Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 40 Network Security (Access Control, Encryption, Firewalls)

Published byDonald Mitchell Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 40 Network Security (Access Control, Encryption, Firewalls)"— Presentation transcript:

1 Chapter 40 Network Security (Access Control, Encryption, Firewalls)

2 2 Secure Networks  Secure network is not an absolute term  Need to define security policy for organization  Network security policy cannot be separated from security policy for attached computers  Costs and benefits of security policies must be assessed

3 3 Network Security Policy Devising a network security policy can be complex because a rational policy requires an organization to assess the value of information. The policy must apply to information stored in computers as well as to information traversing a network.

4 4 Aspects of Security  Data integrity  Data availability  Data confidentiality  Privacy

5 5 Responsibility and Control  Accountability: how an audit trail is kept  Authorization: who is responsible for each item and how is responsibility delegated to others

6 6 Integrity Mechanisms  Techniques to ensure integrity  Parity bits  Checksums  CRCs  These cannot guarantee data integrity (e.g., against intentional change  Use of message authentication code (MAC) that cannot be broken or forged

7 7 Access Control and Passwords  Passwords used to control access  Over a network, passwords susceptible to snooping

8 8 Encryption and Confidentiality  To ensure confidentiality of a transmitted message, use encryption  Secret key or public key schemes encryptiondecryption message m Secret key S

9 9 Public Key Cryptosystem  Each processor has private key S and public key P  S is kept secret, and cannot be deduced from P  P is made available to all processors  Encryption and decryption with S and P are inverse functions: P(S(m)) = m and S(P(m)) = m

10 10 Message Digest  Digest function maps arbitrary length message m to fixed length digest d(m)  One-way function: given d(m), can't find m  Collision-free: infeasible to generate m and m' such that d(m) = d(m')

11 11 Digital Signature  To sign message m, sender computes digest d(m)  Sender computes S(d(m)) and sends along with m  Receiver computes P(S(d(m))) = d(m)  Receiver computes digest of m and compares with result above; if match, signature is verified

12 12 Digital Signature

13 13 Internet Firewall  Protect an organization’s computers from internet problems (firewall between two structures to prevent spread of fire)

14 14 Internet Firewall  All traffic entering the organization passes through the firewall  All traffic leaving the organization passes through the firewall  The firewall implements the security policy and rejects any traffic that doesn’t adhere  The firewall must be immune to security attacks

15 15 Packet Filtering  Packet filter is embedded in router  Specify which packets can pass through and which should be blocked

16 16 Using Packet Filters to Create a Firewall  Three components in a firewall  Packet filter for incoming packets  Packet filter for outgoing packets  Secure computer system to run application-layer gateways or proxies

17 17 Virtual Private Networks  Two approaches to building corporate intranet for an organization with multiple sites:  Private network connections (confidential)  Public internet connections (low cost)  Virtual Private Network  Achieve both confidentiality and low cost  Implemented in software

18 18 Virtual Private Network  VPN software in router at each site gives appearance of a private network

19 19 Virtual Private Network  Obtain internet connection for each site  Choose router at each site to run VPN software  Configure VPN software in each router to know about the VPN routers at other sites  VPN software acts as a packet filter; next hop for outgoing datagram is another VPN router  Each outgoing datagram is encrypted

20 20 Tunneling  Desire to encrypt entire datagram so source and destination addresses are not visible on Internet  How can internet routers do proper forwarding?  Solution: VPN software encrypts entire datagram and places inside another for transmission  Called IP-in-IP tunneling (encapsulation)

21 21 Tunneling  Datagram from computer x at site 1 to computer y at site 2  Router R 1 on site 1 encrypts, encapsulates in new datagram for transmission to router R 2 on site 2

22 22 Summary  Security is desirable but must be defined by an organization  Assess value of information and define a security policy  Aspects to consider include privacy and data integrity, availability, and confidentiality

23 23 Summary (continued)  Mechanisms to provide aspects of security  Encryption: secret and public key cryptosystems  Firewalls: packet filtering  Virtual private networks  Use Internet to transfer data among organization’s sites but ensure that data cannot be read by others

Download ppt "Chapter 40 Network Security (Access Control, Encryption, Firewalls)"

Similar presentations

Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
COS 420 Day 18. Agenda Assignment 4 Posted Chap 16-20 Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.

COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.

COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Similar presentations

Ads by Google