log server.
Network security reconnaissance attack; ping, nmap.
Packet sniffers; Ethereal.
Intrusion detection systems; Snort.
Configuring common services; IIS, Apache, OpenSSH, WU-FTP.
Backdoor attacks; netcat, vnc.
Firewalls, IPtables.
Security analysis and configuration tools: Nessus, Microsoft baseline security analyzer, Bastille
Attacks in special networks such wireless sensor networks; ns-2
Introduction 1-11
Finally: Interaction
In class, participation is highly recommended Questions
Comments
Disagreements
Debates … are highly encouraged
Introduction 1-12
Introduction “Security” relates to “computing or communicating
in the presence of adversaries”
Typically involves an “information system”: PC,
network of computers, cell phone, email, ATM, car,
smart grid, RFID, wireless link, medical device, …
Security relates to a “security objective” or
“security policy”: What is being prevented? What
activities or events should be prevented/detected? Introduction 1-13
Introduction Security policy usually stated in terms of:
Principals (actors or participants, perhaps in terms of
their roles)
Giving permissible (or impermissible) actions or
operations
Examples:
“Each registered voter may vote at most once.”
“Only an administrator may modify this file.”
“The recipient of an email shall be able to authenticate
its sender.” Introduction 1-14
Introduction Goals of security policies often fall into
one of three classic categories (“CIA”):
Confidentiality: information should not be
disclosed to unauthorized parties
Integrity: information should not be
modified in an unauthorized manner
Availability: system or resource shall be
available for use as intended
Introduction 1-15
Introduction
Security mechanism (aka “security control”) is a
component, technique, or method for (attempting
to) achieve or enforce security policy
Examples:
smart card for voter
password for system admin
digital signature on email
locked cabinet for server
Introduction 1-16
Introduction Security mechanisms are typically one of two
forms:
1. Prevention: keep security policy from being
violated
• Examples: password, encryption, memory bounds check,
2. Detection: detect when policy is violated
• Examples: motion sensor, tamper-evident seal, stored
fingerprint (“hash”) of executables, intrusion detection
on network, virus scanner,… Introduction 1-17
Introduction
Detection mechanism often comes with
recovery mechanism (remove intruder, remove
virus, load files from backup, …)
Detection may involve deterrence (adversary
risks being identified and being held
accountable for security breach) and so plays a
role in prevention
Introduction 1-18
Introduction Security mechanisms may involve:
Identification of principals (e.g. “user name”)
Authentication of principals (e.g. password)
Authorization: checking to see if principal is authorized
for requested action
Physical protection: locks, enclosures
Cryptography: math in service of security (hard
computational problems)
Deception: to get adversary to reveal himself or waste
his efforts (e.g. honeypot) Introduction 1-19
Introduction Who is adversary? (Know your enemy!)
May be insider/outsider, vendor, …
Examples:
• Vendor may install “backdoor” in system
• Eavesdropper may manipulate communications
What does adversary know?
Examples:
• System design and implementation details
• Passwords
• Facebook profiles of all personnel
Introduction 1-20
Introduction What resources does adversary have?
Examples:
• Large computers
• Ability to intercept and modify all communications
• Ability to corrupt some participants (e.g. legal
subscriber, voter, server…)
We typically make generous assumptions
about adversary’s abilities. Introduction 1-21
Introduction Vocab:
“vulnerability” = weakness that might be exploited by an adversary (e.g. poor password, buffer overflow possibility)
“threat” = potential violation of security policy (e.g. by exploiting a vulnerability)
“risk” = likelihood that threat will materialize
“risk management” = balancing one risk against another, or other factors, such as cost, ease-of-use, understandability, availability, …
No security mechanism is perfect – we build fences, not impenetrable walls (how high is a fence?) Introduction 1-22
IT Security Vocabulary
Back door – a means of accessing your computer that bypasses computer security mechanisms
Bot – short for robot, a computer on which intruders have installed software that lets them secretly control the system from a remote location on the Internet (Botnet)
Denial of Service (DoS) – an attack that successfully prevents or impairs the authorized functionality of networks, systems or applications by exhausting resources
Introduction 1-24
IT Security Vocabulary (cont’d)
Firmware – software that is embedded into hardware; it can be updated and accessed by the user
Firewall – a security system that uses hardware and/or software mechanisms to prevent unauthorized users from accessing an organization’s internal computer network
Malware – a contraction of “malicious software,” malware is a general term used to describe software that infiltrates or damages a computer
Introduction 1-25
IT Security Vocabulary (cont’d) Spyware – malware whose principal aim is to
surreptitiously collect information by “spying” on the user
Trojan – malware that appears to perform a benign or useful action but in fact performs a malicious action, such as transmitting a computer virus
Virus – self-replicating malware that attaches itself to a digital document or application, then spreads through copies of that document or application
Worm – self-replicating malware that can move from computer to computer on the network. Unlike a virus, it does not need to attach itself to an existing document or application
Introduction 1-26
Sample Network/Computer Attacks IP address and bandwidth stealing
Attacker’s goal: look like a random Internet user
Use the IP address of infected machine or phone for: • Spam (e.g., the Storm botnet)
• Denial of Service
Steal user credentials keylog for banking passwords, web passwords, gaming passwords
Spread to isolated systems Stuxtnet
Server-side attacks PHP-based tools installed on compromised web sites
Infects browsers that visit site
Insider attacks Hidden trap door in operating systems (e.g., Linux)
Allows attacker to take over a computer
Introduction 1-28