Intro to Voice & Data Security
Intro to Voice & Data Security IS 6303
Popular in Course
Popular in Science
verified elite notetaker
This 73 page Class Notes was uploaded by Rico Cummerata on Thursday October 29, 2015. The Class Notes belongs to IS 6303 at University of Texas at San Antonio taught by Robert Kaufman in Fall. Since its upload, it has received 59 views. For similar materials see /class/231349/is-6303-university-of-texas-at-san-antonio in Science at University of Texas at San Antonio.
Reviews for Intro to Voice & Data Security
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 10/29/15
c w 7 1 4 n r Aquot 1 lt 34 39 s9 pFE if 7 777 L Iquotaquotu a I M I l l l I I w r 39 F 3 700 815 PM BB 302XX DB 2XXX 3 Robert J Kaufman l Background 3 Student Background Information 3 Syllabus and Class Schedule mail in me in gt Name gt Phone opt and reliable email address gt lSCS background 3 Security background 3 Why you are taking this course gt What do you expect out of this course Sir allus gt Assumed Background I It is assumed that students in this class have a basic understanding of Operating Systems and Networks and that they have access to the Internet and a UNIX or Windows based PC gt Textbook I Computer Security Handbook 4ed Bosworth and Kabay 39SVIIanus marlinquot gt Graded Assignments 1 The grades for this course will be based on a standard 70 C 80 B 90A grading scheme The final grades will be based on the following graded assignments Paper 1 50 points Lab 1 100 points Exam 1 100 points Exam 2 100 points Lab 2 100 points Lab 3 100 points Lab 4 100 points Lab 5 100 points Final Exam 250 points TOTAL 1000 points 39 a n The For MoreCyber Security39 I quotThe very technology that makes our economy so dynamic and our military forces so dominating also makes us more vulnerablequot I Computer reliance is the soft underbelly of American national security I US high technology firms need to join with the US government to fight cyber National Security Advisor terrorism Condoleeza Rice We are talking about a collaborative partnership between the public and private sectors that is unprecedented in our history sum sun KirklandAFB 5 I Laclda n39d January 1998 tensions between the US the UN and Iraq are on the rise HuSSein has expelled the UN inspectors UN discussing reewing military action February 3 ASIMS detects intrusion at Andrews AFB Columbus AFB MS February 4 AFCERT detects additional intrusions 7 ll 5 I I iii 7 r Turned out to be 2 teenagers in California and their mentor in Israel Involved systems owned by the Air Force Navy NASA DOE MIT and several others At least 47 FBI agents were involved in this case as well as individuals from the OSI and members of the Israeli Ministry of Justice Exploited a known bug in Solaris sniffed passwords 500 systems involved thousands of passwords compromised 3 Probably the largest and most famous publicly acknowledged theft 3 Occurred in 1994 3 Vladimir Levin a 30year old Russian hacker stole more than 10M 3 All but a few hundred thousand dollars recovered 3 The actual dollar figure lost was minimal to an organization as large as Citibank what was more important is how this affected people s impression of the bank How many accounts were lost as a result of this public incident 3 Occurred in early 1997 3 14 year old hacker broke into a NYNEX digital loop carrier system through a dialin port 3 The individual who called himself jester disrupted telephone service for over 600 residents of Rutland Mass as well as communications at Worcester Airport 3 Communication to the tower and emergency services was disrupted as well as the main radio transmitter and an electronic system which enables aircraft to send a signal to activate the runway lights 3 Timothy Lloyd was convicted in May 2000 of causing an estimated 12 million in damages to his former employer 3 Back in 1996 Lloyd found out he was about to be fired 3 He planted a logic bomb that systematically erased all of Omega s contracts and the proprietary software used by the company s manufacturing tools gt Lloyd s act of insider cyberterrorism cost Omega its competitive position in the electronics manufacturing market At Lloyd s trial plant manager Jim Ferguson said We will never recover n nm ai nrv the rmsrwt eitr IIIIIIWII SBGIII39iW Ill lllllemm gt In March 1999 David Smith a New Jersey resident released the Melissa virus The estimated damage it caused 80 million gt in May 2000 23year old Philippine college student Onel de Guzman released the Love Bug virus which proceeded to cause an estimated 8 Billion in damages worldwide Cybeha acksb heavaeY CERTCC Carnegie Mellon Apr 01 Repo edlnddences it l rfrr gp amazonmm buycom FBI investigates 39ILOVEYOU39 virus millions of r computers affected caused an estimated 33 1 in damage WP 11 May 00 f 39 39 cost the United States 39 UPI 2 Feb 00 Attacks on the mu 3 In 1999 a total of 22144 quotattacksquot were detected on Defense Department networks up from 5844 in 1998 