Chapter 37. Secure Networks



Similar documents
Cornerstones of Security

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Chapter 10. Network Security

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Security Technology: Firewalls and VPNs

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Client Server Registration Protocol

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Firewalls, Tunnels, and Network Intrusion Detection

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

High Performance VPN Solutions Over Satellite Networks

Chapter 32 Internet Security

Overview. Protocols. VPN and Firewalls

Security: Focus of Control. Authentication

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Chapter 9. IP Secure

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering

Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

Firewalls (IPTABLES)

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

VPN. Date: 4/15/2004 By: Heena Patel

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

CISCO IOS NETWORK SECURITY (IINS)

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

CS 494/594 Computer and Network Security

CRYPTOGRAPHY IN NETWORK SECURITY

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Security Policy Revision Date: 23 April 2009

Overview. SSL Cryptography Overview CHAPTER 1

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Internet Privacy Options

Network Security Technology Network Management

Introduction to Computer Security

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Security vulnerabilities in the Internet and possible solutions

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Raptor Firewall Products

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

21.4 Network Address Translation (NAT) NAT concept

Network Security Topologies. Chapter 11

Firewall Environments. Name

Network Services Internet VPN

"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"

Multimedia Networking and Network Security

Fig : Packet Filtering

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Network Security. Raj Jain. The Ohio State University. Columbus, OH Raj Jain 31-1

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Introduction to Security and PIX Firewall

Technical White Paper BlackBerry Security

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Site to Site Virtual Private Networks (VPNs):

Recommended IP Telephony Architecture

Technical papers Virtual private networks

Computer Networks. Secure Systems

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

High Security Firewall: Prevent Unauthorized Access Using Firewall Technologies

The next generation of knowledge and expertise Wireless Security Basics

Intro to Firewalls. Summary

Network Security Protocols

Firewalls. Ahmad Almulhem March 10, 2012

Case Study for Layer 3 Authentication and Encryption

Content Teaching Academy at James Madison University

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Detailed Concept of Network Security

How Managed File Transfer Addresses HIPAA Requirements for ephi

CSE/EE 461 Lecture 23

Protocol Security Where?

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Waspmote Encryption Libraries. Programming guide

Computer Networks - CS132/EECS148 - Spring

Virtual Private Networks

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Network Access Security. Lesson 10

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Chapter 9 Monitoring System Performance

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

E-commerce Revision. Typical e-business Architecture. Routing and Addressing. E-Commerce Web Sites. Infrastructure- Packets, Routing and Addressing

Copyright Telerad Tech RADSpa. HIPAA Compliance

Transcription:

Chapter 37 Network Security (Access Control, Encryption, Firewalls) Secure Networks Secure network is not an absolute term Need to define security policy for organization Network security policy cannot be separated from security policy for attached computers Costs and benefits of security policies must be assessed 2

Network Security Policy Devising a network security policy can be complex because a rational policy requires an organization to assess the value of information. The policy must apply to information stored in computers as well as to information traversing a network. 3 Data integrity Aspects of Security Data availability Data confidentiality Privacy 4

Responsibility and Control Accountability: how an audit trail is kept Authorization: who is responsible for each item and how is responsibility delegated to others 5 Integrity Mechanisms Techniques to ensure integrity Parity bits Checksums CRCs These cannot guarantee data integrity (e.g., against intentional change Use of message authentication code (MAC) that cannot be broken or forged 6

Access Control and Passwords Passwords used to control access Over a network, passwords susceptible to snooping 7 Encryption and Confidentiality To ensure confidentiality of a transmitted message, use encryption Secret key or public key schemes message m encryption decryption message m Secret key S Secret key S 8

Public Key Cryptosystem Each processor has private key S and public key P S is kept secret, and cannot be deduced from P P is made available to all processors Encryption and decryption with S and P are inverse functions: P(S(m)) = m and S(P(m)) = m message m encryption decryption message m private key S public key P message m encryption decryption message m public key P private key S 9 Message Digest Digest function maps arbitrary length message m to fixed length digest d(m) One-way function: given d(m), can't find m Collision-free: infeasible to generate m and m' such that d(m) = d(m') message digest 10

Digital Signature To sign message m, sender computes digest d(m) Sender computes S(d(m)) and sends along with m Receiver computes P(S(d(m))) = d(m) Receiver computes digest of m and compares with result above; if match, signature is verified 11 Digital Signature Sender: Alice Receiver: Bob compute digest compute signature Alice's Private Key signature compute digest verify signature Alice's Public Key 12

Internet Firewall Protect an organization s computers from internet problems (firewall between two structures to prevent spread of fire) 13 Internet Firewall All traffic entering the organization passes through the firewall All traffic leaving the organization passes through the firewall The firewall implements the security policy and rejects any traffic that doesn t adhere The firewall must be immune to security attacks 14

Packet Filtering Packet filter is embedded in router Specify which packets can pass through and which should be blocked 15 Using Packet Filters to Create a Firewall Three components in a firewall Packet filter for incoming packets Packet filter for outgoing packets Secure computer system to run application-layer gateways or proxies 16

Virtual Private Networks Two approaches to building corporate intranet for an organization with multiple sites: Private network connections (confidential) Public internet connections (low cost) Virtual Private Network Achieve both confidentiality and low cost Implemented in software 17 Virtual Private Network VPN software in router at each site gives appearance of a private network 18

Virtual Private Network Obtain internet connection for each site Choose router at each site to run VPN software Configure VPN software in each router to know about the VPN routers at other sites VPN software acts as a packet filter; next hop for outgoing datagram is another VPN router Each outgoing datagram is encrypted 19 Tunneling Desire to encrypt entire datagram so source and destination addresses are not visible on Internet How can internet routers do proper forwarding? Solution: VPN software encrypts entire datagram and places inside another for transmission Called IP-in-IP tunneling (encapsulation) 20

Tunneling Datagram from computer x at site 1 to computer y at site 2 Router R 1 on site 1 encrypts, encapsulates in new datagram for transmission to router R 2 on site 2 21 Summary Security is desirable but must be defined by an organization Assess value of information and define a security policy Aspects to consider include privacy and data integrity, availability, and confidentiality 22

Summary (continued) Mechanisms to provide aspects of security Encryption: secret and public key cryptosystems Firewalls: packet filtering Virtual private networks Use Internet to transfer data among organization s sites but ensure that data cannot be read by others 23

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information