Presentation is loading. Please wait.

Presentation is loading. Please wait.

校園網絡的保安與管理 School network – security and management Prof. P.C. Wong 黃寶財教授 The Chinese University of Hong Kong Tel: 2892-1722, Fax: 2892-1733

Published byJack Lyons Modified over 9 years ago

Similar presentations

Presentation on theme: "校園網絡的保安與管理 School network – security and management Prof. P.C. Wong 黃寶財教授 The Chinese University of Hong Kong Tel: 2892-1722, Fax: 2892-1733"— Presentation transcript:

1 校園網絡的保安與管理 School network – security and management Prof. P.C. Wong 黃寶財教授 The Chinese University of Hong Kong Tel: 2892-1722, Fax: 2892-1733 Email: pcwong@hkedcity.net

2 Page 2 IT Room PCs School Network Modem RouterFirewall Internet ISP Teacher LAN Student LAN Proxy File Intranet Video Switch

3 Page 3 Why network security? WAN (routing) LAN (switching) 101101001 zYour network is connected to the whole world. router

4 Page 4 What problem? zDenial of Service (DoS)  Ping of death, UDP floods, mail bomb zExploitation attack  Password guessing, trojan horse (netbus, backorifice), buffer overruns zInformation Gathering attacks  Address scanning, port scanning, finger, etc. zDisinformation attacks  DNS cache pollution, forged email

5 Page 5 Routing Router Net 1 Net 2 202.45.191.1 137.189.96.210 Sophisticated forwarding Routing Table 1 2 1 A B C A C B

6 Page 6 Packet, Protocol, and Application IP TCP Web Server IP TCP Web Client 80 FTP server 21 Ethernet Internet Ethernet 1980 src/dest IP – 123.22.11.22 Protocol – TCP Client and dest ports dataheader 202.445.59.44134.5.6.3

7 Page 7 How a network application works? zHow a client knows where/what to call? zHow does a server know who is calling? zHow can a client have multiple calls to the same server application? zHow can multiple clients call the same server application? zAnswer: a pair of IP/ports  (Client IP, source port) (destination IP, destination port) (123.45.34.20, 1434) (202.45.183.3, 80) (133.99.33.21, 1999) (202.45.183.3, 80) (123.45.34.20, 2000) (202.45.183.3, 80)

8 Page 8 What security measures? zNetwork Partitioning zVirtual LAN (VLAN)Virtual LAN (VLAN) zFirewall - Packet FilteringFirewall - Packet Filtering zNAT – Network address translationNAT – Network address translation zProxy – Application filteringProxy – Application filtering zApplication Protection – Virus scanning, etc. zClient Protection – Browser security setting zPutting togetherPutting together

9 Page 9 虛擬網絡 (VLAN) Switch IT Room SAMS/Staff Segment Student Segment Teaching and Learning Servers Proxy/Web/Intranet, … VLAN A B C Back

10 Page 10 Firewall – a special 1:1 router Internet Digital Modem Router Firewall School LAN *Level of control/blocking Back

11 Page 11 Address 地址(真真假假) WAN LAN 192.168.1.3 123.34.33.44 202.34.30.3 275.3.44.5 192,168.1.2 NAT- network address translation Back

12 Page 12 Proxy – an application filter FW Internet Digital Modem Router Proxy School LAN * Web, Email, FTP Caching and Content filtering Back

13 Page 13 Putting together Internet Digital Modem Router/ NAT Firewall VLAN School Server Proxy student teacher

14 Page 14 A Floppy Firewall PC with 2 network cards Keyboard, monitor Floppy Advantages. Simple mgt. Robust/reliable. Low cost. Easy to support. But no DHCP DOS format Network config Firewall config

Download ppt "校園網絡的保安與管理 School network – security and management Prof. P.C. Wong 黃寶財教授 The Chinese University of Hong Kong Tel: 2892-1722, Fax: 2892-1733"

Similar presentations

Configuring Internet Access for a Network. Overview Options for Connecting a Network to the Internet Configuring Internet Access by Using a Router Configuring.

Configuring Internet Access for a Network. Overview Options for Connecting a Network to the Internet Configuring Internet Access by Using a Router Configuring.
Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview

Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
IS 247 Introduction to Web Application Development Tim Wu.

IS 247 Introduction to Web Application Development Tim Wu.
Small Office Service Serial Router Connects Internal Stations to Shared Broadband Access Service Small Office Serial Router Shared Broadband Line ISP.

Small Office Service Serial Router Connects Internal Stations to Shared Broadband Access Service Small Office Serial Router Shared Broadband Line ISP.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.

1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
Wi-Fi Structures.

Wi-Fi Structures.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Bob Baker Communications Bob Baker September 1999.

Bob Baker Communications Bob Baker September 1999.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
The Basics of Networking. Rick Graziani What is networking? Communication! An interconnection of computers and other devices: –Printers.

The Basics of Networking. Rick Graziani What is networking? Communication! An interconnection of computers and other devices: –Printers.
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 4: Networking and the Internet Computer Science: An Overview Tenth.

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 4: Networking and the Internet Computer Science: An Overview Tenth.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.

Similar presentations

Ads by Google