Lecture 3: Secure Network Architecture

Slides:



Advertisements
Similar presentations
CCNA – Network Fundamentals
Advertisements

Intermediate TCP/IP TCP Operation.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
(4.4) Internet Protocols Layered approach to Internet Software 1.
Network Layer and Transport Layer.
Firewalls and Intrusion Detection Systems
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
PRINCESS NORA BINT ABDULRAHMAN UNIVERSITY COLLEGE OF COMPUTER AND INFORMATION SCIENCES NETWORKS DEPARTMENT Network Security Net 536 l.Tahani Aljehani.
FIREWALL Mạng máy tính nâng cao-V1.
Presentation on Osi & TCP/IP MODEL
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
ACM 511 Chapter 2. Communication Communicating the Messages The best approach is to divide the data into smaller, more manageable pieces to send over.
I. Basic Network Concepts. I.1 Networks Network Node Address Packet Protocol.
Okay, here’s a scenario… You’re sitting at a computer…. Type in www. yourcompany.com As soon as you click on search your browser will ask your Operation.
Transmission Control Protocol TCP. Transport layer function.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
ECEN “Internet Protocols and Modeling”, Spring 2012 Course Materials: Papers, Reference Texts: Bertsekas/Gallager, Stuber, Stallings, etc Class.
Networking Basics CCNA 1 Chapter 11.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
INTRODUCTION Firewall is a concept which blocks unwanted traffic and passes desirable traffic to and from both sides of the network.
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
© 2002, Cisco Systems, Inc. All rights reserved..
TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
Chapter 9: Transport Layer
Instructor Materials Chapter 9: Transport Layer
Technologies and Applications
Click to edit Master subtitle style
Computer Networking Devices
The OSI Model and the TCP/IP Protocol Suite
MCA – 405 Elective –I (A) Java Programming & Technology
Networking for Home and Small Businesses – Chapter 6
Introduction to Networking
Lecture 6: TCP/IP Networking By: Adal Alashban
Networking Concepts Module A Copyright Pearson Prentice Hall 2013.
Web Development & Design Chapter 1, Sections 4, 5 & 6
Networking for Home and Small Businesses – Chapter 6
The OSI Model and the TCP/IP Protocol Suite
Topic 5: Communication and the Internet
I. Basic Network Concepts
Process-to-Process Delivery:
Firewalls Routers, Switches, Hubs VPNs
Lecture 6: TCP/IP Networking 1nd semester By: Adal ALashban.
Lecture 2: Overview of TCP/IP protocol
Networking Theory (part 2)
1 TRANSMISSION CONTROL PROTOCOL / INTERNET PROTOCOL (TCP/IP) K. PALANIVEL Systems Analyst, Computer Centre Pondicherry University, Puducherry –
Firewalls Chapter 8.
Introduction to Network Security
Networking for Home and Small Businesses – Chapter 6
Protocol Application TCP/IP Layer Model
ITECH1102 Networking and Security
The OSI Model and the TCP/IP Protocol Suite
INFORMATION FLOW ACROSS THE INTERNET
Computer Networks Protocols
Session 20 INST 346 Technologies, Infrastructure and Architecture
Transport Layer 9/22/2019.
Networking Theory (part 2)
Networking Theory (part 2)
Presentation transcript:

Lecture 3: Secure Network Architecture NET 536 Network Security Networks and Communication Department Lecture 3: Secure Network Architecture

lecture contents: TPC/IP Review Security Principles Types of Attacks 16-Jan-19 Networks and Communication Department

TPC/IP Review Ideally, a secure network architecture is designed before any systems are in place. TPC/IP review: Internet is made up of a wide variety of computers, from supercomputers to personal computers. Each of these computers has its type of software and application running. How do all of these computers understand each other and work together ? There are a set of rules to govern communications so each computer understand how to act and how to interpret the actions of the other computers.

TPC/IP Review When transferring information across a network, TCP breaks information into small pieces (packets). Each packet is sent separately. TCP has support to detect errors, and lost of data. IP handles carrying TCP packets from one computer to the other one based on 4 bytes (destination IP address). Each computer is uniquely identified by a specific IP address. When a client requests a service from a server, it builds a TCP connection with the server. 16-Jan-19 Networks and Communication Department

TPC/IP Review TCP connection includes : connection establishment Data exchange Connection termination A port number is used to distinguish various services. A Port is a way to identify a specific service on a computer in a network. 16-Jan-19 Networks and Communication Department

TPC/IP Review 16-Jan-19 Networks and Communication Department

TPC/IP Review Port 80 is used by HTTP (send and retrieve web pages). Port numbers are specified by a 16 bits and enumerated from 0 to 65535. End to End communication can be identified by: IP address source, source Port, IP address destination, destination Port. Basic connection: Client browser finds first an unused dynamic port) 16-Jan-19 Networks and Communication Department

TPC/IP Review 16-Jan-19 Networks and Communication Department

TPC/IP Review A client program A (IP 5.6.7.8) wants to open a connection with a server B (IP 1.2.3.4) for web service (on port 80). A begins the connection attempt by dynamically openning a port, say 1078. A sends 5.6.7.8: 1078 1.2.3.4: 80 Syn = 1. B receives the packet and understands that A wants to form a new connection. B sends a response for A 1.2.3.4: 80 5.6.7.8: 1078 Syn= 1, ACK = 1 A informs B that the response has been received 5.6.7.8: 1078 1.2.3.4: 80 Syn =0 16-Jan-19 Networks and Communication Department

Security Principles Security principles: 1- Least privilege: States that a user should have only the privileges needed to do his job. Least privilege is enforced using a network device, such as a router with an access control list (ACL) which tells a computer operating system which access rights each user has to a particular object. 2- Layered security: Is the concept that security functions should happen at multiple layers. 16-Jan-19 Networks and Communication Department

Security Principles 16-Jan-19 Networks and Communication Department

Security Principles Physical layer: traditional security measures such as cameras, walls are used to present unauthorized users. Data link: unused port can be disabled. We can also rely on VPN. Network layer: firewalls and ACLs restrict network access. Intrusion detection may base its decision on TCP/UDP port numbers. Proxies operate between the transport and the application layer. Top layers are application content inspection services (anti- virus scanners,…). 16-Jan-19 Networks and Communication Department

Security Principles 3- Functional segmentation: Is based on layered security and the principle of least privilege. Functional segmentation suggests a design in which the network is partitioned according to user or device function. Each segment may be further divided by academic department. Segmentation advantage is in preventing the spread of worms such as slammers. 16-Jan-19 Networks and Communication Department

Security Principles 16-Jan-19 Networks and Communication Department

Types of Attacks Types of attacks: Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not have privileges to run. Denial of services: an attacker can send a large number of TCP Sync packets to a target. Syn packets are supposed to be the first part of the TCP header. The server normally responds with a Syn-Ack packet, and allocates buffer for new TCP session. However, the attacking host never responds. Worms and virus: automated attacks, programmed to spread themselves as rapidly, and widely as possible. 16-Jan-19 Networks and Communication Department

Types of Attacks Types of attacks: Trojan and Spyware: installed with other software. They collect information about the system (password, visited websites,…). Information which has been collected can be send to someone else. 16-Jan-19 Networks and Communication Department

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.