Tài liệu miễn phí An ninh - Bảo mật
Download Tài liệu học tập miễn phí An ninh - Bảo mật
A WLAN is a shared network.
An access point is a shared device and functions like a shared Ethernet hub.
Data is transmitted over radio waves.
Two-way radio communications (half-duplex) are used.
The same radio frequency is used for sending and receiving (transceiver).
8/30/2018 2:18:37 AM +00:00
Up to this point we have seen:
Classical Crypto
Symmetric Crypto
Asymmetric Crypto
These systems have focused on issues of confidentiality: Ensuring that an adversary cannot infer the original plaintext message, or cannot learn any information about the original plaintext from the ciphertext.
In today’s lecture we will put a more formal framework around the notion of what information is, and use this to provide a definition of security from an information-theoretic point of view.
8/30/2018 2:18:37 AM +00:00
Wireless technology has enormous potential to change the way people and things communicate. Future wireless networks will allow people on the move to communicate with anyone, anywhere, and at any time using a range of high-performance multimedia services. Wireless video will support applications such as enhanced social networking, distance learning and remote medicine. Wireless sensor networks can also enable a new class of intelligent home electronics, smart and energy-efficient buildings and highways, and in-body networks for analysis and treatment of medical conditions....
8/30/2018 2:18:37 AM +00:00
Mô hình Client - Server.
7 tầng OSI và họ giao thức TCP/IP.
TCP và UDP
Lập trình TCP, UDP Socket với .NET framework
Lập trình TCP, UDP nâng cao với .NET framework
TCPClient
UDPClient
8/30/2018 2:18:37 AM +00:00
Lots of users and privileges scattered over many platforms and applications.
Who are the valid users?
What are they entitled to access?How do you keep access rights up-to-date?
How do you specify and enforce policy?
8/30/2018 2:18:37 AM +00:00
The Web has become the visible interface of the Internet
Many corporations now use the Web for advertising, marketing and sales
Web servers might be easy to use but…
Complicated to configure correctly and difficult to build without security flaws
They can serve as a security hole by which an adversary might be able to access other data and computer systems
8/30/2018 2:18:37 AM +00:00
For distributed systems and networks, we often should assume that there are adversaries
Everywhere in the network
Adversary may: eavesdrop, manipulate, inject, alter, duplicate, reroute, etc…
Adversary may control a large number of network nodes that are geographically separated
Dolev-Yao Threat Model:
A very powerful adversarial model that is widely accepted as the standard by which cryptographic protocols should be evaluated
Eve, the adversary, can:
Obtain any message passing through the network
Act as a legitimate user of the network (i.e. can initiate a conversation with any other user)
Can become the receiver to any sender
Can send messages to any entity by impersonating any other entity
...
8/30/2018 2:18:37 AM +00:00
Tham khảo bài thuyết trình 'security protocols: they’re so not easy!', công nghệ thông tin, an ninh - bảo mật phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả
8/30/2018 2:18:37 AM +00:00
WPA:
A rush solution to the security problems of WEP
WPA2:
Based on 802.11i (official version)
Encrypt and authenticate MSDUs: counter mode-CBC MAC protocol with AES-128
Authenticate STAs: 802.1X
Initialization vectors transmitted in plaintext are no longer needed to generate per-frame keys
But most of the existing Wi-Fi WPA cards cannot be upgraded to support 802.11i
8/30/2018 2:18:36 AM +00:00
A computer virus is a piece of code hiding in a program that can automatically copy itself or embed a mutation of itself in other programs
Cannot spread on their own
Often require a host program to live in
Infected program: a host program with virus
Uninfected program (healthy program): a program cleared of all viruses
Disinfected program: a program once infected but now cleared of viruses
Specific to
particular types of file systems, file formats, and operating systems
Particular types of architecture, CPU, languages, macros, scripts, debuggers, and every other form of programming or system environment
...
8/30/2018 2:18:36 AM +00:00
Forge a connection to a host running chargen and have it send useless chargen data to the echo server on another
makes the 2 services so busy that the host may crash or be too busy to respond to normal traffic
Defense: configure only services that are absolutely necessary (chargen and echo have no business running on a production server)
8/30/2018 2:18:36 AM +00:00
will consider authentication functions
developed to support application-level authentication & digital signatures
will consider Kerberos – a private-key authentication service
then X.509 directory authentication service
8/30/2018 2:18:36 AM +00:00
One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie computers taking instructions from a central point
Early net were controlled via proprietary software written by the network owner
Today they are mostly controlled by an IRC channel
This makes it easier to control the network and easier for the owner to hide
8/30/2018 2:18:36 AM +00:00
Memory
global static
heap
malloc( ) , new
Stack
non-static local variabled
value parameters
Buffer is a contiguously allocated chunk of memory
Anytime we put more data into a data structure than it was designed for.
8/30/2018 2:18:36 AM +00:00
This Code, consisting of 24 imperatives formulated as statements of personal responsibility, identifies the elements of such a commitment. It contains many, but not all, issues professionals are likely to face.
Section 1 outlines fundamental ethical considerations
Section 2 addresses additional, more specific considerations of professional conduct.
Section 3 pertain more specifically to individuals who have a leadership role, whether in the workplace or in a volunteer capacity such as with organizations like ACM.
Section 4 addresses principles involving compliance with this Code
...
8/30/2018 2:18:36 AM +00:00
Sits between two networks
Used to protect one from the other
Places a bottleneck between the networks
All communications must pass through the bottleneck – this gives us a single point of control.Packet Filtering
Rejects TCP/IP packets from unauthorized hosts and/or connection attempts bt unauthorized hosts
Network Address Translation (NAT)
Translates the addresses of internal hosts so as to hide them from the outside world
Also known as IP masquerading
Proxy Services
Makes high level application level connections to external hosts on behalf of internal hosts to completely break the network connection between internal and external hosts
...
