SlideShare a Scribd company logo

Network Security Chapter 7

Download as PPT, PDF
AfiqEfendy Zaen
AfiqEfendy Zaen

The document discusses security issues in networks and distributed systems. It describes possible network security threats like wiretapping, impersonation, message integrity violations, hacking, and denial of service attacks. It also discusses network security controls like encryption and authentication methods. Specifically, it covers Kerberos, PEM, and PGP for authentication and encryption. It describes different types of firewalls - screening routers, proxy gateways, and guards - and their functions in securing networks. However, it notes that firewalls are not complete solutions and have their own security issues.

Technology
1 of 46
CHAPTER 7 SECURITY IN NETWORKS AND DISTRIBUTED SYSTEM
INTRODUCTION  Network is two devices connected across some medium by hardware and software that complete the communications (simple definition of network). User (Client) Host Server Communication medium Simple View of Network
Introduction  A network is normally not just single client to a single server; typically many clients interact with many servers. User (Client) Host Server User (Client) User (Client) User (Client) Host Server User (Client) User (Client) User (Client) System A System B
Network Security Issues Network have security problems for the following reasons:  Sharing – resources and workload sharing  Complexity of system  Unknown parameter – expandability of a network also implies uncertainty about the network boundary  Many points of attack – file may past through many host before reaching the destination  Anonymity – attacker can mount an attack with touching the system  Unknown path – there may be many path from one host to another.
Possible Network Security Threats  Wiretapping  Impersonation  Message confidence violations  Message integrity violations  Hacking  Denial of Service (DoS)
Possible Network Security Threats Wiretapping  Wiretap means to intercept communications.  Passive / Active Wiretapping  Packet sniffer can retrieve all packets on the net.  “Inductance” is a process where an intruder can tap a wire without making physical contact with the cable.  Microwave and satellite – higher possibility of interception due to wider broadcasting.
Possible Network Security Threats Wiretapping  Optical fiber offers two significant security advantages:  The entire optical network must be tuned carefully each time a new connection is made. Therefore, no one can tap an optical system without detection.  Optical fiber carries light energy, not electricity. Light does not emanate a magnetic field as electricity does. Therefore an inductive tap is impossible on an optical fiber cable.
Possible Network Security Threats Wiretapping  However, optical fiber also has weaknesses where wiretappers will try to tap at the repeaters, splices and other equipments that connects to the fiber optic and thus creates vulnerabilities.
Possible Network Security Threats Impersonation  Pretend to be someone (personnel) or something (process).  In an impersonation, the attacker has several choices:  Guess the identity and authentication details of the target  Pick up the identity and authentication details of the target from a previous communication  Circumvent or disable the authentication mechanism at the target computer  Use a target that will not be authenticated  Use a target whose authentication data is known
Possible Network Security Threats Message Confidentiality Violations  Misdelivery  Exposure  Traffic Flow Analysis
Possible Network Security Threats Message Integrity Violations  Falsification of Messages  Change the content of a message  Change any part of the content of a message  Replace a message entirely  Redirect a message  Destroy or delete the message  Noise – unintentional interference
Possible Network Security Threats Hacking  A source of threat to security in computer communication.  Hacker is considered as a separate threat because a hacker can develop tools to search widely and quickly for particular weaknesses and move swiftly to exploit weaknesses.  In this way, hacker has unlimited time to analyze, plan, code, simulate and test for future attack.  In reviewing the effects of this attack ; if it succeeds, what additional capability would that give the hacker for future attacks?
Possible Network Security Threats Denial of Service  Result of any action or series of actions that prevents any part of a telecommunications system from functioning.  Connectivity  Flooding  Routing problems  Disruption of Service
Network Security Control  Encryption – link encryption, end-to-end encryption  Link Encryption:  Data is encrypted just before the system places it on the physical communication links.  Decryption occurs just as the communication enters the receiving computer.
Application Presentation Session Transport Network Data Link Physical Sender ReceiverMessage Intermediate Host Message (Plaintext) Exposed Message Encrypted Message in Plaintext: Exposed Link Encryption
Network Security Control  End-to-end encryption:  Provides security from one end of a transmission through the other.
Application Presentation Session Transport Network Data Link Physical Sender Message Intermediate Host Message Encrypted Message in Plaintext: Exposed Receiver End-to-End Encryption
Network Security Control Link Encryption versus End-to-end Encryption: Link Encryption End-to-end Encryption Security Within Hosts Message exposed in the sending host Message expose in intermediate nodes Security Within Hosts Message encrypted in sending host Message encrypted in intermediate nodes Role of User Applied by sending host Invisible to user Host maintains encryption Can be done in hardware All or no messages encrypted Role of User Applied by sending process User applies encryption User must find algorithm Software implementation User chooses to encrypt or not, for each message
