Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Network Security and Cryption
  2. 2. Introduction and Objectives <ul><li>So far we have learned how network hardware and software systems operate and how client- server applications use the underlying network facilities to communicate. Today we will discuss here another important subject of internet “Network Security”. </li></ul>
  3. 3. Secure Networks and Policies <ul><li>Definition of a secure network differs from people to people and organization to organization . </li></ul><ul><li>Organizations firstly define their “security policy” considering following aspects : </li></ul><ul><li>Data Integrity : Protection from ch ange </li></ul><ul><li>Data Availability : Protection against disruption of services to legitimate users. </li></ul><ul><li>Data Confidentiality : Protection against unauthorized data access. </li></ul><ul><li>Data Privacy : Ability of a sender to remain anonymous. </li></ul>
  4. 4. Responsibility and Control <ul><li>Accountability is keeping an audit trail of data access and change </li></ul><ul><li>Authorization is protecting computer resources by only allowing those resources to be used by resource consumers that have been granted authority to use them . </li></ul>
  5. 5. Integrity Mechanisms <ul><li>Parity Bits, Checksums, Cyclic Redundancy Checks </li></ul><ul><li>These are inadequate against a purposeful intelligent attack . The one who changes the data will als o fix the check codes. </li></ul><ul><li>Message Authentication Code ( MAC ) using cryptographic hashing </li></ul><ul><li>The secret key is known only to the sender and receiver . </li></ul><ul><li>An attacker, who does not knows the key will not able to modify the message. </li></ul>
  6. 6. Access Control and Passwords <ul><li>Some systems implement “access control list (ACL) ”, while some others each user is assigned a password to access a protected resource. </li></ul><ul><li>Passwords used to gain access to one local computer are not sent over a network. </li></ul><ul><li>Password used to gain access to network resources must be communicated in some matter over the network. </li></ul>
  7. 7. Encr y ption and Confidentially <ul><li>To ensure the confidentially of the messages, they must be encrypted. </li></ul><ul><li>Several technologies exist for encryption. </li></ul><ul><li>A key is used to encrypt the message. </li></ul><ul><li>With the same key the massage is decrypted to the original message </li></ul><ul><li>These encrypt and decrypt functions are reverse operations to each other. </li></ul>
  8. 8. Public Key Encryption <ul><li>User have a private key and a public key. </li></ul><ul><li>If a message is encrypted with one of the keys, the other key can decrypt the message. </li></ul><ul><li>The functions used for encryption and decryption has “one way property” </li></ul>
  9. 9. Authentication with Digital Signature s <ul><li>A message can be signed and then sent to a specified destination in a secure and confidential manner. </li></ul><ul><li>Only u1 could have sent the message. </li></ul><ul><li>Only u2 can correctly decode the message. </li></ul><ul><li>A “trusted authority” is used as a source of public keys (VeriSign). </li></ul>
  10. 10. Internet Firewall Concept <ul><li>Encryption technology helps to solve many security problems but a second concept is also needed. Known as Internet Firewall helps to protect computers and networks froms unwanted internet traffic. </li></ul>
  11. 11. Figure 40.1 Illustration of firewall that is used to protect an organization against unwanted interaction with the Internet.
