Now let's look into Internet security and protection.

We'll start off with intrusion detection systems.

Here, an IDS, an intrusion detection system,

is a system that detects malicious activity and policy violations in network devices.

The detection results are reported to the network administrator or

the SIEM which is the security information and event management system.

Now, false alarms are removed by

the alarm filters and that's actually very important as well.

Because if you have too many false alarms then that will keep you distracted.

That will not be able to keep you

focused on the important attack issues that are occurring.

Now, the types of IDS systems are now introduced.

First, host IDS which is HIDS.

This operates on host computers, laptops, smartphones, tablet,

PCs and it monitors all Internet packets sent and received by that device.

In addition, status snapshots are taken and compared with its former status.

Next is network IDS and,

in here, this operates on selected gateways, routers, and switches.

It consistently monitors and detects abnormal behavior.

The next is signature-based IDS where this searches for

specific intrusion patterns such as

malware sequences that are very difficult to detect individually but,

more detectable, when you detect a typical pattern or a sequence.

In addition, there's anomaly-based IDS where

the detection scheme for new unknown attacks are dealt with here,

such as new malware behavior.

And for this we need,

machine learning monitoring system which is used to detect new patterns.

Which means that we need artificial intelligence.

And this is where we monitor to detect

new patterns because these patterns have no previous records.

So, based upon typical patterns that we do know before,

we need to look into the future to predict if this is or not a new pattern of an attack.

And that requires some artificial intelligence typically machine learning technology.

Now, the next type is the more advanced type which also not only

does detection but also has some type of active prevention mechanism.

What is it? Well, this is what we call an IDPS,

intrusion detection and prevention system.

It is an IDS system combined with

an intrusion counter-response system which can do disconnection activity.

This topic is about

firewalls which is a critical part in Internet security and protection.

Now, network security monitoring and control system is what a firewall is.

It monitors all transmitted and received packets.

And, of course, IDS systems are included.

Now, there's network-based and host-based.

The network-based firewall is in the gateway and it does network protection.

Typically, it's in your local area network, wide area network,

and also it's in the gateways,

the routers, and the switches.

The next one is the host-based firewall.

It's in your computer operating system.

It's in the end point which is your smartphone, your PC,

your laptop, your tablet,

your iPad device, and other things as well.

Next, these are the generations,

the evolution of firewalls.

And it starts off, of course,

with the first generation where packet filtering

of network addresses and ports are done here.

In the second generation,

we have stateful filters that were added for IP packet and transport protocol inspection.

When I say IP packet,

I'm talking about IPv4, IPv6.

And for transport protocol,

I'm talking about TCP, UDP,

RTP and other protocols as well.

Now, this tracks all state changes in these protocols.

And all of the first generation protocol techniques which are these ones,

these filters are included in the second generation ones.

Now, third generation.

And these are the ones that we use today.

These also include application layer filtering techniques which include HTTP,

DNS, FTP, behavior detection,

and it's observing what's going on.

Now, all 1G and 2G techniques are, of course, included.

In addition deep packet inspection (DPI) is included.

And, also the IDS technique more evolved one,

which is the IPS one,

which is the intrusion prevention system technique, that's included.

In addition, user identity monitoring is included as

well and also device MAC address and reputation monitoring is included.

And also Web application firewall technology is included as well.

In this lecture, we're going to talk about TLS is which is Transport Layer Security.

Now, this is a network cryptographic protocol to enable secure communications.

Now, this was defined in 1999 and it was updated in 2008 and 2011.

This replaces the SSL,

the secure socket layer protocol and that was defined in '94, 1995, and 1996.

Now, the current uses a 2048 bit encryption.

And this has been used since 2013.

Now, of course extensions in the future will occur.

TLS provides privacy and data integrity between network applications.

It uses symmetric cryptography and

uses encryption keys generated uniquely for each connection.

Now, at session setup is when

the TLS handshake protocol is done to setup these type of encryption keys.

Now public-key cryptography is

used to authenticate the identity of the communicating system.

In addition, a message authentication code is used to ensure that data integrity,

which is to prevent alterations,

is actually processed by TLS also.

Now, let's study about Wired Equivalent Privacy.

This is a security algorithm developed for

802.11 wireless local area networks and this includes wi-fi.

This is, WEP was designed to provide data confidentiality equivalent to

the security level used in

wired networks which makes the wireless equivalent at a level of wired.

And that's where the name came from.

WEP includes encryption and authentication techniques.

Now, the Wi-Fi Alliance announced that WEP will be

replaced with WPA which is wi-fi protected access in 2003.

So, now let's go and study WPA.

In WPA, this is a Wi-Fi Alliance

developed security protocol and security certification program.

WPA uses TKIP which is

temporal key integrity protocol and

this dynamically changes the encryption key for each and every packet.

Now, WPA is an improvement to WEP

but TKIP can now be broken so new enhancements are needed.

And that is why we have WPA2.

And this is the current WPA version that is commonly used.

WPA2 certification is mandatory for all wi-fi devices since 2006.

Now WPA uses CCMP which is an AES technology.

It's an advanced encryption standard.

Now, CCPM stands for

Counter Mode Cipher Block Chaining Message Authentication Code protocol

and that's a lot of words to stuff into four letters but they did it.

Now, WPA2 includes all mandatory elements of the IEEE

802.11i standards and requires Wi-Fi Alliance testing and certification.

Now, we're going to study about SSH which is secure shell.

This is a cryptography protocol to enable secure services over unsecured networks.

The applications include remote command-line login,

and remote command execution,

and various other secure network services.

SSH2 is commonly supported by all servers.

These are the references that I use and I recommend them to you. Thank you.

4.4 Internet Security & Protection

Introduction to TCP/IP

Rencontrer les enseignants