Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network/Information Security z“The terms network security and information security refer in a broad sense to confidence that information and services available.

Published byElisabeth Lane Modified over 8 years ago

Similar presentations

Presentation on theme: "Network/Information Security z“The terms network security and information security refer in a broad sense to confidence that information and services available."— Presentation transcript:

1 Network/Information Security z“The terms network security and information security refer in a broad sense to confidence that information and services available on a network cannot be accessed by unauthorized users.” (Comer 1995) zNeed to protect yPhysical resources (disks, computers, cables, bridges, routers, etc.) yAbstract resources (information)

2 Security Requirements zData integrity - protecting information from unauthorized change. zData availability - guaranteeing that outsiders cannot prevent legitimate data access. zConfidentiality/Privacy - preventing unauthorized listening.

3 Security Requirements (contd..) zAuthentication - ensuring that a message indeed originated from its apparent source. zNon-repudiation - ensuring that a party to a transaction cannot subsequently deny that this transaction took place.

4 Internet Security Mechanisms zAuthentication Mechanisms: IP source authentication, Public key encryption zPrivacy Mechanism: Encryption zAccess Control Mechanisms: Internet firewall zAuthentication and privacy mechanisms can be added to application programs. Access control requires basic changes to Internet infrastructure.

5 IP Source Authentication zServer maintains a list of valid IP source addresses. zWeak because it can be broken easily. zAn imposter can gain control of an intermediate router and impersonate an authorized client. zAn imposter can also impersonate a server.

6 Public Key Encryption System zEach end-entity has a cryptographic key pair ya private key that is kept secret at that end- entity, and ya public key which is distributed. zKeys, which are large integers, are used to encode and decode messages. zA message encoded using one key can be decoded using the other.

7 Public Key Encryption System (contd.) zMessage encrypted by a public key can only be decrypted by the holder of the corresponding private key. zPrivate key can be used to generate a digital signature and anyone knowing the public key can authenticate it. zGuessing or calculating the secret private key is an extremely difficult task.

8 Public Key Encryption System (contd.) zPublic key encryption scheme can also handle the problem of privacy. zSender uses the receiver’s public key to encode the message. Receiver uses it’s private key to decode the message. zMessages can be encoded twice to authenticate the sender and to enforce privacy. First with the sender’s private key and then with the receiver’s public key.

9 Certificates and Certification Authorities zTo ensure authenticity, public keys are generally distributed in the form of certificates. zA certificate contains ya public key value yidentity of the holder of the corresponding private key ydigital signature of the certification authority (CA)

10 Certificates and Certification Authorities (contd.) zA CA is a trusted party whose public key is known, e.g., VeriSign, Inc. zThe recipient uses the public key of the CA, to decrypt the sender's public key in the certificate. zThe most vulnerable part of this method is the CA’s private key, which is used to digitally sign the certificate.

11 SSL Handshake z ClientKeyExchange A random challenge, encrypted with the server’s public key Certificate Server sends its certificate ServerHello Server selects a cipher suite, usually RSA ClientHello A list of cipher suites supported CLIENTSERVER HTTP communication begins over the secure channel Messages exchanged in a typical SSL handshake Source: Abbott, S. 1999. The Debate for Secure E-Commerce. Performance Computing, February 1999, p.p.. 37-42.

12 Secure Sockets Layer (SSL) zThe leading security protocol on the internet. Developed by Netscape. zAt the start of an SSL session, the browser sends its public key to the server. zServer uses the browser’s public key to encrypt a secret key and sends it to the browser. zDuring the session, the server and browser exchange data via secret key encryption.

13 SSL (contd.) zSSL has merged with other protocols and authentication methods to create a new protocol known as Transport Layer Security (TLS). zTypically only server authentication is done. Authentication of browser’s (user’s) identity requires certificates to be issued to users.

14 Internet Firewalls zFirewall protects an organization’s internal networks, routers, computers, and data against unauthorized access. zSecurity perimeter involves installing a firewall at each external connection. zFor effective control all firewalls must use exactly the same access restrictions.

15 Internet Firewall Implementation zA firewall must handle datagrams at the same speed as the connection to the outside world. zTo operate at network speeds, routers include a high-speed filtering mechanism. zFilters form the basic building blocks of a firewall.

16 Packet Filters zProvides a basic level of network security at the IP level. zFiltering is based on any combination of source IP address, destination IP address, protocol, source protocol port number, and destination protocol port number. zPacket filters do not maintain context or understand the application they are dealing with.

17 Packet Filters zSpecifying the datagrams that should be filtered is not very effective. zInstead we specify which datagrams to admit. zSecurity concerns yIP spoofing (mimicing IP addresses of trusted machines) yIP tunneling (one datagram is temporarily encapsulated in another)

18 Packet Filters z“If an organization’s firewall restricts incoming datagrams except for ports that correspond to services the organization makes available externally, an arbitrary application inside the organization cannot become a client of a server outside the organization.” (Comer, 1995)

19 Proxy Firewalls zMost secure form of firewall zAll incoming traffic is tunneled to the appropriate proxy gateway for mail, HTTP, FTP, etc. zProxies then direct the information to the internal network. zProxies are applications that make decisions based on context, authorization, & authentication rules instead of IP addresses.

20 Proxy Firewalls (contd.) zProxy firewall operates at the highest level of the protocol stack. zProxies are relays between the Internet and the organization’s private network. zProxy’s firewall address is the only one available to the outside world. zSome firewalls combine router and proxy techniques to provide more security.

Download ppt "Network/Information Security z“The terms network security and information security refer in a broad sense to confidence that information and services available."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security

Cryptography and Network Security
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

Similar presentations

Ads by Google