


















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A portion of the lecture notes from a computer and network security course (cse543) taught by professor jaeger at penn state university in the fall of 2006. The notes cover the topic of network security, including various threats, filtering techniques, and firewalls. The document also includes information about midterm exams, project meetings, and practical issues related to network security.
Typology: Study notes
1 / 26
This page cannot be seen from the preview
Don't miss anything!



















Grades
85-100 -- A (4)
76-81 -- B+/A- (8)
66-73 -- B+/B (14)
59-63 -- B/B- (4)
53-56 -- C (2)
45-50 -- D (5)
Impact
15% of grade (less than presentations and homeworks)
Much less than project; much less than final
Need over 50% on one test to get B-
Given a trusted authority, use public key crypto to
send a key to another party
Just what X needs to send
X is sender; Y is receiver; M is authority
Y needs X’s public key: X+, X, {H(X+, X)}M-
X needs to ensure authenticity, secrecy, and integrity of key
{K, X, {H(K, X)}X-}Y+
How about with a secret group key
Need authenticity, secrecy, and integrity
{K, X}Kg, HMAC(Kg, {K, X})
Meet with groups
Discuss experiment
Try to propose experiment
Th, Fr, M
Will send an email to schedule
Project slides are not due until 11/
The network is …
… a collection of interconnected computers
… with resources that must be protected
… from unwanted inspection or modification
… while maintaining adequate quality of service.
Another way of seeing network security is
Securing the network infrastructure such that the integrity,
confidentiality, and availability of the resources is
maintained.
Q: How do we do this?
Internet
(perimeter)
(hosts/desktops)
(edge)
(server) (remote hosts/servers)
Filtering
Firewalls
Communication Security and Services
DNSsec, IPsec, SSH, ...
Isolation
VPNs, VLANs
Detection and mitigation
intrusion detection
DDOS tools
network entity attempting to gain access to
internal resources
(or software) trying to expose sensitive data
is preventing access to internal resource (DOS)
Specifies what traffic is (not) allowed
Maps attributes to address and ports
Example: HTTP should be allowed to any external host, but inbound
only to web-server
explicitly disallowed
E.g., prevent connections from badguys.com
explicitly allowed
E.g., allow connections from goodguys.com
These is useful for IP filtering, SPAM mitigation, …
Q: What access control policies do these represent?
(servers)
Internet
Network layer firewalls are dominant
DMZs allow multi-tiered fire-walling
Tools are widely available and mature
Personal firewalls gaining popularity
Issues
Network perimeters not quite as clear as before
E.g., telecommuters, VPNs, wireless, …
Every access point must be protected
E.g., this is why war-dialing is effective
Hard to debug, maintain consistency and correctness
Often seen by non-security personnel as impediment
E.g., Just open port X so I can use my wonder widget …
SOAP - why is this protocol an issue?
12 error classes
No default policy, automatic broad tools
NetBIOS (the very use of the Win protocol deemed error)
Portmapper protocols
Use of “any wildcards”
Lack of egress rules
Interesting questions:
Is the violation of Wool’s errors really a problem?
“DNS attack” comment?
Why do you think more expensive firewalls had a higher
occurrence of errors?
Take away: configurations are bad