Figure 17: Eavesdropping on a Dialog

1
Figure 1-7 Eavesdropping on a Dialog
Dialog
Hello
Client PC Bob
Server Alice
Hello
Attacker (Eve) intercepts and reads messages
2
Figure 1-8 Encryption for Confidentiality
Encrypted Message 100100110001
Client PC Bob
Server Alice
100100110001
Attacker (Eve) intercepts but cannot read
Original Message Hello
Decrypted Message Hello
3
Figure 1-9 Impersonation and Authentication
Im Bob
Prove it! (Authenticate Yourself)
Attacker (Eve)
Server Alice
4
Figure 1-10 Message Alteration
Dialog
Balance 1,000,000
Balance 1
Server Alice
Balance 1
Balance 1,000,000
Attacker (Eve) intercepts and alters messages
5
Figure 1-11 Secure Dialog System
Secure Dialog
Client PC Bob
Server Alice
Automatically Handles Negation of Security
Options Authentication Encryption Integrity
Attacker cannot read messages, alter messages,
or impersonate
6
Figure 1-12 Network Penetration Attacks and
Firewalls
Attack Packet
Internet Firewall
Hardened Client PC
Internet
Attacker
Internal Corporate Network
Log File
7
Figure 1-13 Scanning (Probing) Attacks
Attack Packets to 172.16.99.1, 172.16.99.2, etc.
Im Here
Host 172.16.99.1
Internet
Attacker
Im Here
Corporate Network
8
Figure 1-14 Single-Message Break-In Attack
1. Single Break-In Packet
2. Server Taken Over By Single Message
Attacker
9
Figure 1-15 Denial-of-Service (DoS) Flooding
Attack
Message Flood
Server Overloaded By Message Flood
Attacker
10
Figure 1-16 Intrusion Detection System (IDS)
1. Suspicious Packet
Intrusion Detection System (IDS)
4. Alarm
Network Administrator
2. Suspicious Packet Passed
Internet
Attacker
3. Log Suspicious Packet
Corporate Network
Log File