Chapter 13 Network Security. Contents Definition of information security Role of network security Vulnerabilities, threats and controls Network security.

Slides:



Advertisements
Similar presentations
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Advertisements

Confidentiality and Privacy Controls
1 MIS 2000 Class 22 System Security Update: Winter 2015.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Chapter 12 Network Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Web Security Basharat Mahmood, Department of Computer Science,CIIT,Islamabad, Pakistan. 1.
Public-key Cryptography Strengths and Weaknesses Matt Blumenthal.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Types of Electronic Infection
Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.
Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
ACM 511 Introduction to Computer Networks. Computer Networks.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Ch 13 Trustworthiness Myungchul Kim
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Network Security Celia Li Computer Science and Engineering York University.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Information Systems Design and Development Security Precautions Computing Science.
Internet security for the home Paul Norton MEng(Hons) MIEE Electronic engineer working for Pascall Electronics Ltd. on the Isle of Wight A talk on Internet.
Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
Security Issues in Information Technology
CS457 Introduction to Information Security Systems
Securing Information Systems
Information System and Network Security
USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY
Public-Key, Digital Signatures, Management, Security
Module 4 System and Application Security
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

Chapter 13 Network Security

Contents Definition of information security Role of network security Vulnerabilities, threats and controls Network security controls for outgoing information Network security controls for incoming information 2

Definition Network security is a component of information security Information security provides to information, the required levels of 3

Information security components Confidentiality means preserving authorized restrictions on information to protect personal privacy and proprietary information Integrity is to guard against improper modification or destruction of information, and ensures authenticity of information Availability is to ensure timely and reliable use of information 4

Why information security matters US economy increasingly reliant on services and information processing Most corporate information now stored only on computer systems Workflows increasingly dependent upon information systems 5

General information security model 6

Information security model components Vulnerabilities – Weaknesses in an information system that could be exploited. E.g. running insecure services Threats – Capabilities, intentions, and attack methods of adversaries to cause harm to information. E.g. SQL injection Controls 7

Definition Network security is the provision of information security in the presence of dangers created by computer networks Incoming data may hack into systems to read data, modify data or to disable systems Outgoing data may be read (confidentiality), modified (integrity) or simply blocked (availability) 8

Why network security matters Large parts of nation’s infrastructure connected to the network Damage can be very expensive – Hackers used weak wireless network security to steal information on over 40 million credit cards from T J Maxx – Company provisioned $480 million to settle claims 9

Network security controls by category Category Incoming information Outgoing information Confidentiality Patching, authentication and authorization Encryption IntegrityFirewalls Digital signatures AvailabilityVirus protection, end user training Redundancy 10

Patching Software is very complex Developers issue updates when vulnerabilities become known Timely application of patches prevents many exploits 11

Authentication and authorization Authentication is the verification of claimed identity Authorization grants rights to users to read, write and manipulate specific information 12

Good passwords Good passwords prevent intruders from being able to guess passwords. Recommendations from Microsoft: – Include characters other than just the alphabets – Actual names or words should be avoided – Passwords should be longer than 5 characters – Passwords should be changed regularly asswords/create.aspx 13

Firewalls Computer that lies between two networks and regulates traffic between networks – Protects internal network from electronic attacks originating from external network 14

Firewalls Examine every packet entering or leaving the network Administrators can specify which packets can pass the firewall 15

Firewalls First steps – Block insecure services (eg. telnet, ftp) – Block blacklisted networks – Allow access to trusted services – Allow access to safe services 16

Firewalls – common configuration Public services are located in de-militarized zone Internal network blocked to outside world 17

Anti-virus programs Viruses and worms are programs that cause harm to computers Of all threats, viruses cause the greatest financial losses to organizations Modern viruses attack most targets within minutes of being launched Patching eliminates many targets for worms Anti-virus programs should be constantly updated 18

End user training Important component of all security efforts Suspicious looking may carry a virus Be very careful with attachments Only provide usernames and passwords on trusted web sites 19

Encryption Rendering information unintelligible in a way so that it may later be restored to intelligible form – Readable information is called plaintext – Encrypted information is called ciphertext Involves 2 components: Algorithm and key – Algorithm is the process to create ciphertext – Key controls operations of algorithm 2 broad types: symmetric key, asymmetric key 20

Encryption 21

Symmetric key encryption Same key used for encryption and decryption – Example cat → dbu Encrypted character = plaintext character + 1 Decrypted character = encrypted character – (+1) dog → ? Current standard: Advanced Encryption Standard (AES) Major problem: How do you exchange the key? 22

Asymmetric key encryption Key exchange over network is unsafe in symmetric key encryption – Enemies can read key when it is transmitted Asymmetric key encryption uses one key for encryption and another key for decryption – Encryption key made public Most asymmetric key encryption algorithms use modulus operation – e.g. 21 mod 10 = 1 23

Asymmetric key encryption example Example based on Network Security: Private Communication in a Public World (2E), by Charlie Kaufman, Radia Perlman and Mike Speciner Plain text Ciphertext = plaintext * 3 mod 10

Asymmetric key example Decryption can be done as – Plaintext = ciphertext * 7 mod 10 – e.g. 9 * 7 mod 10 = 63 mod 10 = 3 Thus, encryption key = (3, 10); decryption key = (7, 10) in the example In real world, choose very large numbers – 1,024 – 2,048 bits Popular algorithm is RSA 25

Digital signature Used to verify integrity If sender encrypts information with own private key, reader can decrypt with sender’s public key – If enemy modifies information en route, decryption will fail – Generally, send encrypted message digest 26

Confidentiality and integrity with asymmetric key encryption 27

Redundancy Surplus capacity to improve availability Commonly used for network services such as DNS, web, Example of network redundancy shown in figure 28

Summary Network security is a component of an organization’s overall information security effort Network security controls mitigate risks from threats in network Network security controls defend data leaving the organization and hacking attempts emerging from outside the organization

Case study – T J Maxx Between 2003 and 2007, Albert Gonzalez and his collaborators exploited weaknesses in T J Maxx’ implementation of wireless technology to steal information on over 40 million credit cards – Gonzalez was an informer For the US Secret Service Settlements exceeded $65 mn

Hands-on exercise Wireshark – Monitoring SSL transaction in Wireshark

Network design Use of security technologies – Firewalls – VPN – Encryption

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.