Presentation is loading. Please wait.

Presentation is loading. Please wait.

Networks and Security A Series of Lectures, Outlining: How Networks affect Security of a system Security of System Security of Network Security of Organisation.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Networks and Security A Series of Lectures, Outlining: How Networks affect Security of a system Security of System Security of Network Security of Organisation."— Presentation transcript:

1 Networks and Security A Series of Lectures, Outlining: How Networks affect Security of a system Security of System Security of Network Security of Organisation Secure vs Trustworthy Attack Vulnerabilities Web references and Bibliography Eur Ing Brian C Tompsett University of Hull

2 Networking Principles Revision ISO 7 Layer Model Names and function of layers Layer interconnect terminology

3 Internet Basics Revision IP Addresses (and registrars) 150.237.92.11 192.168.0.1 Domain Names (and registrars) www.dcs.hull.ac.uk on.to / i.am / name.is Services/Sockets http port 80

4 ISO 7 Layer Model Network Datalink Physical Application Presentation Session Transport Network Datalink Physical Application Presentation Session Transport Hub/Repeater Gateway Proxy/Relay NAT/ICS/ Proxy Router Switch/Bridge PTU Frame Datagram Packet Datagram Segment Message IP TCP/UDP HTTP/FTP SMTP PPP/SLIP Ethernet 10BaseT ADSL

5 Internet The Movie Animation covering salient points It has some factual error Can you spot them? First Mention of Firewalls Covered later

6

7 Summary Overall Networking Architecture Role of Layers & Layer Interface Internet Protocols Network Interconnections Any further revision?

8 2

9 What is it for? What is the purpose of Trustworthy Computing? Computer Security? Information Security?

10 Entities Environment Organisation Infrastructure Activity

11 Data Procedures Activities Infrastructure Organisation

12 Entities Environment Organisation Infrastructure Activities Procedures Data

13 Information Security Model Entities Protection Environment Protection Organisation Protection Infrastructure Protection Activity Protection Procedure level Protection Data Protection

14 Security 7 Layer Model Activity Procedures Data Entities Environment Organisation Infrastructure Activity Procedures Data Entities Environment Organisation Infrastructure Translation Relationship Contract Language Protocol Packet Document Business Contact Information Connection Exchange Gateway Exchange

15 Entities Objects being manipulated by the system Entities can be active or passive Data about entities is being protected Entities can be People, Organisations or Objects Entities themselves encompass other entities – Collection or Containment Security involves: Physical Changes – Commissioning Operational Procedure – What they do Structure – Interrelations

16 Environment The restrictions on entities Can act to limit or constrain security or freedom of action Legislation, Regulation, Ethics Technical Capability, Resource Limitation Compatibility, Standards, Procedures Physical Limitation

17 Organisation The Mechanism by which operations a performed The Organisation within the environment

18 Infrastructure That which enables activities The physical components which may or may not be entities in their own right

19 Activity The tasks which process the data Usually a business activity Could be a software Application

20 Procedure The component steps that enable an activity Can be software components or human procedures

21 Data The actual data about entities The goal of a security breach Protected by Cryptography Integrity

22 Security Models ISO 17799 ISO 27001 – ISO 27000 series SABSA Sherwood Applied Business Security Architecture Based on Zachman IS Framework Financial Security Model

23 SABSA Model

24 Financial Security Model Finance Applications for financial users, issuers of digital value, trading and market operations Value Instruments that carry monetary value Governance Protection of the system from non-technical threats Accounting Value within defined places Rights An authentication concept – moving value between identities Software Engineering Tools to move instructions over the net Cryptography Sharing truths between parties

25 ISO 17799 Security Policy Organisation of Information Security Asset Management Human Resources Security Physical and Environmental Security Communications and Operational Management Access Control Systems Development, Acquisition, Maintenance Security Incident Management Business Continuity Management Compliance

26 ISO 17799

27 Network Security Model Personal Protection Organisation Protection Network Protection System Protection Application Protection Code level Protection Data Protection

28 Person Organisation Infrastructure Systems Application

29 Data Procedure Application Systems Infrastructure

30 Person Organisation Infrastructure Systems Applications Procedures Data

31 Security 7 Layer Model Application Procedures Data Person Organisation Infrastructure Systems Application Procedures Data Person Organisation Infrastructure Systems Translation Relationship Contract Language Protocol Packet Document Business Contact Information Connection Exchange Gateway Exchange

32 Static Dynamic ActivityObject

33 Personal Protection Personal Security Locking Doors, Staying Safe Personal Data Protection Giving out DOB, Credit Card, Family info Securing Access to your Computer Personal Security Policy for all Protect others personal security

34 Organisation Protection Organisation / Institution / Company A Holistic View Corporate Image Make public only what required Hide internal structure & information Window & Door into Organisation Manages Input & Output

35 Doors and Windows Decide What Services are available Web servers, ftp, email Which hosts on which networks Which domains used On which IP nets Hosted by whom What registration information Names, addresses phone numbers

36 WWW Internet FTP SMTP Gateway Inside Outside

37 Network Protection Protect Network as entity/resource Manage permitted traffic flow Manage authorised use Architect the Network - zoning Firewalling

38 Network Architecture Proper use of Subnets and domains Limit traffic to local segments Use Bridges/Switches/Routers/Proxies Prevent data and authority leaks

39 What to Firewall? Certain Protocols – netBios Certain Responses – ping/traceroute Certain Applications Real/IRC Certain Systems/Networks Control Port/Host combinations Email Port/25, HTTP Port/80, FTP Port/21 Rate Limit Denial of Service/Scanners

40 System Protection Protect each system from misuse Incoming & Outgoing! Control Which Services Run http://support.microsoft.com/?kbid=832017 Virus checkers

41 Application Protection Specific Application Configuration Parental Controls of Web Browsers Domain/IP blockers Spam filters Control file/device exports

42 Code Level Protection Writing Secure Code Even on secured system Bad Code compromises security Hence software updates

43 Data Protection Hiding the Data Cryptography Data Transience Data Integrity

44 3

45 Forms of Attack Denial of Service Input Data Attack Spoofing Sniffing Social Engineering

Download ppt "Networks and Security A Series of Lectures, Outlining: How Networks affect Security of a system Security of System Security of Network Security of Organisation."

Similar presentations

DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.

1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.

NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.

Similar presentations

Ads by Google