Intro to Network Security
Topic 1: Introduction To Network Security
1.1 About The Module
Copyright By PowCoder代写 加微信 powcoder
1.2 Computer Networking Basics
1.3 Bluffer’s Guide To Packet Analysis 1.4 Fundamentals of Network Security
Intro to Network Security 1.1 About The Module
Learning Outcomes
CSC3064 Network Security
• Know and understand the administration of network security, and the process of incident management.
• Know and understand the technologies involved in the design and deployment of secure networks.
• Be able to demonstrate the use of network security functions.
• Be able to demonstrate the use of network security analysis tools.
1. Introduction to Network Security
2. Security of Internet Protocols
3. Firewalls
4. Intrusion Detection Systems
5. InterconnectingNetworks
6. Denial of Service
7. NetworkConfiguration
8. Security Lifecycle
Assessment
Module assessment is 100% coursework, with two parts:
Practical Exercise (40%)
• Video submission, lasting around 5 minutes (deadline Week 9).
• Demonstrateuseofsecuritytoolsfornetworkanalysisandnetworkprotectiontasks.
• Covers topics 1-4 and practice lab exercises.
Case Study Report (60%)
• Written report, around 1500-2000 words (deadline Week 13).
• Analysis of a scenario about securing a company’s network.
• Propose how the company should improve their network security.
• Covers all topics.
Overall module pass mark is 40%
Weekly Schedule
• Thursday 14:00 – 15:00
• Friday 14:00 – 16:00
• Short link to join on Teams: go.qub.ac.uk/csc3064
Lab Support Sessions
• Wednesday 11:00 – 13:00
• 26 January, 2 February, 9 February and 23 February.
• Handouts are provided on Canvas that guide you through 3 practice labs.
• You can do the labs any time, so you do not need to attend unless you need support. • However, support is only available during the timetabled slots!
Module Calendar
Week Starting Topic (Approximate timeline…) Practice Lab Release Coursework
Jan 10 (W1) Introduction to Network Security
Jan 17 (W2)
Jan 24 (W3)
Jan 31 (W4)
Feb 7 (W5)
Feb 14 (W6)
Feb 21 (W7)
Feb 28 (W8)
Mar 7 (W9)
Mar 14 (W10)
Mar 21 (W11)
Apr 4 (W13)
Security of Internet Protocols
Intrusion Detection Systems
Intrusion Detection Systems
– Reading Week –
Interconnecting Networks
Interconnecting Networks
Denial of Service
Network Configuration
Security Lifecycle
Network Analysis
Intrusion Detection
Practical Exercise Released
Case-Study Released
Practical Exercise Deadline
Case-Study Deadline
Course Delivery
All material will be provided on Canvas:
• Canvas should be your port of call for all material.
• Videos, slide sets, quizzes, coursework, labs, submissions, etc.
• These will all be on Canvas, or links provided on Canvas.
Announcements:
• All updates about the module, e.g. deadlines, important new info, will be posted via Canvas Announcements on the module page.
During lectures
• If you have a question please ask during the lecture
• Thishelpseveryonelearn
• Ask in Teams chat / Put your hand up in lecture room
• We can discuss the practice labs
Practice labs
• 1-to-1 support if you need help with the practice labs, Wednesdays from week 3
Coursework
• Writtenfeedbackprovidedforbothassessments
Code Of Conduct
Do Not Pen-test The QUB Network Or Any Other Public Network
• Studying network security means it is necessary to learn about offensive actions and attack techniques. You must use this knowledge responsibly. Such experiments must be confined to the virtual machines provided.
• The University has policies relating to information security and acceptable use of computer systems. Breaches are investigated in accordance with the University’s disciplinary procedures. You should make yourself aware of these policies:
https://www.qub.ac.uk/directorates/InformationServices/Services/Security/Gen-Policies/
Reading Material
Bibliography
Various diagrams and definitions throughout the slides are used from these books:
• Schaefer & Rossberg, Security In Fixed And Wireless Networks. Wiley, 2016.
• Kurose & Ross, Computer Networking : A Top-down Approach, 2017
• , Introduction to Network Security, CRC Press, 2008
• , Cryptography and Network Security: Principles and Practice,
Limited, 2017.