8/30/2018 2:18:36 AM +00:00
Also called a Proxy Firewall
Acts as a relay for application level traffic
Typical applications:
Telnet
FTP
SMTP
HTTP
More secure than packet filters
Bad packets won't get through the gateway
Only has to deal with application level packets
Simplifies rules needed in packet filter
8/30/2018 2:18:36 AM +00:00
Hacking - showing computer expertise
Cracking - breaching security on software or systems
Phreaking - cracking telecom networks
Spoofing - faking the originating IP address in a datagram
Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore
Port Scanning - searching for vulnerabilities
8/30/2018 2:18:36 AM +00:00
Used to communicate IP status and error messages between hosts and routers
Uses IP to route its messages between hosts
Must be implemented with IP
remember, IP is just a packet delivery system
transmits and routes datagrams from sources to destinations through a series of interconnected networks
it has a checksum in the IP header to detect lost bits
no error detection on the datagram payload though
but has no native mechanism for source host notification
This is where ICMP comes in
its used to report IP errors to the source host
ICMP data is carried as the payload of an IP datagram
specifies additional message formats within this area ...
8/30/2018 2:18:36 AM +00:00
IP Address Scans
scan the range of addresses looking for hosts (ping scan)
Port Scans
scan promising ports for openness (80, 21, …)
Service Evaluation
determine the OS
Target Selection
pick the most vulnerable host, most running services...
Vulnerability Probes
Automated password attacks
FTP, HTTP, NetBIOS, VNC PCAnywhere….
Application specific attacks
try known vulnerabilities on present services
8/30/2018 2:18:36 AM +00:00
In CERTs 2001 annual report it listed 52,000 security incidents
the most serious involving:
IP spoofing
intruders creating packets with false address then taking advantages of OS exploits
eavesdropping and sniffing
attackers listen for userids and passwords and then just walk into target systems
as a result the IAB included authentication and encryption in the next generation IP (IPv6)
8/30/2018 2:18:36 AM +00:00
libpcap is an open source C library for putting your NIC in promiscuous mode.Today I’ll go over a few C gotchas and how to use the libpcap API
Any C programmers?
Planning to go to grad school?
8/30/2018 2:18:36 AM +00:00
RFC-1631
A short term solution to the problem of the depletion of IP addresses
Long term solution is IP v6 (or whatever is finally agreed on)
CIDR (Classless InterDomain Routing ) is a possible short term solution
NAT is another
NAT is a way to conserve IP addresses
Hide a number of hosts behind a single IP address
Use:
10.0.0.0-10.255.255.255,
172.16.0.0-172.32.255.255 or
192.168.0.0-192.168.255.255 for local networks
8/30/2018 2:18:36 AM +00:00
A border router configured to pass or reject packets based on information in the header of each individual packet
can theoretically be configured to pass/reject based on any field
but usually done based on:
protocol type
IP addres
TCP/UDP port
Fragment number
Source routing information
8/30/2018 2:18:36 AM +00:00
Never trust user input
Poorly or unvalidated user input constitutes the most severe security problem with web applications
can crash a server
can cause buffer overflows
can allow machine to be hijacked
allow hacker to have root access
Assume user input is bad until you prove its OK
8/30/2018 2:18:36 AM +00:00
Part of an overall Firewall strategy
Sits between the local network and the external network
Originally used primarily as a caching strategy to minimize outgoing URL requests and increase perceived browser performance
Primary mission is now to insure anonymity of internal users
Still used for caching of frequently requested files
Also used for content filtering
Acts as a go-between, submitting your requests to the external network
Requests are translated from your IP address to the Proxy’s IP address
E-mail addresses of internal users are removed from request headers
Cause an actual break in the flow of communications
...
8/30/2018 2:18:36 AM +00:00
Raw Sockets let you program at just above the network (IP) layer
You could program at the IP level using the IP API but you can’t get at ICMP
Raw Sockets expose ICMP
you get a Raw Packet and populate the entire packet yourself
for high level protocols like TCP and UDP you lose all of the functionality implemented in those layers
choosing to use a Raw Socket must be weighed carefully
Raw Sockets can be dangerous
Raw Sockets can be against the law
http://www.kumite.com/rsnbrgr/rob/grcspoof/cnn/
...
8/30/2018 2:18:36 AM +00:00
traditional private/secret/single key cryptography uses one key
Key is shared by both sender and receiver
if the key is disclosed communications are compromised
also known as symmetric, both parties are equal
hence does not protect sender from receiver forging a message & claiming is sent by sender
8/30/2018 2:18:36 AM +00:00
Repeatedly dial phone numbers looking for a modem to answer or other things
War Dialers – used to find modems
ToneLoc – 1994 by Minor Threat & Mucho Maas
THC-Scan 2.0 – VanHouser, releaces by Hackers Choice
thc.inferno.tusclum.edu
Win9x, NT, W2000
100 lines/hour
TBA – LOpht (www.Lopht.com)
War dialing on a PALM
Demon Dialers – once a modem is found repeatedly dial it and guess passwords
Other things
Free phone calls – if the phone answers and gives a dial tone you have dialed into a number the will let you dial another number, some companies do this so that roaming employees can dial into the company or into a company...
8/30/2018 2:18:36 AM +00:00
Security Service – a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers
RFC 2828 – a processing or communication service that is provided by a system to give a specific kind of protection to system resources; security services implement security policies and are implemented bt security mechanisms.
8/30/2018 2:18:36 AM +00:00