SlideShare a Scribd company logo

Lecture 07 networking

Download as PPTX, PDF
HNDE Labuduwa Galle
HNDE Labuduwa Galle

This document discusses network security standards organizations like NIST and ISO, as well as key security concepts like threats, attacks, security services, and security mechanisms. It provides examples of cryptographic techniques like symmetric and public key encryption. It also summarizes standards for wireless security under IEEE 802.11i and the use of firewalls to filter network traffic and protect sites.

Related slideshows

Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Data Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallData Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed Firewall
 
Ch16
Ch16Ch16
Ch16
 
1 of 26
NETWORK SECURITY Lecture - 07
STANDARDS ORGANIZATIONS National Institute of Standards & Technology (NIST) Internet Society (ISOC) International Telecommunication Union Telecommunication Standardization Sector (ITU-T) International Organization for Standardization (ISO)
PROBLEM Computer networks are typically a shared resource used by many applications representing different interests. The Internet is particularly widely shared, being used by competing businesses, mutually antagonistic governments, and opportunistic criminals. Unless security measures are taken, a network conversation or a distributed application may be compromised by an adversary.
COMPUTER SECURITY the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)
KEY SECURITY CONCEPTS
LEVELS OF IMPACT can define 3 levels of impact from a security breach Low Moderate High
ASPECTS OF SECURITY consider 3 aspects of information security:  security attack  security mechanism  security service Terms in security  threat – a potential for violation of security  attack – an assault on system security, a deliberate attempt to evade security services
PASSIVE ATTACKS
ACTIVE ATTACKS
SECURITY SERVICE enhance security of data processing systems and information transfers of an organization intended to counter security attacks using one or more security mechanisms often replicates functions normally associated with physical documents which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed
SECURITY SERVICES X.800: “a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers” RFC 2828: “a processing or communication service provided by a system to give a specific kind of protection to system resources”
SECURITY MECHANISM feature designed to detect, prevent, or recover from a security attack no single mechanism that will support all services required however one particular element underlies many of the security mechanisms in use: cryptographic techniques
MODEL FOR NETWORK SECURITY
MODEL FOR NETWORK SECURITY  using this model requires us to: 1. design a suitable algorithm for the security transformation 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information 4. specify a protocol enabling the principals to use the transformation and secret information for a security service
MODEL FOR NETWORK ACCESS SECURITY
CRYPTOGRAPHIC BUILDING BLOCKS Symmetric-key encryption and decryption
CRYPTOGRAHIC BUILDING BLOCKS Encryption transforms a message in such a way that it becomes unintelligible to any party that does not have the secret of how to reverse the transformation. The sender applies an encryption function to the original plaintext message, resulting in a cipher text message that is sent over the network. The receiver applies a secret decryption function–the inverse of the encryption function–to recover the original plaintext.
CRYPTOGRAPHIC BUILDING BLOCKS Symmetric Key Ciphers both participants in a communication share the same key. if a message is encrypted using a particular key, the same key is required for decrypting the message.
CRYPTOGRAPHIC BUILDING BLOCKS Public-key encryption
CRYPTOGRAPHIC BUILDING BLOCKS Authentication using public keys
EXAMPLE SYSTEMS Secure Shell (SSH) Using SSH port forwarding to secure other TCP-based
WIRELESS SECURITY (IEEE 802.11I) The IEEE 802.11i standard provides authentication, message integrity, and confidentiality to 802.11 (Wi-Fi) at the link layer. WPA2 (Wi-Fi Protected Access 2) is often used as a synonym for 802.11i, although it is technically a trademark of The Wi-Fi Alliance that certifies product compliance with 802.11i. 802.11i authentication supports two modes. In either mode, the end result of successful authentication is a shared Pairwise Master Key. Personal mode, also known as Pre-Shared Key (PSK) mode, provides weaker security but is more convenient and economical for situations like a home 802.11 network. The wireless device and the Access Point (AP) are preconfigured with a shared passphrase—essentially a very long password—from with the Pairwise Master Key is cryptographically derived.
EXAMPLE SYSTEMS Wireless Security (IEEE 802.11i) Use of an Authentication Server in 802.11i
FIREWALLS A firewall is a system that typically sits at some point of connectivity between a site it protects and the rest of the network. It is usually implemented as an “appliance” or part of a router, although a “personal firewall” may be implemented on an end user machine. Firewall-based security depends on the firewall being the only connectivity to the site from outside; there should be no way to bypass the firewall via other gateways, wireless connections, or dial-up connections.
FIREWALLS Firewalls filter based on IP, TCP, and UDP information, among other things. They are configured with a table of addresses that characterize the packets they will, and will not, forward. Generally, each entry in the table is a 4-tuple:  It gives the IP address and TCP (or UDP) port number for both the source and destination.
FIREWALLS A firewall filters packets flowing between a site and the rest of the Internet

