Your SlideShare is downloading. ×
[ ] TeamTwoPresentation_v
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

[ ] TeamTwoPresentation_v

382
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
382
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • (Chandra & Calderon, 2005)Chandra, A., & Calderon, T. (2005). Challenges and constraints to the diffusion of biometrics in information systems (Vol. 48, pp. 101-106): ACM Press.
  • In your opening, establish the relevancy of the topic to the audience. Give a brief preview of the presentation and establish value for the listeners. Take into account your audience’s interest and expertise in the topic when choosing your vocabulary, examples, and illustrations. Focus on the importance of the topic to your audience, and you will have more attentive listeners.
  • In your opening, establish the relevancy of the topic to the audience. Give a brief preview of the presentation and establish value for the listeners. Take into account your audience’s interest and expertise in the topic when choosing your vocabulary, examples, and illustrations. Focus on the importance of the topic to your audience, and you will have more attentive listeners.
  • Determine the best close for your audience and your presentation. Close with a summary; offer options; recommend a strategy; suggest a plan; set a goal. Keep your focus throughout your presentation, and you will more likely achieve your purpose.
  • PKI by itself won’t do authorization- need to combine with other things like LDAP or active directory
  • Users errors include: Lost certificates Move to a new computer Forgotten passwords
  • Transcript

    • 1. DISS 740 Presentation Topic: Network Security Presentation By: Pius Oleh Dave Kumta Mike Bryant Maurice Okagua Phlimore McCarty Brook Heaton Victor Cheng
    • 2. Network Security
      • Overview
      • Cookies – Pius Oleh
      • Biometrics – Dave Kumta
      • Smart Cards – Mike Bryant
      Agenda
      • Intrusion Detection – Phlimore McCarthy
      • Firewalls – Maurice Okagua
      • Q&A
      • Public Key Infrastructure (PKI) – Brook Heaton
      • Virtual Private Network (VPN) – Victor Cheng
      • Team Mystery Game
    • 3. Network Security
      • What is Network Security?
      • There is no set definition of network security, but the fundamental definition is the protection of files and directories in a network from unauthorized access.
      Overview
    • 4. Network Security
      • A cookie is a text file sent by a web server to a client browser that enables the server to identify Web users’ subsequent site visit.
      • Types of cookies: First party cookie and Third party cookie.
      Cookies
    • 5. Network Security
      • Cookie Usage:
      • According to Peng and Cisna (2000), cookies can be used to tailor advertisement to a specific user on the web.
      • Persistent cookie or cookie sessionization.
      Cookies (Cont’d)
    • 6. Network Security
      • According to Jana and Chatterjee (2004), many web sites use cookies to track unique visitors. They argued that using cookies to track unique visitors is problematic because consumers can reject the cookie or delete the cookie (Jana & Chatterjee, 2004).
      • Privacy concern: Online consumers are deleting cookies to protect their privacy. Miyazaki and Fernandez (2000) highlighted privacy as one of the major issues for online consumers.
      Cookies (Cont’d)
    • 7. Network Security
      • Bennett (2001) added that online consumers might not be willing to share their personal information due to privacy.
      • According to Sit and Fu (2001), web cookies cannot be trusted because some web sites do not encrypt them; they argued that even the cookies that are encrypted can be circumvented with little effort.
      Cookies (Cont’d)
    • 8. Network Security
      • Lee and Pasternack (2005) identified two major problems facing web analytics (metrics tracking). They summed it up in technical (cookie deletion) and creative (instinct) challenges.
      Cookies (Cont’d)
    • 9. Network Security
      • According to recent Jupiter Research, 28 percent of online users are deleting their third-party cookies from their computers (Peterson, 2005).
      • Consequently, WebTrends Inc. (2005) conducted a similar research and found that 12 percent of online users are deleting their third-party cookies.
      Cookies (Cont’d)
    • 10. Network Security
      • According to Whitman, Perez, and Beise (2001), cookies encompass privacy, data security, and computer monitoring. Web cookies are used in covert data gathering, tracking user's browsing habits, as well as for profiling online consumers in marketing clickstream data to provide targeted advertisements (Whitman, Perez, & Beise, 2001).
      Cookies (Cont’d)
    • 11. Network Security
      • Szewczak (2002) concurs that this invasion of privacy prompted the Electronic Privacy Information Center (EPIC) to file a complaint with the FTC regarding the online tracking practice of DoubleClick, Inc. for unlawfully tracking online users activity through cookies in conjunction with Abacus Direct national database of online user profiles (Szewczak, 2002).
      Cookies (Cont’d)
    • 12. Network Security
      • Bennett, C. J. (2001). Cookies, web bugs, webcams and cue cats: Patterns of surveillance on the world wide web. Ethics and Information Technology , 3(3), 195- 210.