Links to other information sources provided throughout the topics.
None of these are essential, but reading around the topic is highly recommended. Learning how to find good information is more important than memorising.
Recommendation
All vital info is contained in the slides, and yes there will be videos… but… take written notes during Teams lectures
• Even if you never look at them again
Noting key points helps keep your attention Don’t write everything
• Just writing key points on paper helps the learning process*
* https://www.coursehero.com/college-life/infographic-write-it-down/
Intro to Network Security 1.2 Computer Networking Basics
Internet Infrastructure
Communication between Hosts A and B enabled by connections that support data exchanges.
• IP protocols (IP, TCP, UDP, etc.) support these connections.
• These are our main focus.
We also need to consider:
• DNS and ARP to resolve domains and addresses.
• OSPF and BGP, supporting intradomain routing and interdomain routing.
Basic IP Protocol Suite
IP (Internet Protocol): unreliable, connectionless network protocol.
TCP (Transmission Control Protocol): reliable, connection-oriented transport protocol (used on top of IP).
UDP (User Datagram Protocol): unreliable, connectionless transport protocol (used on top of IP).
Application protocols: these sit on top of TCP or UDP, e.g. HTTP (Hypertext Transfer Protocol), SMTP (Simple Mail Transfer Protocol), etc.
Application Protocol
TCP or UDP
Application Protocol
TCP or UDP
Application Protocol
TCP or UDP
Protocol Encapsulation
IPv4 Header
Image: https://nmap.org/book/tcpip-ref.html
IP Supports Routing From Source To Destination
“Routes” usually require several “hops” (each hop has an IP address). IP is “unreliable” (does not guarantee delivery).
IP host knows location of IP gateway router. IP gateway must know route to other networks.
Fragmentation and reassembly
If IP max-packet-size less than the user- data-size.
Decremented after every hop.
Packet dropped if TTL=0 to prevent infinite loops.
Error reporting
ICMP packet to source if packet is dropped (e.g. time exceeded/destination unreachable)
Office gateway
132.14.11.1
121.42.33.12
Destination
132.14.11.51
121.42.33.12
121.42.33.1
132.14.11.51
TCP Header
TCP is connection-oriented
Preserves order.
Break data into packets. Attach packet numbers.
Acknowledges receipt.
Lost packets are resent.
Reassembles packets in correct order.
Image: https://nmap.org/book/tcpip-ref.html
Handshakes Establish Connections
Image: Kurose & Ross, Computer Networking : A Top-down Approach, 2017
TCP Three-Way Handshake
SYN – SYN/ACK – ACK
• Well known exchange of three packets.
• Establishes a TCP connection.
• Data can be transferred after handshake completes.
• SYN and ACK are two of the TCP header flags.
Sequence Numbers
• Allows packet order to be tracked.
• Received packets with SN too far outside the window
are dropped.
• Helps protect against communication session hijacking.
Acknowledgement numbers
• In response packets increase by the number of bytes received so far.
UDP Header
UDP is connectionless
• Does not preserve order between packets. • Much simpler than TCP.
• Is “unreliable”.
• Break data into packets.
• Typically used for streaming.
• If packets are lost, the application layer will have to deal with it.
• If packets are out of order, the application layer will have to deal with it.
Image: https://nmap.org/book/tcpip-ref.html
Further Reading On Fundamentals
Fall & Stevens. TCP/IP illustrated, volume 1: The protocols. Addison-Wesley, 2011.
http://www.tcpipguide.com/
TCP Handshake and Acknowledgment Numbers:
https://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/
Networking 101: The Basics of Protocols:
Network Devices Explained: Hub, Bridge, Router, Switch
Now try the following quiz in Canvas:
‘Networking Basics’
Intro to Network Security
1.3 Bluffer’s Guide To Packet Analysis
Bluffer’s Guide
• We introduce the basic concepts of capturing packets from the network interface of a computer.
• Explore the underlying networking protocols such as TCP, IP, etc.
• Look at examples of information and artefacts that can (sometimes) be extracted directly from the network.
• See some of the security mechanisms that secure data transmitted across the network.
