Chapter 9 Networking & Distributed Security (Part C)

Slides:



Advertisements
Similar presentations
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Advertisements

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Security Firewall Firewall design principle. Firewall Characteristics.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewall Configuration Strategies
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Firewalls and Intrusion Detection Systems
Chapter 12 Network Security.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.
Security Awareness: Applying Practical Security in Your World
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
Intranet, Extranet, Firewall. Intranet and Extranet.
FIREWALL Mạng máy tính nâng cao-V1.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Chapter 6: Packet Filtering
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
TCP/IP Protocols Contains Five Layers
Csci5233 Computer Security1 Bishop: Chapter 11 An Overview of Cipher Techniques (in the context of networks) ( )
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
7.4 Firewalls Network Security / G.Steffen1. In This Section What is a Firewall? Types of Firewall Comparison of Firewalls Types What Firewall Can-and.
Internet Security and Firewall Design Chapter 32.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Computer Data Security & Privacy
Click to edit Master subtitle style
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Network Security: IP Spoofing and Firewall
Firewalls Purpose of a Firewall Characteristic of a firewall
csci5233 computer security & integrity (Chap. 4)
Introduction to Network Security
Implementing Firewalls
Presentation transcript:

Chapter 9 Networking & Distributed Security (Part C)

csci5233 computer security & integrity (Chap. 9) 2 Outline

csci5233 computer security & integrity (Chap. 9) 3 Electronic Mails Security Goals vs Threats GoalsThreats confidentiality 1. interception integrity 2. interception and subsequent replay 3. content modification 4. content forgery by outsider 5. content forgery by recipient 6. origin forgery by recipient authenticity 7. origin modification 8. origin forgery by outsider nonrepudiation  Threats 2 through 8 above reliable delivery  interception (blocked delivery)  denial of message transmission

csci5233 computer security & integrity (Chap. 9) 4 Privacy-enhanced s (PEM) Internet standards 1987: RFC989 (PEM version 1)RFC : RFC1113 (version 2)RFC : RFC1421, 1422, 1423, 1424 (Part I, II, III, IV), version 3RFC1421 Protection of privacy-enhanced s occurs in the body of the message. The header of the message is not changed to ensure compatibility with the then existing systems. Overview: Fig. 9-27, 9-28 (p.424) 1) The message header and body is encrypted under a symmetric key, K  E (message, K) 2) K is encrypted by the recipient’s public key  Rpub (K) 3) A duplicate header is prepended to the message, which contains both Rpub(K) and E(message, K). Q: In step 2, can symmetric key, instead of the recipient’s public key, be used to encrypt the message key?

csci5233 computer security & integrity (Chap. 9) 5 Privacy-enhanced s (PEM) The answer: YES. See p.425. Q: What would be the requirements if symmetric key is used? Proc-Type field: processing type DEK-Info field: data exchange key field Key-Info: key exchange Message encryption: DES Key exchange: DES or RSA In principle, any encryption algorithms can be used.

csci5233 computer security & integrity (Chap. 9) 6 Privacy-enhanced s (PEM) Security features: Confidentiality – message encryption Authenticity - ? Nonrepudiability - ? Integrity - ? Answers: p.425

csci5233 computer security & integrity (Chap. 9) 7 Privacy-enhanced s (PEM) Advantages: The user may choose to use PEM or not in sending an . PEM provide strong end-to-end security for s. Problems? 1.Key management 2.The end points may not be secure. Yet another privacy enhanced protocol: PGP: p.426

csci5233 computer security & integrity (Chap. 9) 8 Firewalls Q: Which is more important, protection of s or protection of network-connected resources? (see argument on p.427) A firewall works in a way similar to a filter, which lets through only desirable interactions while keeping all others out of the protected network. Analogy: a gate keeper, a security gateway A firewall is a device or a process that filters all traffic between a protected (inside) network and a less trustworthy (outside) network. Scenarios: oInternal users sending company secrets outside oOutside people breaking into systems inside

csci5233 computer security & integrity (Chap. 9) 9 Firewalls Alternative security policies: To block all incoming traffic, but allow outgoing traffic to pass. To allow accesses only from certain places To allow accesses only from certain users To allow accesses for certain activities (such as specific port numbers) oPort 79: finger; Port 23: telnet; Port 513: rlogin; oPort 21: ftp; Port 177: X Windows oICMP messages: the PROTOCOL field of IP header = 1 oEach of these mechanisms is a potential back door into the system.

csci5233 computer security & integrity (Chap. 9) 10 Types of Firewalls Screening Routers The simplest, but may be the most effective type of firewalls. A router plays the role of a ‘gateway’ between two networks. (Fig. 9-31, p.429) A screening router takes advantage of a router’s ability of “screening” passing-through packets and forwards only packets that are desirable. Example: Fig A router has a unique advantage because it sits between an outside and the inside network. (Fig. 9-33)

csci5233 computer security & integrity (Chap. 9) 11 Types of Firewalls Proxy Gateways “proxy”: authority or power to act for another A firewall that simulates the effects of an application by running “pseudo-applications”. To the inside it implements part of the application protocol to make itself look as if it is the outside connection. To the outside it implements part of the application protocol to act just like the inside process would. It examines the content, not just the header, of a packet. Examples of using proxy firewalls: pp

csci5233 computer security & integrity (Chap. 9) 12 Types of Firewalls Guards A “sophisticated” proxy firewall A guard firewall examines and interprets the content of a packet. A guard usually implements and enforces certain business policies. Example: enforcing an “quota” (p.433) Other examples Trade-offs? Table 9-3 (p.434) Comparing the types of firewalls

csci5233 computer security & integrity (Chap. 9) 13 Firewalls Examples of Firewall Configurations Screening router only: Fig Proxy firewall only: Fig A combined approach: Fig Q: Does it make sense to reverse the position of the screening router and the proxy firewall in Fig. 9-37?

csci5233 computer security & integrity (Chap. 9) 14 DMZ (Demilitarized zone) The segment in a network bounded by two firewalls.

csci5233 computer security & integrity (Chap. 9) 15 Considerations about Firewalls Firewalls provide perimeter protection of a network, if the network’s perimeter is clearly defined and can be controlled by the firewall. A firewall is a prime target to attack. A firewall does not solve all security problems. Why not? A firewall may have a negative effect on software portability. (See VM: Ch. 16 – Through the firewall)

csci5233 computer security & integrity (Chap. 9) 16 Summary Network security is a rich area, in terms of complexity of the problem and research opportunities. Intrusion detection Honeypots Security versus performance … Next: –Buffer overflow (VM: Ch 7) –Applying cryptography (VM: Ch 11)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.