Presentation #4


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Presentation #4

  1. 1. IMPLEMENTATION OF SECURITY IN DISTRIBUTED SYSTEM Group Members : Siti Mazuin binti Mohd. Suki – GS14549 Nurafzan binti Muslim – GS14550 Hairani binti Ghazali – GS14548
  2. 2. TABLE OF CONTENT : 1.0 Introduction Term and definition Main Focus 2.0 FIREWALL Introduction to Firewall DMZ 3.0 VIRTUAL PRIVATE NETWORK (VPN) Introduction to VPN 4.0 CONCLUSION 5.0 REFERENCE
  3. 3. Security in Distributed System  In a distributed system, clients send request to access data managed by servers, which involves sending information in messages over a network.  The challenge is to send sensitive information in a message over a network in a secure manner.  Security not just concealing the contents of messages, it also involves knowing for sure the identity of the user or other agent on whose behalf a message was sent.
  4. 4. b b A A Client Client Server Client c c Client / server / resources resources A SIMPLE NETWORK DIAGRAM A SIMPLE distributed NETWORK DIAGRAM
  5. 5. FOCUS AREA We are focusing ONLY on : 1. Firewall 2. VPN
  6. 6. WHAT IS FIREWALL ?  To control who / how / when / why / where someone / something gets in and out of your network.  The main principle; the firewall is one which exists to BLOCK traffic, and to PERMIT traffic.  It allows ONLY specific kind of messages from the internet to flow in & out of internal network - It usually involves hardware and software combination, used to protect a network from unwelcome traffic - To block unauthorized and unwanted access to or from a private network
  9. 9. WHY FIREWALL IS NEEDED? - When internet access becomes part of business facilities, therefore it is very important to use firewall. -To protect the network, firewall can be installed as a frontline protection from unauthorized access, hacking, viruses, DOS attack (denial-of-service) etc. - For example, some firewalls permit only e-mail traffic to enter the network from elsewhere, this helps protect the network against attacks made to other network resources, such as sensitive files, databases and applications.
  10. 10. 4 LEVEL OF FIREWALL LEVEL 1 A basic firewall usually installed on a router and it does basic packet filtering of incoming traffic LEVEL 2 A dedicated firewall device does packet filtering and maybe at some state- a full inspection LEVEL 3 A dedicated firewall device and it provides application gateway proxy firewall capabilities LEVEL 4 A dedicated firewall device that provides a combination of application gateway proxy firewall and full packet filtering capabilities
  11. 11. CHOOSING A FIREWALL There are some factors to be considered : Level of security, reliability, scalability needed The budget and cost The architecture (LAN/WAN) Consistency of the network Remote user and offices Applications in use Technical ability of administrator..etc
  12. 12. PROTOCOL OF FIREWALL -Firewall can supports multiple protocol such as HTTP, FTP, DNS, SMTP, POP3. - Some firewall can add new protocol when it is needed in the future at anytime
  13. 13. PROTECTION BY FIREWALL a) To protect against unauthenticated logins from the outside world b) Provide logging and auditing function ; where provide summaries about types and amount of traffic that passed through it..etc
  14. 14. WHAT CAN’T A FIREWALL PROTECT AGAINST? a)Medium storage as USB flash drive, CD and DVD can be used effectively to export and transfer data. b)Classified data and top secret data should be isolated from the rest of the corporate network before the firewall is implemented c) It also cannot protect against the traitors in the network or an industrial spy.
  15. 15. Personal Firewall Software BlackICE PC Protection McAfee Personal Firewall Plus Norton Personal Firewall Sygate Personal Firewall Tiny Personal Firewall ZoneAlarm
  16. 16. WHAT IS DMZ ? - DMZ ( Demilitarized Zone) is an area within the firewall. - Often a single machine in DMZ is allowed access to both internal and external computers.
  17. 17. VIRTUAL PRIVATE NETWORK What is VPN ? VPN is a private data network that’s makes use of public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A VPN can be contrasted with a system of owned or leased lines that can only be used by one company.  The main purpose of a VPN is to give the company the same capabilities as private leased lines at much lower cost by using the shared public infrastructure. Phone companies have provided private shared resources for voice message for over a decade.
  18. 18. What is VPN ? (continue)  A VPN makes it possible to have the same protected sharing of public resources for data.  VPN uses for secure data communications from one location to another utilizing the public Internet as the medium. VPN use encryption/decryption to secure the data while travelling over a public network (Internet). If the data is captured while it transit the encryption provides extreme difficulty in reading this data. Thus making the data captured virtually useless.
  19. 19. What is VPN ? (continue)  VPN allow businesses to take advantage of the internet and affordable broadband transmissions for secure, private communication between partners, remote offices, telecommuters and traveling employees.
