Lesson 01 - Network Security Overview
Lesson 01 - Network Security Overview
Network Security
6/26/2019
Introduction and Overview
Security incidents
(reported)
Philosophy of this course
● We are not going to be able to cover
everything
○ We are not going to be able to even mention
everything
You will not be a security expert after this class
● Main goals(after this class, you should realize why it
○ A samplingwould be dangerous to think you are)
of many different aspects of security
○ The security “mindset”
You should have a better appreciation of
○ Become familiar with basic acronyms (RSA, SSL, PGP,
security
etc.), and “buzzwords” (phishing,
issues after this …)
class
○ Become an educated security consumer
○ Try to keep it interesting with real-world examples and
“hacking” projects
Textbook
● Recommended text:
○ “Network Security…” by Kaufman, Perlman, and Speciner (most recent
edition)
Class participation and readings
● Introduction…
○ Is security achievable…?
○ A broad perspective on security
● Cryptography
○ The basics
○ Cryptography is not the whole solution…
○ …but it is an important part of the solution
○ Along the way, we will see why cryptography
can’t solve all security problems
Syllabus
● System security
○ General principles
○ Security policies
○ Access control
○ OS security
○ “Trusted computing”
● Programming language security
○ Buffer overflows, input validation errors
○ Viruses/worms
Syllabus
● Network security
○ Identity, PKI
○ Authentication and key exchange protocols
○ Password and biometric authentication
○ Anonymity and pseudonymity
○ Privacy
○ Some real-world protocols (IPSec/SSL)
○ Attacks on network infrastructure (routing, DNS, DDos )
○ Wireless security
Syllabus
● Miscellaneous
○ Database security
○ Web security
○ Other topics (spam, …)
A High-Level Introduction
to Computer Security
A naïve view
password
In reality…
password
forgot password?
One good attack
● Use public records to figure out
someone’s password
○ Or, e.g., their SSN, so can answer security
question…
● The problem is not (necessarily) that SSNs are
public
● The problem is that we “overload” SSNs, and use
them for more than they were intended
● Note: “the system” here is not just the
computer, nor is it just the network…
A naïve view
● Automobiles
● Appliances, TVs
● (Implantable) medical devices
● Cameras, picture frames(!)
○ See
http://www.securityfocus.com/news/11499
“Trusting trust”
(or: how hard is security?)
“Trusting trust”
● Consider a compiler that embeds a
trapdoor into anything it compiles
● How to catch?
○ Read source code? (What if replaced?)
○ Re-compile compiler?
● What if the compiler embeds the trojan code whenever it
compiles a compiler?
○ (That’s nasty…)
“Trusting trust”
● Whom do you trust?
● Does one really need to be this
paranoid??
○ Probably not
○ Sometimes, yes
● Shows that security is complex…and
essentially impossible
● Comes back to risk/benefit trade-off
Next
Meeting:
Cryptography