Authentication Issues in Distributed System There are two main concern regarding authentication issue in distributed system which are: (1) How to ensure the authenticity of the communicating hosts? (2) How to ensure authenticity of users who are using the hosts?
Authentication Issues in Distributed System That is by using:  Digital Distributed Authentication  DCE (Distributed Computer Environment)  Kerberos  SESAME  CORBA
Authentication Issues in Distributed System Kerberos  Is a system that supports authentication in distributed systems.  Was designed at Massachusetts Institute of technology.  The basis of kerberos is a central server that provides authenticated tokens called tickets to requesting applications.
Authentication Issues in Distributed System KERBEROS Initiating a Kerberos Session:
Authentication Issues in Distributed System KERBEROS Obtaining a Ticket to Access a File:
KERBEROS: Access to Services and Servers in Kerberos
Authentication Issues in Distributed System Kerberos was carefully designed to withstand attacks in distributed environments:  No password communicated on the network  Cryptographic protection against spoofing  Limited period of validity  Time stamps to prevent replay attacks  Mutual authentication
Authentication Issues in Distributed System  Kerberos is not a perfect answer to security problems in distributed systems because:  Kerberos requires continuous availability of a trusted ticket granting server.  Authenticity of servers requires a trusted relationship between the ticket granting server and every server  Kerberos requires timely transactions  A subverted workstation can save and later replay user passwords
Authentication Issues in Distributed System  Kerberos is not a perfect answer to security problems in distributed systems because:  Password guessing works  Kerberos does not scale well  Kerberos is not a complete solution
Privacy Enhanced Electronic Mail (PEM)  The basis of PEM is encryption.  In order to send a PEM message the sender must have a certificate for the receiver.
Message header + Body Message Encryption key Receiver’s public key New header Encrypted data Encrypted key Encrypted Message Header + Body Public key encryption Symmetric key encryption
Compose message PEM processing requested ? PEM Send message Receive message Privacy enhanced ? PEM View message Yes No Yes No PEM processing in Message Transmission
Privacy Enhanced Electronic Mail (PEM)  The major problem with PEM is key management.  Therefore PGP was designed to overcome this problem.
Pretty Good Privacy (PGP)  Was designed by Phil Zimmerman to offer a reasonable degree of privacy for email.  It uses a message structuring scheme similar to PEM.  The key management for PGP is ad hoc.  Each user has a set of people he or she knows and trusts.  The user exchanges public keys with those friends, exactly as one might swap business card at meeting.  Some people accept not just the friends’ public key but also all public keys their friends have.
Pretty Good privacy (PGP)  The assumption here is that any friend of yours is a friend of mine.  A PGP user builds a key ring which is the set of all public keys that person possesses.  In that way, when an encrypted messages arrives, the person can decrypt it if the key is on that person’s key ring.
Firewalls  A firewall is a process that filters all traffic between a protected or “inside” network and a less trustworthy or “outside” network.  There are three types of firewall:  Screening Routers  Proxy gateways  Guards
Firewalls Screening Router  Is the simplest and in some situations the most effective type of firewall.  Hosts tend not to be connected directly to a wide area network; more often hosts are connected to a router.
Firewalls Router joining LAN to two WANs
Firewalls Screening Router  Router will only see the header of the message.  Header will contain information on:  The sender/receiver address  Protocol  Port  Length of a packet  It can also control the traffic based on application – by using port numbers (eg: 21 for FTP and 25 for SMTP)  It can also decide which application is acceptable and not acceptable.  It can also determine the authentication of an inside address.
Firewalls Proxy Gateway  Is also called a bastion host.  Is a firewall that simulates the (proper) effects of an application so that the application will receive only requests to act properly.
Firewalls Proxy Gateway  To understand the real purpose of a proxy gateway, we consider some examples:  A company wants to set up an online lists so that outsiders can see the products and prices offered. It wants to be sure that no outsider can change the prices or product list and that outsiders can access only the price list not any of the more sensitive files stored inside.
Firewalls Guard  A guard is a sophisticated proxy firewall.  The guard decides what services to perform on the user’s behalf based on its available knowledge such as whether it can reliably know of the (outside) user’s identity, previous interactions and so forth.
Firewalls Guard  Here are some more sophisticated examples of guard activities:  A university wants to allow its students to use email up to a limit of so many messages or so many characters of email in the last so many days. Although this result could be achieved by modifying email handlers it is more easily done by monitoring the common point through which all email flows (the mail transfer protocol).  A school wants its students to be able to access the WWW but because of the slow speed of its connection to the Web it will allow only so many characters per download image.
Firewalls Firewalls are not complete solutions to all computer security problems.  Firewalls can protect an environment only if the firewalls control the entire perimeter.  Firewall do not protect data outside the perimeter.  Firewall are the most visible part of an installation to the outside and therefore is the most attractive point of attack.  Firewalls are targets of penetrators.  Firewalls must be correctly configured.  Firewalls exercise only minor control over the content admitted to the inside – inaccurate data or malicious code must be controlled inside the perimeter.

