Network Security

Network Security – XMind – Mind Mapping Software

Security Goals
1. 1
2. Major
  1. Confidentiality
    1. This is the assurance that messages or data exchanged between two people or hosts on a network remains secret and is not read by third parties
    2. Encryption
  2. Integrity
    1. This is the assurance that messages or data exchanged between two people or hosts on a network is not changed while it is being transmitted over the network
    2. Hash Function
    3. Message Authentication Codes (MAC)
  3. Availability
    1. This is the assurance that a host on a network is freely allowed to send and receive legitimate messages with other hosts on the network without interference.
    2. Firewall
    3. Backup Server
3. Minor
  1. Entity Authentication
    1. This is the general idea that a host on a network should be able to prove its identity.
    2. Passwords
    3. Nonces
  2. Message Origin Authentication
    1. This means that it can be established with certainty that a message came from a particular entity
    2. Digital Signature
  3. Non-Repudiation
    1. This means that a host or other entity on a network cannot deny having sent/received a message.
    2. Origin
    3. Destination
      1. Trusted Third Party
      2. Confirmation
  4. TImeliness
    1. This means that a conversation between 2 hosts on a network cannot be watched by a third party who can use the record of the conversation to masquerade as one of parties and replay the prior conversation. To put it another way, each session where 2 hosts on a network exchange a set of messages is unique and cannot be replicated later.
    2. Timestamps
  5. Access Control
    1. This is ability to restrict access to certain computing resources.
    2. Firewall
    3. Access Control List
    4. Unix File Permission
  6. Authorisation
    1. This refers to the legitimate granting of access to computing resources to a human being or a host on a network.
    2. Passwords
Encryption
1. 2,3,4
2. Inputs
  1. Plaintext
  2. Encryption Key
  3. Encryption Algorithm
3. Cryptology
  1. Cryptanalysis
  2. Cryptography
4. Algorithms Made Public
  1. By being made public they will be open to scrutiny from a very wide adudience. It is much more likely that any weaknesses will be discovered
  2. Making them publicly available means that they can be incorporated into networking protocols and other standards. This way their usefulness is maximised.