      • Jana, S., & Chatterjee, S. (2004). Quantifying web-site visits using web statistics: an extended cybermetrics study. Online Information Review , 28(3), 191-199.
      • Lee, K., & Pasternack, D. (2005). Make the numbers work. Target Marketing , 28(8), 45-46.
      Reference List
    • 13. Network Security
      • Miyazaki, A. D., & Fernandez, A. (2000). Internet privacy and security: An examination of online retailer disclosures. Journal of Public Policy & Marketing, 19(1), 54-61.
      • Peng, W., & Cisna, J. (2000). Http cookies - a promising technology. Online Information Review, 24(2), 150-153.
      • Peterson, E. T. (2005, March 9). Measuring Unique Visitors: Addressing the dramatic decline in accuracy of cookie-based measurement. Retrieved October 10, 2005, from http://www.jupiterresearch.com.
      • Sit, E., & Fu, K. (2001). Web cookies: Not just a privacy risk. Association for Computing Machinery. Communications of the ACM, 44(9), 120-120.
      Reference List
    • 14. Network Security
      • Szewczak, E. (2002). Beware of the Cookie Monster. Information Resources Management Journal, 15(1), 3-4.
      • WebTrends (2005). Best Practices for accurate Web Analytics: Avoiding third-party cookie rejection and deletion. Retrieved July 6, 2005, from http://www.webtrends.com/upload/BB_1st_Party_Cookies_FI NAL.pdf.
      • Whitman, M. E., Perez, J., & Beise, C. (2001). A study of user attitudes toward persistent cookies. The Journal of Computer Information Systems, 41(3), 1-7.
      Reference List
    • 15. Network Security Biometrics Dave Kumta
    • 16. Biometric Authentication
      • Not a network authentication mechanism per se but rather biometrics can be used to authenticate network users;
      • Biometrics are generally employed as part of a multifactor authentication scheme;
      • Biometrics can be more “user friendly” when frequent re-authentication required;
      • Biometrics have a large “signature”, with large storage requirements.
      Network Security
    • 17. Biometric Approaches
      • Fingerprints
      • Retina and Iris Scans
      • Face recognition
      • Footprints
      • Voice identification
      • Signature recognition
      • Keystroke recognition
      Network Security
    • 18. Biometric Challenges
      • Privacy and user acceptance
      • Legal precedence
      • Enrollment
      • Rigor
      • Reliability of electro-mechanical devices
      • Intensive processing requirements
      • Complex algorithms
      Network Security
    • 19. Network Security Smart Cards Mike Bryant
    • 20. One Definition of a Smart Card
      • A smart card, chip card, or integrated circuit(s) card (ICC), is defined as any pocket-sized card with embedded integrated circuits. There are two broad categories of Smart Cards.
      • Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain memory and microprocessor components.
      Network Security Smart Cards
    • 21. Smart Card Literature
      • Chan, A. (2005). Mobile cookies management on a smart card, COMMUNICATIONS OF THE ACM, November 2005/Vol. 48, No. 11
      • Bourlai, T., Messer, K., & Kittler, J. (2004). Face Verification System Architecture Using Smart Cards , Proceedings of the 17th International Conference on Pattern Recognition (ICPR’04)
      • Wu, X., Dandash, O., & Le, P. (2006). The Design and Implementation of a Smartphone Payment System based on Limited-used Key Generation Scheme, Proceedings of the Third International Conference on Information Technology: New Generations (ITNG'06)
      Network Security Smart Cards
    • 22. Uses of the Smart Card Technology
      • Smart Card Internet Cookie Management
      • Face Verification System Architecture Using Smart Cards
      • Smartphone Payment System
      Network Security Smart Cards
    • 23. Mobile Cookies Management on a Smart Card
      • Cookies are small bits of textual information a Web site might send to Web browsers to be stored within the client machine and returned unchanged in subsequent visits to the site.
      • Ability to store cookies on the machine enables Web servers to track state information while interacting with a browser across a session. The cookies can be kept past a session, so when users power off their machines the state information is retained and can be used again the next time they visit the site that first created it.
      • Many Web applications (such as banking, online shopping, and e-auctions) use cookies as a basis for identifying user preferences and identification. As the user moves to different machines to access the same site, the information previously recorded is lost.
      Network Security Smart Cards
    • 24. Mobile Cookies Management on a Smart Card (Cont’d)
      • The author presents a novel solution to making the cookies “mobile” by leveraging smart cards with the benefit of mobility in the user’s pocket.
      • The “CookiesCard” framework uses a smart card as a secure, mobile storage medium for managing personalized cookies.
      • The “CookiesCard” proxy interacts directly with the card to provide cookies management while functioning as an intermediary between the client browser and a Web server.