Recommended

Network security
Network securityNetwork security
Network security
Estiak Khan
 
Network Security
Network SecurityNetwork Security
Network Security
MAJU
 
Vpn
VpnVpn
Vpn
Ankit Anand
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Firewall
FirewallFirewall
Firewall
Saurabh Chauhan
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture
Vrince Vimal
 

Recommended

Network security
Network securityNetwork security
Network security
Estiak Khan
 
Network Security
Network SecurityNetwork Security
Network Security
MAJU
 
Vpn
VpnVpn
Vpn
Ankit Anand
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Firewall
FirewallFirewall
Firewall
Saurabh Chauhan
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture
Vrince Vimal
 
Network management and security
Network management and securityNetwork management and security
Network management and security
Ankit Bhandari
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
 
Network security
Network securityNetwork security
Network security
fatimasaham
 
Acl
AclAcl
Acl
Raghu Kiran
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Hardware firewall
Hardware firewallHardware firewall
Hardware firewall
Subrata Kumer Paul
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
Client server model
Client server modelClient server model
Client server model
Gd Goenka University
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
Rana assad ali
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
iberrywifisecurity
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
Kunal Thakur
 
1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance
AfiqEfendy Zaen
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6
AfiqEfendy Zaen
 

More Related Content

What's hot

Network management and security
Network management and securityNetwork management and security
Network management and security
Ankit Bhandari
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
 
Network security
Network securityNetwork security
Network security
fatimasaham
 
Acl
AclAcl
Acl
Raghu Kiran
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Hardware firewall
Hardware firewallHardware firewall
Hardware firewall
Subrata Kumer Paul
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
Client server model
Client server modelClient server model
Client server model
Gd Goenka University
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
Rana assad ali
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
iberrywifisecurity
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
Kunal Thakur
 

What's hot (20)

Network management and security
Network management and securityNetwork management and security
Network management and security
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
Network security
Network securityNetwork security
Network security
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
 
Network security
Network securityNetwork security
Network security
 
Acl
AclAcl
Acl
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Hardware firewall
Hardware firewallHardware firewall
Hardware firewall
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Client server model
Client server modelClient server model
Client server model
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Cia security model
Cia security modelCia security model
Cia security model
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 

Viewers also liked

1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance
AfiqEfendy Zaen
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6
AfiqEfendy Zaen
 
Chapter 9 PowerPoint
Chapter 9 PowerPointChapter 9 PowerPoint
Chapter 9 PowerPoint
Amy McMullin
 
A+ Chapter 3 Review
A+ Chapter 3 ReviewA+ Chapter 3 Review
A+ Chapter 3 Review
Amy McMullin
 
Wireless sensor network security issues
Wireless sensor network security issuesWireless sensor network security issues
Wireless sensor network security issues
Maha Saad
 
3 financial ratio
3 financial ratio3 financial ratio
3 financial ratio
AfiqEfendy Zaen
 
6. risk return
6. risk return6. risk return
6. risk return
AfiqEfendy Zaen
 
6. bond valuation
6. bond valuation6. bond valuation
6. bond valuation
AfiqEfendy Zaen
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
Atif Rehmat
 
