introducon to security
TRANSCRIPT
![Page 1: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/1.jpg)
Introduc)ontoSecurity
6‐oct‐2009
![Page 2: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/2.jpg)
Welcome!
Thiswillbealongjourney…
…solet’smakeitinteres)nganduseful!
2
![Page 3: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/3.jpg)
CourseStructureNo. CourseTitle Date
1 IntroductiontoSecurity Today2 SecurityThreats 13‐oct‐20093 SecuringNetworkDevices 20‐oct‐20094 ACLs&AAA 27‐oct‐20095 Firewalls 3‐nov‐20096 IPS,IDS 10‐nov‐20097 MitigatingLayer2Attacks 17‐nov‐20098 Cryptography 24‐nov‐20099 VPNs 8‐dec‐200910 ImplementingMPLSVPN 15‐dec‐200911 WANTechnologies 22‐dec‐200912 PoliciesandBestPractices 12‐ian‐2009
3
![Page 4: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/4.jpg)
LabSchedule
AllWednesdays
14‐16 EG106(RR) ED011(BS)16‐18 EG106(RR) ED011(BS)18‐20 Thelectureyou’rewatchingrightnow20‐22 EG106(RR) ED011(BS)
(sixlabs,intotal)
Greatelyskilledlabassistants: RăzvanRughiniș(RR) BogdanSass(BS)
4
![Page 5: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/5.jpg)
Grading Thecoursegradeismadeupof:
Mid‐termassessment–singlechoice,mul)pleanswer,fromthefirst6lectures:2points
Finalassessment–thefinal6lectures:2points
Thelabgradeismadeupof: Labac)vity:2points Hands‐onexam:2points
Thethingyou’veallbeenwai)ngtohear: TheSTARTINGgradeis3.00!
ThePASSINGgradeis5.00
5
![Page 6: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/6.jpg)
Researchassignment Researchassignmentamountsfor12creditpoints. Therewillbeagradeattheendofeachsemester. Researchprojects
willbepublishedby19thOctober canextendover2or3semesters
caninvolveteamsof2or3people
Yourweeklyscheduleincludes12hoursofresearch.
Iwillexpect6hoursofin‐personlabresearch.
6
![Page 7: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/7.jpg)
Alialemoredetail…(1) Lecture1–Introduc)on
Theconceptofsecurity Thehumanaspectofsecurity Securitypolicies
Lecture2–SecurityThreats Networkaaacks Thepurposebehindanaaack Aaackmethodologies Destruc)vesocware:worms,viruses,trojans Howtodealwithanaaack Howtopreventanaaack
7
![Page 8: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/8.jpg)
Alialemoredetail…(2) Lecture3–SecuringNetworkDevices
Neverforget(about)passwords!
Applica)onvulnerabili)es Networkprotocolsthatyoushoulduse
NetworkprotocolsthatyoushouldNOTuse
Userprivileges Securingaccess
Securingdata Securingdeviceconfigura)ons–why?
8
![Page 9: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/9.jpg)
Alialemoredetail…(3)
Lecture4–ACL&AAA ACLs=AccessControlLists
Learntoiden)fyandselecttrafficusingACLs
RestrictaccesstonetworksanddeviceswithACLs
AAA=Authen)ca)on,Authoriza)on,Accoun)ng Authen)cate:enteryourusername&passsword
Authorize:youcannowdothisandthat
Account:weknowwhenandhowyoudidthisandthat!
9
![Page 10: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/10.jpg)
Alialemoredetail…(4) Lecture5–Firewalls
Basicprinciplesoffirewalls Howdotheywork?
Whatdotheydo?
Howsmartisafirewall? Learnaboutsocware‐basedfirewallandhardware‐basedones
Usingfirewallstosecureyournetwork
Learntokeepyourfirewallsuptodate
10
![Page 11: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/11.jpg)
Alialemoredetail…(5) Lecture6–IPS,IDS
IPS=IntrusionPreven)onsSystem
IDS=IntrusionDetec)onSystem What’sthedifference?
Typesofintrusions Howtoiden)fyintrusions–signaturesandanomalies
Implemen)ngIPS/IDS MonitoringIPS/IDSfunc)onality
11
![Page 12: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/12.jpg)
Alialemoredetail…(6) Lecture7–Mi)ga)ngLayer2Aaacks
Endpointsecurity
STP&MACaaacks Wirelesssecurity
VoIPsecurity
Howtomakealltheabovemoresecure
Lecture8–Cryptography Simpleandnot‐so‐simpleencryp)onalgorithms…youdothemath
12
![Page 13: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/13.jpg)
Alialemoredetail…(7) Lecture9–VPN
VirtualPrivateNetwork
Whyisit“virtual”? Howdowemakeit“private”?
