Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become weird", an increasing number of people need to understand the basics of security in national world.
What is Security
Dictionary.com says:
1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.
etc.
Protect vital information while still allowing access to those who need it
Trade secrets, medical records, etc.
History
For a long time network security implied cryptography to the R&D community (50-90). Internet arrived with Web-browser and email and the venerated Firewall and Virus Scanner appeared ( circa 1995).
The first Internet virus is Morris Worm in 1988. FW in late 80s (accredited to Steve Bellovin). Trusted Information Systems (TIS) Firewall Toolkit (FWTK) 10/1/1993. Checkpoint FW-1 in 1994. McAfee Pro-scan 1990.
IPSec and SSL standardized (circa 1998). Then Spam Filters, IDS and IPS. AES standardized (2001), 3DES (1999), DES (1977). WiFi WEP debacle prompted 802.11i (circa 2004) . SHA-1 broken ? (2005).
Who is vulnerable?
Financial institutions and banks Internet service providers Pharmaceutical companies Government and defense agencies Contractors to various government agencies Multinational corporations ANYONE ON THE NETWORK
Denial of Service
Ingress filtering, IDS
TCP hijacking
IPSec
Packet sniffing
Encryption (SSH, SSL, HTTPS)
Social problems
Education
Firewalls
Basic problem many network applications and protocols have security problems that are fixed over time
Difficult for users to keep up with changes and keep host secure Solution
Administrators limit access to end hosts by using a firewall Firewall is kept up-to-date by administrators
Firewalls
Firewalls
Internet
DMZ
Web server, email server, web proxy, etc
Firewall
Firewall
Intranet
Intrusion Detection
Intrusion Detection
Example
IRIX vulnerability in webdist.cgi
Can make a rule to drop packets containing the line
/cgi-bin/webdist.cgi?distloc=?;cat%20/etc/passwd
However, IDS is only useful if contingency plans are in place to curb attacks as they are occurring
Social Problems
So, the best that can be done is to implement a wide variety of solutions and more closely monitor who has access to what network resources and information
But, this solution is still not perfect
Conclusion
Network Security, Information Security, is a very vibrant area - many players selling many products and services ( eerily similar to 1999). Overheard information security is a eternal gold mine. Network Security is the authorization of access to data in a network. Security is involved in organization, enterprises and all other institutions.