Air Force Maj Gen John Campbell then vice director of the Defense Information Systems Agency DISA told Congress in March 2000 gt In 2000 through August 4 a total of 13998 such quoteventsquot were reported according to Betsy Flood a spokeswoman for Arlington Virginiabased DISA which provides worldwide communication network and software support to the Defense Department mm mm Results gt 3 8 000 Attacks 4 13300 Blocked loneomaow 24700 Succeed 988 Detected lt IZOHaomauJol E 267 E Reported 1 I 721 Not 23 712 0 Reported Undetected E 36 Washington Times gt April 23 2001 Front Page To date Chinese hackers already have unlawfully defaced a number of US web sites replacing existing content with proChinese or antiUS rhetoric In addition an Internet worm named quotLionquot is infecting computers and installing distributed denial of service DDOS tools on various systems Collateral Damage May Soon Have A New De nition 1999 Information Security Survey 745 Information Security Readers 23 reported unauthorized access from outsiders 916 increase over 1998 results 52 reported access abuse by employees 14 reported access abuse by business partners resellers or vendors Total loss for 91 reporting a loss was 23323000 Average loss 256297 2000 Information Security Survey 1897 infosecurity professionals 37 experienced a denial of service attack 25 reported breaches due to insecure password 24 experienced breaches due to buffer over ows 24 experienced attacks on bugs in web servers 58 reported employee abuse of access controls up from 52 in 1999 24 reported theft or disclosure of proprietary data up from 17 in 1999 Iii W 1999 CSIFBI Computer Crime amp Security Survey 521 security practitioners in the US 30 reported system penetrations from outsiders an increase for the third year in a row 55 reported unauthorized access from insiders also an increase for the third year in a row Losses due to computer security breaches totaled for the 163 respondents reporting a loss 123779000 Average loss 759380 2000 CSIFBI Computer Crime and Security Survey 643 security practitioners in the US 90 reported computer security breaches Within the previous 12 months 70 reported unauthorized use 74 suffered financial losses Losses due to computer security breaches totaled for the 273 respondents reporting a loss 265589940 Average loss 972857 V il have to have SBBIII iW i BISE gt 2001 CSIFBI Computer Crime and Security Survey I 538 security practitioners in the US 91 reported computer security breaches within the previous 12 months 70 reported their Internet connection as a frequent point of attack up from 59 in 2000 64 suffered financial losses due to breaches 35 could quantify this loss Losses due to computer security breaches totaled for the 186 respondents reporting a loss 377828700 Average loss 2031 337 V il have to have SBBIII iW i BISE gt 2003 CSIFBI Computer Crime and Security Survey I 530 security practitioners in the US 30 of those who said they suffered an incident in the previous 12 months reported it to law enforcement 78 reported their Internet connection as a frequent point of attack up from 70 in 2001 75 suffered financial losses due to breaches 47 could quantify this loss Losses due to computer security breaches totaled for the 251 respondents reporting a loss 201797340 0000000000000 March 1999 EBay gets hacked March 1999 Melissa virus hits Internet April 1999 Chernobyl Virus hits May 1999 Hackers shut down web sites of FBI Senate and DOE June 1999 WormExporeZip virus hits July 1999 Cult of the Dead Cow CDC releases Back Orifice Sept 1999 Hacker pleads guilty to attacking NATO and Gore web sites Oct 1999 teenage hacker admits to breaking into AOL Nov 1999 BubbleBoy virus hits Dec 1999 Babylonia virus spreads Feb 2000 several sites experience DOS attacks Feb 2000 Alaska Airlines site hacked May 2000 Love Bug virus ravages net 7 x Kig Securilv Professionals 30 25 20 J 15001 10 5 0 Other I Vlruses Privacy Physical Explmts Available Source Information Security September 2000 7 r 30 25 Ill 15 Ill 5 39 IT I TOIIBIIIII llllalllll IISII S 2002 Info Security Magazi e survey M3177 it gt The CIA of security I Confidentiality ii Integrity ii Availability ii authentication ii nonrepudiation 3 Skills Gap 3 Budget 9 Network Crunch 3 Liability Due Care Secu39rilv Skills can Skill Level Rate of Technology Development of Technology Assimilation Time Corp I T Security Ix m l 114 I M if t 1 A I I l st 1800000000 1600000000 1400000000 1 2 00000000 1000000000 800000000 600000000 400000000 200000000 000 l USSecurity Spending 2000 2001 2002 2003 2004 Values in 1000 s of Source Forrester Research Oct 2000 see The Industry Standard 11 Dec 2000 r lrri 7 7 SQ 2002 74 Billion est 1999 42 Billion 1998 31 Billion 1997 2 Billion 97 amp 98 gures based on a study released by market research rm International Data Corp in Framingham Mass 99 amp 02 gures from IDC study based on a survey of 300 companies with more than 100 million in annual revenues Internet