Network Security.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Internet Protocol Security (IP Sec)
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
Guide to Network Defense and Countermeasures Second Edition
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Remote Networking Architectures
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.
Cs490ns-cotter1 SSH / SSL Supplementary material.
Course 201 – Administration, Content Inspection and SSL VPN
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Secure connections.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Implementing Network Access Protection
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Authentication and Access Control Chapter 13 Networking Essentials Spring, 2013.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
TECHNOLOGY GUIDE THREE Protecting Your Information Assets.
Module 8: Configuring Network Access Protection
Module 9: Fundamentals of Securing Network Communication.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Wireless Networking & Security Greg Stabler Spencer Smith.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Configuring Network Access Protection
Discovery 2 Internetworking Module 8 JEOPARDY K. Martin.
1 SSH / SSL Supplementary material. 2 Secure Shell (SSH) One of the primary goals of the ARPANET was remote access Several different connections allowed.
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Security in many layers  Application Layer –  Transport Layer - Secure Socket Layer  Network Layer – IPsec (VPN)  Link Layer – Wireless Communication.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
TECHNOLOGY GUIDE THREE
Remote Access Lecture 2.
Implementing Network Access Protection
Presentation transcript:

Network Security

Intrusion Detection and Intrusion Prevention Systems Intrusion Detection System (IDS)—Only detects unauthorized activity. Example: MS Event Viewer Intrusion Prevention System (IPS)—Detects unauthorized activity and performs some function to stop the activity. Example: Most antivirus software IDS and IPS require some form of port monitoring When a particular port on a switch is connected directly to the IDS or IPS and monitors all activity through another port on the same switch.

Public Key Infrastructure (PKI) Provides encryption and authentication The method of using an algorithm to encode data. Algorithm converts data into ciphertext encrypted data Cryptology—Science of encrypting data Generates key and uses it for encryption Generates certificate to verify authentication

Key Encryption Methods Symmetric-key encryption—Generally used when large amounts of data need to be encrypted Asymmetric-key encryption—Both the public and private keys are needed to encode and decode data

Digital Certificate A file that commonly contains data such as the user’s name and e-mail address, the public key value assigned to the user, the validity period of the public key, issuing authority identifier information

Certificate Authority (CA) 1. Station1 applies for digital certificate from a CA to send an encrypted message to Station2 2. CA issues digital certificate to Station1 3. Station1 uses private key to encrypt message 4. Station1 sends encrypted message to Station2 5. Station2 uses the public key to decode encrypted message

Details of a VeriSign Digital Certificate

Security Sockets Layer (SSL) and Transport Layer Security (TLS) Application layer protocols Support VoIP, e-mail, and remote connections Based on public key encryption technology Displays https:// when securing Web site connection Not compatible with each other TLS more secure; SSL more popular

Secure HTTP (S-HTTP) Uses symmetric, or private, keys for encoding and decoding messages Not supported by all Web browsers

Virtual Network Connection (VNC) Describes point-to-point connection to a remote device Connection considered “virtual” because user’s network device is not a physical part of remote network

Independent Computer Architecture (ICA) Citrix ICA and Microsoft Remote Desktop Protocol are the two main choices for this type of application

Internet Protocol Security (IPSec) Collection of security protocols, hashes, and algorithms Authentication can be verified with Kerberos, a preshared key, or digital certificates IPSec VPNs typically use public and private keys for encryption

IPSec Modes Transport mode An IPSec mode that only encrypts the payload. Tunnel mode An IPSec mode that encrypts the payload and the header.

Secure Shell (SSH) Originally designed for UNIX to replace Remote Login (rlogin), Remote Shell (rsh), and Remote Copy (rcp) Uses port 22 Requires a private key, public key, and password Can be used on operating systems that support TCP/IP

SSH Example

Secure Copy Protocol (SCP) Replacement for rcp command Does not require password

Service Set Identifier (SSID) Identifies wireless network Similar to workgroup name All wireless network devices are configured with a default SSID To secure the wireless network, the default SSID should be changed

Media Access Control (MAC) Filtering To configure MAC filtering, administrator creates an Access Control List (ACL) ACL is located on Wireless Access Point (WAP) ACL contains list of MAC addresses belonging to authorized wireless network devices

Wired Equivalent Privacy (WEP) First attempt to secure with encryption the data transferred across a wireless network Algorithm not complex and can be easily cracked A VPN can add to the security set in place by WEP

Wi-Fi Protected Access (WPA) Developed by the Wi-Fi organization to overcome the vulnerabilities of WEP Compatible with 802.11 devices Wi-Fi Protected Access 2 (WPA2) is an enhanced version of WPA WPA2 is compatible with the 802.11i standard

802.11i IEEE ratified 802.11 standard to remedy original security flaws Specifies the use of a 128-bit Advanced Encryption Standard (AES) for data encryption Generates fresh set of keys for each new connection Downward compatible with existing 802.11 devices

802.1x Authentication Provides port-based, network access control Used for client/server-based networks Supplicant—Wireless network device requesting network access Authenticator—WAP provides authentication Authentication server—Server running Remote Authentication Dial-In User Service (RADIUS)

In class lab Languard Lab – download lab from course website Labsim 8.25 Next Class No class on Monday November 11th, 2013 November 13th, 2013 Labsim Homework 8.3.1–8.3.3