Lecture 13: Network Security
Date: October 25, 2013
Homework due: Nov. 1 at 5:00pm
Puzzle. Sarah Palin’s email account was compromised because the attacker could ask that the password be reset and then answer the three security questions based on public information from Sarah Palin’s Wikipedia page. Suppose she asked you how she could prevent this from happening again. What would you suggest?
- Personal firewalls
- Computer science view of networks
- Networks and subnets
- IP addresses and port numbers
- Connection vs. connectionless communication
- Protecting network traffic with encryption
- Link encryption
- End-to-end encryption
- Virtual private networks (VPNs)
- Basic network protocols
- icmp: Internet control management protocol
- tcp: transport control protocol; three-way handshake to open connection
- dns: domain name system; and dnssec (dns secure)
- About the cloud
- Origins: VPNs; large-scale distributed computing (SETI@home)
- Why create and use a cloud?
- Idea: share large-scale resources among many clients;
called a “Service-Oriented Architecture” (SOA)
- Types of services: software (middleware or in support of other services), applications, business processes, etc.
- Examples: salesforce.com, Amazon Web Services Elastic Compute Cloud (E2C), Web 2.0
- Security in the cloud
- Encryption of data – who does this, user or cloud provider?
- User: cloud can store encrypted data, but operating on it is hard (“homomorphic encryption”)
- Cloud: user must trust cloud to protect the data
- Preventing unauthorized access or changes to data
- Physical security: how does the provider protect access?
- Keeping data available at all times
- Legal considerations
- Differences in laws; whose apply to data?
- Differences in policies among cloud providers
- Public clouds vs. private clouds