Security Software Market 150an Market Size R 23 123 283 c I Forrester Group 2B A trillion dollars of electronic financial transactions occur each day US experienced 40 increase in cyber crime over last year By mid decade a third of our GDP will be eCommerce America Cannot Have Trillions Of Dollars Of Economic Exposure On The Wire VWthout The Enabling Technology Of Information Security Crunchy on the Outside Chewy on the Inside quot minute tnrn unnj twinge Protection Prevention Detection Response Intrusion Detection Incident Handling Textbook uses Prevention Detection and Remediation 39VU lnerability Assessment Services Vul nerabi litjy S ca nne rs Security lntrusien Design detection Review H Firewalls 39SeCurity H Integration 39Encryptlon Services Authentication 24 Hr Monitoring Services Remote Firewall MonitOring legal lia39hililv gt Failure to Protect Against Loss gt Failure to Protect Against Disclosure 3 Failure to Protect Against Harassment gtHIPAA gt Hacker from the Hacker Jargon File A person who enjoys exploring the details of programmable systems and how to stretch their capabilities as opposed to most users who prefer to learn only the minimum necessary One who programs enthusiastically even obsessively or who enjoys programming rather than just theorizing about programming deprecated A malicious meddler who tries to discover sensitive information by poking around Hence password hacker network hacker The correct term for this sense is cracker gt Cracker One who breaks securityon a system Coined c 1985 by hackers in defense against journalistic misuse of hacker gt Phreaker The art and science of cracking the phone network so as for example to make free long distance calls 3 Security as an ROI 3 Improved Security ROI 3 Security that provides savings in the budget 3 Security that provides additional revenue Lesson 2 Isa II I rrom Security Possible 3 Security as an ROI i 777 gt Improved Security ROI gt Security that provides savings in the budget gt Security that provides additional revenue Computer System Basics 3 Operating Systems I Manage the computer s resources Memory management Scheduling Access Controls ri Lots of different operating systems Win9X Win2K WinME NT Unix Linux VMS Networks gt What is a network I Two or more systems connected together rI LAN local area network I WAN Wide area network I MAN metropolitan area network Network TB39IIO IIIQIBS gt TOpology the physical arrangement of the network Completely Connected Star Ring Bus 3 Characteristics of connections of hops Addition of new nodes Fairness Collisions and points of failure We 1 o rk39Timl ngiies Networkquot Tonoilfo u ies Star DiSAdVC 1 point of failure Adv I quot distance 2 hops connections nl r 39 Fairness Addition of new nodes Congestioncollisions Network To39n olou i es Ring Adv an dist 39 n 12 in 135 connections n DigsAdV many points of failure Fairness token Addition of new modes Congestioncollisions N etwn rk Tnno llouv Bus Adv DisAdV distance 1 hop Colhsmns connections n FairneSS Addition of new nodes Protocols 3 A protocol is an agreed upon format for exchanging information gt A protocol will define a number of parameters 7 Type of error checking Data compression method I Mechanisms to signal reception of a transmission 3 There are a number of protocols that have been established in the networking world IISI Reference Model 3 ISO standard describing 7 layers of protocols pplication Programlevel communication Presentation Data conversion functions data format data encryption Session Coordinates communication between endpoints Session state maintained for security ransport endtoend transmission controls flow of data Network routes data from one system to the next Data Link Handles physical passing of data between nodes Physical Manages the transmission mediaHW connections 3 Abstraction is the principle you only have to communicate with the layer directly above and below TCPIF Protocol Suite 3 TCPIP refers to two network protocols used on the Internet It Transmission Control Protocol TCP It Internet Protocol IP 3 TCP and IP are only two of a large group of protocols that make up the entire suite 3 A realworld application of the layered concept 3 There is not a onetoone relationship between the layers in the TCPIP suite and the OSI Model IISI ant Tcl39lllI comnarisnn 081 Model Application Presentation Session Transport Network Datalink Physical TCPIP Protocol Suite NFS FTP Telnet SSH SMTP SMB HTTP NNTP RPC TCRUDP IP IClVlP ARP Physical Applicationlevel protocols Networklevel protocols TBPII P Protocol Suite User Process User Process User Process A User Process UDP ICNIP A IGNIP E nca Insulation of data Appl header User Data TCP r l header l Appheatlon data IA d F TCP segment 7 P TCP r l header l header Application data I I4 Ll I P Datagram 39I Ethernet IF TCP Ethernet header l header l header Application data trailer I l4 r Ethernet Frame Ethernet nnmmme application application application application I Ethernet