5. Terms
  1. Ciphertext
    1. Attack
      1. Brute Force Attack
      2. Given Enough TIme, can always break an encryption
      3. Exploit a weakness of algorithm
  2. Symmetric Encryption
    1. Overview
      1. Security depends on the secrecy of the key
      2. the strength of encryption algorithm
      3. Algorithms made public
    2. Security Services
      1. Confidentiality
      2. Integrity
    3. Feistel Cipher Structure
      1. Block Size
      2. Key Size
      3. Number of Rounds
      4. Subkey Generation Algorithm
      5. Speed of Execution
    4. DES
      1. Feistel Product Cipher
    5. 3DES
      1. This is achieved by making the middle step of 3DES a DES decryption.
    6. AES
      1. Rijndeal
      2. Advanced Encryption Standard
      3. Steps
      4. Byte Substitution
      5. Shift Rows
      6. Mix Columns
      7. Add Round Key
    7. Cipher Block Modes
      1. ECB
      2. Electronic Code Book
      3. CBC
      4. Cipher Block Chain
      5. Initialisation Vector
      6. OFB
      7. CFB
      8. CTR
    8. Issues
      1. Key Management
      2. Key Distribution Center
      3. Kerberos
      4. Authentication Protocol
      5. Application Layer
      6. Requirements
      7. Secure
      8. Reliable
      9. Transparent
      10. Scalable
      11. Security Services
      12. Entity Authentication
      13. Authorisation
      14. Access Control
      15. Steps
      16. Shortcoming
      17. Server
      18. Authentication Server
      19. Ticket Granting Server
      20. Secure Key Exchange Protocol
      21. Diffie-Hellman
      22. Key Exchange Protocol
      23. Needham-Schroeder
      24. Key Generation
      25. The bit sequence in the key should be random
      26. TRNG
      27. True
      28. Physical
      29. PRNG
      30. Pseudo
  3. Asymmetric Encryption
    1. Public Key Encryption
    2. Security Services
      1. Confidentiality
      2. Message Authentication
      3. Entity Authentication
    3. Applications
      1. Encryption/Decryption
      2. Digital Signature
      3. Applications
      4. Time stamp, Nonce
      5. Digital Certificate
      6. Security Services
      7. Message Origin Authentication
      8. Integrity
      9. Hash Functions
      10. Unkeyed
      11. Keyed
      12. MAC
      13. Message Authenticator Code
      14. Operation
      15. Hashed MAC
      16. Hash Collision
      17. Birthday Attack
      18. Hash Standards
      19. SHA-1, SHA-2, SHA-3
      20. MD5
      21. Message Origin Authentication
      22. Non Repudiation (Origin)
      23. Trusted Third Party
      24. Key Exchange
    4. RSA
    5. Diffie Hellman
      1. Key Exchange Protocol
      2. No Built In Authentication
      3. man in the middle attack
      4. Trust Third Party
      5. X.509 Certificate
      6. Third Party Certificate
      7. Applications
      8. S/MIME
      9. Secure Multipurpose Internet Email
      10. IP Security
      11. SSL/TLS
      12. Secure Socket Layer / Transport Layer Security
      13. SET
      14. Secure Electronic Transaction
  4. Comparison
  5. Historical
    1. Caesar CIpher
      1. Frequency Analysis Attack
      2. Brute Force Attack
    2. Vigenere Cipher
6. PKI
  1. Public Key Infrastructure
  2. X.509 Authentication
    1. Digital Signature
      1. Certificate uses the Digital Signature of the CA to authenticate the certificate
      2. Hashes
      3. Public Key Encryption
      4. Security Services
      5. Message Origin Authentication
      6. Integrity
      7. Non-Repudiation
    2. Digital Certificate
      1. Used for
      2. digital signature
      3. message encryption
      4. Characteristics
      5. Any B with access to CA’s public key can recover A’s public key that was certified.
      6. No party other than the CA can modify the certificate without this being detected.
      7. Revocation
      8. Validate Period
      9. can be renewed
      10. CA provides a list of revoked certificates
      11. Reason?
    3. Comparison