TypesofVPNs
Tunneling
Lecture10‐Implemen)ngMPLSVPN AdvantagesofMPLS
Whyisitsuchawidespreadtechnology Implemen)ngVPNsoveranMPLSnetwork
13
![Page 14: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/14.jpg)
Alialemoredetail…(8) Lecture11–WANTechnologies
Making“long‐distancecalls”innetworking…
Physicalconnec)ons Carriers
Layer2protocolsinWANs
Lecture12–Securitypoliciesandbestprac)ces Howtoimplementasecuritypolicy
Keepinginmindthatyou’redealingwithpeople
…andtheyarealwaystheweakestlink.
14
![Page 15: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/15.jpg)
Computersecurity Security’sfirstmythsays:
“Thereissecurity!”
…andweknowmythsarejustwrong!
15
![Page 16: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/16.jpg)
Whatistheretosecure?(1) Storeddata
Businessdatamustnotbeleakedtocompe)tors
Personalinforma)on(employees,customers,users,etc)
Copyrightedsocware
Securingdatamustalsoensurepersistence Datamustnotbelostduetoaaacksorlackofskill
Transac)ons Protectinforma)onfrombeingtamperedwith
Makesurethatthesenderiswhohe/sheclaimstobe
Makesurethereceiveristheoneintended
Dataisocensentacrosspublic(insecure)networks–itcaneasilybeintercepted
16
![Page 17: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/17.jpg)
Intercep)ngdata Intercep)ngisalsoknownas“sniffing”. Itisocenexecuteddirectlyatthephysicallayer. “Listening”forinteres)ngtrafficonatransmissionmediumisnoteverregardedasanaaack.
Ques)on:Canyouavoidhavingyoursensi)vedatabeingsniffed?
Answer:NO.Butyoucanmakethatdatauselesstotheinterceptor.
17
![Page 18: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/18.jpg)
Protec)ngtransac)ons Encrypteddatamustnotbeinterpretedbyasniffer,evenifitiscaptured.
Thus,encryp)onis)ghtlyconnectedtothesender’sandreceiver’siden))es.
Encryp)onmethodscanbeweakor…beaer. Weakencryp)on=itcanbebrokeninareasonable)me
Strongencryp)on=itcanbebrokentoo……butitmighttakeyoumorethanalife)me
Alotmoreaboutencryp)oninalaaerlecture.
18
![Page 19: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/19.jpg)
Whatistheretosecure?(2) Secureaccess
Accesstocomputers
Accesstonetworks Accesstocertainprivileges
Humansaccesseverything
Humansaretheleasttrustworthy
19
![Page 20: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/20.jpg)
20
![Page 21: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/21.jpg)
Securityandhumans Securitypoliciesmustbeinplace …andmustbefollowed.
Regardlessofhowstrong(andexpensive)yoursecuredeploymentis: Humanscans)llwritetheirpasswordsonpost‐itnotes
Humanscans)llgivetheirpasswordstoanyonetheytrust
Humanscans)llopentemp)ngaaachments…
21
![Page 22: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/22.jpg)
Socialengineering(1) Non‐technicalintrusion Involvestrickingpeopletobreaksecuritypolicies
Manipula)on
Reliesonfalseconfidence Everyonetrustssomeone
Authorityisusuallytrustedbydefault Non‐technicalpeopledon’twanttoadmittheirlackofexper)se Theyaskfewerques)ons.
Mostpeopleareeagertohelp. Whentheaaackerposesasafellowemployeeinneed.
22
![Page 23: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/23.jpg)
Socialengineering(2)
Peoplearenotawareofthevalueoftheinforma)ontheyposess.
Vanity,authority,eavesdropping–theyallwork.
Whensuccessful,socialengineeringbypassesANYkindofsecurity.
23
![Page 24: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/24.jpg)
Whyisitworkingsowell?
24
![Page 25: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/25.jpg)
Securityandcomplexity
Downside:Complexitybringsvulnerability Howsecureisa1000‐computernetworkwith>1000usersand200differentapplica)ons?
Howsecureisasimplebuaon?
S)ll,weDOneedcomplexitytoaccomplishourtasks …sosecuritybecomesacon)nuousprocess.
…andatediousone!
25
![Page 26: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/26.jpg)
Leastprivilege Complexsystemsaremoredifficulttosecure. Themoreapplica)ondeployed,themorepossiblevulnerabili)es.
Usersandapplica)onsmustreceivetheleastamountofprivilegesaspossible.
“Thethingsyouhaveaccesstoarethethingsyoucanbreak.”
26
![Page 27: Introducon to Security](https://reader031.vdocument.in/reader031/viewer/2022041903/6254b3b7298a256a0109ebc0/html5/thumbnails/27.jpg)
TheFinalTruth
“ThereisnosecurityonthisEarth.Thereisonlyopportunity.”
DouglasMacArthur
27