• Look at packet captures showing network scanning and simple attacks, such as denial of service.
The aim is to provide a snapshot of the topic – not to learn it all at once!
• Tool widely used for capturing and analysing network packets.
• Can help analysts diagnose simple networking problems, or forensically examine complex network flows after a cyber incident.
Let’s Start With The Basics
Now Let’s Get Complicated
Now Let’s Get Complicated
Simple Local Area Network (LAN)
Local Area Network (LAN)
Local Area Network (LAN)
Local Area Network (LAN)
Local Area Network (LAN)
Network packets are visible here
(Alice’s) Network packets are visible here
packets are visible here
Network packets are visible here
packets are visible here
Network packets are visible here
A Simplified View of the OSI Model
The approach computers and networks use to put cat photos into ‘packets’ and send them across the planet
A Simplified View of the OSI Model
Layer 4: TCP, UDP network protocols→ Layer 3: IP protocol… Routers handle this→ Layer 2: Ethernet… Switches handle this→
Witchcraft. Nobody understands this layer.→ (But it definitely did not cause Covid-19)
Applications sending images of cats
What Happens When You Connect To A Website?
Let’s open Wireshark and capture the network packets that are produced when we visit the website:
http://www.paulgraham.com
There is nothing special about this site, but later we’ll see one feature of it that is worth noting…
TCP Three-Way Handshake
Port 443 vs 80
“http” (tcp port 80) website packets do not use encryption.
The packet data can be read at any point in the network that the packets pass through.
http://www.paulgraham.com
“https” (tcp port 443) uses TLS to encrypted the data.
Only the end computer with the decryption key can read it.
Denial of Service (DOS)
Simple DOS example generated in the lab.
These packets were captured at the target computer, i.e. what victim of DOS might see.
Finally, some scanning
Packets captured from a computer that used the “nmap” tool to perform a basic scan of the local network (LAN)
Bluffer’s Guide Complete!
• You are not expected to be able to do all that right now.
• You will be expected to do something similar for the practical coursework exercise.
• Practice labs will help build up knowledge.
• Some of the subjects touched on, such as DOS, are covered in detail later.
Intro to Network Security
1.4 Fundamentals of Network Security 1.4.1 Context & Motivation
Global Context: Network Interconnectivity
Source: https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.pdf
Global Context: Cyber Security
Endless cyber security issues reported daily, e.g.→ https://www.theregister.com/security/
Meanwhile, in the 1970s…
Networking is underpinned by some really old protocols, designed for a system where all users were trusted.
Many security problems were baked into those original protocol concepts, and remain a challenge for security today.
https://spectrum.ieee.org/tech-history/cyberspace/todays-internet-still-relies-on-an-arpanetera-protocol-the-request-for-comments
Intro to Network Security
1.4 Fundamentals of Network Security 1.4.2 Security Concepts & Models
Threats & Attacks
One definition of a threat is:
Any circumstance or event with the potential to adversely impact an asset through unauthorized access, destruction, disclosure, modification of data, and/or denial of service.
• An attack is an action taken to realise a threat (by exploiting a vulnerability).
• An entity that realises a threat is known as a threat agent, threat actor, or attacker.
‘Security objectives’ can be defined:
• In a general sense,
• Or be highly specific and designed for a particular network environment.
A threat in a communication network is any possible event, or sequence of actions, that might lead to a violation of one or more network security objectives.
A precise definition of ‘threat’ is hard to pin down: https://en.wikipedia.org/wiki/Threat_%28computer%29
General Security Objectives
CIA Objectives:
• Confidentiality
• Data is not disclosed to system entities unless they have been authorised to know the data.
• Integrity
• Data integrity: data has not been changed, destroyed, or lost in an unauthorised or accidental manner.
• System integrity: a system can perform its intended function in a unimpaired manner, free from deliberate or inadvertent unauthorised manipulation.
• Availability
• A system or resource is accessible, usable, or operational upon demand, by an authorised system entity, according to performance specifications for the system.
The CIA Triad
Definitions from RFC4949: https://tools.ietf.org/html/rfc4949
General Security Objectives
Simple examples of security violations:
• Confidentiality
• You fill in a basic html form in a website to post information. Someone in the network can observe your packets and read the content.
