Introduction to Security

3-oct-2011

Welcome!

This will be a long journey

so lets make it interesting and useful!

Course Structure
No. 1 2 3 4 5 6 7 Course Title Introduction to Security Security Threats Securing Network Devices ACLs & AAA Firewalls IPS, IDS Midterm Assessment Mitigating Layer 2 Attacks Date Today 10-oct-2011 17-oct-2011 24-oct-2011 31-oct-2011 7-nov-2011 14-nov-2011 21-nov-2011

8 9 10 11
12
3

Cryptography VPNs MPLS Implementing MPLS VPN

28-nov-2011 5-dec-2011 12-dec-2011 19-dec-2011

Lab Schedule
All Mondays 16-18 18-20 20-22 EG 106 (CNS) EG 106 (CNS) ED 011 (SCR) ED 011 (SCR) The lecture youre watching right now

Greately skilled lab assistants: Bogdan Doinea (CNS) Mihai Bucicoiu (SCR)
4

Grading

The course grade is made up of:

Midterm assessment single choice, multiple answer, from the first 6 lectures: 2.5 points Final assessment the final 6 lectures: 2.5 points

The lab grade is made up of:

Lab activity: 2.5 points Hands-on exam: 2.5 points

There is a bonus of 1 point for course involvement The PASSING grade is 5.00

Research assignment

Research assignment amounts for 6 credit points each semester There will be a grade at the end of each semester. Research projects

will be published by October, 17th can extend over 2 or 3 semesters can involve teams of 2 or 3 people

Your weekly schedule includes 12 hours of research. I will expect 6 hours of in-person lab research.

A little more detail (1)

Lecture 1 Introduction

The concept of security The human aspect of security Security policies

Lecture 2 Security Threats

Network attacks The purpose behind an attack Attack methodologies Destructive software: worms, viruses, trojans How to deal with an attack How to prevent an attack

A little more detail (2)

Lecture 3 Securing Network Devices

Never forget (about) passwords! Application vulnerabilities Network protocols that you should use Network protocols that you should NOT use User privileges Securing access Securing data Securing device configurations why?

A little more detail (3)

Lecture 4 ACL & AAA

ACLs = Access Control Lists

Learn to identify and select traffic using ACLs Restrict access to networks and devices with ACLs Authenticate: enter your username & passsword Authorize: you can now do this and that Account: we know when and how you did this and that!

AAA = Authentication, Authorization, Accounting

A little more detail (4)

Lecture 5 Firewalls

Basic principles of firewalls

How do they work? What do they do?

How smart is a firewall? Learn about software-based firewall and hardware-based ones Using firewalls to secure your network Learn to keep your firewalls up to date

10

A little more detail (5)

Lecture 6 IPS, IDS

IPS = Intrusion Preventions System IDS = Intrusion Detection System Whats the difference? Types of intrusions

How to identify intrusions signatures and anomalies

Implementing IPS/IDS Monitoring IPS/IDS functionality

11

A little more detail (6)

Lecture 7 Mitigating Layer 2 Attacks

Endpoint security STP & MAC attacks Wireless security VoIP security How to make all the above more secure

Lecture 8 Cryptography

Simple and not-so-simple encryption algorithms you do the math

12

A little more detail (7)

Lecture 9 VPN

Virtual Private Network Why is it virtual? How do we make it private? Types of VPNs Tunneling

Lecture 10 - MPLS

MPLS architecture MPLS labels Packet forwarding in MPLS

13

A little more detail (8)

Lecture 11 - Implementing MPLS VPN

Advantages of MPLS VPN Why is it such a widespread technology Implementing VPNs over an MPLS network

Lecture 12 Security policies and best practices

How to implement a security policy Keeping in mind that youre dealing with people and they are always the weakest link.

14

Computer security

Securitys first myth says:

There is security !

and we know myths are just wrong!

15

What is there to secure? (1)

Stored data

Business data must not be leaked to competitors Personal information (employees, customers, users, etc) Copyrighted software Securing data must also ensure persistence

Data must not be lost due to attacks or lack of skill

Transactions

Protect information from being tampered with Make sure that the sender is who he/she claims to be Make sure the receiver is the one intended Data is often sent across public (insecure) networks it can easily be intercepted

16

Intercepting data

Intercepting is also known as sniffing. It is often executed directly at the physical layer. Listening for interesting traffic on a transmission medium is not ever regarded as an attack.

Question: Can you avoid having your sensitive data being sniffed?

Answer: NO.
But you can make that data useless to the interceptor.
17

Protecting transactions

Encrypted data must not be interpreted by a sniffer, even if it is captured. Thus, encryption is tightly connected to the senders and receivers identities. Encryption methods can be weak or better.

Weak encryption = it can be broken in a reasonable time Strong encryption = it can be broken too
but it might take you more than a lifetime

A lot more about encryption in a latter lecture.

What is there to secure? (2)

Secure access

Access to computers Access to networks Access to certain privileges

Humans access everything

Humans are the least trustworthy

19

20

Security and humans

Security policies must be in place and must be followed. Regardless of how strong (and expensive) your secure deployment is:

Humans can still write their passwords on post-it notes Humans can still give their passwords to anyone they trust Humans can still open tempting attachments

21

Social engineering (1)

Non-technical intrusion Involves tricking people to break security policies

Manipulation

Relies on false confidence

Everyone trusts someone Authority is usually trusted by default Non-technical people dont want to admit their lack of expertise

They ask fewer questions.

Most people are eager to help.

When the attacker poses as a fellow employee in need.

22

Social engineering (2)

People are not aware of the value of the information they posess. Vanity, authority, eavesdropping they all work. When successful, social engineering bypasses ANY kind of security.

23

Why is it working so well?

24

Security and complexity

Downside: Complexity brings vulnerability

How secure is a 1000-computer network with >1000 users and 200 different applications? How secure is a simple button?

Still, we DO need complexity to accomplish our tasks

so security becomes a continuous process.

and a tedious one!

Least privilege

Complex systems are more difficult to secure. The more application deployed, the more possible vulnerabilities.

Users and applications must receive the least amount of privileges as possible. The things you have access to are the things you can break.
26

The Final Truth

There is no security on this Earth. There is only opportunity.

Douglas MacArthur

27