Download presentation
Presentation is loading. Please wait.
1
Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption
2
Security Policy Steps Assets Threats Vulnerabilities Risk Protective measure –Virus protection –Firewall –Authentication –Encryption
3
Auditing Personal: internal or external Methods –Manual auditing: policy auditing or off-line audit (policy development & implementation) –automated auditing: event detection or real-time audits (software & exception reports) –Security probes: weak spots & improvement Intrusion detection systems or Security Analyzer Tool for Analyzing Networks (SATAN) Courtney
4
Antivirus Technology Virus scanning: signature scanners Emulation technology: activity monitors (virtual PC) CRC checkers: hashing checkers
5
Firewall Architectures Packet filtering Application gateway
6
Packet Filtering Port-level filter, network-level filter, or packet filter Filter tables: source and destination addresses Weakness: IP spoofing
7
Application Gateways Application-level filters, assured pipe-lines, application gateways, or proxies Sources, services or application Weakness –Inability to detect malicious code
8
Firewall Functions Encryption Virus scanning Violation notification Authentication System monitoring Auditing and logging Attack protection
9
Authentication categories –What you know –What you have –What you are Types –Token authentication –Biometric authentication
10
Encryption methods Private key encryption –Same algorithm –Data encryption standard (DES): 64-bit key Public key encryption –Rivest-Shamir-Adelman: RSA –Public/private key encryption Digital signature encryption –Private key, hashing program, original document
11
Assignment Review chapters 8, 9, & 13
Similar presentations