      Network Security Smart Cards
    • 25. Face Verification System Architecture Using Smart Cards
      • The authors contend that automatic personal identity verification systems based on facial images have many promising applications in the field of security.
      • In any face verification system the user must make an identity claim, usually by use of a token, in this case the token was stored on a smart card.
      • To make a claim, the user presents himself/herself to a camera and places his/her card in the card reader. The token is read off the card and the relevant biometric template retrieved. A match between the template and the acquired image is then made.
      • Prior to this the user would have had to have gone through an enrollment process where their facial biometric template was created and stored in a database.
      Network Security Smart Cards
    • 26. The Design and Implementation of a Smartphone Payment System based on Limited-use – Key Generation Scheme
      • Nostalgia: The expected use for smart phones in 2003 was approximately 11.6 million users and in year 2007, smart phones are likely to be used more than laptops and PDAs together, by more than 324 million users.
      • Smart phones allow users to access the Internet using a wireless connection, to store contacts in databases and to perform payments over the Internet
      • Many mobile payment systems lack protection for sensitive information probably due to cost constraints, design limitations or resource limitations where strong encryption requires substantial processing, memory, and power.
      Network Security Smart Cards
    • 27. The Design and Implementation of a Smartphone Payment System based on Limited-use – Key Generation Scheme (Concluded)
      • The proposed Wireless Smart cards Payment System (WSPS) is derived from the KSL Protocol as a more secure way for Wireless Internet Payment.
      • A client using a Wireless Smart Card can perform transactions over a wireless LAN which is connected to the Internet via a wired network.
      • The Smart Card deploys hashing algorithm (SHA1), using 1024 shared key. SHA-1 is considered to be the successor to MD5, an earlier, widely-used hash function. The SHA algorithms were designed by the National Security Agency (NSA) and published as a US government standard. A hash function (or hash algorithm ) is a way of creating a small digital "fingerprint" from any kind of data
      • It’s believed that the use of a Smart Card for making the Internet Payment is more secure because a Smart Card can be charged and used without revealing client information.
      Network Security Smart Cards
    • 28. Other Smart Card Implementations
      • The IEEE and ACM Journals have many other research projects dealing with the use of Smart Cards.
      Network Security Smart Cards
    • 29. Network Security Firewalls Maurice Okaqua
    • 30. WHAT IS A FIREWALL
      • Organizations use internet connectivity to provide services, share information and collaborate with customers both internally and externally. The internet connectivity also expose the organization network to security attacks namely: viruses, worms, cookies, Trojans, and denial of service attacks.
      • A firewall is a hardware or software security tool designed to prevent outside intrusions.
      • The first level of defense in the organizational security tool is generally the firewall. It acts as a security gate between the organization intranet and the internet.
      • Firewalls monitors and controls all data traffic that passes through the organization network into the computer.
      Network Security Firewalls
    • 31. A view of an organizational Firewall Firewall Network Security Firewalls Unified Messaging Synchronization Blackberry Voicemail IPSec PBX 802.11 Enabled Devices Exchange Public Telephone Network Cellular Enabled Devices Cellular Network Internet
    • 32. Types of Firewalls
      • There are two common types of firewalls namely:
        • Packet Filtering and Proxy Server Firewall
          • Packet filtering firewall
            • The software uses predefined rules to reject or accept packages or data that passes through it.
          • Proxy Server firewall
            • The proxy server prevents outsides from accessing in formation from the network.
            • It also acts as a middleman or gateway that coordinated data between the network and the outside world.
      Network Security Firewalls
    • 33. Common Organizational Firewall Security Policies
      • Service controls
        • Determines the services that are externally accessable
      • Behavior control
        • Enforces organizational policy (not allow employees to use yahoo in a control environment)
      • User Control
        • What software can be downloaded by employees
      • IP Packet filtering
        • Monitors service request by examine individual packets.
      Network Security Firewalls
    • 34. Benefits of using Firewall Protection
      • Enables virtual participation
      • Enables sharing of sensitive data with meeting participants inside/outside the company.
      • Video: Enables visual participation in virtual meetings.
      • Streamed medias: Enables 7x24 viewing of meetings, training via web
      NetMeeting client to client Desktop Video conferencing Streaming media or video conference Company Perimeter Company external web site Streaming Media WebEx for internal & external secure data conferencing Network Security Firewalls Company Intranet
    • 35. Network Security Intrusion Detection Phlimore McCarthy
    • 36. Principles “Assume that the network will be attack”
      • Security Assessment
      • Detection Standards
      • Models of Intrusions
      • Implementations
      • Intrusion responses
      • Conclusion
      Network Security Intrusion Detection
    • 37.