2. financial statement cash flow
2. financial statement cash flow2. financial statement cash flow
2. financial statement cash flow
AfiqEfendy Zaen
 
10. cash flow in capital budgeting
10. cash flow in capital budgeting10. cash flow in capital budgeting
10. cash flow in capital budgeting
AfiqEfendy Zaen
 
Network security
Network securityNetwork security
Network security
toamma
 
Bbm Guvenlik Semineri
Bbm Guvenlik SemineriBbm Guvenlik Semineri
Bbm Guvenlik Seminerieroglu
 
Bluetooth Guvenligi Sunum
Bluetooth Guvenligi SunumBluetooth Guvenligi Sunum
Bluetooth Guvenligi Sunumeroglu
 
Protocols and Practices in Using Encryption Chapter 4
Protocols and Practices in Using Encryption Chapter 4Protocols and Practices in Using Encryption Chapter 4
Protocols and Practices in Using Encryption Chapter 4
AfiqEfendy Zaen
 
Optik Aglarin Guvenligi
Optik Aglarin GuvenligiOptik Aglarin Guvenligi
Optik Aglarin Guvenligieroglu
 
Edi new
Edi newEdi new
Edi new
Bandri Nikhil
 
Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2
AfiqEfendy Zaen
 
Why optical networks ?
Why optical networks ?Why optical networks ?
Why optical networks ?
Gagan Randhawa
 
Security in Optical Networks - Useless or Necessary?
Security in Optical Networks - Useless or Necessary?Security in Optical Networks - Useless or Necessary?
Security in Optical Networks - Useless or Necessary?
ADVA
 

Viewers also liked (20)

1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6
 
Chapter 9 PowerPoint
Chapter 9 PowerPointChapter 9 PowerPoint
Chapter 9 PowerPoint
 
A+ Chapter 3 Review
A+ Chapter 3 ReviewA+ Chapter 3 Review
A+ Chapter 3 Review
 
Wireless sensor network security issues
Wireless sensor network security issuesWireless sensor network security issues
Wireless sensor network security issues
 
3 financial ratio
3 financial ratio3 financial ratio
3 financial ratio
 
6. risk return
6. risk return6. risk return
6. risk return
 
6. bond valuation
6. bond valuation6. bond valuation
6. bond valuation
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 
2. financial statement cash flow
2. financial statement cash flow2. financial statement cash flow
2. financial statement cash flow
 
10. cash flow in capital budgeting
10. cash flow in capital budgeting10. cash flow in capital budgeting
10. cash flow in capital budgeting
 
Network security
Network securityNetwork security
Network security
 
Bbm Guvenlik Semineri
Bbm Guvenlik SemineriBbm Guvenlik Semineri
Bbm Guvenlik Semineri
 
Bluetooth Guvenligi Sunum
Bluetooth Guvenligi SunumBluetooth Guvenligi Sunum
Bluetooth Guvenligi Sunum
 
Protocols and Practices in Using Encryption Chapter 4
Protocols and Practices in Using Encryption Chapter 4Protocols and Practices in Using Encryption Chapter 4
Protocols and Practices in Using Encryption Chapter 4
 
Optik Aglarin Guvenligi
Optik Aglarin GuvenligiOptik Aglarin Guvenligi
Optik Aglarin Guvenligi
 
Edi new
Edi newEdi new
Edi new
 
Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2
 
Why optical networks ?
Why optical networks ?Why optical networks ?
Why optical networks ?
 
Security in Optical Networks - Useless or Necessary?
Security in Optical Networks - Useless or Necessary?Security in Optical Networks - Useless or Necessary?
Security in Optical Networks - Useless or Necessary?
 

Similar to Network Security Chapter 7

wireless communication security PPT, presentation
wireless communication security PPT, presentationwireless communication security PPT, presentation
wireless communication security PPT, presentation
Nitesh Dubey
 
Wireless Communiction Security
Wireless Communiction SecurityWireless Communiction Security
Wireless Communiction Security
Meet Soni
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
Manjunath G
 
Security
SecuritySecurity
Security
majstors
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & Encryption
Biroja
 
Security Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11iSecurity Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11i
inventionjournals
 
Cit877[1]
Cit877[1]Cit877[1]
Cit877[1]
poonamjindal6
 
IT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_ChannelsIT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_Channels
Palani Kumar
 
