SQL Database Design For Developers at php[tek] 2024
Network Security
1.
2. 2
• Dictionary.com says:
▫ 1. Freedom from risk or danger; safety.
▫ 2. Freedom from doubt, anxiety, or fear;
confidence.
▫ 3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building
security if a visitor acts suspicious.
2. Measures adopted by a government to prevent espionage,
sabotage, or attack.
3. Measures adopted, as by a business or homeowner, to
prevent a crime such as burglary or assault: Security was lax
at the firm's smaller plant.
…etc.
5. * It consists of policies and
provisions adopted by the
network administrator to prevent
the unauthorized
access, misuse, modification, or
denial of network
and network-accessible
resources
6. ˃˃ Network security starts with authenticating the user,
commonly with a username and a password. Once
authenticated, a firewall enforces access policies such
as what services are allowed to be accessed by the
network users.
˃˃ Communication between two hosts using a network
may be encrypted to maintain privacy.
7. Threats And Tools
Threats to network security include:
Viruses : Computer programs written by devious programmers and designed to
replicate themselves and infect computers when triggered by a specific event.
Trojan horse programs : Delivery vehicles for destructive code, which appear to
be harmless or useful software programs such as games.
Vandals : Software applications or applets that cause destruction .
Attacks : Including all types of attacks like hacking,password cracking and other
technical means.
Data interception : Involves eavesdropping on communications or altering data
packets being transmitted.
Social engineering : Obtaining confidential network security information through
nontechnical means.
8. Network security tools include:
Antivirus software packages : These packages counter most virus threats if
regularly updated and correctly maintained.
Secure network infrastructure : Switches and routers have hardware and
software features that support secure connectivity.
Virtual private networks : These networks provide access control and data
encryption between two different computers on a network.
Biometrics : These services help to identify users and control their activities and
transactions on the network.
Encryption : Encryption ensures that messages cannot be intercepted or read by
anyone other than the authorized recipient.
Security management : This is the glue that holds together the other building
blocks of a strong security solution.
9. Some more Prevention Techniques of
network security are
Prevention Techniques:
˃˃ Cryptography
˃˃ Firewall
˃˃ Digital Signature
˃˃ Biometrics- MOST MODERN
10. Types Of Threats
•Denial-of-Service :
DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to
address.
•Unauthorized Access :
``Unauthorized access'' is a very high-level term that can refer to a number of different
sorts of attacks.
•Confidentiality Breaches :
There is certain information that could be quite damaging if it fell into the hands of a
competitor, an enemy, or the public.
•Destructive Behavior :
Among the destructive sorts of break-ins and attacks, there are two major categories.
•Data Diddling :
The data diddler is likely the worst sort, since the fact of a break-in might not be
immediately obvious.
11. Prevention techniques functions
Cryptography
˃˃ Cryptography is the science of information
security.
˃˃ cryptography is most often associated with
scrambling plaintext into ciphertext.
˃˃ Encryption is the conversion of data into a
form, called a ciphertext, that cannot be easily
understood by unauthorized people.
˃˃ Decryption is the process of converting
encrypted data back into its original form, so it
can be understood.
12. Digital Signature
˃˃ A digital signature is an electronic signature
that can be used to authenticate the identity
of the sender of a message .
˃˃ A digital signature can be used with any
kind of message, whether it is encrypted or
not.
˃˃ They can be used with PDF,e-mail
messages, and word processing documents.
˃˃ The digital signature is simply a small block
of data that is attached to documents you
sign. It is generated from your digital ID,
which includes both a private and public key.
www.bioenabletech.com
13. • Firewall
˃˃ Firewalls can be implemented in both
hardware and software, or a combination of
both.
˃˃ Firewalls are frequently used to prevent
unauthorized Internet users from accessing
private networks connected to the Internet,
especially intranets.
There are several types of firewall
techniques:
˃˃ Packet filter
˃˃ Application gateway
˃˃ Circuit-level gateway
˃˃ Proxy server
www.bioenabletech.com
14. •Biometrics
˃˃ Biometrics is the science and technology of
measuring and analyzing biological data.
˃˃ Biometrics is the technique of using
unique, non-transferable, physical
characteristics, such as fingerprints, to gain
entry for personal identification.
˃˃ This replaces pin codes and passwords,
which can be forgotten, lost or stolen.
Biometric IDs cannot be transferred.
˃˃ DNA, fingerprints, eye retinas and irises,
voice patterns, facial patterns and hand
measurements, for authentication
purposes.
15. Types of biometrics
Finger Print:
˃˃ Everyone is known to have unique,
immutable fingerprints.
˃˃ A fingerprint is made of a series of ridges
and furrows on the surface of the finger.
Iris Scan:
˃˃ Iris scan biometrics employs the unique
characteristics and features of the human
iris in order to verify the identity of an
individual.
˃˃ The iris is the area of the eye where the
pigmented or colored circle, usually brown
or blue, rings the dark pupil of the eye.
