SECURITY IN COMPUTING FIETH EDITION Chapter 6: Networks 授课教师:高海波 可南中医药大学 信息管理与信息系统教研室 From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
SECURITY IN COMPUTING, FIFTH EDITION Chapter 6: Networks From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 1 授课教师:高海波 河南中医药大学 信息管理与信息系统教研室
2 Objectives for Chapter 6 Networking basics Network threats and vulnerabilities WiFi security Denial-of-service attacks Network encryption concepts and tools Types of firewalls and what they do Intrusion detection and prevention systems Security information and event management tools From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Objectives for Chapter 6 • Networking basics • Network threats and vulnerabilities • WiFi security • Denial-of-service attacks • Network encryption concepts and tools • Types of firewalls and what they do • Intrusion detection and prevention systems • Security information and event management tools 2 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
3 Network Transmission media Cable Optical fiber Microwave iFI Satellite communication From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Network Transmission Media • Cable •Optical fiber • Microwave •WiFi •Satellite communication 3 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Communication Media Vulnerability Sender Wiretap LAN Imposter WAN Rogue receiver sniffer, wiretap Satellite, microwave interception LAN wired interception Receiver From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Communication Media Vulnerability 4 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
5 Communication Media Pros/ cons Medium Strengths Weaknesses Widely used Susceptible to emanation Inexpensive to buy install Susceptible to physical maintain wiretapping Optical fiber Immune to emanation Potentially exposed at Difficult to wiretap connection points Microwave Strong signal, not seriously. Exposed to interception affected by weather along path of transmission Requires line of sight location Signal must be repeated approximately every 30 miles(50 kilometers) Wireless (radio, WiFi) Widely available Signal degrades over Built into many computers distance suitable for short range Signal interceptable in circular pattern around transmitter Satellite Strong fast signal Delay due to distance signal travels up and down Signal exposed over wid area at receiving end From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al.(ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Communication Media Pros/Cons 5 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
6 The osi model 7-Application 7-Application 6-Presentation 6-Presentation 5-Session 5-Session 4-Transport 4-Transport 3-Network 3-Network 2Data link 2Data Link 1-Physical 1-Physical From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
The OSI Model 6 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
7 Threats to network communications Interception, or unauthorized viewing Modification, or unauthorized change Fabrication, or unauthorized creation Interruption, or preventing authorized access From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Threats to Network Communications • Interception, or unauthorized viewing • Modification, or unauthorized change •Fabrication, or unauthorized creation • Interruption, or preventing authorized access 7 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
8 Security Perimeters Security perimeter 国田 From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Security Perimeters 8 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
9 What makes a network vulnerable to interception? Anonymity An attacker can attempt many attacks, anonymously, from thousands of miles away Many points of attack Large networks mean many points of potential entry Sharing Networked systems open up potential access to more users than do single computers System complexity One system is very complex and hard to protect; networks of many different systems, with disparate OSs, vulnerabilities, and purposes are that much more complex Unknown perimeter Networks, especially large ones, change all the time, so it can be hard to tell which systems belong and are behaving, and impossible to tell which systems bridge networks Unknown path There may be many paths, including untrustworthy ones, from one host to another From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
What Makes a Network Vulnerable to Interception? • Anonymity • An attacker can attempt many attacks, anonymously, from thousands of miles away • Many points of attack • Large networks mean many points of potential entry • Sharing • Networked systems open up potential access to more users than do single computers • System complexity • One system is very complex and hard to protect; networks of many different systems, with disparate OSs, vulnerabilities, and purposes are that much more complex • Unknown perimeter • Networks, especially large ones, change all the time, so it can be hard to tell which systems belong and are behaving, and impossible to tell which systems bridge networks • Unknown path • There may be many paths, including untrustworthy ones, from one host to another 9 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Unknown Perimeter Network c Network a Network B Network D Network E From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Unknown Perimeter 10 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved