Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: THEend8_
Introduction to computer systems, networks
and security
Workshop 11: Network Security
FIT1047
Learning Outcomes
At the end of this workshop, you will:
• Describe key establishment mechanisms and transport layer
security protocols
• Discuss the use of firewalls and VPNs in different network
scenarios
• Understand how large and small organisations can use
security controls to provide perimeter protection for their
networks
• Identify the use of security protocols in network traffic
Assignment 3
Assignment 3
In part 1, students will record data from real-world wireless
networks and demonstrate that they can analyse it, identify its
properties and potential issues.
In part 2, students analyse Internet traffic and identify
addresses, servers, clients and protocols used.
• WLAN Network Design and Security (35 marks)
o Survey (15 marks)
o Report (20 marks)
• Internet Traffic Analysis (25 marks)
ACTIVITY 1A: Firewall
What is a firewall in computer networks?
● A firewall in general is a barrier
● In computer networks it is a barrier between some (more
secure) internal network and a (less secure) outside
network (i.e. the Internet)
● Without it, devices are visible and accessible. If they are
vulnerable, they can be hacked
● A network firewall filters traffic, it does not completely
block traffic!
● Security rules define what can get through and what is
blocked (in both directions in and out)
Packet filtering
• Basic firewall version
• Filters packets on Network layer (and above)
• Filters based on source and destination IP addresses, protocol
IDs, ports, current stage of a connection (if stateful)
• Static filtering rule set
• Standard security mechanism
Activity 1 Part A: 10 mins
• Work in a small group
• Discuss some advantages and disadvantages of Packet Firewalls
• Packet Firewalls in the real-world. A list of port numbers is given in
FLUX. Research and share in which situation which port needs to be
open?
Use workshop specific join code available in Moodle
ACTIVITY 1B: Intrusion detection and prevention
IDS and IPS
• IDS: Intrusion Detection System
Monitors network and/or system activities.
Alerts when potentially malicious activity is found.
Logs information about activities.
• IPS: Intrusion Prevention System
IDS with additional active functionality.
Attempts to block or stop malicious activities.
How do IDS/IPSs work?
IDS/IPS use anomaly-based detection and signature-based
detection.
Signature-based is fast, generates less false positives and does not
need a learning phase.
Anomaly-based can detect previously unknown attacks
Next-generation firewalls (NGF)
Promise an integrated security approach
• Proxy for all traffic (even encrypted)
• In principle, powerful security tools
• Look at applications, logical segments, roles, services, users, etc.
Potential NGF problems
• Policy rules get too complex
• Proxy for TLS etc. breaks end-to-end security - Single point of
attack with full access to decrypted data
• Encapsulated encryption still possible
• Privacy issues
• Unable to detect new (disguised) malware
Example for a 2017 TLS proxy behaviour
(The Security Impact of HTTPS Interception, Zakir Durumeric at. al., NDSS’17)
Activity 1 Part B: 20 mins
• Work in a small group
• Discuss if it is a good idea to have several firewalls. What is DMZ?
• Sketch a small company network and discuss where firewalls,
webserver, mailserver, database server for administration and
finance go.
Use workshop specific join code available in Moodle
Break: 10 mins
ACTIVITY 2A: Passwords
Access control
A central question in cyber security is about who (persons, processes,
devices, etc.) has access to which resources in the system.
Resources: read files, execute programs, change database content,
share data with others, print, use a camera and microphone, etc.
First step: Authenticate a person
• Identify at login
Who can use the computer, application, etc.
• Authenticate particular transactions
For critical transactions, we might need to check again
Parameters
Can we link “identities” to authentication mechanisms?
Different parameters:
- something you know (password, PIN)
- something you have (phone, hardware token)
- others (location, fingerprint, etc.)
Passwords are still the most common mechanism!
Multi-factor authentication
• Combines different ways of authentication
• Example: Monash login with password plus authentication app or
hardware token
It is strongly recommended to not rely on a single factor for everything
that matters!
Authentication of Transactions
E.g. for money transfer in banking
Transaction Authentication Numbers (TANs) are usually not linked to a
specific transaction
SMS TANs can show info on transactions and it is another factor.
However, SMS text messages are not particularly secure and numbers
can be stolen (SIM swap)
TAN generator reads barcode from screen and generates TAN linked to
transaction, but is not very usable
Passwords in a computer
Activity 2 Part A: 10 mins
• Work in a small group
• Discuss MFA. Compare the use of Okta with the use of
Facebook/Google accounts for services in the Internet.
• Find and share some real-world weak / compromised passwords (that
are not to be used)
Use workshop specific join code available in Moodle
ACTIVITY 2B: Access control in larger networks
What are access rights?
What are users allowed to do?
Read, write/change, execute in many different variants
Can be based on groups of users or attributes/roles:
E.g., “all Monash students are allowed to access this website”
One way to do this is to define Access Control Lists ACLs, that
basically list who (individual user, role, set of attributes) is allowed to
do what.
ACLs don’t scale well. Imagine a company with 1000 staff and
managing 200 applications requires 2 Million entries that need to be
maintained across a network.
How can we make access control
manageable and usable?
Ticket or token-based access control
A central server checks authenticity and issues tickets.
A ticket contains identity information and can also restrict capabilities
(i.e. what is the user allowed to do)
Examples: Kerberos, Microsoft Active Directory
Kerberos (idealised abstraction)
Single sign-on
• Just log in once and access many services (e.g. Monash
University)
• Very convenient. High usability
• Single point of failure. Needs secure implementation and high
level of control.
Is usually one of the first targets for network intruders.
Activity 2 Part B: 20 mins
● Work in a small group
● Discuss how Access Control could be circumvented?
● Find and share a list of threats to computers, networks and Internet of
Things devices
Use workshop specific join code available in Moodle
Introduction to computer systems, networks
and security
FIT1047
See you next week!
Before next week’s workshop: Weekly videos and readings
Workshop 11: Network Security