1 12/07/21 ms

SEMINAR
ON
NETWORK SECURITY

Sachin padiyar 07-538

Hemant jain 07-522
Harshad kamble 07-527

2 12/07/21 ms
 Presentation Content

• Introduction
• What is Internet?
• What do we need to protect?
• Threat Motivation
• Attack Types
• Security Objectives
• Security mechanisms

3 12/07/21 ms
 INTRODUCTION
Network Security refers to any activities
designed to protect your network.
Specifically, these activities protect :
• Usability
• Reliability
• Integrity
• Safety
of your network and data.

4 12/07/21 ms
 What is Internet?

• The Internet is a worldwide IP network,

that links collection of different
networks from various sources,
governmental, educational and
commercial.

5 12/07/21 ms
 What do we need to protect

• Data
• Resources
• Reputation

6 12/07/21 ms
 Threat Motivation

• Spy
• Joyride
• Ignorance
• Revenge
• Greed
• Terrorist

7 12/07/21 ms
 TYPES OF NETWORK SECURITY

CLIENT-SERVER DATA & TRANSACTION

SECURITY SECURITY

8 12/07/21 ms
 TYPES OF NETWORK SECURITY
CLIENT-SERVER
 SECURITY
Uses various authorization method to make
sure that only valid users and programs have
access to information resources.
DATA & TRANSACTION SECURITY
 It ensure privacy and confidentiality in
electronic messages & data packets including
the authentication of remote users in network
transaction .
9 12/07/21 ms
 PROBLEMS OF CLIENT-
SERVER SECURITY NETWORK
• PHYSICAL
SECURITY HOLES

• SOFTWARE
SECURITY HOLES

• INCONSISTENT
SECURITY HOLES

10 12/07/21 ms
 ITS PROTECTION METHODS

• TRUST BASED SECURITY

• PASSWORD SCHEMES

• BIOMETRIC SYSTEMS

11 12/07/21 ms
 EMERGING CLIENT-SERVER
THREATS

• SOFTWARE AGENTS &

MALICIOUS CODE
 VIRUSES
TROJAN HORSES
WORMS

hackers

12 12/07/21 ms
 Types of hackers

• Passive

• Active

13 12/07/21 ms
 PASSIVE hackers

A passive intruders attempts to learn or make use of

information from the system but doesn't effect system
resources

ACTIVE hackers

An active intruders attempts to change system

resources which can have effect on their operation.

14 12/07/21 ms
 Security Objectives
• Identification
• Authentication
• Authorization
• Access Control
• Data Integrity
• Confidentiality
• Non-repudiation

15 12/07/21 ms
16 12/07/21 ms
 Identification
• Something which uniquely identifies a
user and is called UserID.
• Sometime users can select their ID as
long as it is given too another user.
• UserID can be one or combination of
the following:
– User Name
– User Student Number

17 12/07/21 ms
 Authentication
• The process of verifying the identity of
a user
• Typically based on
– Something user knows
• Password
– Something user have
• Key, smart card, disk, or other device
– Something user is
• fingerprint, voice, or retinal scans

18 12/07/21 ms
 • Authentication procedure
– Two-Party Authentication
• One-Way Authentication
• Two-Way Authentication
– Third-Party Authentication
• Kerberos
• X.509
– Single Sign ON
• User can access several network resources
by logging on once to a security system.

19 12/07/21 ms
 C lie n t S e rv e r

U se rID & P a ssw o rd

O n e -w a y A u th e n tic a tio n

A u th e n tic a te d

S e rv e rID &
T w o -w a y A u th e n tic a tio n
P a ssw o rd

A u th e n tic a te d

T w o - P a r ty A u th e n tic a tio n s

20 12/07/21 ms
 S e c u r ity S e r v e r

Se
d
or

rv
sw

er
as

ID
ed
,P

,P
at
ID

as
Au
ic
nt

sw
th
nt
ie

e
e

or
nt
Cl

th

d
ic
Au

at
ed
Exchange Keys
C lie n t S e rv e r
E x c h a n g e D a ta

T h ir d -P a r ty A u th e n tic a tio n s

21 12/07/21 ms
 Authorization

• The process of assigning access right

to user

22 12/07/21 ms
 Access Control
• The process of enforcing access right
• and is based on following three entities
– Subject
• is entity that can access an object
– Object
• is entity to which access can be controlled
– Access Right
• defines the ways in which a subject can
access an object.

