2

• Dictionary.com says:

▫ 1. Freedom from risk or danger; safety.
▫ 2. Freedom from doubt, anxiety, or fear;
confidence.
▫ 3. Something that gives or assures safety, as:

 1. A group or department of private guards: Call building
security if a visitor acts suspicious.
 2. Measures adopted by a government to prevent espionage,
sabotage, or attack.
 3. Measures adopted, as by a business or homeowner, to
prevent a crime such as burglary or assault: Security was lax
at the firm's smaller plant.

…etc.
Communication protocol
defines the rules and data
formats for exchanging
Information in a network
* It consists of policies and
provisions adopted by the
network administrator to prevent
the unauthorized
access, misuse, modification, or
denial of network
and network-accessible
resources
˃˃ Network security starts with authenticating the user,
commonly with a username and a password. Once
authenticated, a firewall enforces access policies such
as what services are allowed to be accessed by the
network users.
˃˃ Communication between two hosts using a network
may be encrypted to maintain privacy.
Threats And Tools
Threats to network security include:
Viruses : Computer programs written by devious programmers and designed to
replicate themselves and infect computers when triggered by a specific event.
Trojan horse programs : Delivery vehicles for destructive code, which appear to
be harmless or useful software programs such as games.
Vandals : Software applications or applets that cause destruction .
Attacks : Including all types of attacks like hacking,password cracking and other
technical means.
Data interception : Involves eavesdropping on communications or altering data
packets being transmitted.
Social engineering : Obtaining confidential network security information through
nontechnical means.
Network security tools include:
Antivirus software packages : These packages counter most virus threats if
regularly updated and correctly maintained.
Secure network infrastructure : Switches and routers have hardware and
software features that support secure connectivity.
Virtual private networks : These networks provide access control and data
encryption between two different computers on a network.
Biometrics : These services help to identify users and control their activities and
transactions on the network.
Encryption : Encryption ensures that messages cannot be intercepted or read by
anyone other than the authorized recipient.
Security management : This is the glue that holds together the other building
blocks of a strong security solution.
Some more Prevention Techniques of
network security are
Prevention Techniques:
˃˃ Cryptography
˃˃ Firewall
˃˃ Digital Signature
˃˃ Biometrics- MOST MODERN
Types Of Threats
•Denial-of-Service :
DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to
address.
•Unauthorized Access :
``Unauthorized access'' is a very high-level term that can refer to a number of different
sorts of attacks.
•Confidentiality Breaches :
There is certain information that could be quite damaging if it fell into the hands of a
competitor, an enemy, or the public.
•Destructive Behavior :
Among the destructive sorts of break-ins and attacks, there are two major categories.
•Data Diddling :
The data diddler is likely the worst sort, since the fact of a break-in might not be
immediately obvious.
Prevention techniques functions
Cryptography

˃˃ Cryptography is the science of information
security.
˃˃ cryptography is most often associated with
scrambling plaintext into ciphertext.
˃˃ Encryption is the conversion of data into a
form, called a ciphertext, that cannot be easily
understood by unauthorized people.
˃˃ Decryption is the process of converting
encrypted data back into its original form, so it
can be understood.
Digital Signature

˃˃ A digital signature is an electronic signature
that can be used to authenticate the identity
of the sender of a message .
˃˃ A digital signature can be used with any
kind of message, whether it is encrypted or
not.
˃˃ They can be used with PDF,e-mail
messages, and word processing documents.
˃˃ The digital signature is simply a small block
of data that is attached to documents you
sign. It is generated from your digital ID,
which includes both a private and public key.

