Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

Similar presentations


Presentation on theme: "1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content."— Presentation transcript:

1 1 Network Security

2 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content –Parties involved –Where they are, how they communicate, how often, etc. Authentication: assurance that an entity of concern or the origin of a communication is authentic - it’s what it claims to be or from Integrity: assurance that the information has not been tampered with

3 3 Security Services Non-repudiation: offer of evidence that a party is indeed the sender or a receiver of certain information Access control: facilities to determine and enforce who is allowed access to what resources, hosts, software, network connections Data Availability: Protection against disruption of service Accountability: How an audit trail is kept

4 4 Security Objectives Confidentiality (Secrecy): Prevent/Detect/Deter improper disclosure of information Integrity: Prevent/Detect/Deter improper modification of information Availability: Prevent/Detect/Deter improper denial of access to services provided by the system

5 5 Virus, Worms, and Trojan Horses Trojan horse: instructions hidden inside an otherwise useful program that do bad things Virus: a set of instructions that, when executed, inserts copies of itself into other programs. Worm: a program that replicates itself by installing copies of itself on other machines across a network. Trapdoor: an undocumented entry point, which can be exploited as a security flaw Zombie: malicious instructions installed on a system that can be remotely triggered to carry out some attack with les traceability because the attack comes from another victim. ….

6 6 Encryption/Decryption plaintext encryption ciphertext decryption plaintext Plaintext: a message in its original form Ciphertext: a message in the transformed, unrecognized form Encryption: the process for producing ciphertext from plaintext Decryption: the reverse of encryption Key: a secret value used to control encryption/decryption

7 7 Types of Cryptographic functions Secret Key Cryptography –One key Public Key Cryptography –Two keys: public, private

8 8 Secret Key Cryptography plaintext encryption ciphertext decryption plaintext key Same key is used for both encryption and decryption –Symmetric cryptography –Conventional cryptography Ciphertext is about the same length as the plaintext Examples: DES, IDEA, AES… same key

9 9 Public Key Cryptography plaintext encryption ciphertext decryption plaintext public keyprivate key Invented/published in 1975 Each individual has two keys: –Private key is kept secret –Public key is publicly known Much slower than secret key cryptography Also known as –Asymmetric cryptography

10 10 Public Key Cryptography cont’d plaintext signing Signed message verification plaintext private key public key Digital Signature –Only the party with the private key can generate a digital signature –Verification of the signature only requires the knowledge of the public key –The signer cannot deny he/she has done so.

11 11 Applications of Public Key Cryptography Digital Signatures Authorship: Prove who generate the information Integrity: the information has not been modified Non-repudiation: cannot do with secret key cryptography

12 12 Firewalls

13 13 What is a firewall? Device that provides secure connectivity between networks (internal/external; varying levels of trust) Used to implement and enforce a security policy for communication between networks Trusted Networks Untrusted Networks & Servers Firewall Router Internet Intranet DMZ Public Accessible Servers & Networks Trusted Users Untrusted Users

14 14 Firewall

15 15 Firewalls From Webster’s Dictionary: a wall constructed to prevent the spread of fire Internet firewalls are more the moat around a castle than a building firewall Controlled access point

16 16 Firewalls can: Restrict incoming and outgoing traffic by IP address, ports, or users Block invalid packets

17 17 Firewalls Cannot Protect… Traffic that does not cross it –routing around –Internal traffic When misconfigured

18 18 Internet DMZ Net Web Server Pool Corporate Network ALERT!! Security Requirement Control access to network information and resources Protect the network from attacks Access Control

19 19 Filtering Packets checked then passed – typically route packets Inbound & outbound affect when policy is checked Packet filtering –Access Control Lists Session filtering –Dynamic Packet Filtering –Stateful Inspection –Context Based Access Control Fragmentation/reassembly Sequence number checking ICMP

20 20 Packet Filter Embedded in Router

21 21 VPN

22 22 Tunneling

23 23 Security Technologies Intrusion Detection System Pretty Good Privacy Secure Shell Secure Socket Layer IP Security Wired Equivalent Privacy


Download ppt "1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content."

Similar presentations


Ads by Google