• Integrity
• As above, but the observer is able to rewrite the packet content, and changes the information you sent.
• Availability
• As above, but rather than simply observing, the attacker is able to cause your packets to be dropped.
The CIA Triad
Extensions to CIA
Sometimes, as in the Stallings book, extensions are added to CIA, such as Accountability and Authenticity:
• Accountability requires actions of an entity to be traced uniquely to that entity. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.
• Authenticity means verifying that users are who they say they are and that each input arriving at the system came from a trusted source.
However, like the final seasons of House of Cards, they are unnecessary and over-complicate matters:
• Accountability is mostly linked to the idea of ‘non-repudiation’, or being unable to deny an action. Arguably this is part of ensuring integrity.
• Authenticity is arguably a means of assuring integrity and confidentiality. While ‘authentication’ helps manage availability.
, Cryptography and Network Security: Principles and Practice, Limited, 2017.
Practical Use Of CIA
The Common Vulnerabilities and Exposures (CVE) database
• A public record of known information-security vulnerabilities
• Severity of a vulnerability is measured with a maximum score of 10.
• The extent to which confidentiality, integrity and availability are compromised are used to calculate the score.
Above: https://nvd.nist.gov/vuln/detail/CVE-2020-3571
Right: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2020-3571
ITU X.800 Security Architecture
In 1991 the ITU published “Recommendation X.800”:
• X.800 defined security services and mechanisms for the OSI reference model
• Security Service: “A service, provided by a layer of communicating open systems, which ensures adequate
security of the systems or of data transfers.”
• Specific security mechanisms, “may be incorporated into the appropriate (N)-layer in order to provide some of the services described”.
The ‘security services’ concept is widely known and taught:
• The X.800 descriptions are quite abstract. They describe general approaches, rather than how to implement them.
• Is it widely taught only because it appears in Stallings’ well-known book?
• It may help analyse a problem if you are required to design a security approach from scratch.
• Most of you will not have to do this, and will instead be required to follow good practice for standard security solutions.
Be aware that recommendations such as X.800 provide foundational security theory.
ITU X.800: https://www.itu.int/rec/T-REC-X.800-199103-I/en
Stallings’ X.800 Summary
X.800 Security Services
, Cryptography and Network Security: Principles and Practice, Limited, 2017.
X.800 Mechanisms
Now try the following quiz in Canvas:
‘Network Security Concepts’
Intro to Network Security
1.4 Fundamentals of Network Security 1.4.3 Security Principles
Quick Summary
Our basic aim is to maintain C, I and A for services using a network.
• The infrastructure we aim to secure:
End- system
End- system
Application Layer Transport Layer
Network Layer Data Link Layer Physical Layer
Network Layer Data Link Layer Physical Layer
For “network security” our main focus is here
What Is “Security”?
A system condition:
• That results from the establishment and maintenance of measures to protect the system
• In which system resources are free from unauthorised access and from unauthorised or accidental
change, destruction, or loss.
Measures taken to protect a system:
Recovery: restoring a normal state of system operation by eliminating a security violation, after detection, or repairing its effects.
Correction: making changes to eliminate possible reoccurrence of previous violations (e.g. eliminate a vulnerability). This reduces risk.
Reaction can also take account of new threat intelligence.
Prevention
Impeding or thwarting a potential security violation by deploying a countermeasure.
By definition, preventive measures are taken before an attack can take place.
E.g. firewall techniques, packet filtering, service proxying, access control.
Determining that a security violation is impending, is in progress, or has recently occurred, and thus make it possible to reduce the potential loss.
Detection measures take place in real-time to recognise an attack while it occurs, or afterwards.
E.g. traffic monitoring and analysis, recording and analysis of logs.
Security definition from RFC4949: https://tools.ietf.org/html/rfc4949
Security violations, or the threat of a security violation, is typically assessed in terms of risk. For example, the Common Vulnerability Scoring System rates each vulnerability for how
it threatens the conditions of C-I-A, e.g.
• Confidentiality [None]: There is no loss of confidentiality within the impacted component.
• Integrity [Low]: Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com