network security-intro
TRANSCRIPT
-
8/9/2019 Network security-intro
1/27
-
8/9/2019 Network security-intro
2/27
M Pradeep kumar & D Kiran
B.Tech 2 nd year
CSE branch
Gnayana saraswati college of eng. & tech.
Nizamabad
-
8/9/2019 Network security-intro
3/27
Network security and Cryptography are the terms involvein the securing of data online.
Cryptography is art of encompassing the principles andmethods of transforming an intelligible message tounintelligible one and then retransforming that message
back to original form.
A s internet is the worlds largest network of networks,whenever the data is transmitting from one user to other user, the techniques of network security are used to
prevent it from unauthorized access.
-
8/9/2019 Network security-intro
4/27
some specific security aspects includes.
1. Security attacks
2. Security mechanism
3. Security services
-
8/9/2019 Network security-intro
5/27
-
8/9/2019 Network security-intro
6/27
Source Destination
INTERCE P TION
-
8/9/2019 Network security-intro
7/27
Source Destination
INTERRU P TIONSource Destination
MODIFIC A TION
Source Destination
F AB RIC A TION
-
8/9/2019 Network security-intro
8/27
designed to detect, prevent or recover from a securityattack
no single mechanism that will support all services requiredcryptographic techniques underlies many of the security
mechanisms in use.
specific security mechanisms includes encipherment,digital signatures, access controls, data integrity
pervasive security mechanisms includes, event detection,security audit trails, security recovery
-
8/9/2019 Network security-intro
9/27
X .800 and RF C 2828 are the major security services .
X .800 ensures adequate security of the systems or of
data transfersIt is defined in 6 ways :
1. Confidentiality
2. A vailability
3. Integrity
4. Non-repudiation
5. A ccess control
6. A uthentication
RF C 2828 provides a specific kind of protection to system resources .
-
8/9/2019 Network security-intro
10/27
1. A pplication backdoors
2. SMTP session hijacking
3. Operating system bugs
4. Denial of service
5. E-mail bombs
6. Macros
7. Viruses
8. Spam
9. R edirect bombs
-
8/9/2019 Network security-intro
11/27
VirtualPrivateNetwork(VPN)
F irewalls
IPSec
AAA server
-
8/9/2019 Network security-intro
12/27
Step 1. The remote user dials into their local ISP and logs into the ISPsnetwork as usual
Step 2. - When connectivity to the corporate network is desired, the user
initiates a tunnel request to the destination Security server on the corporatenetwork. The security server authenticates the user and creates the other end of tunnel
Step 3. - The user then sends data through the tunnel which encrypted bythe VPN software before being sent over the ISP connection
Step 4. - The destination Security server receives the encrypted data anddecrypts. The Security server then forwards the decrypted data packetsonto the corporate network. A ny information sent back to the R emote user is also encrypted before being sent over the Internet.
-
8/9/2019 Network security-intro
13/27
provides a strong barrier between your privatenetwork and the Internet
Types of firewalls :
1. A pplication Gateways
2. Packet filtering
3. Hybrid systems
-
8/9/2019 Network security-intro
14/27
Internet Protocol Security Protocol (IPSec) provides enhancedsecurity features such as better encryption algorithms andmore comprehensive authentication
IPSec can encrypt data between various devices , such as :
R outer to router
F irewall to router
PC to router
PC to server
-
8/9/2019 Network security-intro
15/27
AAA (authentication , authorization and accounting) serversare used for more secure access in a remote-access VPNenvironment
When a request to establish a session comes in from a dial upclient it checks the following :
Who you are (authentication)
What you are allowed to do (authorization)
What you actually do (accounting)
-
8/9/2019 Network security-intro
16/27
Model for Network Security
-
8/9/2019 Network security-intro
17/27
Model for Network Security
using this model requires us to:1 . design a suitable algorithm for the security
transformation2 . generate the secret information (keys) used by
the algorithm3 . develop methods to distribute and share the
secret information
4 . specify a protocol enabling the principals to usethe transformation and secret information for asecurity service
-
8/9/2019 Network security-intro
18/27
Model for Network A ccess Security
-
8/9/2019 Network security-intro
19/27
Model for Network A ccess Security
using this model requires us to:1 . select appropriate gatekeeper functions to
identify users2 . implement security controls to ensure only
authorised users access designated informationor resources
trusted computer systems may be useful to
help implement this model
-
8/9/2019 Network security-intro
20/27
derived from Greek and means secret writing.
The study of enciphering and encoding (on the
sending end), and decoding (on the receiving end )iscalled cryptography
necessary when communicating over any untrusted
medium, which includes just about any network, particularly the internet
-
8/9/2019 Network security-intro
21/27
There are three types of cryptographic algorithms:
Secret Key Cryptography
Public Key Cryptography
Hash A lgorithms
-
8/9/2019 Network security-intro
22/27
- involves the use of single key
- as a single key is used for encoding & decoding,it is also called symmetric encryption
-
8/9/2019 Network security-intro
23/27
-
8/9/2019 Network security-intro
24/27
- also known as message digests or one-way transformations
- following things can be done using hash algorithms :
Message Integrity
Password Hashing
Message fingerprint
Digital Signatures
-
8/9/2019 Network security-intro
25/27
-
8/9/2019 Network security-intro
26/27
Cryptography is a particularly interesting field because of theamount of work that is, by necessity, done in secret.
The irony is that today, secrecy is not the key to the goodness of a
cryptographic algorithm.In fact, time is the only true test of good cryptography
any cryptographic scheme that stays in use year after year is mostlikely a good one
Cryptography is evergreen and developments in this area are a better option.
. It's important to build systems and networks in such a way that
the user is not constantly reminded of the security system around
-
8/9/2019 Network security-intro
27/27