driver Incoming Frame IP39Ilalag ram 4 32 Bits Version head lngth Type of Service Total Length Identi cation Flags Frag Offset Timeto live I Protocol Header Checksum Source Address Destination Address Options if any Data TCP Packet Structure 32 Bits Ah 7 Source Port Destination Port Sequence Number Acknowledgment Number Data Offset Reserved Flags Window Checksum Urgent Pointer Options if any Data TCP establishes a Virtual circuit between client and server i v en sh client Client sends connection request Specifying a port to connect to On the server SYN Server responds with both an acknowledgement and a queue for the connection SYNACK Client returns an acknowledgement and the circuit is o ened V ACK llser ataoram Protocol IIII PI UDP is a connectionless transport layer protocol that provides no reliability and has no mechanism for connection establishment or termination UDP makes no guarantee about packet delivery This re and forget nature means a packet is placed on the network and you just hope it gets to where it was supposed to go to UDP is commonly used for network services that are not sensitive to an occasional lost dropped packet Because of the relative overall reliability of the network it has become less important to have a guaranteed service and thus UDP is a good choice for many streaming services unlioation Protocols 3 HTTP HyperText Transfer Protocol 3 FTP File Transfer Protocol 3 Telnet A terminal communications facility 3 SIVITP Simple Mail Transfer Protocol 3 SSH Secure SHeII Gammon Ports 3 Common Ports used to facilitate communication between common protocols HTTP TCP port 80 391 Telnet TCP port 23 I FTP TCP port 20 and 21 I SMTP TCP port 25 r SSH TCP port 22 I DNS UDP and TCP port 53 gt The overall process of delivering a packet from point A to point B gt It is the job of the router to know where to send a packet in order to reach its des na on 3 Routing tables are used to determine where to send a packet Static entries entered once and not updated Routing Information Protocol RIP entire tables shared on a periodic basis Not very efficient or secure Open Shortest Path First OSPF Table maintained to determine what the shortest path is to specific destinations Tremendous overhead Border Gateway Protocol BG P Peer routers neighbors exchange routing information Entire table initially loaded but subsequent changes limited to updates I I39 Addressing 3 We re all familiar with the concept of URL s and IP addresses we ve been using them for a while We normally like to recall the URL not the IP address but the network requires the address DNS Domain Name Service solves this problem for us When you use a site s name your computer will send a DNS query to your local DNS server if it knows the address it will return it othenrvise it will send aquery to a higherlevel domain server which may fonrvard the query further up and so forth until the address is obtained gt There are two basic ways to assign an IP address to a computer I Static a speci c address is assigned to a specific system and stays with it I DHCP Dynamic Host Configuration Protocol a dynamic addressing scheme that allows us to allocate IP addresses on a rstcome rstserved basis When a device connects to the network itqueries a DHCP server to obtain an IP address from a range of addresses If the server runs out of addresses the requestor is out of luck Method allows for more people to access the network without using as many addresses 7 1 2 ark 4 39 39 f Mme gar quotm f quot I 39I v l 17 1 M r Ir 39 39 J l l I gt There are a limited number of IP addresses available and not every system needs one gt NAT was developed to provide a means to translate private IP addresses into public IP addresses A device typically a router orfirewall will accomplish this translation process Source 1011123 gt Source 6369110110 Destination 207257123 Destination 207257123 Firewall performs NAT Qy Source 207257123 Source 207257123 Destination 101 1123 Destination 6369110110 NEIWII I39It Address Translation Amodem NAT gateway must change the Source address on every outgoing packet to be its single public address It therefore also renumbers the Source Ports to be unique so that it can keep track of each client connection The NAT gateway uses a port mapping table to remember how it renumbered the ports for each client39s outgoing packets The port mapping table relates the client39s real local IP address and source port plus its translated source port number to a destination address and port The NAT gateway can therefore reverse the process for returning packets and route them back to the correct clients When any remote server responds to an NAT client incoming packets arriving at the NAT gateway will all have the same Destination address but the destination port number will be the unique Source Port number that was assigned by the NAT The NAT gateway looks in its port mapping table to determine which quotreal client address and port number a packet