fundamental of network security
TRANSCRIPT
Seminar on
Fundamentals of Network Security
PRESENTED TO-Mr B. P. Dubey
PRESENTED BY-MANISH TIWARICS-BROLL NO-29
Introduction to Network Security
networks are used to transfer valuable and confidential information for a variety of purposes. As a consequence, they attract the attention of people who intend to steal or misuse information, or to disrupt or destroy the systems storing or communicating it.
Importance of Effective Network Security Strategies
Security breaches can be very expensive in terms of business disruption and the financial losses that may result.
Increasing volumes of sensitive information are transferred across the Internet or intranets connected to it.
Networks that make use of Internet links are becoming more popular because they are cheaper than dedicated leased lines. This, however, involves different users sharing Internet links to transport their data.
Directors of business organisations are increasingly required to provide effective information security.
Terminology about Data Storage, Processing or Transmission
Confidentiality Integrity of dataFreshness of dataAuthentication of the source of informationAvailability of network servicesPassive attackActive attack
Passive Attacks and Active Attacks
Principles of Encryption
Symmetric Key Systems
sharing a single secret key between the two communicating entities – this key is used for both encryption and decryption
Algorithm
DES (Data Encryptions Standard) Triple-DES (or 3DES) IDEA(International Data Encryption Algorithm) Blowfish RC2 (Rivest cipher no. 2) RC4 (Rivest cipher no. 4)
Asymmetric key Systems
Algorithm
RSA (named after its creators–Rivest, Shamir and Adleman) DSS (Digital Signature Standard)
Vulnerability to attack
Cryptanalysis is the science of breaking a cipher without knowledge of the key (and often the algorithm) used. Its goal is either to recover the plaintext of the message or to deduce the decryption key so that other messages encrypted with the same key can be decrypted.
• brute force attack• one-time pad
Implementing Encryption in Networks
Link layer Encryption
Packets are encrypted when they leave a node and decrypted when they enter a node.
Link Layer Encryption
End-to-end Encryption
Network layer encryption Application Layer Encryption
Network layer Encryption
normally implemented between specific source and destination nodes as identified, for example, by IP addresses.
Network Layer Encryption
Application Layer Encryption
end-to-end security is provided at a user level by encryption applications. Examples of application layer encryption are
S/MIME (secure/multipurpose internet mail extensions), S-HTTP (secure hypertext transfer protocol), PGP (Pretty Good Privacy) MSP (message security protocol)
Application Layer Encryption
Hash Values
A common use of a hash value is the storage of passwords on a computer system. If the passwords are stored in the clear, anyone gaining unlawful access to the computer files could discover and use them.
Algorithm
MD5 SHA (secure hash algorithm)
Access Control
Password Firewalls packet-filtering routers application level gateways circuit level gateways
Firewalls
Firewalls play an important role in restricting and controlling access to networks.
Packet-filtering Router
A packet-filtering router either blocks or passes packets presented to it according to a set of filtering rules.
Filtering rules are based on various features.
the packet header information, e.g. IP source and destination addresses
the encapsulated protocol being used, e.g. TCP or UDP, ICMP or IP
the transport layer source and destination ports
the incoming and outgoing interfaces for the packet.
Application Level Gateways
Implemented through a proxy server, which acts as an intermediary between a client and a server .
Circuit Level Gateways
checks the validity of connections at the transport layer against a table of allowed connections, before a session can be opened and data exchanged.
work at the session layer of the OSI model.
Bibliography Halsall, F. (2001) Multimedia Communications, Addison Wesley. ITU-T X.509 (2000) Information Technology – Open Systems Interconnection – The
Directory: Public-Key and Attribute Certificate Frameworks, International Telecommunication Union.
King, T. and Newson, D. (1999) Data Network Engineering, Kluwer. Peterson, L. L. and Davie, B. S. (1996) Computer Networks: A Systems Approach, Morgan
Kaufmann. RFC 2401 (1998) Security Architecture for the Internet Protocol, Kent, S., Atkinson, R. Anderson, R. (2001) Security Engineering: A Guide to Building Dependable Distributed
Systems, Wiley. BS 7799-2 (2002) Information Security Management Systems – Specification with Guidance
for Use, British Standards Institution http://www.open.edu http://www.alison.com http://www.iana.org/assignments/port-numbers
Thank you