PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem

Network Security :  Network security measures are needed to protect data during their transmission.  Network security is a complicated subject, historically only tackled by well-trained experts.  However, as more and more people become “wired”, an increasing number of people need to understand the basics of security in a networked world.

 This document was written with the basic computer user and information systems manager in view, explaining the concepts needed to read through the hype in market place.  Understanding risks and how to deal with them.  By this we can understand how to reduce and manage risk personally, at home, and in the working place.

Security Services : Within the context of any application-to-application communication, there are some specific security services. They are  Authentication  Integrity  Confidentiality  Non-repudiation  Access Control  Availability

Authentication:  The authentication service is concerned with assuring that a communication is authentic.  The function of the authentication service is to assure the recipient that the message is from the source in the case of a single message such as alarm Signal.

Integrity :  A connection-oriented integrity service assures that messages are received as sent, with no duplication, insertion or replays.  As the integrity service relates to active attacks, we are concerned with detection rather than prevention.

Confidentiality :  Confidentiality is the protection of transmitted data from passive attacks.  Ensuring that no one can read the message except the intended receiver.  Confidentiality is the protection of traffic flow from analysis.

Non-repudiation:  Non-repudiation prevents either sender or receiver from denying a transmitted message.  When a message is sent, the receiver can prove that the message was in fact send by the alleged sender.  Similarly, when a message is received, the sender can prove that the message was in fact received by the alleged receiver.

Access Control :  Access control is the ability to limit and control the access to host systems and applications via communication links.  To achieve access control, each entity trying to gain must first be identified or authenticated.

Availability :  Availability is one of the security services.  Variety of attacks can result in the loss of or reduction in availability.

Model For Network Security :  A message is to be transferred from one party to another across some sort of internet.  The two parties, who are the principals in this transaction, must cooperate for the exchange to take place.  A logical information channel is established by defining a route through the internet from source to destination and by the cooperative use of communication protocols by the two principals.

All the techniques for providing security have two components. They are:  A security-related transformation on the information to be sent.  Secret information will be shared by the two principals and it is hoped unknown to the opponent.

Different types of threats to Network:  Application backdoors  Operating system bugs  Denial of Service  Macros  Viruses

Application backdoors :  Some programs have special features that allow for remote access.  Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program.

Operating system bugs:  Like applications, some operating systems have backdoors.  Others provide remote access with insufficient security controls or have bugs.

Denial of Service :  Denial of service threat is impossible to counter.  By inundating a server with unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.

Macros :  To simplify complicated procedures, many applications allow us to create a script of commands that the application can run.  This script is known as macro.  Hackers take advantage of this to create their own macros depending on the application can destroy the data or crash the computer.

Viruses :  Probably the most well-known threat is computer viruses.  A virus is a small program that can copy itself to another computers.  Viruses range from harmless messages to erasing all of our data.

Various Methods to provide Network Security :  Virtual Private Network  Firewalls  IPSec  AAA Server

Virtual Private Network :  A virtual private network is a way to use a public telecommunication infrastructure, such as internet to provide secure access.  The goal of a virtual private network is to provide the organization with the capabilities at a much lower cost.

Firewalls :  A firewall provides a strong barrier between our private network and the Internet.  We can set firewalls to restrict the number of open ports, what type of packets are passed through and which protocols are passed through.  We should already have a good firewall in place before we implement a virtual private network.

IPSec : Internet Protocol Security Protocol provides enhanced security features such as better encryption algorithms and more comprehensive authentication. IPSec has two encryption modes. They are Tunnel Mode and Transport mode IPSec can encrypt data between various devices such as Router to router Firewall to router PC to router PC to server

AAA Server :  AAA stands for authentication, authorization and accounting.  AAA servers are used for more secure access in a remote- access virtual private network environment.  When a request to establish a session comes in from a dial up client, the request is proxies to the AAA server. AAA then checks the following: Who we are (Authentication) What we are allowed to do (Authorization) What we actually do (Accounting)

 Here by we conclude that by using various methods we can provide security to our data CONCLUSION

Thank You

? QUERIES ? Any Queries?