is destined for and replaces these numbers before passing the packet on to the local client 1 7 V quot H V I Eu in I rl 1W 3 I7 V V V Iquot ICMP uses the IP datagram delivery facility to send its messages IP Header l IClVIP message I 20 bytes The format for the ICMP message is as follows 8bit type I 8bit code I 16bit checksum contents depends on type and code ICMP performs the following control error reporting and informational Functions for TCPIP Flow Control Detecting unreachable destinations Redirecting routes Checking remote hosts 6 g ping TVpe Code Message 0 0 Echo Reply 3 0 Net Unreachable 3 1 Host Unreachable 3 3 Port Unreachable 5 1 Host Redirect 8 0 Echo Request 11 O Timetolive exceeded 13 0 Timestamp Request 14 0 Timestamp Reply TVIIZi caI Nethase tta clrs well gt Popular and receives a great deal of media attention 3 Attempt to exploit vulnerabilities in order to II Access sensitive data eg credit card 3 Deface the web page I Disrupt delay or crash the server I Redirect users to a different site l 39 1 w i quot77 W i 1397 39 quotr 77 n r n I t 7 39 1 Iquot l V i u quot 39 i gt Essentially eavesdropping on the network gt Takes advantage of the shared nature of the transmission media 3 Passive in nature ie just listening not broadcasting gt The increased use of switching has made sniffing more difficult less productive but has not eliminated it eg DNS poisoning will allow you to convince target hosts to send traffic to us intended for other systems 7 7 if I 77 quotIV 39 Vii 91 J l7 Spoo ng Iliiaolring lienlav gt Spoofing attacks involve the attacker pretending to be someone else gt Hijacking involves the assumption of another systems role in a conversation already taking place 3 Replay occurs when the attacker retransmits a series of packets previously sent to a target host I 7 7 7 g 7 3 77 JL nenial of Service 3 DOS and Distributed DOS DDOS attacks have received much attention in the media in the last year due to some highprofile attacks 3 Several varieties If Flooding sending more data than the target can process If Crashing sending data often malformed designed to disable the system or service If Distributed using multiple hosts in a coordinated attack effort against a target system I Pvll versus me gt From the IPv6 FAQ what are the merits of IPv6 1quot scalabilityzva6 uses 128bit address space Address length is 4 times longer than IPv4 securityva6 basic specification includes security It includes packet encryption ESPzEncapsulated Security Payload and source authentication AHzAuthentication Header con dentiality and authentication realtimezTo support realtime traffic such as video conference IPv6 has quotFlow Labelquot Using flow label routers can know which endtoend flow a packet belongs to and then nd out the packet which belongs to realtime traffic needed to allow for prioritization of traf c autoconfigurationzva6 basic specification includes address autoconfiguration So even a novice user can connect their machine to network specification optimizationzva6 keeps good parts and discards old and useless parts of IPv4 illquot Security I PSEB I 3 Optional in IPv4 supported in IPv6 gt Two major modes Tunnel encrypts both the data and header portions of the packet I Transport encrypts the data portion of the packet gt Requires both ends to be using IPSEC obviously since one end will encrypt the other needs to be able to decrypt gt lPsec AH ESP chomp IKE lPsec consists of a couple of separate protocols listed below Authentication Header AH provides authenticity guarantee for packets by attaching strong crypto checksum to packets If you receive a packet with AH and the checksum operation was successful you can be sure about two things a The packet was originated by the expected peer The packet was not generated by an impersonator 0 The packet was not modified in transit Encapsulating Security Payload ESP provides confidentiality guarantee for packets by encrypting packets with encryption algorithms If you receive a packet with ESP and successfully decrypted it you can be sure that the packet was notwiretapped in the middle lP payload compression chomp ESP provides encryption service to the packets However encryption tends to negatively impact compression on the wire chomp provides a way to compress packets before encryption by ESP Of course you can use chomp alone if you wish to Internet Key Exchange IKE AH and ESP need shared secret keys between peers For communication between distant locations we need to provide ways to negotiate keys in secrecy IKE will make this possible t thern at gt The most common physical layer protocol 3 A shared media protocol collisions possible 391 Uses C SMA CD to control traffic 3 Several different variations of Ethernet exist ii fOBaseZ Thinnet thin coax it fOBase5 Thicknet earliest version thick coax ii fOBaseT Standard twisted pair Ethernet it 10OBase T Fast Ethernet ii fOOOBaseT Gigabit Ethernet
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'