asdas dwasdasf adasdasasdasd asdasdasdasdqwq

Copyright: a. umar Wireless Security Security principles Special issues in wireless security Security issues unique to 802.11, satellites, cellular networks, WAP, etc. Security methodology Amjad Umar

Copyright: a. umar Wireless Security Example Wireless LAN Cell Wireless LAN Cell Wireless LAN Cell Centrex Router and Firewall Link to Public Internet T1 or DSL X Y Z LAN Server Fast Ethernet LAN(Backbone) 1. No physical net security (server ID/PW) 2. No physical net security (server ID/PW + encryption) 3. Physical net security (optional server ID/PW + encryption) A B C D Wired Ethernet LAN

Copyright: a. umar Enterprises need to protect corporate IT and physical assets to respond to external factors organizational requirements. An architectural view is needed that Shows how the various corporate assets can be protected Uses a combination of technical and organizational approaches. A framework is needed to review security at the following levels: - corporate networks (wired plus wireless) - interconnectivity services, commonly known as middleware - distributed applications For each level, the areas of vulnerabilities should be identified in terms of use and immaturity of security solutions. Tradeoffs between security and system availability need to be addressed General Security Issues

Copyright: a. umar Security Architecture Security Solutions External Factors Intruder/attacker/assault Threats Privacy and confidentialty laws Consumer/customer attitudes Organizational Requirements Survivability and Tolerance Requirements QoS Requiremensts Budgettary and policy restrictions IT Assets Applications and automated services Databases, files Computing platforms Middleware (e.g., web servers) Networks (hardware, routing software) Latest Security Technologies Cryptographic techniques Managing digital certificates and PKI Secure payment systems Significant research developments Physical Assets Humans Buildings Other corporate assets (e.g., planes, trains, and automobiles)

Copyright: a. umar Wireless security Issues Several security concerns at all layers Wireless networks (cellular, wi-fi, adhoc, satellite) W ireless platforms (Mobile IP, WAP, I-Mode, Wireless Java, Mobile Web services) Mobile applications (holding digital certificates in handsets) Too many issues needing attention Cellular security (location services) Satellite security (GAO report) Mobile adhoc network security Wireless platform security (WAP, BREW) M-application security (handset certificates) An architecture approach is needed – a solution that considers tradeoffs and works within constraints and limitations

Copyright: a. umar Different Views: User View (PIA4) Privacy assure privacy of information (i.e., no one other than the authorized people can see the information) in storage or transmission Integrity the integrity of information (i.e., no unauthorized modification) Authentication: identify for certain who is communicating with you Authorization (Access control): determine what access rights that person has). Accountability (Auditing): . assure that you can tell who did what when and convince yourself that the system keeps its security promises. Includes non-repudiation (NR) -- the ability to provide proof of the origin or delivery of data. NR protects the sender against a false denial by the recipient that the data has been received. Also protects the recipient against false denial by the sender that the data has been sent.. a receiver cannot say that he/she never received the data or the sender cannot say that he/she never sent any data Availability : access to system when a user needs it

Copyright: a. umar Additional views Hacking versus Assaults: Hackers – “ankle biters” Assault – aim is destruction Higher level of protection is needed for assaults Intrusion tolerance versus security Security generally means “protected” from malicious entities Intrusions may be due to malicious or natural events Intrusion tolerance combines fault tolerance Fault tolerance achieved through replication Security achieved through reducing replication How to resolve tradeoffs Information assurance versus security Security concentrates on protection Information assurance (IA) deals with how to recover from breaches IA includes security plus backup/recovery, disaster recovery, contingency planning Auditing: Verify against policies and procedures

Copyright: a. umar Sample Wireless Security Technologies Applications Middleware Wireless Link 802.11 security (WEP) Cellular network security Satellite link security WLL and cordless link security SSL and TLS WAP security (WTLS) Web security (HTTPS, PICS, HTTP Headers) Proxy server security SET for transaction security S/MIME and PGP for secure email Java security (sandboxes) Database security TCP/IP IPSEC and wirless VPN Mobile IP Can use higher level services to compensate for lower layers Tradeoffs in performance and security

