Sei sulla pagina 1di 28

PRESENTED BY : Anurag

Roll no:- 1703233

TOPIC : NETWORK SECURITY


Network Security is a set of rules and configurations
designed to protect the integrity, confidentiality and
accessibility of computer networks and data using
both software and hardware technologies.

Common Network Security Threats

• Malware
• Viruses
• Trojan Horse
• Worms
5

 Install a firewall

 Ensure proper access controls

 Use IDS/IPS to track potential packet floods

 Use network segmentation

 Use a virtual private network (VPN)

 Conduct proper maintenance


 Confidentiality

Only those who are supposed to access the data can access it.

 Integrity

The data that's there is only changed when it's


supposed to be.
 Authentication

You are who you say you are. While there can be various forms of
identification used, authentication is usually through a PIN like
your debit card uses or the login on your email account.

 Accounting

This means that everything you do is properly noted, and any


changes to data can be tied to a user account. To go back to the
debit card example, this would be your bank statement.
Advantages and Disadvantages of
Network Security.
Advantages of Network Security

 Protect data
As discussed, network security keeps a check on unauthorized access.
 Prevents cyber attack
Most of the attack on the network comes from internet.
 Levels of access
The security software gives different levels of access to different user.
 Centrally controlled
Unlike the desktop security software, the network security software is controlled by
a central user called network administrator.
 Costly set up
The set up of a network security system can be a bit expensive. Purchasing the software,
installing it etc. can become costly especially for smaller networks.
 Time consuming
The software installed on some networks is difficult to work with. It needs authentication
using two passwords to ensure double security which has to be entered every time you
edit a document.
 Requires skilled staff
To manage large networks is not an easy task. It requires highly skilled technicians who
can handle any security issue that arises.
 Careless Admin
When the best software is installed and everything required is done, it is natural for the
admin to be careless at times.
Applications and Example of
Network Security.

E-mail Security

Nowadays, e-mail has become very widely used network application. Through e-mail,
sending a message directly from the sender’s machine to the recipient’s machine.

o E-Mail Security Services:

• Confidentiality
• Authentication
• Integrity
• Proof of submission
• Proof of delivery
Examples of Network Security
Firewalls

One of the most basic and easily implemented methods of network security is the firewall.
A firewall can be either software based, such is what is provided with Windows, or
hardware based, such as a router. The basic idea behind a firewall is to allow authorized
access to a computer while blocking unauthorized access. This is accomplished by
configuring access conditions based on user defined rules, IP addresses, and port
accessibility
Definition - What does Internet Protocol Security
(IPsec) mean?

• Internet protocol security (IPsec) is a set of protocols


that provides security for Internet Protocol. It can use
cryptography to provide security. IPsec can be used for
the setting up of virtual private networks (VPNs) in a
secure manner.

Also known as IP Security.


IP SECURITY(functional areas)
Authentication- The authentication mechanism
ensures that the received packet was sent by the
identified source. It also assures that the packet has
not been altered in transit.

Confidentiality- The confidentiality facility enables


communicating nodes to encrypt messages to
prevent eavesdopping by third parties.

Key management- It is concerned with secure


exchange of keys
Uses of IP Security –
IPsec can be used to do the following things:

• To encrypt application layer data.


• To provide security for routers sending routing data across the public
internet.
• To provide authentication without encryption, like to authenticate that the
data originates from a known sender.
• To protect network data by setting up circuits using IPsec tunneling in
which all data is being sent between the two endpoints is encrypted, as
with a Virtual Private Network(VPN) connection.
Benefits of IPsec
Provides strong security when implemented in a
firewall or router that can be applied to all traffic
crossing the perimeter.
IPsec is resistant to bypass if all traffic from the
outside must use IP and the firewall is the only
way of entrance from the Internet into the
organization.
Is below transport layer, hence transparent to
applications.
Can be transparent to end users.
Can provide security for individual users if
needed.
IPSec Document Overview
Authentication Header

Provides support for data integrity and


authentication of IP packets.

