Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SEMINAR
ON
NETWORK SECURITY
2 12/07/21 ms
Presentation Content
• Introduction
• What is Internet?
• What do we need to protect?
• Threat Motivation
• Attack Types
• Security Objectives
• Security mechanisms
3 12/07/21 ms
INTRODUCTION
Network Security refers to any activities
designed to protect your network.
Specifically, these activities protect :
• Usability
• Reliability
• Integrity
• Safety
of your network and data.
4 12/07/21 ms
What is Internet?
5 12/07/21 ms
What do we need to protect
• Data
• Resources
• Reputation
6 12/07/21 ms
Threat Motivation
• Spy
• Joyride
• Ignorance
• Revenge
• Greed
• Terrorist
7 12/07/21 ms
TYPES OF NETWORK SECURITY
8 12/07/21 ms
TYPES OF NETWORK SECURITY
CLIENT-SERVER
SECURITY
Uses various authorization method to make
sure that only valid users and programs have
access to information resources.
DATA & TRANSACTION SECURITY
It ensure privacy and confidentiality in
electronic messages & data packets including
the authentication of remote users in network
transaction .
9 12/07/21 ms
PROBLEMS OF CLIENT-
SERVER SECURITY NETWORK
• PHYSICAL
SECURITY HOLES
• SOFTWARE
SECURITY HOLES
• INCONSISTENT
SECURITY HOLES
10 12/07/21 ms
ITS PROTECTION METHODS
• PASSWORD SCHEMES
• BIOMETRIC SYSTEMS
11 12/07/21 ms
EMERGING CLIENT-SERVER
THREATS
hackers
12 12/07/21 ms
Types of hackers
• Passive
• Active
13 12/07/21 ms
PASSIVE hackers
ACTIVE hackers
14 12/07/21 ms
Security Objectives
• Identification
• Authentication
• Authorization
• Access Control
• Data Integrity
• Confidentiality
• Non-repudiation
15 12/07/21 ms
16 12/07/21 ms
Identification
• Something which uniquely identifies a
user and is called UserID.
• Sometime users can select their ID as
long as it is given too another user.
• UserID can be one or combination of
the following:
– User Name
– User Student Number
17 12/07/21 ms
Authentication
• The process of verifying the identity of
a user
• Typically based on
– Something user knows
• Password
– Something user have
• Key, smart card, disk, or other device
– Something user is
• fingerprint, voice, or retinal scans
18 12/07/21 ms
• Authentication procedure
– Two-Party Authentication
• One-Way Authentication
• Two-Way Authentication
– Third-Party Authentication
• Kerberos
• X.509
– Single Sign ON
• User can access several network resources
by logging on once to a security system.
19 12/07/21 ms
C lie n t S e rv e r
O n e -w a y A u th e n tic a tio n
A u th e n tic a te d
S e rv e rID &
T w o -w a y A u th e n tic a tio n
P a ssw o rd
A u th e n tic a te d
T w o - P a r ty A u th e n tic a tio n s
20 12/07/21 ms
S e c u r ity S e r v e r
Se
d
or
rv
sw
er
as
ID
ed
,P
,P
at
ID
as
Au
ic
nt
sw
th
nt
ie
e
e
or
nt
Cl
th
d
ic
Au
at
ed
Exchange Keys
C lie n t S e rv e r
E x c h a n g e D a ta
T h ir d -P a r ty A u th e n tic a tio n s
21 12/07/21 ms
Authorization
22 12/07/21 ms
Access Control
• The process of enforcing access right
• and is based on following three entities
– Subject
• is entity that can access an object
– Object
• is entity to which access can be controlled
– Access Right
• defines the ways in which a subject can
access an object.
23 12/07/21 ms
• Access Control is divided into two
– Discretionary Access Control (DAC)
• The owner of the object is responsible for
setting the access right.
– Mandatory Access Control (MAC)
• The system defines access right based on
how the subject and object are classified.
24 12/07/21 ms
Data Integrity.
25 12/07/21 ms
Confidentiality
26 12/07/21 ms
Non-repudiation
27 12/07/21 ms
28 12/07/21 ms
Security Mechanisms
• Web Security
• Cryptographic techniques
• Digital Signature
• Internet Firewalls
29 12/07/21 ms
Web Security
• Basic Authentication
• Secure Socket Layer (SSL)
30 12/07/21 ms
Basic Authentication
31 12/07/21 ms
Secure Socket Layer (SSL)
32 12/07/21 ms
CRYPTOGRAPHY
Cryptography refers to the science and art of transforming
messages to make them secure and immune to attacks.
33 12/07/21 ms
Digital Signature
Digital Signatures is
cryptographic mechanisms
that perform a similar
function to a written
signature. It is used to verify
the originator and contents of
the message .
34 12/07/21 ms
Internet Firewall
• A firewall is to control traffic flow between
networks.
• Firewall uses the following techniques:
– Packet Filters
– Application Proxy
– Secure Tunnel
– Screened Subnet Architecture
35 12/07/21 ms
Packet Filtering
• Most commonly used firewall technique
• Operates at IP level
• Checks each IP packet against the filter rules
before passing (or not passing) it on to its
destination.
• Very fast than other firewall techniques
• Hard to configure
36 12/07/21 ms
Packet
N o n -S e c u re S e c u re
F ilte r in g
N e tw o rk N e tw o rk
S e rv e r
37 12/07/21 ms
Application Proxy
• Application Level Gateway
• The communication steps are as follows
– User connects to proxy server
– From proxy server, user connects to destination
server
• Proxy server can provide
– Content Screening
– Logging
– Authentication
38 12/07/21 ms
N o n -S e c u re T e ln e td T e ln e t S e c u re
T e ln e t T e ln e td
N e tw o rk N e tw o rk
P o rx y S e rv e r
39 12/07/21 ms
Secure IP Tunnel
40 12/07/21 ms
Screened Subnet Architecture
41 12/07/21 ms
Firewall Conclusion
• Not the complete answer
• The fox is inside the henhouse
• Host security + User education
• Cannot control back door traffic
• any dial-in access
• Management problems
• Cannot fully protect against new viruses
• Antivirus on each host Machine
• Needs to be correctly configured
• The security policy must be enforced
42 12/07/21 ms
43 12/07/21 ms