Chapter14 -- networking security
Chapter14 -- networking securityChapter14 -- networking security
Chapter14 -- networking security
Raja Waseem Akhtar
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
Shivam Singh
 
Lect13 security
Lect13 securityLect13 security
Lect13 security
Umang Gupta
 
Ericas-Security-Plus-Study-Guide
Ericas-Security-Plus-Study-GuideEricas-Security-Plus-Study-Guide
Ericas-Security-Plus-Study-Guide
Erica StJohn
 
Network security
Network securityNetwork security
Network security
Sidiq Dwi Laksana
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01
Miigaa Mine
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Security
drkelleher
 
Security - ch5.ppt
Security - ch5.pptSecurity - ch5.ppt
Security - ch5.ppt
HabtamuHaileMichael2
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
itrraincity
 
fundamental of network security
fundamental of network securityfundamental of network security
fundamental of network security
Manish Tiwari
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
Harshika Rana
 
Ip security
Ip security Ip security
Ip security
Dr.K.Sreenivas Rao
 

Similar to Network Security Chapter 7 (20)

wireless communication security PPT, presentation
wireless communication security PPT, presentationwireless communication security PPT, presentation
wireless communication security PPT, presentation
 
Wireless Communiction Security
Wireless Communiction SecurityWireless Communiction Security
Wireless Communiction Security
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Security
SecuritySecurity
Security
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & Encryption
 
Security Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11iSecurity Analysis and Improvement for IEEE 802.11i
Security Analysis and Improvement for IEEE 802.11i
 
Cit877[1]
Cit877[1]Cit877[1]
Cit877[1]
 
IT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_ChannelsIT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_Channels
 
Chapter14 -- networking security
Chapter14 -- networking securityChapter14 -- networking security
Chapter14 -- networking security
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
 
Lect13 security
Lect13 securityLect13 security
Lect13 security
 
Ericas-Security-Plus-Study-Guide
Ericas-Security-Plus-Study-GuideEricas-Security-Plus-Study-Guide
Ericas-Security-Plus-Study-Guide
 
Network security
Network securityNetwork security
Network security
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Security
 
Security - ch5.ppt
Security - ch5.pptSecurity - ch5.ppt
Security - ch5.ppt
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
fundamental of network security
fundamental of network securityfundamental of network security
fundamental of network security
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
 
Ip security
Ip security Ip security
Ip security
 

More from AfiqEfendy Zaen

Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2
AfiqEfendy Zaen
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1
AfiqEfendy Zaen
 
10. short term financial planning
10. short term financial planning10. short term financial planning
10. short term financial planning
AfiqEfendy Zaen
 
9. cost of capital
9. cost of capital9. cost of capital
9. cost of capital
AfiqEfendy Zaen
 
8. stock valuation
8. stock valuation8. stock valuation
8. stock valuation
AfiqEfendy Zaen
 
4. time value of money
4. time value of money4. time value of money
4. time value of money
AfiqEfendy Zaen
 

More from AfiqEfendy Zaen (6)

Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1
 
10. short term financial planning
10. short term financial planning10. short term financial planning
10. short term financial planning
 
9. cost of capital
9. cost of capital9. cost of capital
9. cost of capital
 
8. stock valuation
8. stock valuation8. stock valuation
8. stock valuation
 
4. time value of money
4. time value of money4. time value of money
4. time value of money
 

Recently uploaded

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 

Recently uploaded (20)