Authentication is based on the use of a message


authentication code (MAC), hence the two parties
must share a secret key
The Authentication Header consists of the following
fields :
Next Header (8 bits): Identifies the type of header
immediately following this header.
Payload Length (8 bits): Length of Authentication
Header in 32-bit words, minus 2.
Reserved (16 bits): For future use.
Security Parameters Index (32 bits): Identifies a
security association.
Sequence Number (32 bits): A monotonically
increasing counter value
Authentication Data (variable): A variable-length field
(must be an integral number of 32-bit words) that
contains the Integrity Check Value (ICV), or MAC
Encapsulating Security Payload (ESP)
• provides message content
confidentiality & limited
• traffic flow confidentiality
• can optionally provide the same
authentication
• services as AH
• Because message authentication
is provided by
• ESP, the use of AH is deprecated
• supports range of ciphers,
modes, padding
The ESP consists of the following fields :

• Security Parameters Index (32 bits): Identifies a security association


• Sequence Number (32 bits): A monotonically increasing counter value; this
• provides an anti-replay function
• Payload Data (variable): This is a transport-level segment (transport mode) or
• IP packet (tunnel mode) that is protected by encryption
• Padding (0–255 bytes): for various reasons
• Pad Length (8 bits): Indicates the number of pad bytes immediately preceding
• this field
• Next Header (8 bits): Identifies the type of data contained in the payload data
• field by identifying the first header in that payload
• Integrity Check Value (variable): A variable-length field that contains the
• Integrity Check Value computed over the ESP packet minus the Authentication
• Data field
What is Cryptography
• Cryptography
– In a narrow sense
• Mangling information into apparent unintelligibility
• Allowing a secret method of un-mangling
– In a broader sense
• Mathematical techniques related to information security
• About secure communication in the presence of adversaries
• Cryptanalysis
– The study of methods for obtaining the meaning of encrypted information without accessing the
secret information
• Cryptology
– Cryptography + cryptanalysis
What is Encryption / Decryption

Encryption –
◦ The process of converting plain text into an
unintelligible format (cipher text) is called
Encryption.
Decryption –
◦ The process of converting cipher text into a plain
text is called Decryption.
What are the Types of Cryptography

• Symmetric Key Cryptography


(Secret Key Cryptography)

• ◦ Same Key is used by


both parties
• Advantages
• 1. Simpler and Faster
• Disadvantages
• 1. Less Secured
What are the Types of Cryptography

• Asymmetric Key Cryptography


(Public Key Cryptography)
• ◦ 2 different keys are used
• ◦ Users get the Key from
an Certificate Authority
• Advantages
• 1. More Secured
• 2. Authentication
• Disadvantages
• 1. Relatively Complex
IPV4 vs IPV6
DIfference
IPV6

• 1 Version (4-bits): It represents the version of Internet Protocol, i.e. 0110.

• 2 Traffic Class (8-bits): These 8 bits are divided into two parts. The most significant 6 bits are used for
Type of Service to let the Router Known what services should be provided to this packet. The least significant 2
bits are used for Explicit Congestion Notification (ECN).

• 3 Flow Label (20-bits): This label is used to maintain the sequential flow of the packets belonging to a
communication. The source labels the sequence to help the router identify that a particular packet belongs to a
specific flow of information. This field helps avoid re-ordering of data packets. It is designed for streaming/real-
time media.
• 4.Payload Length (16-bits): This field is used to tell the routers how much information a particular
packet contains in its payload. Payload is composed of Extension Headers and Upper Layer data.
With 16 bits, up to 65535 bytes can be indicated; but if the Extension Headers contain Hop-by-Hop
Extension Header, then the payload may exceed 65535 bytes and this field is set to 0.

• 5 Next Header (8-bits): This field is used to indicate either the type of Extension Header, or if
the Extension Header is not present then it indicates the Upper Layer PDU. The values for the type
of Upper Layer PDU are same as IPv4’s.

• 6 Hop Limit (8-bits): This field is used to stop packet to loop in the network infinitely. This is
same as TTL in IPv4. The value of Hop Limit field is decremented by 1 as it passes a link
(router/hop). When the field reaches 0 the packet is discarded.

• 7 Source Address (128-bits): This field indicates the address of originator of the packet.

• 8 Destination Address (128-bits): This field provides the address of intended recipient of the
packet.