FIT5044 – Network Security Week 2

Network security’s week 2 lecture continued on the theme of thinking about and discussing the possibilities associated with network security. Specifically we learnt about the current trade off between security and services. If a computer is providing more services to external users then it is -ceteris paribus- less secure.

Discussed very briefly was the Open Systems Interconnection model which was a good refresher. Interestingly the LAN at my work office appears to be behind an Application layer firewall. Which in lectures was mentioned as being too slow? I imagine that most corporate firewalls would operate on the application layer?

We began discussing a basic port open/close firewall when I was distracted by the question of what is the difference between ports and sockets? A quick search reveals the answer (see bottom of this post).

The lecture got stuck for a while on the topic of the defence forces network security policy and the possibility of intrusion/data loss. Some reasonable arguments where put forth for why the network was secure enough. I think this is tough to confirm as one can’t predict the actions/inactions of the networks users. Email spoofing in conjunction with man-in-the-middle attacks may not threaten a trained network security engineer but will have a good chance of deceiving a general working from home.

Next came Authentication (username, IP, key decrypt response) and Access Control which was skimmed over.

DDoS attacks came up briefly the audience generally agreeing that this kind of attack can’t be defended. As we discussed this I recall that verisign offer some protects that claim to protect from DDoS attacks (see: http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/ddos/index.xhtml). I have not read much on how these products work but according to the promo video above it involves throwing a great deal of resources at the problem 🙂

Sockets vs Ports:

A socket is not a port, though there is a close relationship between them. A socket is associated with a port, though this is a many-to-one relationship. Each port can have a single passive socket, awaiting incoming connections, and multiple active sockets, each corresponding to an open connection on the port.

port is a logical connection method two end points communicate with. Ports operate at the Transport layer of the OSI.

Sockets are a means of plugging the application layer in. Sockets are determined by an IP address and port number. A socket is one end point of a connection

source: http://pro-programmers.blogspot.com/2009/02/socket-vs-port.html

 

FIT5044 – Network Security Week 1

The first lecture for network security was presented by Dr. Phu Le. Materials for the subject will be published to: http://users.monash.edu/~pdle/cpe5002/l.html

Some interesting points were raised during the lecture:

  • 100% secure networks are currently an untenable goal. The US gov’t is grappling with this issue at present: http://threatpost.com/en_us/blogs/nsa-director-says-us-has-duty-secure-internet-090710
  • Numerous countries have developed large teams within their defense forces for cyber defense and offence.
  • At present banks and insurers are paying out millions of dollars every year to cover loses through cyber theft.
  • 50% of security breeches go unreported
  • There is generally a mutual trade-off between security and speed/convenience.

This subject will focus  on the software side of information security. As such, our assignments will revolve around cryptography, firewalls and security policies. Interestingly there is no exam for this subject.

Tutorials started this week also. I was a bit perplexed by the fact that our first tutorial was purely a linux tutorial. I think basic linux skills should be a pre-requisite for post graduate level IT studies! In any case I think I will find this subject very interesting as it is very deep and each of the topics we skim over are areas of research in themselves. For a practical exercise this week I will complete a tutorial on installing an SSL certificate in Apache. Something fairly common-place but none-the-less I have very little understanding of: http://www.digicert.com/ssl-certificate-installation-apache.htm

 

How secure is your information?