www.bioenabletech.com
• Firewall
˃˃ Firewalls can be implemented in both
hardware and software, or a combination of
both.
˃˃ Firewalls are frequently used to prevent
unauthorized Internet users from accessing
private networks connected to the Internet,
especially intranets.
There are several types of firewall
techniques:
˃˃ Packet filter
˃˃ Application gateway
˃˃ Circuit-level gateway
˃˃ Proxy server
www.bioenabletech.com
•Biometrics
˃˃ Biometrics is the science and technology of

measuring and analyzing biological data.
˃˃ Biometrics is the technique of using
unique, non-transferable, physical
characteristics, such as fingerprints, to gain
entry for personal identification.
˃˃ This replaces pin codes and passwords,
which can be forgotten, lost or stolen.
Biometric IDs cannot be transferred.
˃˃ DNA, fingerprints, eye retinas and irises,
voice patterns, facial patterns and hand
measurements, for authentication
purposes.
Types of biometrics
Finger Print:
˃˃ Everyone is known to have unique,
immutable fingerprints.
˃˃ A fingerprint is made of a series of ridges
and furrows on the surface of the finger.

Iris Scan:
˃˃ Iris scan biometrics employs the unique
characteristics and features of the human
iris in order to verify the identity of an
individual.
˃˃ The iris is the area of the eye where the
pigmented or colored circle, usually brown
or blue, rings the dark pupil of the eye.
Face Recognition:

˃˃ Facial recognition systems are built on
computer programs that analyze images of
human faces for the purpose of identifying them.
˃˃ The programs take a facial image, measure
characteristics such as the distance between the
eyes, the length of the nose, and the angle of
the jaw, and create a unique file called a
template.
Voice:
˃˃ Voice recognition technology utilizes the
distinctive aspects of the voice to verify the
identity of individuals.
˃˃ Voice recognition technology, by contrast,
verifies the identity of the individual who is
speaking.
˃˃ The two technologies are often bundled –
speech recognition is used to translate the
spoken word into an account number, and voice
recognition verifies the vocal characteristics
against those associated with this account.

www.bioenabletech.com
Signature:
˃˃ Signature verification is the process used
to recognize an individual’s hand-written
signature.
˃˃ Dynamic signature verification
technology uses the behavioral biometrics
of a hand written signature to confirm the
identity of a computer user.
˃˃ This is done by analyzing the shape,
speed, stroke, pen pressure and timing
information during the act of signing.

www.bioenabletech.com
18

˃˃
˃˃
˃˃
˃˃
˃˃
˃˃
˃˃

Financial institutions and banks
Internet service providers
Pharmaceutical companies
Government and defense agencies
Contractors to various government agencies
Multinational corporations
ANYONE ON THE NETWORK
Basic safety to be followed..
•Don't put data where it doesn't need to be,
•Avoid systems with single points of failure,
•Stay current with relevant operating system patches,
•Don't put data where it doesn't need to be :
Information that doesn't need to be accessible from the
outside world sometimes is, and this can needlessly increase
the severity of a break-in dramatically.

•Avoid systems with single points of failure :
Any security system that can be broken by breaking through
any one component isn't really very strong.

•Stay current with relevant operating system
patches :
Be sure that someone who knows what you've got is
watching the vendors' security advisories.
What are system securities to be
followed?
•Firewalls,
•Router,
•Access Control List (ACL),
•Demilitarized Zone (DMZ),

Internet

DMZ
Web server,
email server,
web proxy,
etc

Intran
et
•Firewalls :
In order to provide some level of separation between an organization's
intranet and the Internet, firewalls have been employed. A firewall is simply
a group of components that collectively form a barrier between two
networks.
•Router :
A special purpose computer for connecting networks together. Routers also
handle certain functions, such as routing , or managing the traffic on the
networks they connect.
•Access Control List (ACL) :
Many routers now have the ability to selectively perform their duties, based
on a number of facts about a packet that comes to it. This includes things
like origination address, destination address, destination service port, and
so on. These can be employed to limit the sorts of packets that are allowed
to come in and go out of a given network.
•Demilitarized Zone (DMZ) :
The importance of a DMZ is tremendous: someone who breaks into your
network from the Internet should have to get through several layers in order
to successfully do so. Those layers are provided by various components
within the DMZ
•Secure Network Devices,
•Secure Modems; Dial-Back Systems,
•Crypto-Capable Routers,
•Virtual Private Networks.
•Secure Network Devices :
It's important to remember that the firewall is only one entry point to your
network. Modems, if you allow them to answer incoming calls, can provide an
easy means for an attacker to sneak around (rather than through ) your front
door