23 12/07/21 ms
 • Access Control is divided into two
– Discretionary Access Control (DAC)
• The owner of the object is responsible for
setting the access right.
– Mandatory Access Control (MAC)
• The system defines access right based on
how the subject and object are classified.

24 12/07/21 ms
 Data Integrity.

• Assurance that the data that

arrives is the same as when it was
sent.

25 12/07/21 ms
 Confidentiality

• Assurance that sensitive

information is not visible to an
eavesdropper. This is usually
achieved using encryption.

26 12/07/21 ms
 Non-repudiation

• Assurance that any transaction

that takes place can subsequently
be proved to have taken place.
Both the sender and the receiver
agree that the exchange took
place.

27 12/07/21 ms
28 12/07/21 ms
 Security Mechanisms

• Web Security
• Cryptographic techniques
• Digital Signature
• Internet Firewalls

29 12/07/21 ms
 Web Security

• Basic Authentication
• Secure Socket Layer (SSL)

30 12/07/21 ms
 Basic Authentication

A simple user ID and password-based

authentication scheme, and provides the
following:
– To identify which user is accessing the server
– To limit users to accessing specific pages
(identified as Universal Resource Locators, URLs

31 12/07/21 ms
 Secure Socket Layer (SSL)

• Netscape Inc. originally created the SSL protocol, but

now it is implemented in World Wide Web browsers and
servers from many vendors. SSL provides the following
- Confidentiality through an encrypted connection based on
symmetric keys
- Authentication using public key identification and verification
- Connection reliability through integrity checking
• There are two parts to SSL standard, as follows:
 The SSL Handshake is a protocol for initial authentication and
transfer of encryption keys.
 The SSL Record protocol is a protocol for transferring encrypted
data

32 12/07/21 ms
 CRYPTOGRAPHY
Cryptography refers to the science and art of transforming
messages to make them secure and immune to attacks.

33 12/07/21 ms
 Digital Signature

Digital Signatures is
cryptographic mechanisms
that perform a similar
function to a written
signature. It is used to verify
the originator and contents of
the message .

34 12/07/21 ms
 Internet Firewall
• A firewall is to control traffic flow between
networks.
• Firewall uses the following techniques:
– Packet Filters
– Application Proxy
– Secure Tunnel
– Screened Subnet Architecture

35 12/07/21 ms
 Packet Filtering
• Most commonly used firewall technique
• Operates at IP level
• Checks each IP packet against the filter rules
before passing (or not passing) it on to its
destination.
• Very fast than other firewall techniques
• Hard to configure

36 12/07/21 ms
 Packet
N o n -S e c u re S e c u re
F ilte r in g
N e tw o rk N e tw o rk
S e rv e r

37 12/07/21 ms
 Application Proxy
• Application Level Gateway
• The communication steps are as follows
– User connects to proxy server
– From proxy server, user connects to destination
server
• Proxy server can provide
– Content Screening
– Logging
– Authentication

38 12/07/21 ms
 N o n -S e c u re T e ln e td T e ln e t S e c u re
T e ln e t T e ln e td
N e tw o rk N e tw o rk

P o rx y S e rv e r

39 12/07/21 ms
 Secure IP Tunnel

• A secure channel between the secure network

and an external trusted server through a non-
secure network (e.g., Internet)
• Encrypts the data between the Firewall and the
external trusted host
• Also identifies of the session partners and the
messages authenticity

40 12/07/21 ms
 Screened Subnet Architecture

• The DMZ (perimeter network) is set up

between the secure and non-secure networks

• It is accessible from both networks and

contains machines that act as gateways for
specific applications

41 12/07/21 ms
 Firewall Conclusion
• Not the complete answer
• The fox is inside the henhouse
• Host security + User education
• Cannot control back door traffic
• any dial-in access
• Management problems
• Cannot fully protect against new viruses
• Antivirus on each host Machine
• Needs to be correctly configured
• The security policy must be enforced

42 12/07/21 ms
43 12/07/21 ms