More Related Content

Lecture 07 networking

  • 2. STANDARDS ORGANIZATIONS National Institute of Standards & Technology (NIST) Internet Society (ISOC) International Telecommunication Union Telecommunication Standardization Sector (ITU-T) International Organization for Standardization (ISO)
  • 3. PROBLEM Computer networks are typically a shared resource used by many applications representing different interests. The Internet is particularly widely shared, being used by competing businesses, mutually antagonistic governments, and opportunistic criminals. Unless security measures are taken, a network conversation or a distributed application may be compromised by an adversary.
  • 4. COMPUTER SECURITY the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)
  • 6. LEVELS OF IMPACT can define 3 levels of impact from a security breach Low Moderate High
  • 7. ASPECTS OF SECURITY consider 3 aspects of information security:  security attack  security mechanism  security service Terms in security  threat – a potential for violation of security  attack – an assault on system security, a deliberate attempt to evade security services
  • 10. SECURITY SERVICE enhance security of data processing systems and information transfers of an organization intended to counter security attacks using one or more security mechanisms often replicates functions normally associated with physical documents which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed
  • 11. SECURITY SERVICES X.800: “a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers” RFC 2828: “a processing or communication service provided by a system to give a specific kind of protection to system resources”
  • 12. SECURITY MECHANISM feature designed to detect, prevent, or recover from a security attack no single mechanism that will support all services required however one particular element underlies many of the security mechanisms in use: cryptographic techniques
  • 14. MODEL FOR NETWORK SECURITY  using this model requires us to: 1. design a suitable algorithm for the security transformation 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information 4. specify a protocol enabling the principals to use the transformation and secret information for a security service
  • 15. MODEL FOR NETWORK ACCESS SECURITY
  • 17. CRYPTOGRAHIC BUILDING BLOCKS Encryption transforms a message in such a way that it becomes unintelligible to any party that does not have the secret of how to reverse the transformation. The sender applies an encryption function to the original plaintext message, resulting in a cipher text message that is sent over the network. The receiver applies a secret decryption function–the inverse of the encryption function–to recover the original plaintext.
  • 18. CRYPTOGRAPHIC BUILDING BLOCKS Symmetric Key Ciphers both participants in a communication share the same key. if a message is encrypted using a particular key, the same key is required for decrypting the message.
  • 21. EXAMPLE SYSTEMS Secure Shell (SSH) Using SSH port forwarding to secure other TCP-based
  • 22. WIRELESS SECURITY (IEEE 802.11I) The IEEE 802.11i standard provides authentication, message integrity, and confidentiality to 802.11 (Wi-Fi) at the link layer. WPA2 (Wi-Fi Protected Access 2) is often used as a synonym for 802.11i, although it is technically a trademark of The Wi-Fi Alliance that certifies product compliance with 802.11i. 802.11i authentication supports two modes. In either mode, the end result of successful authentication is a shared Pairwise Master Key. Personal mode, also known as Pre-Shared Key (PSK) mode, provides weaker security but is more convenient and economical for situations like a home 802.11 network. The wireless device and the Access Point (AP) are preconfigured with a shared passphrase—essentially a very long password—from with the Pairwise Master Key is cryptographically derived.
  • 23. EXAMPLE SYSTEMS Wireless Security (IEEE 802.11i) Use of an Authentication Server in 802.11i
  • 24. FIREWALLS A firewall is a system that typically sits at some point of connectivity between a site it protects and the rest of the network. It is usually implemented as an “appliance” or part of a router, although a “personal firewall” may be implemented on an end user machine. Firewall-based security depends on the firewall being the only connectivity to the site from outside; there should be no way to bypass the firewall via other gateways, wireless connections, or dial-up connections.
  • 25. FIREWALLS Firewalls filter based on IP, TCP, and UDP information, among other things. They are configured with a table of addresses that characterize the packets they will, and will not, forward. Generally, each entry in the table is a 4-tuple:  It gives the IP address and TCP (or UDP) port number for both the source and destination.
  • 26. FIREWALLS A firewall filters packets flowing between a site and the rest of the Internet