  20. 20. VPN Types :
  21. 21. VPN Types (continue) Intranet VPN  Low cost, tunneled connection with rich VPN services, like IPSec encryption and QoS to ensure reliable throughput  Cost saving over Frame Relay and leased lines Extranet VPN  Extends WANs to business partners  Safe L3 security Remote Access VPN  Secure, scalable, encrypted tunnels across a public network, client software  Cost saving over toll-free number expenditures
  22. 22. VPN Technologies : There are 3 VPN technologies  Trusted VPNs,  Secure VPNs  Hybrid VPNs
  23. 23. Trusted VPNs  Companies who use trusted VPNs do so because they want to know that their data is moving over set of paths that has specified properties and is controlled by one ISPs.  This allow customer to use their own private IP addressing schemes, and possibly to handle their routing.  The customer trust that the paths will be maintained according to an agreement, and that people whom the customer does not trust (such as an attacker) cannot either change the paths of any part of the VPN or insert traffic on the VPN. They also must trust their provider completely.
  24. 24. Secure VPNs The main reason that company use Secure VPNs is so that they can transmit sensitive information over the internet without needing to worry about who might see it. Everything that goes over a secure VPN is encrypted to such a level that even if someone captured a copy of the traffic, they could not read the traffic even if they used hundered of millions of dollar worth of computers. Further, using a secure VPN allows the company to know that an attacker cannot alter the content of their transmissions, such as by changing the value of financial transactions.
  25. 25. Secure VPNs (continue)  Secure VPNs are particularly valuable for remote acces where a user is connected to the Internet at a location not controlled by the network administrator, such as from hotel room, airport kiosk, or home.
  26. 26. Hybrid VPNs  Secure VPNs provide security but no assurance of paths.  Trusted VPNs provide assurance of properties of paths such as QoS but no security from snooping/alternation.  Because of these strengths and weaknesses, Hybrid VPNs have started to appear, although the list of scenarios where they are desired is still evolving.  Happened is when a company already has a trusted VPN in place and some parts of the company also need security over part of the VPN.
  27. 27. VPN Usage  VPN can be used for secure data communication for traveling users, branch/remote offices or business partner communication. There are some scenarios where VPN technology can bring outstanding benefits:  Mobile Users (MUVPN)  Branch Offices  Extranets
  28. 28. a) Mobile User VPN Deployment (MUVPN)  MUVPN allows telecommuters or traveling employees to access the corporate network while maintaining privacy and security.  MUVPN encrypts sessions, preventing eavesdropping. Another common problem that can occur with remote users is the deposit of malicious code on their laptops while they are outside the company firewall.  A good MUVPN solution must be integrated with anti- virus software on the laptop, making it less susceptible to attack.
  29. 29. Example of MUVPN Diagram
  30. 30. b) Branch Office VPN Deployment  Many businesses require communication between geographically separated offices.  Branch offices communication often contain the types of critical data exchanged inside the corporate firewall.  VPN ensures confidential connection between branch offices.
  31. 31. c) Extranet VPN Deployment  Using VPN technology, separate business entities who work closely (for example, a medial lab and a hospital) can safely share information about their mutual business, without giving each other access to the rest of their networks.  Extranet installation resemble branch offices installation but use very restrictive rule sets for data sharing.  The rule set are imperative for secure extranet implementation, since each entity is opening part of its network to the other.
  32. 32. Example of Extranet VPN Deployment
  33. 33. Tunneling  Most VPNs rely on tunneling to create a private network that reaches across the internet.  Essentially, tunneling is the process of placing an entire packet within another packet and sending it over a network.  The protocol of the outer packet is understood by the network and both points, called tunnel interfaces, where the packet enters and exits the network.  Tunneling has amazing implications for VPNs. For Example, you can place a packet that uses a protocol not supported on the internet (such as NetBeui ) inside an IP packet and send it safely over the internet.
  34. 34. Tunneling (continue)  You also could put a packet that uses a private (non- routable) IP address inside a packet that uses a globally unique IP address to extend a private network over the internet.  Tunneling requires three different protocols :  Carrier protocol - The protocol used by the network that the information is traveling over.  Encapsulating protocol - The protocol ( GRE, IPSec, L2F, PPTP, L2TP ) that is wrapped around the original data.  Passenger protocol – the original data (IPX, NetBeui, IP) being caried.
  35. 35. Example of Tunneling Diagram
  36. 36. Benefit Of VPN  Extended geographic connectivity  Improve security  Reduce operational cost versus traditional WAN  Reduce transit time and transportation cost for remote users  Improve productivity  Simplify network topology  Provide global network opportunities  Provide telecommuter support  Provide broadband networking compatibility  Provide faster ROI (return on investment) than traditional WAN
  37. 37. The end… thank you