אבטחה סיכום של שחר ויותם

  • Published on
    28-Jul-2015

  • View
    214

  • Download
    14

Embed Size (px)

Transcript

-CIA TRIAD : -Confidentiality + . -integrity , , : non repudiation -AUTHENTICITY -availability . : -Authenticity , -accountability , . - . : -Masquerade -Replay . Modification of messages Denial of service - , . : -Release of message contents , . -Traffic analysis . 1. 2. 3. 4. 5. 6.

-X800 security architecture .

. conventional .single key encryption .decryption : 1. -Cryptanalysis plain text - cyhper text plain text . 2. -Brute force attack cyhper text , . computationally secure . - ,block cyhper " . -Block cipher 1. Mi=Mj" Ci=Cj

1 = 2 " .cipher ! . 2. , 1 . 3. . 4. ERROr ? -Data Encryption Standard -DES' 46 64 ,plain text cipher-65 46,61 rounds brute force . cryptanalysis -3DES 3 DES 2 3 861-211 , rounds 3*16 ,brute force cryptanalysis : o , 3 o DES 46 . advanced encryption standard -AES ,3DES , . 821 , 821 291 652 . Rounds- 01 61. , s-box .byte 2 .stream -Block cipher , stream -cipher block chaining -CBC IV " XOR cipher . CBC 1 .XOR . .

-output feedback -OFB , 1, Mi Cj.

-cipher feedback -CFB 1, Mi .

,electronic code book -ECB , , -cryptanalysis , . 46 821. 1 , Mi Ci . ( ).

-CTR counter counter " XOR , counter .

Stream Cipher stream , , . . , . XOR . XOR . - block cipher .

4 -RC , initial value-IV, XOR . ( -M ,initial value -k , .)cipher -C 652

-Message Authentication , ( ), , . ! - Message Authentication code-MAC

-HMAC MAC

-One Way Hash Function M ' H(M)-hash , ( ). MAC ' HASH .

secured hash Algorithm -SHA' , hash 821 , 1 SHA 061 215 . ( 5) - .cipher text 215- -sha . 4201 HASH 215

- -Public Key Encryption , . )Diffie and Hellman( .Confidentiality

-Public Key Authentication , (.)Authenticaion authentication authenticator hash ( ) encryption , ' .

-RSA - ( ), . -Diffie and Hellman . digital signature standard -DSS .SHA - ECC- ecliptic curve cryptography + RSA .

DIGITAL ENVELOPE

, . . . 3- User Authentication 4 - - - - , - , - -

- , - -offline dictionary attack , hash , hashes -Salt' .hash . SALT SALT . : -Dictionary attacks SALTS -Rainbow tables SALTS. !

-Shadow password file usernames " . : - , . -Bloom filter LOOKUP TABLE HASH . Biometric accuracy

, . -false match - . . . -false nonmatch - . FALSE MATCH . TRADEOFF

:AUTHENTICATION -Eavesdropping .

4- ACCESS CONTROL -Access control . :Access control policies

-DAC . SUBJECT .OBJECT DAC" -ACCESS MATRIX . " .

-PROTECTION DOMAINS . . protection domain . -Access control list -ACL . .

Access control requirements -Open policy -Closed policy . -MAC , . -RBAC ,ROLE, . - -separation of duty .

5- -Data Base Security -View , , ,SQL , view .DB ,view view . DBA centralized administration -ownership-based administration -decentralized administration .

-GRANT DB role , DBA. -REVOKE -Inference -role based , . . Statistical database DB DB. DB- ( )view DB . INFERENCE DB ()inference . -k-anonymity K . -Perturbation- "" . ( ) , . .DB -QUERY SIZE RESTRICTION . ( )tracker '

-Query set overlap control ' - -

-Partitioning DB ( )clusters clusters subset , . - , . ( )

-Database Encryption , , , , , ( - ) . , DB , , .

6-intrusion detection -Privilege abuse -Software trepass " " - ,, . -intruders 1- -masquerader , 2- -misfeasor (" ) 3- -clandestine user .() -Security intrusion . -Intrusion detection , -Hackers 2 -intrusion detection system-IDS : -host based IDS -host 2 o: 1. -anomaly detection " , , 2 : -threshold detection -profile based" AUDIT 2. - signature detection ( )

, ( ). -Distributed Host-Based IDS , host . . -NIDS-network based IDS , " "- ( sensors ), ( analyzers- ), (user interface )IDS .IDS 2 -inline -sensors , , .prevention -passive sniffers , , , .prevention , . -Distributed Adaptive Intrusion Detection ( ) . . -Intrusion Detection Exchange Format ,IDS IDS .