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 

Network Security Chapter 7

  • 1. CHAPTER 7 SECURITY IN NETWORKS AND DISTRIBUTED SYSTEM
  • 2. INTRODUCTION  Network is two devices connected across some medium by hardware and software that complete the communications (simple definition of network). User (Client) Host Server Communication medium Simple View of Network
  • 3. Introduction  A network is normally not just single client to a single server; typically many clients interact with many servers. User (Client) Host Server User (Client) User (Client) User (Client) Host Server User (Client) User (Client) User (Client) System A System B
  • 4. Network Security Issues Network have security problems for the following reasons:  Sharing – resources and workload sharing  Complexity of system  Unknown parameter – expandability of a network also implies uncertainty about the network boundary  Many points of attack – file may past through many host before reaching the destination  Anonymity – attacker can mount an attack with touching the system  Unknown path – there may be many path from one host to another.
  • 5. Possible Network Security Threats  Wiretapping  Impersonation  Message confidence violations  Message integrity violations  Hacking  Denial of Service (DoS)
  • 6. Possible Network Security Threats Wiretapping  Wiretap means to intercept communications.  Passive / Active Wiretapping  Packet sniffer can retrieve all packets on the net.  “Inductance” is a process where an intruder can tap a wire without making physical contact with the cable.  Microwave and satellite – higher possibility of interception due to wider broadcasting.
  • 7. Possible Network Security Threats Wiretapping  Optical fiber offers two significant security advantages:  The entire optical network must be tuned carefully each time a new connection is made. Therefore, no one can tap an optical system without detection.  Optical fiber carries light energy, not electricity. Light does not emanate a magnetic field as electricity does. Therefore an inductive tap is impossible on an optical fiber cable.
  • 8. Possible Network Security Threats Wiretapping  However, optical fiber also has weaknesses where wiretappers will try to tap at the repeaters, splices and other equipments that connects to the fiber optic and thus creates vulnerabilities.
  • 9. Possible Network Security Threats Impersonation  Pretend to be someone (personnel) or something (process).  In an impersonation, the attacker has several choices:  Guess the identity and authentication details of the target  Pick up the identity and authentication details of the target from a previous communication  Circumvent or disable the authentication mechanism at the target computer  Use a target that will not be authenticated  Use a target whose authentication data is known
  • 10. Possible Network Security Threats Message Confidentiality Violations  Misdelivery  Exposure  Traffic Flow Analysis
  • 11. Possible Network Security Threats Message Integrity Violations  Falsification of Messages  Change the content of a message  Change any part of the content of a message  Replace a message entirely  Redirect a message  Destroy or delete the message  Noise – unintentional interference
  • 12. Possible Network Security Threats Hacking  A source of threat to security in computer communication.  Hacker is considered as a separate threat because a hacker can develop tools to search widely and quickly for particular weaknesses and move swiftly to exploit weaknesses.  In this way, hacker has unlimited time to analyze, plan, code, simulate and test for future attack.  In reviewing the effects of this attack ; if it succeeds, what additional capability would that give the hacker for future attacks?
  • 13. Possible Network Security Threats Denial of Service  Result of any action or series of actions that prevents any part of a telecommunications system from functioning.  Connectivity  Flooding  Routing problems  Disruption of Service
  • 14. Network Security Control  Encryption – link encryption, end-to-end encryption  Link Encryption:  Data is encrypted just before the system places it on the physical communication links.  Decryption occurs just as the communication enters the receiving computer.
  • 16. Network Security Control  End-to-end encryption:  Provides security from one end of a transmission through the other.
  • 17. Application Presentation Session Transport Network Data Link Physical Sender Message Intermediate Host Message Encrypted Message in Plaintext: Exposed Receiver End-to-End Encryption
  • 18. Network Security Control Link Encryption versus End-to-end Encryption: Link Encryption End-to-end Encryption Security Within Hosts Message exposed in the sending host Message expose in intermediate nodes Security Within Hosts Message encrypted in sending host Message encrypted in intermediate nodes Role of User Applied by sending host Invisible to user Host maintains encryption Can be done in hardware All or no messages encrypted Role of User Applied by sending process User applies encryption User must find algorithm Software implementation User chooses to encrypt or not, for each message
  • 19. Authentication Issues in Distributed System There are two main concern regarding authentication issue in distributed system which are: (1) How to ensure the authenticity of the communicating hosts? (2) How to ensure authenticity of users who are using the hosts?
  • 20. Authentication Issues in Distributed System That is by using:  Digital Distributed Authentication  DCE (Distributed Computer Environment)  Kerberos  SESAME  CORBA