      1. Kerberos
      2. inside a large network
      3. X.509
      4. ideal for authentication and key exchange over the entire Internet
    4. Public Key Certificate
    5. Certificate Authorities
      1. Subtopic 1
  3. IETF
    1. Internet Engineering Task Force
  4. PKIX
    1. PKI system involving an X.509 Certificate
    2. System
      1. Certificate Authority
      2. A Certification Authority is charged with issuing Digital Certificates and Certificate Revocations Lists.
      3. End User and Entities
      4. Certificate Registry or Repository
    3. DIgital Documents
      1. Certificates
      2. Certificate Revocation Lists
7. Effective Encryption
8. Encryption Algorithms
  1. Operation
    1. Substitution
    2. Transposition
  2. Keys
    1. Symmetric (SIngle Key)
    2. Asymmetric (Public Key and Private Key)
  3. Way the plaintext processed
    1. Block
    2. Stream
  4. Product Cipher
    1. Substitution
    2. Transposition
    3. Swap
    4. Bit Inversion
    5. Circular Shift
    6. XOR
    7. Types
      1. Feistel Product Cipher
      2. Invertible and non invertible operation
      3. Non-Feistel Product Cipher
      4. only invertible operation
9. Confusion and Diffusion
  1. Confusion
    1. Encryption Key
  2. Diffusion
    1. Plaintext
10. Attack Types
  1. Ciphertext Only
  2. Plaintext
  3. Chosen plaintext
  4. Chose ciphertext
  5. chosen text
11. Attack Methods
  1. Brute Force
  2. Exploit weakness in the encryption algorithm
Authentication
1. 4
Access Restriction
1. 6,11
Secure Networking & Protocols
1. 5,7,8,9,10,12
2. Firewall
  1. Security Services
    1. Access Control
  2. Controls
    1. Service
    2. Direction
    3. User
    4. Behavior
  3. Capabilities
    1. Essential
      1. A single choke point for management of a network’s connection to the internet.
      2. A location for monitoring and logging security related events
    2. Other
      1. Network Address Translation (NAT)
      2. IPSec tunnel mode station (the other is transport mode)
  4. Limitations
    1. cannot protect against attacks bypass the firewall
    2. cannot protect against internal attacks
    3. cannot protect against the transfer of viruses
  5. Types
    1. Packet Filtering Firewall
      1. pro
      2. Simplicity
      3. Transparency To Users
      4. High Speed
      5. con
      6. Difficult of setting up packet filtering rules
      7. Lack of Authentication
      8. attacks
      9. IP Address Spoofing
      10. Fragmentation attacks
      11. Configuration
      12. Exclusive
      13. Inclusive
      14. Datalink, Network, Transport
    2. Circuit Level Firewall
      1. pro
      2. con
      3. SOCKS
      4. Session
    3. Apllication Level FIrewall
      1. pro
      2. Higher security than packet filters
      3. Only need to scrutinize a few allowable applications
      4. Easy to log and audit all incoming traffic
      5. caching web pages
      6. con
      7. additional processing overhead on each connection
      8. act as a replay of application-level traffic
      9. SQUID
      10. Application
  6. Bastion Host
    1. critical strong point in the network’s security
    2. serves as a platform for an application‐level or circuit‐level gateway
    3. Single Purpose Device
    4. Topology
      1. Packet Filtering Firewall Simple Topology
      2. SIngle Homed Bastion
      3. Dual Homed Bastion
      4. DMZ
  7. Malicious
    1. attach itself to other programme and copy itself
    2. Bacteria
      1. A malware program that deliberately replicates itself to consume large amounts of system resources
    3. Worm
      1. A worm propagates itself like a virus, but requires a network to be transmitted
    4. Trojan Horse
      1. masquerades as a useful legitimate program but which is actually designed for some other malevolent purpose
    5. Logic Bomb
      1. Similar to a Trojan horse but usually involve a legitimate program that has been deliberately modified by someone with access to the source code
