Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 3: Secure Network Architecture

Published byHamdani Hadiman Modified over 6 years ago

Similar presentations

Presentation on theme: "Lecture 3: Secure Network Architecture"— Presentation transcript:

1 Lecture 3: Secure Network Architecture
NET 536 Network Security Networks and Communication Department Lecture 3: Secure Network Architecture

2 lecture contents: TPC/IP Review Security Principles Types of Attacks
16-Jan-19 Networks and Communication Department

3 TPC/IP Review Ideally, a secure network architecture is designed
before any systems are in place. TPC/IP review: Internet is made up of a wide variety of computers, from supercomputers to personal computers. Each of these computers has its type of software and application running. How do all of these computers understand each other and work together ? There are a set of rules to govern communications so each computer understand how to act and how to interpret the actions of the other computers.

4 TPC/IP Review When transferring information across a network, TCP
breaks information into small pieces (packets). Each packet is sent separately. TCP has support to detect errors, and lost of data. IP handles carrying TCP packets from one computer to the other one based on 4 bytes (destination IP address). Each computer is uniquely identified by a specific IP address. When a client requests a service from a server, it builds a TCP connection with the server. 16-Jan-19 Networks and Communication Department

5 TPC/IP Review TCP connection includes :
connection establishment Data exchange Connection termination A port number is used to distinguish various services. A Port is a way to identify a specific service on a computer in a network. 16-Jan-19 Networks and Communication Department

6 TPC/IP Review 16-Jan-19 Networks and Communication Department

7 TPC/IP Review Port 80 is used by HTTP (send and retrieve web pages).
Port numbers are specified by a 16 bits and enumerated from 0 to End to End communication can be identified by: IP address source, source Port, IP address destination, destination Port. Basic connection: Client browser finds first an unused dynamic port) 16-Jan-19 Networks and Communication Department

8 TPC/IP Review 16-Jan-19 Networks and Communication Department

9 TPC/IP Review A client program A (IP ) wants to open a connection with a server B (IP ) for web service (on port 80). A begins the connection attempt by dynamically openning a port, say 1078. A sends : : 80 Syn = 1. B receives the packet and understands that A wants to form a new connection. B sends a response for A : : Syn= 1, ACK = 1 A informs B that the response has been received : : 80 Syn =0 16-Jan-19 Networks and Communication Department

10 Security Principles Security principles: 1- Least privilege:
States that a user should have only the privileges needed to do his job. Least privilege is enforced using a network device, such as a router with an access control list (ACL) which tells a computer operating system which access rights each user has to a particular object. 2- Layered security: Is the concept that security functions should happen at multiple layers. 16-Jan-19 Networks and Communication Department

11 Security Principles 16-Jan-19 Networks and Communication Department

12 Security Principles Physical layer: traditional security measures such as cameras, walls are used to present unauthorized users. Data link: unused port can be disabled. We can also rely on VPN. Network layer: firewalls and ACLs restrict network access. Intrusion detection may base its decision on TCP/UDP port numbers. Proxies operate between the transport and the application layer. Top layers are application content inspection services (anti- virus scanners,…). 16-Jan-19 Networks and Communication Department

13 Security Principles 3- Functional segmentation:
Is based on layered security and the principle of least privilege. Functional segmentation suggests a design in which the network is partitioned according to user or device function. Each segment may be further divided by academic department. Segmentation advantage is in preventing the spread of worms such as slammers. 16-Jan-19 Networks and Communication Department

14 Security Principles 16-Jan-19 Networks and Communication Department

15 Types of Attacks Types of attacks:
Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not have privileges to run. Denial of services: an attacker can send a large number of TCP Sync packets to a target. Syn packets are supposed to be the first part of the TCP header. The server normally responds with a Syn-Ack packet, and allocates buffer for new TCP session. However, the attacking host never responds. Worms and virus: automated attacks, programmed to spread themselves as rapidly, and widely as possible. 16-Jan-19 Networks and Communication Department

16 Types of Attacks Types of attacks:
Trojan and Spyware: installed with other software. They collect information about the system (password, visited websites,…). Information which has been collected can be send to someone else. 16-Jan-19 Networks and Communication Department

Download ppt "Lecture 3: Secure Network Architecture"

Similar presentations

CCNA – Network Fundamentals

CCNA – Network Fundamentals
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
(4.4) Internet Protocols Layered approach to Internet Software 1.

(4.4) Internet Protocols Layered approach to Internet Software 1.
Network Layer and Transport Layer.

Network Layer and Transport Layer.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.

Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,

TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
PRINCESS NORA BINT ABDULRAHMAN UNIVERSITY COLLEGE OF COMPUTER AND INFORMATION SCIENCES NETWORKS DEPARTMENT Network Security Net 536 l.Tahani Aljehani.

PRINCESS NORA BINT ABDULRAHMAN UNIVERSITY COLLEGE OF COMPUTER AND INFORMATION SCIENCES NETWORKS DEPARTMENT Network Security Net 536 l.Tahani Aljehani.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
Presentation on Osi & TCP/IP MODEL

Presentation on Osi & TCP/IP MODEL
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail (email) Electronic Mail (email) Domain mail server collects incoming mail.

Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.

Similar presentations

Ads by Google