•Secure Modems; Dial-Back Systems :
If modem access is to be provided, this should be guarded carefully.
The terminal server , or network device that provides dial-up access to your
network needs to be actively administered, and its logs need to be examined
for strange behavior. Its passwords need to be strong
•Crypto-Capable Routers :
A feature that is being built into some routers is the ability to use session
encryption between specified routers. Because traffic traveling across the
Internet can be seen by people in the middle who have the resources (and
time) to snoop around, these are advantageous for providing connectivity
between two sites, such that there can be secure routes.

•Virtual Private Networks :
For an organization to provide connectivity between a main office and a
satellite one
is to provide both offices connectivity to the Internet. Then, using the Internet
as the medium, the two offices can communicate.
The danger in doing this, of course, is that there is no privacy on this channel.
VPNs provide the ability for two offices to communicate with each other in
such a way that it looks like they're directly connected over a private leased
line. The session between them, although going over the Internet, is private
(because the link is encrypted),
Network Security Toolkit :
The Network Security Toolkit (NST) is
a Linux-based Live CD that provides a set of
open source computer
security and networking tools to perform
routine security and networking diagnostic and
monitoring tasks.
Advantage of network security
˃˃ Protects personal data of clients on the network.
˃˃ Protects information been shared between
computers on the network.
˃˃ Protects the physical computers from harm based
from possible attacks on the network from the
outside.
˃˃ Private networks can be closed off from the
internet making them protected from most outside
attacks. Which makes them secure from Virus
attacks.
Security is a very difficult topic. Everyone has a different idea of
what ``security'' is, and what levels of risk are acceptable. The
key for building a secure network is to define what security
means to your organization . Once that has been defined,
everything that goes on with the network can be evaluated with
respect to that policy. Projects and systems can then be broken
down into their components, and it becomes much simpler to
decide whether what is proposed will conflict with your security
policies and practices.
THANK YOU
BE SECURED & SAFE

