Network Security - PowerPoint PPT Presentation

1 / 44
About This Presentation
Title:

Network Security

Description:

Many of the tools used to produce this type of attack are readily available on the Internet ... Other Malware. Other types of malware are: Logic bombs. Spyware ... – PowerPoint PPT presentation

Number of Views:59
Avg rating:3.0/5.0
Slides: 45
Provided by: benjamin57
Category:

less

Transcript and Presenter's Notes

Title: Network Security


1
Chapter 10
  • Network Security

2
Topics
  • Principles of Security
  • Threats
  • Encryption and Decryption
  • Firewalls
  • IP Security (IPSec)
  • Web Security
  • E-mail Security
  • Best Internet Security Practices

3
Principles of Security
  • Network Security includes
  • All aspects of operating systems
  • Software packages
  • Hardware
  • Networking configurations
  • Network sharing connectivity
  • Physical security is also linked to IT security

4
Security is a Mindset
  • Security is mindset, not simply a policy or a
    plan
  • Employees to be trained to become security aware
  • A network is only as strong as its weakest link,
    which is usually a human being

5
Threats
  • Humans pose probably the greatest threat to a
    network because their behavior cannot be
    controlled
  • Networks cannot be made completely threat-proof
  • Establishing a security policy is the first step

6
Backdoor
  • A program that bypasses system security measures
  • Programmers add back doors for debugging to
    change code during test deployments of software
  • A back door can also be installed through
    applications that are hidden inside of games or
    software such as screen savers
  • Another type of back door comes in the form of a
    privileged user account

7
Brute Force
  • Involves systematically trying every conceivable
    combination until a password is found, or until
    all possible combinations have been exhausted
  • Brute force is pure guessing
  • Password complexity plays an important role when
    dealing with brute force programs
  • The more complex the password, the longer it
    takes to crack

8
Buffer Overflows
  • Buffer overflows are probably the most common way
    to cause disruption of service and lost data
  • More data is sent to a computers memory buffer
    than it is able to handle causing it to overflow
  • The system is left in a vulnerable state so
    arbitrary code can be executed

9
Denial of Service
  • DoS attacks disrupt the resources or services
    that users expect to have access to
  • are executed by manipulating protocols and can
    happen without being validated by the network
  • Many of the tools used to produce this type of
    attack are readily available on the Internet

10
Man-in-the-Middle
  • takes place when an attacker intercepts traffic
    and then tricks the parties at both ends into
    believing that they are communicating with each
    other
  • The attacker can also choose to alter the data or
    merely eavesdrop and pass it along
  • This attack is common in Telnet and wireless
    technologies

11
Session Hijacking
  • An attack that takes control of a session between
    the server and a client
  • A hijacker waits until the authentication cycle
    is completed and then generates a signal to the
    client
  • This causes the client to think it has been
    disconnected
  • Then the hijacker begins to transact data
    traffic, pretending to be the original client

12
Spoofing
  • Spoofing is making data appear to come from
    somewhere other than where it really originated
  • This is accomplished by modifying the source
    address of traffic or source of information
  • Spoofing bypasses IP address filters by using an
    IP address that is allowed through the filter

13
Social Engineering
  • Attacker preys upon gullible individuals by
    pretending to be an insider
  • By doing so the attacker obtains authentication
    information and cracks into a system
  • Dumpster diving is a form of Social Engineering

14
Software Exploitation
  • A method of searching for specific problems,
    weaknesses, or security holes in software code
  • Improperly programmed software can be exploited
  • It takes advantage of a programs flawed code

15
Viruses
  • Piece of code that is loaded without user
    knowledge
  • Designed to attach itself to other code and
    replicate
  • It replicates when an infected file is executed
    or launched
  • It attaches to other files, adding its code to
    the applications code and continues to spread

16
Trojan Horses
  • Programs disguised as useful applications
  • Trojan horses do not replicate themselves like
    viruses
  • Code hidden inside the application attack system
    directly or allow the system to be compromised by
    the codes originator
  • ability to spread is dependent on the popularity
    of the software and a users willingness to
    download and install the software

17
Worms
  • Worms are similar in function and behavior to a
    virus, Trojan horse, or logic bomb
  • Worms are self-replicating
  • A worm is built to take advantage of a security
    hole in an existing application or operating
    system, find other systems running the same
    software, and automatically replicate itself to
    the new host
  • The process repeats with no user intervention

18
Other Malware
  • Other types of malware are
  • Logic bombs
  • Spyware
  • Sniffers
  • Keystroke loggers
  • some of these have useful purposes

19
Encryption and Decryption
  • Cryptography - the use of these systems is
    protect data by encoding and decoding it
  • Cryptography protects information so that it can
    be read only by authorized systems or individuals
  • Disguising of the data is called encryption

20
Encryption and Decryption
  • Encrypted data requires a key to decipher it
  • Decryption is the reverse of encryption
  • Decryption deciphers encrypted data into plain
    text that can easily be read

21
Encryption and Decryption
  • The two basic types of encryption
  • substitution
  • transposition
  • one letter is replaced with another using a rule
  • This is called a cipher

22
Encryption and Decryption
  • A substitution cipher keeps the order but changes
    the characters
  • a transposition cipher changes (or permutes) the
    order of original characters

23
DES
  • The Data Encryption Standard (DES) uses a
    mathematical algorithm in the encrypting and
    decrypting of binary information
  • DES consists of an algorithm and a key
  • It is a block cipher using a 56-bit key on each
    64-bit chunk of data
  • In a block cipher, the message is divided into
    blocks of bits