16. Face Recognition:
˃˃ Facial recognition systems are built on
computer programs that analyze images of
human faces for the purpose of identifying them.
˃˃ The programs take a facial image, measure
characteristics such as the distance between the
eyes, the length of the nose, and the angle of
the jaw, and create a unique file called a
template.
Voice:
˃˃ Voice recognition technology utilizes the
distinctive aspects of the voice to verify the
identity of individuals.
˃˃ Voice recognition technology, by contrast,
verifies the identity of the individual who is
speaking.
˃˃ The two technologies are often bundled –
speech recognition is used to translate the
spoken word into an account number, and voice
recognition verifies the vocal characteristics
against those associated with this account.
www.bioenabletech.com
17. Signature:
˃˃ Signature verification is the process used
to recognize an individual’s hand-written
signature.
˃˃ Dynamic signature verification
technology uses the behavioral biometrics
of a hand written signature to confirm the
identity of a computer user.
˃˃ This is done by analyzing the shape,
speed, stroke, pen pressure and timing
information during the act of signing.
www.bioenabletech.com
18. 18
˃˃
˃˃
˃˃
˃˃
˃˃
˃˃
˃˃
Financial institutions and banks
Internet service providers
Pharmaceutical companies
Government and defense agencies
Contractors to various government agencies
Multinational corporations
ANYONE ON THE NETWORK
19. Basic safety to be followed..
•Don't put data where it doesn't need to be,
•Avoid systems with single points of failure,
•Stay current with relevant operating system patches,
20. •Don't put data where it doesn't need to be :
Information that doesn't need to be accessible from the
outside world sometimes is, and this can needlessly increase
the severity of a break-in dramatically.
•Avoid systems with single points of failure :
Any security system that can be broken by breaking through
any one component isn't really very strong.
•Stay current with relevant operating system
patches :
Be sure that someone who knows what you've got is
watching the vendors' security advisories.
21. What are system securities to be
followed?
•Firewalls,
•Router,
•Access Control List (ACL),
•Demilitarized Zone (DMZ),
Internet
DMZ
Web server,
email server,
web proxy,
etc
Intran
et
22. •Firewalls :
In order to provide some level of separation between an organization's
intranet and the Internet, firewalls have been employed. A firewall is simply
a group of components that collectively form a barrier between two
networks.
•Router :
A special purpose computer for connecting networks together. Routers also
handle certain functions, such as routing , or managing the traffic on the
networks they connect.
23. •Access Control List (ACL) :
Many routers now have the ability to selectively perform their duties, based
on a number of facts about a packet that comes to it. This includes things
like origination address, destination address, destination service port, and
so on. These can be employed to limit the sorts of packets that are allowed
to come in and go out of a given network.
•Demilitarized Zone (DMZ) :
The importance of a DMZ is tremendous: someone who breaks into your
network from the Internet should have to get through several layers in order
to successfully do so. Those layers are provided by various components
within the DMZ
25. •Secure Network Devices :
It's important to remember that the firewall is only one entry point to your
network. Modems, if you allow them to answer incoming calls, can provide an
easy means for an attacker to sneak around (rather than through ) your front
door
•Secure Modems; Dial-Back Systems :
If modem access is to be provided, this should be guarded carefully.
The terminal server , or network device that provides dial-up access to your
network needs to be actively administered, and its logs need to be examined
for strange behavior. Its passwords need to be strong
26. •Crypto-Capable Routers :
A feature that is being built into some routers is the ability to use session
encryption between specified routers. Because traffic traveling across the
Internet can be seen by people in the middle who have the resources (and
time) to snoop around, these are advantageous for providing connectivity
between two sites, such that there can be secure routes.
•Virtual Private Networks :
For an organization to provide connectivity between a main office and a
satellite one
is to provide both offices connectivity to the Internet. Then, using the Internet
as the medium, the two offices can communicate.
The danger in doing this, of course, is that there is no privacy on this channel.
VPNs provide the ability for two offices to communicate with each other in
such a way that it looks like they're directly connected over a private leased
line. The session between them, although going over the Internet, is private
(because the link is encrypted),
27. Network Security Toolkit :
The Network Security Toolkit (NST) is
a Linux-based Live CD that provides a set of
open source computer
security and networking tools to perform
routine security and networking diagnostic and
monitoring tasks.
28. Advantage of network security
˃˃ Protects personal data of clients on the network.
˃˃ Protects information been shared between
computers on the network.
˃˃ Protects the physical computers from harm based
from possible attacks on the network from the
outside.
˃˃ Private networks can be closed off from the
internet making them protected from most outside
attacks. Which makes them secure from Virus
attacks.
29. Security is a very difficult topic. Everyone has a different idea of
what ``security'' is, and what levels of risk are acceptable. The
key for building a secure network is to define what security
means to your organization . Once that has been defined,
everything that goes on with the network can be evaluated with
respect to that policy. Projects and systems can then be broken
down into their components, and it becomes much simpler to
decide whether what is proposed will conflict with your security
policies and practices.