Network Security

  • 2.
    2 • Dictionary.com says: ▫1. Freedom from risk or danger; safety. ▫ 2. Freedom from doubt, anxiety, or fear; confidence. ▫ 3. Something that gives or assures safety, as:  1. A group or department of private guards: Call building security if a visitor acts suspicious.  2. Measures adopted by a government to prevent espionage, sabotage, or attack.  3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. …etc.
  • 4.
    Communication protocol defines therules and data formats for exchanging Information in a network
  • 5.
    * It consistsof policies and provisions adopted by the network administrator to prevent the unauthorized access, misuse, modification, or denial of network and network-accessible resources
  • 6.
    ˃˃ Network securitystarts with authenticating the user, commonly with a username and a password. Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. ˃˃ Communication between two hosts using a network may be encrypted to maintain privacy.
  • 7.
    Threats And Tools Threatsto network security include: Viruses : Computer programs written by devious programmers and designed to replicate themselves and infect computers when triggered by a specific event. Trojan horse programs : Delivery vehicles for destructive code, which appear to be harmless or useful software programs such as games. Vandals : Software applications or applets that cause destruction . Attacks : Including all types of attacks like hacking,password cracking and other technical means. Data interception : Involves eavesdropping on communications or altering data packets being transmitted. Social engineering : Obtaining confidential network security information through nontechnical means.
  • 8.
    Network security toolsinclude: Antivirus software packages : These packages counter most virus threats if regularly updated and correctly maintained. Secure network infrastructure : Switches and routers have hardware and software features that support secure connectivity. Virtual private networks : These networks provide access control and data encryption between two different computers on a network. Biometrics : These services help to identify users and control their activities and transactions on the network. Encryption : Encryption ensures that messages cannot be intercepted or read by anyone other than the authorized recipient. Security management : This is the glue that holds together the other building blocks of a strong security solution.
  • 9.
    Some more PreventionTechniques of network security are Prevention Techniques: ˃˃ Cryptography ˃˃ Firewall ˃˃ Digital Signature ˃˃ Biometrics- MOST MODERN
  • 10.
    Types Of Threats •Denial-of-Service: DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address. •Unauthorized Access : ``Unauthorized access'' is a very high-level term that can refer to a number of different sorts of attacks. •Confidentiality Breaches : There is certain information that could be quite damaging if it fell into the hands of a competitor, an enemy, or the public. •Destructive Behavior : Among the destructive sorts of break-ins and attacks, there are two major categories. •Data Diddling : The data diddler is likely the worst sort, since the fact of a break-in might not be immediately obvious.
  • 11.
    Prevention techniques functions Cryptography ˃˃Cryptography is the science of information security. ˃˃ cryptography is most often associated with scrambling plaintext into ciphertext. ˃˃ Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. ˃˃ Decryption is the process of converting encrypted data back into its original form, so it can be understood.
  • 12.
    Digital Signature ˃˃ Adigital signature is an electronic signature that can be used to authenticate the identity of the sender of a message . ˃˃ A digital signature can be used with any kind of message, whether it is encrypted or not. ˃˃ They can be used with PDF,e-mail messages, and word processing documents. ˃˃ The digital signature is simply a small block of data that is attached to documents you sign. It is generated from your digital ID, which includes both a private and public key. www.bioenabletech.com
  • 13.
    • Firewall ˃˃ Firewallscan be implemented in both hardware and software, or a combination of both. ˃˃ Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. There are several types of firewall techniques: ˃˃ Packet filter ˃˃ Application gateway ˃˃ Circuit-level gateway ˃˃ Proxy server www.bioenabletech.com
  • 14.
    •Biometrics ˃˃ Biometrics isthe science and technology of measuring and analyzing biological data. ˃˃ Biometrics is the technique of using unique, non-transferable, physical characteristics, such as fingerprints, to gain entry for personal identification. ˃˃ This replaces pin codes and passwords, which can be forgotten, lost or stolen. Biometric IDs cannot be transferred. ˃˃ DNA, fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for authentication purposes.
  • 15.
    Types of biometrics FingerPrint: ˃˃ Everyone is known to have unique, immutable fingerprints. ˃˃ A fingerprint is made of a series of ridges and furrows on the surface of the finger. Iris Scan: ˃˃ Iris scan biometrics employs the unique characteristics and features of the human iris in order to verify the identity of an individual. ˃˃ The iris is the area of the eye where the pigmented or colored circle, usually brown or blue, rings the dark pupil of the eye.
  • 16.