24
RSA
  • Rivest-Shamir-Adleman (RSA) is an algorithm that
    uses encryption and a digital signature
    authentication system
  • This encryption system is currently owned by RSA
    Security
  • The RSA key may be of any length, and involves
    the multiplying two large prime numbers

25
Public Key
  • uses public and private keys to encrypt and
    decrypt data
  • The public key is readily available whereas the
    private key is kept confidential
  • There are two major types of algorithms used
    today
  • symmetric, which has one key that is private at
    all times
  • asymmetric, which has two keys a public one and
    a private one

26
Other Algorithms
  • Besides RSA, some of the more popular asymmetric
    encryption algorithms are
  • Diffie-Hellman Key Exchange
  • El Gamal Encryption Algorithm
  • Elliptic Curve Cryptography (ECC)
  • Public-key encryption is very useful for
    unsecured networks where data is vulnerable to
    interception and abuse

27
PKI
  • Public Key Infrastructure (PKI) provides strong
    authentication and privacy for the Internet
  • Public-key cryptographic techniques and
    encryption algorithms provide authentication and
    ensure that only the intended recipients have
    access to data
  • PKI is comprised of several standards and
    protocols that are necessary for interoperability
    among different security products

28
Certificates
  • PKI consists of digital certificates and the
    certificate authorities (CAs) that issue the
    certificates
  • Certificates identify sources that have been
    verified as authentic and trustworthy
  • The CAs job is to verify the holder of a digital
    certificate and ensure that the holder of the
    certificate is who they claim to be

29
Non-repudiation
  • Digital signatures are used to authenticate the
    identity of the sender, as well as ensure that
    the original content sent has not been changed
  • Non-repudiation is intended to provide a method
    for verifying the origin of data
  • Non-repudiation is unique to asymmetric systems
    because private keys are not shared

30
VPN
  • A virtual private network (VPN) is a network
    connection that allows you secure access through
    a publicly accessible infrastructure
  • VPN technology is based on tunneling
  • Tunneling encapsulates packets carried by a
    public network

31
Tunneling Protocols
  • the encapsulating protocol may be
  • IP Security (IPSec)
  • Point-to-Point Tunneling Protocol (PPTP)
  • Layer Two Tunneling Protocol (L2TP)
  • Layer 2 Forwarding (L2F)
  • Tunneling is not a substitute for encryption

32
Firewalls
  • A firewall is a component placed between
    computers and networks to help eliminate
    undesired access by the outside world
  • It can be comprised of
  • hardware
  • software
  • a combination of both

33
Firewalls Types
  • There are four broad categories that firewalls
    fall into
  • packet filters
  • circuit level gateways
  • application level gateways
  • stateful inspection
  • These four categories can be grouped into two
    general categories Packet filters and Proxies

34
Packet-Filters
  • A packet-filtering firewall is typically a router
  • Packets can be filtered based on IP addresses,
    ports, or protocols
  • They operate at the Network layer (Layer 3) of
    the Open System Interconnection (OSI) model
  • Packet filtering is based on the information
    contained in the packet header

35
Proxies
  • Proxies act on behalf of a private network host
    when it uses the Internet
  • Proxies hide internal addresses from the outside
    world and dont allow the computers on the
    private network to directly access the Internet

36
IP Security (IPSec)
  • IPSec is a set of protocols developed by the IETF
    that operates at the Transport Layer to support
    the secure exchange of packets
  • The IPSec protocol suite adds an additional
    security layer in the TCP/IP stack

37
IP Security (IPSec)
  • The IPSec protocols
  • Authenticated Header (AH)
  • Encapsulated Secure Payload (ESP)
  • Internet Key Exchange (IKE)
  • AH provides integrity, authentication, and
    anti-replay capabilities
  • ESP provides all that AH provides, plus data
    confidentiality

38
Web Security
  • A Web server is used to host Web-based
    applications and sites
  • The best way to ensure that only necessary
    services are running is to do a clean install
  • Web servers contain large, complex programs that
    may have some security holes
  • Many protocols contain common vulnerabilities
    that may be manipulated to allow unauthorized
    access

39
E-mail Security
  • E-mail has become the preferred method of
    communication
  • The public transfer of sensitive information
    exposes it to interception and delivery to
    undesired recipients
  • Unsolicited e-mail may contain attachments with
    viruses, trojan horses or worms

40
PGP
  • Pretty Good Privacy (PGP) is an application
    integrated into popular e-mail packages
  • PGP enables you to securely exchange messages,
    secure files, disk volumes and network
    connections with both privacy and strong
    authentication
  • PGP can also be used for applying a digital
    signature without encrypting the message

41
PEM
  • Privacy-Enhanced Mail (PEM) was one of the first
    standards for securing e-mail messages by
    encrypting 7-bit text messages
  • PEM may be employed with either symmetric or
    asymmetric cryptographic key mechanisms
  • It works at the application layer, using a
    hierarchical authentication framework compatible
    with X.509 standards

42
Best Internet Security Practices
  • Here are some best practices for being able to
    detect network attacks
  • Assume everyday that a new vulnerability has
    surfaced overnight
  • Check the firewall and server log files daily
  • Keep a list of all the security products used and
    check vendor Web sites for updates on a daily
    basis

43
More Best Practices
  • Know network infrastructure
  • Ask questions and look for answers
  • Set good password policies
  • Install virus software and update the files on a
    regular basis

44
Web sites
  • Listed below are some Web sites that offer good
    information on best practices
  • http//csrc.nist.gov/fasp/
  • http//www.cert.org/security-improvement/
  • http//www.sans.org/rr/
  • http//www.securityfocus.com
Write a Comment
User Comments (0)
About PowerShow.com