    6. Trap Door
      1. A secret entry point into a program that allows access to resources controlled by the program
    7. Easter Egg
      1. A piece of code put in by the programmers writing a particular application that does something harmless
  8. Virus Type
    1. Parasitic
    2. Memory-Resident
    3. Boot Sector
    4. Stealth
    5. Polymorphic
      1. Subtopic 1
3. Email
  1. PGP
    1. Pretty Good Privacy
    2. Key Rings
      1. Own Public/Private Keys
      2. Other user’s Public Key
    3. How PGP works?
    4. Secure Services
      1. Confidentiality
      2. encryption
      3. Integrity
      4. digital signature
      5. Message Origin Authentication
      6. digital signature
      7. Timeliness
      8. one time keys
    5. Email Services
      1. Compression
      2. pkzip
      3. Base 64/ Radix 64 Encoding
      4. Segmentation
    6. Techniques
      1. symmetric encryption
      2. public key encryption
      3. digital signatures
      4. genuine random numbers
    7. Keys and Key Rings
      1. One time session key used for symmetric encryption
      2. Public Key of Users
      3. Private key of Users
      4. Passphase based symmetric keys
    8. Key Distribution Mehtod
      1. Physical Deliver
      2. Mutual trusted friend
      3. Certifying Authority(CA) to verify the public key
    9. Certificates
      1. X.509
    10. Introducers
      1. a person sending a PGP certificate
    11. Trust Levels
      1. Full
      2. Partial
      3. None
  2. S/MIME
    1. Secure Multipurpose Internet Mail Extension
    2. Algorithms
      1. Message Digesting
      2. SHA-1
      3. MD5
      4. Digital Signatures
      5. DSS
      6. Secret Key Encryption
      7. Triple DES
      8. RC2/40
      9. Public-Private Key Encryption
      10. RSA
      11. Diffie Hellman
4. Web
  1. Common Security Concerns
    1. Confidentiality of Communication
    2. Integrity of Communication
    3. Message Origin Authentication
    4. Non Repudiation Origin and Destination
    5. TImeliness
  2. User/Client Specific Concerns
  3. Webmaster Specific Concerns
  4. SSL/TLS
    1. Security Services
      1. Confidentiality
      2. Encryption
      3. Integrity
      4. HMAC
      5. Entity Authentication
      6. X.509 Certificate
      7. Message Origin Authentication
      8. Non-Repudiation (Server) (Origin)
      9. Timeliness
      10. Sequence Numbers,
    2. SSL
      1. Netscape
    3. TLS
      1. IETF
    4. Can receive data from any application layer program and pass it down to the transport layer.
    5. Communication Phases
      1. Establishment of the parameters for secure communication
      2. Handshake Protocol
      3. the secure exchange itself
      4. Record Protocol
    6. Protocols
      1. Handshake
      2. Cipherchange
      3. Alert
      4. SSL Record
    7. How Works?
  5. IPSec
    1. IPSec is the most widely used layer 3 (network layer) protocol for VPN implementation
    2. Security Services
      1. Confidentiality
      2. Integrity
      3. Data Origin Authentication
      4. TImeliness
      5. Traffic Flow Confidentiality
      6. Access Control
    3. Modes
      1. Transport
      2. Tunnel
    4. Layer
      1. Network
    5. Protocols
      1. Authentication Header (AH) Protocol (Provides Authentication Services)
      2. Encapsulating Security Protocol (ESP Protocol) (Provides Authentication and Encryption
    6. Algorithms
      1. Encryption
      2. 3DES
      3. RC5
      4. Rivest Cipher 5
      5. IDEA
      6. Three Key Triple IDEA
      7. CAST
      8. Blowfish
      9. Authentication
      10. HMAC-MD5-96
      11. HMAC-SHA-1-96
    7. Default automated Key Management Protocol
      1. Oakley Key Determination Protocol
      2. Internet Security and Key Management Protocol (ISAKMP )
    8. Benefits
      1. Transparent to application
      2. provide security to users
      3. Can provide security for all programs in and above layer 3
  6. VPN
    1. Virtual Private Network
    2. Essential Features
      1. Tunnelling
      2. Encapsulate
      3. Security
      4. Confidentiality
      5. Integrity
      6. Message Origin Authentication
    3. SSL / SSH
      1. Transport Layers
    4. Set Up Keys
      1. Manual Setup in a configuration file
      2. Key Exchange using the Oakley Key Exchange Protocol
5. Intrusion
  1. Password
    1. One-way encryption
    2. Access Control
    3. Protection
      1. The purpose of salt
      2. Duplicate password don’t look the same in the password file
      3. Effective password length is increased by 2 characters
      4. Prevents hardware implementations of DES which could crack the password by a brute force attack
6. Wireless
  1. Benefits
    1. Flexibility
    2. Reduce cost in some case
    3. Facilitate WiFi only device
  2. Disadvantages
    1. Security
    2. Possible Heath Effects
  3. CSMA/CD
    1. Carrier Sense Multiple Access With Collision Detection
  4. Wireless LAN Standards
    1. IEEE 802.11
      1. a,b,g,n,i
  5. Ethernet
    1. IEEE 802.3
  6. Organizations
    1. ITU-R
    2. IEEE
    3. Wi-FI Alliance
  7. Configurable Wireless Parameters
    1. 802.11x protocols
    2. Network Type
      1. Ad Hoc
      2. 1 Access Point
      3. BSS
      4. Basic Service Set
      5. Multiple Access Points
      6. ESS
      7. Extended Service Set
    3. Authentication
      1. Open
      2. Shared
      3. WEP
      4. Wired Equivalent Privacy
      5. Problems
      6. Master keys are used directly
      7. Key Management and updating is poorly provided
      8. Message integrity checking is ineffective
      9. WPA
      10. WiFi Protected Access
      11. PSK(Pre-sharedKey)
      12. WPA2
      13. SSID
      14. Shared Service Set Identifier
  8. Types of Attacks
    1. Rogue Access Points
    2. Man in the Middle Attacks.
    3. Denial Of Service
  9. Association
    1. Beacons
    2. Probes
    3. Authentication
    4. Stages of Process
      1. Probing
      2. Authentication
      3. Association

Recent Posts