  • 21. Authentication Issues in Distributed System Kerberos  Is a system that supports authentication in distributed systems.  Was designed at Massachusetts Institute of technology.  The basis of kerberos is a central server that provides authenticated tokens called tickets to requesting applications.
  • 22. Authentication Issues in Distributed System KERBEROS Initiating a Kerberos Session:
  • 23. Authentication Issues in Distributed System KERBEROS Obtaining a Ticket to Access a File:
  • 24. KERBEROS: Access to Services and Servers in Kerberos
  • 25. Authentication Issues in Distributed System Kerberos was carefully designed to withstand attacks in distributed environments:  No password communicated on the network  Cryptographic protection against spoofing  Limited period of validity  Time stamps to prevent replay attacks  Mutual authentication
  • 26. Authentication Issues in Distributed System  Kerberos is not a perfect answer to security problems in distributed systems because:  Kerberos requires continuous availability of a trusted ticket granting server.  Authenticity of servers requires a trusted relationship between the ticket granting server and every server  Kerberos requires timely transactions  A subverted workstation can save and later replay user passwords
  • 27. Authentication Issues in Distributed System  Kerberos is not a perfect answer to security problems in distributed systems because:  Password guessing works  Kerberos does not scale well  Kerberos is not a complete solution
  • 28. Privacy Enhanced Electronic Mail (PEM)  The basis of PEM is encryption.  In order to send a PEM message the sender must have a certificate for the receiver.
  • 29. Message header + Body Message Encryption key Receiver’s public key New header Encrypted data Encrypted key Encrypted Message Header + Body Public key encryption Symmetric key encryption
  • 30.
  • 31. Compose message PEM processing requested ? PEM Send message Receive message Privacy enhanced ? PEM View message Yes No Yes No PEM processing in Message Transmission
  • 32. Privacy Enhanced Electronic Mail (PEM)  The major problem with PEM is key management.  Therefore PGP was designed to overcome this problem.
  • 33. Pretty Good Privacy (PGP)  Was designed by Phil Zimmerman to offer a reasonable degree of privacy for email.  It uses a message structuring scheme similar to PEM.  The key management for PGP is ad hoc.  Each user has a set of people he or she knows and trusts.  The user exchanges public keys with those friends, exactly as one might swap business card at meeting.  Some people accept not just the friends’ public key but also all public keys their friends have.
  • 34. Pretty Good privacy (PGP)  The assumption here is that any friend of yours is a friend of mine.  A PGP user builds a key ring which is the set of all public keys that person possesses.  In that way, when an encrypted messages arrives, the person can decrypt it if the key is on that person’s key ring.
  • 35. Firewalls  A firewall is a process that filters all traffic between a protected or “inside” network and a less trustworthy or “outside” network.  There are three types of firewall:  Screening Routers  Proxy gateways  Guards
  • 36. Firewalls Screening Router  Is the simplest and in some situations the most effective type of firewall.  Hosts tend not to be connected directly to a wide area network; more often hosts are connected to a router.
  • 38.
  • 39. Firewalls Screening Router  Router will only see the header of the message.  Header will contain information on:  The sender/receiver address  Protocol  Port  Length of a packet  It can also control the traffic based on application – by using port numbers (eg: 21 for FTP and 25 for SMTP)  It can also decide which application is acceptable and not acceptable.  It can also determine the authentication of an inside address.
  • 40.
  • 41. Firewalls Proxy Gateway  Is also called a bastion host.  Is a firewall that simulates the (proper) effects of an application so that the application will receive only requests to act properly.
  • 42. Firewalls Proxy Gateway  To understand the real purpose of a proxy gateway, we consider some examples:  A company wants to set up an online lists so that outsiders can see the products and prices offered. It wants to be sure that no outsider can change the prices or product list and that outsiders can access only the price list not any of the more sensitive files stored inside.
  • 43.
  • 44. Firewalls Guard  A guard is a sophisticated proxy firewall.  The guard decides what services to perform on the user’s behalf based on its available knowledge such as whether it can reliably know of the (outside) user’s identity, previous interactions and so forth.
  • 45. Firewalls Guard  Here are some more sophisticated examples of guard activities:  A university wants to allow its students to use email up to a limit of so many messages or so many characters of email in the last so many days. Although this result could be achieved by modifying email handlers it is more easily done by monitoring the common point through which all email flows (the mail transfer protocol).  A school wants its students to be able to access the WWW but because of the slow speed of its connection to the Web it will allow only so many characters per download image.
  • 46. Firewalls Firewalls are not complete solutions to all computer security problems.  Firewalls can protect an environment only if the firewalls control the entire perimeter.  Firewall do not protect data outside the perimeter.  Firewall are the most visible part of an installation to the outside and therefore is the most attractive point of attack.  Firewalls are targets of penetrators.  Firewalls must be correctly configured.  Firewalls exercise only minor control over the content admitted to the inside – inaccurate data or malicious code must be controlled inside the perimeter.