:IDS

-True

-TN . -TP . -FN . -FP . -AUDIT , IDS , IDS AUDIT ()native audit records . (detection IDS ).specific audit record

-Honey Pots , , " " , , .intrusion -Snort IDS , , packets , .

7- -Malicious Software , ( )virus ( ,)worm ( Trojan horse ). -Virus - , - , - , - , . -payload , , . ( )prepended ( )postpended )(embedded - -Boot sector boot . -File infector EXE -Macro virus EXE word -Encrypted virus , , . . -Stealth virus , , , . -Polymorphic virus , . . -Metamorphic ', . Email virus -

-

- -Generic decryption sandbox decryption -Digital immune system virus analysis machine ,sandbox . -Behavior blocking software , sandbox -Worms , , , -, , . -Worm technology -Multiplatform -Multi exploit -Ultrafast spreading -Polymorphic -Metamorphic -Transport vehicles "" .( )DDOS -Zero day exploit . -

-PWC -Proactive worm containment host .AGENT connections , block , . - .Host -Signature extractor , .worms * , " , , -signature -Bots , dos spamming - -Botnet -Rootkits \ , .rootkit

8- Denial of service -Address spoofing .

-Syn spoofing syn , . .spoofing syn , ack ack .syn ack handshake . -ICMP flood ICMP , ,smurf broadcast . .ack -UDP flood UDP . TCP SYN Flood -DDOS distributed DOS ,botnet . " 2 handler zombies - , - agent zombies . -Reflection attack spoofing bot . -Amplification Attack bots ( )spoofing botnet . -DNS Amplification Attack DNS ()spoofing , DNS . 60bytes 0004-215 bytes.DNS -Attack Prevention IP , , broadcast ,IP ISP . 9- firewalls and Intrusion Prevention System ,spoofing . . ' -single choke ( firewall " ) . firewall . -firewalls -Packet Filtering header , - \ 2 - -discard -, -forward , - .

-packet filtering firewall , TCP -ping of death ' UNIX -source route attack . -Tiny fragment attack header .firewall -Statefull inspection TCP connections sessions . session, " 4201 . application level gateway -Application proxy firewall , . , . gateway . . -Circuit level proxy firewall session session . . application , . -Host based firewalls \ host packet filtering . * " (), application .circuit firewalls- 2- -external .LAN -internal firewall .

* demilitarized zone DMZ , .web server,Email,DNS servers .internal -VPN- virtual private network . " firewall . - -ipsec ,IP . AUTHENTICATION.CONFIDENTIALITY Host base -IPS , firewall . -Network based IPS ,NIDS .NIPS packets TCP . -unified threat management product -UTM , ,IDS IPS Firewall . . , \ , . 11- Buffer overflow , ' , : , - -shell .command

-Segmentation fault readOnly .operation system .exception

-Shellcode shell buffer overflow . 0\ . -buffer overflow -System utility -Service daemon ( ). ()image 2 -buffer overflow- -compiler : o ()JAVA o o -random canary , buffer overflow -Code obfuscated o , . ( ) o , . o -Guard pages o -heap buffer overflow ' heap . , ( )heap .buffer overflow 21- software security -SQL injection . -Cross site scripting -XSS ( )javascript, activeX . -Input fuzzing test , \. 51- security auditing , . . accountability .

-Security audit trail , , .

( -Event discriminator ) . GUI -Audit provider AUDIT trail -Audit analyzer , , . anomaly detection ( audit) : \ - \ auditing firewall IDS system calls -

-Hooks .audit -System level audit trails () trails

-Application level audit trails .DB -User level -accountability . , , . audit -Physical level , ( \) :audit -host audit , DB , . - CD - integrity & confidentiality -

- -Basic alerting' -Baselining -Windowing Event . -Correlation .events ' '- -

-SIEM .audit

11: -Feistel cipher structure

- -End to end encryption . . -Link encryption . 2- , .

-One time pad , . : -KDC -Key distribution center

12- INTERNET SECURITY PROTOCOLS AND STANDARDS TRANSPORT LAYER SECURITY-TLS=SECURE SOCKET LAYER -SSL IP/TCP CONFIDENTIALITY INTEGRITY . , .

.MAC

-Handshake - http

-authentication header-AH ,MAC HEADER IP AUTHENTICATION .CONFIDENTIALITY ADDRESS SPOOFING" .SEQUENCE -ESP PACKET .HEADER -Secure/multipurpose internet mail extensions -S/MIME , " . digital envelope .

Recommended

View more >