    Face Recognition: ˃˃ Facialrecognition systems are built on computer programs that analyze images of human faces for the purpose of identifying them. ˃˃ The programs take a facial image, measure characteristics such as the distance between the eyes, the length of the nose, and the angle of the jaw, and create a unique file called a template. Voice: ˃˃ Voice recognition technology utilizes the distinctive aspects of the voice to verify the identity of individuals. ˃˃ Voice recognition technology, by contrast, verifies the identity of the individual who is speaking. ˃˃ The two technologies are often bundled – speech recognition is used to translate the spoken word into an account number, and voice recognition verifies the vocal characteristics against those associated with this account. www.bioenabletech.com
  • 17.
    Signature: ˃˃ Signature verificationis the process used to recognize an individual’s hand-written signature. ˃˃ Dynamic signature verification technology uses the behavioral biometrics of a hand written signature to confirm the identity of a computer user. ˃˃ This is done by analyzing the shape, speed, stroke, pen pressure and timing information during the act of signing. www.bioenabletech.com
  • 18.
    18 ˃˃ ˃˃ ˃˃ ˃˃ ˃˃ ˃˃ ˃˃ Financial institutions andbanks Internet service providers Pharmaceutical companies Government and defense agencies Contractors to various government agencies Multinational corporations ANYONE ON THE NETWORK
  • 19.
    Basic safety tobe followed.. •Don't put data where it doesn't need to be, •Avoid systems with single points of failure, •Stay current with relevant operating system patches,
  • 20.
    •Don't put datawhere it doesn't need to be : Information that doesn't need to be accessible from the outside world sometimes is, and this can needlessly increase the severity of a break-in dramatically. •Avoid systems with single points of failure : Any security system that can be broken by breaking through any one component isn't really very strong. •Stay current with relevant operating system patches : Be sure that someone who knows what you've got is watching the vendors' security advisories.
  • 21.
    What are systemsecurities to be followed? •Firewalls, •Router, •Access Control List (ACL), •Demilitarized Zone (DMZ), Internet DMZ Web server, email server, web proxy, etc Intran et
  • 22.
    •Firewalls : In orderto provide some level of separation between an organization's intranet and the Internet, firewalls have been employed. A firewall is simply a group of components that collectively form a barrier between two networks. •Router : A special purpose computer for connecting networks together. Routers also handle certain functions, such as routing , or managing the traffic on the networks they connect.
  • 23.
    •Access Control List(ACL) : Many routers now have the ability to selectively perform their duties, based on a number of facts about a packet that comes to it. This includes things like origination address, destination address, destination service port, and so on. These can be employed to limit the sorts of packets that are allowed to come in and go out of a given network. •Demilitarized Zone (DMZ) : The importance of a DMZ is tremendous: someone who breaks into your network from the Internet should have to get through several layers in order to successfully do so. Those layers are provided by various components within the DMZ
  • 24.
    •Secure Network Devices, •SecureModems; Dial-Back Systems, •Crypto-Capable Routers, •Virtual Private Networks.
  • 25.
    •Secure Network Devices: It's important to remember that the firewall is only one entry point to your network. Modems, if you allow them to answer incoming calls, can provide an easy means for an attacker to sneak around (rather than through ) your front door •Secure Modems; Dial-Back Systems : If modem access is to be provided, this should be guarded carefully. The terminal server , or network device that provides dial-up access to your network needs to be actively administered, and its logs need to be examined for strange behavior. Its passwords need to be strong
  • 26.
    •Crypto-Capable Routers : Afeature that is being built into some routers is the ability to use session encryption between specified routers. Because traffic traveling across the Internet can be seen by people in the middle who have the resources (and time) to snoop around, these are advantageous for providing connectivity between two sites, such that there can be secure routes. •Virtual Private Networks : For an organization to provide connectivity between a main office and a satellite one is to provide both offices connectivity to the Internet. Then, using the Internet as the medium, the two offices can communicate. The danger in doing this, of course, is that there is no privacy on this channel. VPNs provide the ability for two offices to communicate with each other in such a way that it looks like they're directly connected over a private leased line. The session between them, although going over the Internet, is private (because the link is encrypted),
  • 27.
    Network Security Toolkit: The Network Security Toolkit (NST) is a Linux-based Live CD that provides a set of open source computer security and networking tools to perform routine security and networking diagnostic and monitoring tasks.
  • 28.
    Advantage of networksecurity ˃˃ Protects personal data of clients on the network. ˃˃ Protects information been shared between computers on the network. ˃˃ Protects the physical computers from harm based from possible attacks on the network from the outside. ˃˃ Private networks can be closed off from the internet making them protected from most outside attacks. Which makes them secure from Virus attacks.
  • 29.
    Security is avery difficult topic. Everyone has a different idea of what ``security'' is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization . Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. Projects and systems can then be broken down into their components, and it becomes much simpler to decide whether what is proposed will conflict with your security policies and practices.
  • 30.