Chapter 40 Network Security (Access Control, Encryption, Firewalls)

Slides:



Advertisements
Similar presentations
Internetworking II: MPLS, Security, and Traffic Engineering
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
HIPAA Security Standards What’s happening in your office?
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
K. Salah1 Security Protocols in the Internet IPSec.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Virtual Private Network
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
© MMII JW RyderCS 428 Computer Networking1 Private Network Interconnection  VPN - Virtual Private Networks  NAT - Network Address Translation  Describe.
Chapter 13 – Network Security
World Wide Web Hypertext model Use of hypertext in World Wide Web (WWW) WWW client-server model Use of TCP/IP protocols in WWW.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Private Network Interconnection Chapter 20. Introduction Privacy in an internet is a major concern –Contents of datagrams that travel across the Internet.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Network Security David Lazăr.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 14 Network Security: Firewalls and VPNs.
Internet Protocol: Routing IP Datagrams Chapter 8.
Internet Security and Firewall Design Chapter 32.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
K. Salah1 Security Protocols in the Internet IPSec.
Virtual Private Network (VPN) 1. A corporation with multiple geographic sites can use one of two approaches to building a corporate intranet. – Private.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
IPSec Detailed Description and VPN
IPSecurity.
Virtual Private Networks
What is a Firewall?.
Security Protocols in the Internet
Firewalls Routers, Switches, Hubs VPNs
NET 536 Network Security Lecture 5: IPSec and VPN
Firewalls Jiang Long Spring 2002.
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
Topic 12: Virtual Private Networks
Lecture 36.
Lecture 36.
Presentation transcript:

Chapter 40 Network Security (Access Control, Encryption, Firewalls)

2 Secure Networks  Secure network is not an absolute term  Need to define security policy for organization  Network security policy cannot be separated from security policy for attached computers  Costs and benefits of security policies must be assessed

3 Network Security Policy Devising a network security policy can be complex because a rational policy requires an organization to assess the value of information. The policy must apply to information stored in computers as well as to information traversing a network.

4 Aspects of Security  Data integrity  Data availability  Data confidentiality  Privacy

5 Responsibility and Control  Accountability: how an audit trail is kept  Authorization: who is responsible for each item and how is responsibility delegated to others

6 Integrity Mechanisms  Techniques to ensure integrity  Parity bits  Checksums  CRCs  These cannot guarantee data integrity (e.g., against intentional change  Use of message authentication code (MAC) that cannot be broken or forged

7 Access Control and Passwords  Passwords used to control access  Over a network, passwords susceptible to snooping

8 Encryption and Confidentiality  To ensure confidentiality of a transmitted message, use encryption  Secret key or public key schemes encryptiondecryption message m Secret key S

9 Public Key Cryptosystem  Each processor has private key S and public key P  S is kept secret, and cannot be deduced from P  P is made available to all processors  Encryption and decryption with S and P are inverse functions: P(S(m)) = m and S(P(m)) = m

10 Message Digest  Digest function maps arbitrary length message m to fixed length digest d(m)  One-way function: given d(m), can't find m  Collision-free: infeasible to generate m and m' such that d(m) = d(m')

11 Digital Signature  To sign message m, sender computes digest d(m)  Sender computes S(d(m)) and sends along with m  Receiver computes P(S(d(m))) = d(m)  Receiver computes digest of m and compares with result above; if match, signature is verified

12 Digital Signature

13 Internet Firewall  Protect an organization’s computers from internet problems (firewall between two structures to prevent spread of fire)

14 Internet Firewall  All traffic entering the organization passes through the firewall  All traffic leaving the organization passes through the firewall  The firewall implements the security policy and rejects any traffic that doesn’t adhere  The firewall must be immune to security attacks

15 Packet Filtering  Packet filter is embedded in router  Specify which packets can pass through and which should be blocked

16 Using Packet Filters to Create a Firewall  Three components in a firewall  Packet filter for incoming packets  Packet filter for outgoing packets  Secure computer system to run application-layer gateways or proxies

17 Virtual Private Networks  Two approaches to building corporate intranet for an organization with multiple sites:  Private network connections (confidential)  Public internet connections (low cost)  Virtual Private Network  Achieve both confidentiality and low cost  Implemented in software

18 Virtual Private Network  VPN software in router at each site gives appearance of a private network

19 Virtual Private Network  Obtain internet connection for each site  Choose router at each site to run VPN software  Configure VPN software in each router to know about the VPN routers at other sites  VPN software acts as a packet filter; next hop for outgoing datagram is another VPN router  Each outgoing datagram is encrypted

20 Tunneling  Desire to encrypt entire datagram so source and destination addresses are not visible on Internet  How can internet routers do proper forwarding?  Solution: VPN software encrypts entire datagram and places inside another for transmission  Called IP-in-IP tunneling (encapsulation)

21 Tunneling  Datagram from computer x at site 1 to computer y at site 2  Router R 1 on site 1 encrypts, encapsulates in new datagram for transmission to router R 2 on site 2

22 Summary  Security is desirable but must be defined by an organization  Assess value of information and define a security policy  Aspects to consider include privacy and data integrity, availability, and confidentiality

23 Summary (continued)  Mechanisms to provide aspects of security  Encryption: secret and public key cryptosystems  Firewalls: packet filtering  Virtual private networks  Use Internet to transfer data among organization’s sites but ensure that data cannot be read by others

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.