Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security.

Published byClement Jennings Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security."— Presentation transcript:

1

2 1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security –…Human Factors –…Protocols

3 2 Areas for Protection Privacy Data Integrity Authentication/Access Control Denial of Service

4 3 Regulations and Standards Computer Crime Laws Encryption Government as “Big Brother”

5 4 Security Threat, Value and Cost Tradeoffs Identify the Threats Set a Value on Information Add up the Costs (to secure) Cost < Value * Threat

6 5 Threats Hackers/Crackers (“Joyriders”) Criminals (Thieves) Rogue Programs (Viruses, Worms) Internal Personnel System Failures

7 6 Network Threats IP Address spoofing attacks TCP SYN Flood attacks Random port scanning of internal systems Snooping of network traffic SMTP Buffer overrun attacks

8 7 Network Threats (cont.) SMTP backdoor command attacks Information leakage attacks via finger, echo, ping, and traceroute commands Attacks via download of Java and ActiveX scripts TCP Session Hijacking TCP Sequence Number Prediction Attacks

9 8 Threat, Value and Cost Tradeoffs Operations Security Host Security Firewalls Cryptography: Encryption/Authentication Monitoring/Audit Trails

10 9 Host Security Security versus Performance & Functionality Unix, Windows NT, MVS, etc PCs “Security Through Obscurity” 

11 10 Host Security (cont) Programs Configuration Regression Testing

12 11 Network Security Traffic Control Not a replacement for Host-based mechanisms Firewalls and Monitoring, Encryption Choke Points & Performance

13 12 Access Control Host-based: –Passwords, etc. –Directory Rights –Access Control Lists –Superusers  Network-based: –Address Based –Filters –Encryption –Path Selection

14 13 Network Security and Privacy Protecting data from being read by unauthorized persons. Preventing unauthorized persons from inserting and deleting messages. Verifying the sender of each message. Allowing electronic signatures on documents.

15 14 FIREWALLS Prevent against attacks Access Control Authentication Logging Notifications

16 15 Types of Firewalls Packet Filters –Network Layer Stateful Packet Filters –Network Level Circuit-Level Gateways –Session Level Application Gateways –Application Level Presentation Transport Network Session Data Link Physical Application

17 16 Packet Level Sometimes part of router TAMU “Drawbridge” Campus ROTW RouterDrawbridge

18 17 Circuit Level Dedicated Host Socket Interfaces ROTW Local FW

19 18 Application Level Needs a dedicated host Special Software most everywhere telnet ROTW Firewall

20 19 Firewall Installation Issues DNS Router FTPWebMail INTERNET

21 20 Firewall Installation Issues DNS Problems Web Server FTP Server Mail Server Mobile Users Performance

22 21 Address Transparency Need to make some addresses visible to external hosts. Firewall lets external hosts connect as if firewall was not there. Firewall still performs authentication

23 22 Network Address Translation 10.0.0.0 128.194.103.0 Firewall Internet Gateway

24 23 Network Address Translation ftpd TCP IP Data Link Hardware ftp TCP IP Data Link Hardware proxy ftp TCP IP Data Link Hardware gw control Host A: Internal HostGateway HostHost B: External Host DatagramAGWDatagramAB

25 24 IP Packet Handling Disables IP Packet Forwarding Cannot function as a insecure router eg. ping packets will not be passed Fail Safe rather than Fail Open Only access is through proxies

26 25 DNS Proxy Security finance.xyz.commarketing.xyz.comsales.xyz.com Eagle Gateway eagle.xyz.com DNSd INTERNET External DNS Server

27 26 INTERNET Virtual Private Tunnels Hello !@@%* Encapsulate Authenticate Encrypt Decapsulate Authenticate Decrypt Creates a “ Virtual Private Network “

28 27 VPN Secure Tunnels Two types of Tunnels supported –SwIPe and IPsec tunnels Encryption –DES, triple DES and RC2 Secret key used for used for authenticatio and encryption Trusted hosts are allowed to use the tunnel on both ends

29 28 Designing DMZ’s INTERNET Web FTP Mail DMZ Screening Router Company Intranet

30 29 Firewall Design Project Wide Area Router Dallas Raptor Remote Hawk Console INTERNET Mail Server San Jose Raptor Eagle File Server Internet Router

31 30 Monitoring Many tools exist for capturing network traffic. Other tools can analyze captured traffic for “bad” things. Few tools are real-time.

32 31 Summary Security must be comprehensive to be effective. Remember threat, value, cost when implementing a system. Security is achievable, but never 100%. Make your system fault tolerant.

Download ppt "1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security."

Similar presentations

DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Lecture 25: Firewalls Introduce several types of firewalls

Lecture 25: Firewalls Introduce several types of firewalls
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.

Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.

Similar presentations

Ads by Google