  12. 12. <ul><li>Firewalls itself must be secure that is, </li></ul><ul><ul><li>All traffic entering the organization passes through the firewall </li></ul></ul><ul><ul><li>All traffic leaving the organization passes through the firewall </li></ul></ul><ul><ul><li>The firewall implements the security policy and rejects any traffic that does no adhere to the policy. </li></ul></ul><ul><ul><li>The firew a ll computer itself must be immune to security attacks. </li></ul></ul>
  13. 14. Packet Filtering <ul><li>A router usually can perform packet filtering based on any criteria. </li></ul><ul><ul><li>Source IP, destination IP,, type, port numbers, message text, etc. </li></ul></ul>
  14. 15. Types of Packet Filtering <ul><li>Network level Packet Filtering(Firs Generation). </li></ul><ul><li>Circuit level Packet Filtering(Second Generation). </li></ul><ul><li>Application level Packet Filtering </li></ul>
  15. 16. Network Level Packet Filtering(First Generation Packet Filtering) <ul><li>Developed in 1988 by Digital Equipment Corporation. </li></ul><ul><li>Also known as Packet Filter Firewalls. </li></ul><ul><li>Stateless packet filtering. </li></ul>
  16. 18. Circuit Level (Second Level) Packet Filtering <ul><li>Developed between 1980-1990 by Dave Presetto, Janardan Sharma and Kshitij Nigam. </li></ul><ul><li>Stateful packet filtering. </li></ul>
  17. 19. Application Layer(Third Generation) Packet Filtering <ul><li>Developed by Gene Stefford, Bill Cheswick and Marcus Ronum </li></ul><ul><li>Also known as proxy based firewall. </li></ul><ul><li>Modern firewalls use this filtering. </li></ul>
  18. 20. The Advantage of Application Layer Firewall <ul><li>Can understand certain protocols such as </li></ul><ul><li>-FTP (File Transfer Protocol) </li></ul><ul><li>-DNS or WEB Browsing </li></ul><ul><li>Can detect if an unwanted protocol is sneaking or trying to harm the computer. </li></ul>
  19. 21. Modern Firewalls Filter by <ul><li>IP address </li></ul><ul><li>Source port </li></ul><ul><li>Destination IP address or port </li></ul><ul><li>Destination web service or FTP(Filter by domain name etc...) </li></ul>
  20. 22. Advantages of Using a Firewall <ul><li>Secure the network from unthrusted networks. </li></ul><ul><li>Control the incomming packets. </li></ul><ul><li>Control the leaving packets. </li></ul>
  21. 24. Virtual Private Networks <ul><li>A corporation with multiple geographic sites can use two approaches to building a corporate intranet : </li></ul><ul><li>Private Network Connections </li></ul><ul><li>Each leased connection extends from a router. Data passes from a router at one side to a router at another side. </li></ul><ul><li>Public Internet Connections </li></ul><ul><li>Each site contracts with a local ISP for internet service. Data passes to global internet. </li></ul><ul><li>The advantage of using leased circuits is that the network is private.No other organization has access to a leased circuit. </li></ul><ul><li>The advantage of using Internet connection is low cost but it can not guarantee confidentiality. </li></ul>
  22. 25. <ul><li>A VPN is a structure that bonds two different private networks in such a way that they appear to have a direct, point-to-point connection between them. Use global internet to transfer data but take additional steps to prevent accesing data by outsiders. </li></ul><ul><li>VPN software operates two functions. </li></ul><ul><li>It operates like a packet filter.It rejects all incoming packets which are coming from other corporations and rejects all outgoing packets whose destination is not in this corporation. </li></ul><ul><li>VPN software encrypts each outgoing datagram before sending.So, communication is confidental. </li></ul>
  23. 27. Tunneling <ul><li>This is the generic name for any system which encapsulates a data packet in a protocol which is at the same level, or a higher level, in the protocol stack. These protocols can be the same protocol (eg. IP) or different protocols (eg. IP and TCP). </li></ul>
  24. 29. Security Technologies <ul><li>IDS (Intrus i on Detection System) </li></ul><ul><li>PGP (Pretty Good Privacy) </li></ul><ul><li>ssh (Secure Shell) </li></ul><ul><li>SSL (Secure Socket Layer) </li></ul><ul><li>IPsec ( IP security) </li></ul><ul><li>RADIUS (Remote Authentication Dial-In User Service) </li></ul><ul><li>WEP (Wired Equivalent Privacy) </li></ul>
  25. 30. Conclusion <ul><li>In hour day all networks are integrated and connected so the risk is bigger and network security is important then ever! </li></ul>
  26. 31. References <ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li>Computer Networks and Internets by Douglas E. Comer </li></ul>
  27. 32. <ul><ul><ul><ul><ul><li>??? </li></ul></ul></ul></ul></ul>
  28. 33. QUESTIONS <ul><li>What is a firewall? Why it is used? </li></ul><ul><li>What is VPN? </li></ul><ul><li>Why do we use encryption? </li></ul><ul><li>What is an ACL( Access Control List) ? </li></ul><ul><li>Write the various security technologies. </li></ul><ul><li>What is the difference between private network connections and public network connections? </li></ul>