Copyright: a. umar Physical Network (layer1 –2) Telnet FTP SMTP HTTP TCP /IP Telnet FTP SMTP HTTP IPsec (VPN) Physical network TCP /IP SMTP HTTP Physical network PGP S/MIME SSL a) Physical Network Level Security (encryption at physical network level) b) Transport Level Security (encryption at IP level) c) Higher Level Security (encryption at SSL or application level) Security Tradeoffs A2 A1 A3 A3 Legend: Darker areas indicate security (say encryption)

Copyright: a. umar Wireless Security Example Wireless LAN Cell Wireless LAN Cell Wireless LAN Cell Centrex Router and Firewall Link to Public Internet T1 or DSL X Y Z LAN Server Fast Ethernet LAN(Backbone) 1. No physical net security (server ID/PW) 2. No physical net security (server ID/PW + encryption) 3. Physical net security (optional server ID/PW + encryption) A B C D Wired Ethernet LAN

Copyright: a. umar Tradeoffs between security and availability Highly available systems have redundancies and thus are harder to secure (must protect each redundant copy and carry security contexts) The protection policy chosen against possible intrusion threats can be represented as a tuple: (S, A) where S represents the security level chosen and A the availability (see diagram on next page). The security S is provided at the following levels: Level 0: no security specified Level 1: Authorization and authentication of principals Level 2: Auditing and encryption (Privacy) Level 3: Non-repudiation and delegation Availability A can be represented in terms of replications (more replications increase system availability): Level 0: No replication (i.e., only one copy of the resource is used) Level 1: Replication is used to increase availability. The resource is replicated for a fail-safe operation Level 2: FRS (Fragmentation, Redundancy, Scattering ) is used. FRS schemes split a resource, replicate it, and scatter it around the network to achieve high availability and intrusion tolerance

Copyright: a. umar Protection Policies can be defined in terms of system security and system availability Security level 0 (No security) Security level 1 (Authentication, Authorization) Security level 2 (Encryption, Audit Trails) Security level 3 (Non-repudiation, Delegation) Availability Level 0 (No replication ) Availability Level 1 (Replication only ) Availability Level 2 (FRS ) System Availability System Security Low Protection High Protection

Copyright: a. umar Sample Configuration Wireless LAN1 (peer-to-peer) Corporate Backbone = Wireless LAN Adapter Wireless connection Wired connection Wireless LAN2 (peer-to-peer) Access Point as a repeater Access Point Access Point Internet Gateway and Firewall Corporate ATM Network = ATM Switch Public Internet

Copyright: a. umar Satellite System Security Several security isues GAO report very critical Large satellite systems are managed by several subcontractors with different security levels Encryption/ Spread Spectrum Physical security of earth station

Copyright: a. umar WAP Security Web Server CGI Scripts WAP Gateway Protocol Adapters WML Encoder WMLScript Compiler Wireless network with uses WTLS Security WAP Phone Internet uses SSL Security Content WML Browser WML Script

Copyright: a. umar I-Mode security Financial Institution Web Server with I-Mode Content Docomo Wireless Network using proprietary protocols and SSL I-Mode Phone Dedicated Lines using SSL Security

Copyright: a. umar 1) Develop security Requirements based on a conceptual model 4)Develop countermeasures and choose technologies Attack trees 2)Develop a Technology Specific Model (e.g., M-Services, wireless nets) 3) Conduct risk assessment based on attack trees 5) Re-iterate Security Assurance Methodology Information Flow Control Flow

Copyright: a. umar Levels of Security View Applications Middleware Wireless Link 802.11 security (WEP) Cellular network security Satellite link security WLL and cordless link security SSL and TLS WAP security (WTLS) Web security (HTTPS, PICS, HTTP Headers) Proxy server security SET for transaction security S/MIME and PGP for secure email Java security Database security TCP/IP IPSEC and VPN

Copyright: a. umar Web Server (Customer facing Apps) HTML/XML Documents Back-end Databases Firewalls Firewall Back-end APPs Databases Business Internal Network Wireless Network Wireless gateway HTTP

Copyright: a. umar Summary Security principles Special issues in wireless security Security issues unique to 802.11, satellites, cellular networks, WAP, etc. Security methodology

asdas dwasdasf adasdasasdasd asdasdasdasdqwq

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

asdas dwasdasf adasdasasdasd asdasdasdasdqwq

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......