Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security.

Published byTariq Wilgus Modified over 10 years ago

Similar presentations

Presentation on theme: "Network Security."— Presentation transcript:

1 Network Security

2 Intrusion Detection and Intrusion Prevention Systems
Intrusion Detection System (IDS)—Only detects unauthorized activity. Example: MS Event Viewer Intrusion Prevention System (IPS)—Detects unauthorized activity and performs some function to stop the activity. Example: Most antivirus software IDS and IPS require some form of port monitoring When a particular port on a switch is connected directly to the IDS or IPS and monitors all activity through another port on the same switch.

3 Public Key Infrastructure (PKI)
Provides encryption and authentication The method of using an algorithm to encode data. Algorithm converts data into ciphertext encrypted data Cryptology—Science of encrypting data Generates key and uses it for encryption Generates certificate to verify authentication

4 Key Encryption Methods
Symmetric-key encryption—Generally used when large amounts of data need to be encrypted Asymmetric-key encryption—Both the public and private keys are needed to encode and decode data

5 Digital Certificate A file that commonly contains data such as
the user’s name and address, the public key value assigned to the user, the validity period of the public key, issuing authority identifier information

6 Certificate Authority (CA)
1. Station1 applies for digital certificate from a CA to send an encrypted message to Station2 2. CA issues digital certificate to Station1 3. Station1 uses private key to encrypt message 4. Station1 sends encrypted message to Station2 5. Station2 uses the public key to decode encrypted message

7 Details of a VeriSign Digital Certificate

8 Security Sockets Layer (SSL) and Transport Layer Security (TLS)
Application layer protocols Support VoIP, , and remote connections Based on public key encryption technology Displays when securing Web site connection Not compatible with each other TLS more secure; SSL more popular

9 Secure HTTP (S-HTTP) Uses symmetric, or private, keys for encoding and decoding messages Not supported by all Web browsers

10 Virtual Network Connection (VNC)
Describes point-to-point connection to a remote device Connection considered “virtual” because user’s network device is not a physical part of remote network

11 Independent Computer Architecture (ICA)
Citrix ICA and Microsoft Remote Desktop Protocol are the two main choices for this type of application

12 Internet Protocol Security (IPSec)
Collection of security protocols, hashes, and algorithms Authentication can be verified with Kerberos, a preshared key, or digital certificates IPSec VPNs typically use public and private keys for encryption

13 IPSec Modes Transport mode An IPSec mode that only encrypts the payload. Tunnel mode An IPSec mode that encrypts the payload and the header.

14 Secure Shell (SSH) Originally designed for UNIX to replace Remote Login (rlogin), Remote Shell (rsh), and Remote Copy (rcp) Uses port 22 Requires a private key, public key, and password Can be used on operating systems that support TCP/IP

15 SSH Example

16 Secure Copy Protocol (SCP)
Replacement for rcp command Does not require password

17 Service Set Identifier (SSID)
Identifies wireless network Similar to workgroup name All wireless network devices are configured with a default SSID To secure the wireless network, the default SSID should be changed

18 Media Access Control (MAC) Filtering
To configure MAC filtering, administrator creates an Access Control List (ACL) ACL is located on Wireless Access Point (WAP) ACL contains list of MAC addresses belonging to authorized wireless network devices

19 Wired Equivalent Privacy (WEP)
First attempt to secure with encryption the data transferred across a wireless network Algorithm not complex and can be easily cracked A VPN can add to the security set in place by WEP

20 Wi-Fi Protected Access (WPA)
Developed by the Wi-Fi organization to overcome the vulnerabilities of WEP Compatible with devices Wi-Fi Protected Access 2 (WPA2) is an enhanced version of WPA WPA2 is compatible with the i standard

21 802.11i IEEE ratified standard to remedy original security flaws Specifies the use of a 128-bit Advanced Encryption Standard (AES) for data encryption Generates fresh set of keys for each new connection Downward compatible with existing devices

22 802.1x Authentication Provides port-based, network access control
Used for client/server-based networks Supplicant—Wireless network device requesting network access Authenticator—WAP provides authentication Authentication server—Server running Remote Authentication Dial-In User Service (RADIUS)

23 In class lab Languard Lab – download lab from course website Labsim 8.25 Next Class No class on Monday November 11th, 2013 November 13th, 2013 Labsim Homework 8.3.1–8.3.3

Download ppt "Network Security."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Remote Networking Architectures

Remote Networking Architectures
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.

 An electrical device that sends or receives radio or television signals through electromagnetic waves.
Cs490ns-cotter1 SSH / SSL Supplementary material.

Cs490ns-cotter1 SSH / SSL Supplementary material.

Similar presentations

Ads by Google