Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business applications by reducing risk, and providing a foundation for expanding your business with Intranet, extranet, and electronic commerce applications.
Reasons choosing Network Security as Topic n Protection from “Crackers” n Cooperate with NT (NT is not enough security) (NT is not enough security) n Learning for my own compnay use n Trying to get the contract from Government in Taiwan for building security system
Network Security Internet Security - From Infrastructure to Network to Computer Wide-Area Network Security - Bridge and Router Packet Filtering Local-Area Network Security - Tape Backup and LAN Admin. Computer Security - Power Protection and Special Mounting & Fastening Devices to Secure Computer Equipmen
Improving Network Security By Means of Secure Gateways (or Firewall) n Internet sites often use the TCP/IP protocol suite and UNIX for local area networking purposes, UNIX and TCP/IP offer methods for centralizing the management of users and resources. n But. Crackers often roam the Internet searching for unprotected sites; misconfigured systems as well as use of insecure protocols that make the cracker's job much easier. n Two of the TCP/IP services most often used in local area networking, NIS (Network Information Services) and NFS (Network File System), are easily exploited; crackers can use weaknesses in NIS and NFS to read and write files, learn user information, capture passwords, and gain privileged access. n Kerberos and Secure RPC are effective means for reducing risks and vulnerabilities on local area TCP/IP networks, however they suffer from the disadvantages of requiring modified network daemon programs on all participating hosts. n For many sites, the most practical method for securing access to systems and use of inherently vulnerable services is to use a Secure Gateway, or firewall system.
Examples of Firewalls n Packet-filtering-only firewall (is perhaps most common and easiest to employ.) n Dual-homed gateway (are often the least-expensive option for many sites and, if used mainly as an application gateway, can be quite secure.) n Choke-gate firewall (would handle ftp and telnet traffic using group accounts. The choke-gate firewall is more flexible than the dual- homed firewall, however, and more secure.) n Screened-subnet firewall. The telnet/ftp and e-mail gateways could be the only systems accessible from the Internet. providing a high level of security and offering more flexibility for internal systems that need to connect to the Internet
Typical Firewall Architecture n In this architecture, the router that is connected to the Internet (exterior router) forces all incoming traffic to go to the application gateway. The router that is connected to the internal network (interior router) accepts packets only from the application gateway. n The application gateway institutes per-application and per- user policies. In effect, the gateway controls the delivery of network-based services both into and from the internal network. For example, only certain users might be allowed to communicate with the Internet, or only certain applications are permitted to establish connections between an interior and exterior host.
IP security Why do we need IP security: n Loss of privacy n Loss of Data Integrity n Identity spoofing n Denial of services
Addressing the Threat n Confidentiality n Integrity n Authentication n Encryption of data in transit n Network-layer encryption are key services used to protect against the threats by way of :
Intranet VPNs Intranet VPNs link corporate headquarters, remote and branch offices through dedicated connections
Extranet VPNs n Extranet VPNs connect customers, partners other interest parties to corporate intranets over dedicated connections
Understanding Network security n Limit the scope of access n Understand your environment n Limit your trust n Remember your physical security n Security is pervasive (everywhere) n Know your enemy n Count the cost n Identify your assumptions n Control your secrets n Remember human factors n Know your weaknesses