      • Analysis of Threats
      • Analysis of Vulnerabilities
      • Application of Counte measures
      Network Security Intrusion Detection Security Assessment
    • 38. Detection Standards
      • Develop by Internet Engineering Task Force (IETF) Intrusion Detection Working Group
      • Intrusion Alert Protocol (IAP)
      • Intrusion Detection Message Exchange Format (IDMEF)
      • Distribution Denial of Service (DDOS)
      • Remote Monitoring ((RMON)
      Network Security Intrusion Detection
    • 39. Models of Intrusions
      • “ Sequence of a states or actions as ‘good’ (no intrusion) or ‘bad’ (possible intrusion)”
      • Anomaly Detection
      • Misuse Detection
      • Specification-based Detection
      Network Security Intrusion Detection
    • 40. Implementations IDSs
      • Architecture
        • Agent
          • Host-Based Information Gathering
          • Network-Based information Gathering
          • Combining Sources
          • Director
          • Notifier
      Network Security Intrusion Detection
    • 41. Intrusion Responses
      • Incident Prevention
      • Intrusion Handling
        • Preparation
        • Identification
        • Containment
        • Eradication
        • Recovery
        • Follow up
      Network Security Intrusion Detection
    • 42. Intrusion Responses IDSs “be proactive”
      • Requires counter measures for combinations of intrusion models
      • Disconnect user sessions
      • Disable user account for unauthorized network entry
      • Protect network resources
      Network Security Intrusion Detection
    • 43. Conclusion “not able to detect all types of intrusions”
      • Further research is required to develop IDSs:
        • Methodologies
        • Improved Network Security Operational Polices
        • WAN Architecture Design Deployment
        • Privacy Issues
        • Legal frame
      Network Security Intrusion Detection
    • 44. Network Security Public Key Infrastructure (PKI) Brook Heaton
    • 45. Purpose
      • Conduct secure communications over the network
        • Encryption (contents can’t be viewed)
        • Integrity (contents haven’t been changed)
        • Authentication (you are who you say you are)
        • Authorization (you are allowed to do X)
      Network Security Public Key Infrastructure (PKI)
    • 46. PKI Components and Terminology
      • Certificate Authority
      • Certificates
      • Key Pairs (Public / Private)
      • Certificate Revocation Lists (CRL)
      • Keystore
      Network Security Public Key Infrastructure (PKI)
    • 47. Standards and Organizations
      • X.509 (ITU-T)
      • IETF PKIX Working Group
      • NIST MISPC
      • Federal PKI Steering Committee
      • Vendors
        • Verisign
        • Entrust
        • Etc.
      Network Security Public Key Infrastructure (PKI)
    • 48. Applications
      • Email signing and encryption
      • Web authentication, authorization, encryption
      • Network access (login)
      Network Security Public Key Infrastructure (PKI)
    • 49. Key Challenges
      • Certificate Management
        • Managing revoked certificates
        • Renewing expired certificates
        • Distributing certificates
        • User errors
      • Hardware / Software Implementation
      • Performance
      Network Security Public Key Infrastructure (PKI)
    • 50. Network Security Virtual Private Network (VPN) Victor Cheng
    • 51. Virtual Private Network (IP-based)
      • Prevent eavesdropping and tampering in a public network.
      • Data in the TCP/IP network stack is encapsulated into a secure network packet.
      • Typical IP-based VPN : PPTP, SSL, IPsec
      • Point to Point Tunneling Protocol (PPTP)
        • Implemented by Microsoft since Win95.
        • Can be password or certificate based. Weak password leads to security problems.
        • Often barred by firewalls.
      Network Security Virtual Private Network (VPN)
    • 52.
      • IP Security (IPsec)
        • Standard in IPv6, optional in IPv4.
        • Provides security at the network layer.
        • Internet Key Exchange (IKE) protocol
        • Tunnel Mode - supports portal-to-portal
        • Transport Mode - supports end-to-end
      • Secure Socket Layer (SSL)
        • Above TCP transport protocol, commonly used (https).
        • OpenVPN - encrypt the entire TCP/IP network stack
        • SSL VPN – secure web access
        • Support all common cryptographic algorithms:
          • Asymmetric ciphers : RSA, Diffie-Hellman
          • Symmetric ciphers : DES, Triple DES, AES
          • Hash Functions : MD5, SHA-1
        • Public key for authentication and key exchange, symmetric key for encryption of data.
      Network Security Virtual Private Network (VPN)
    • 53. Research Issues
      • IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution (Zhi Fu et al., 2001)
      • Management structure for ISPs (Braun et al. 2004)
      • Implementation at Gigabit level (Friend, 2004)
      Network Security Virtual Private Network (VPN)
    • 54. Network Security Q&A
    • 55. Network Security Team Mystery Game