Chapter 13 - PowerPoint PPT Presentation

1 / 35
About This Presentation
Title:

Chapter 13

Description:

... on the information found in the protocol headers used to construct the packets ... AH adds an extra header, right after the IP ... The AH header contains ... – PowerPoint PPT presentation

Number of Views:12
Avg rating:3.0/5.0
Slides: 36
Provided by: facul3
Learn more at: https://faculty.mdc.edu
Category:
Tags: chapter | construct | run | up

less

Transcript and Presenter's Notes

Title: Chapter 13


1
Chapter 13 Network Security
  • Password Protection
  • Security Models
  • Firewalls
  • Security Protocols

2
Using Passwords
  • Passwords are the most common method of securing
    network resources.
  • Passwords can be an effective security mechanism,
    or they can be useless, depending on how they are
    used.
  • The strength of any password protection is based
    on the password policies that administrators set.

3
Using Passwords
  • Most operating systems include tools that allow
    administrators to impose password policies on
    users, such as
  • Password length restrictions
  • Password change intervals
  • Password policies are typically available in
    network operating systems that use a directory
    service to authenticate users and grant them
    access to network resources.

4
Controlling User Account Password Settings
5
Using the Windows 2000 Group Policy Interface
6
Setting a Minimum Password Length
7
Setting a Password Change Interval
8
Enforcing Password Complexity
9
Setting Account Lockout Policies
10
Security Models/Security Levels
  • Client/Server Networks
  • Peer-to-peer Networks
  • User-Level Security
  • Share Level Security

11
Client/Server Networks
  • User accounts are stored in a central location.
  • A user logs on to the network from a computer
    that transmits the user name and password to a
    server, which either grants or denies access to
    the network.

12
Client/Server Networks
  • Account information can be stored in a
    centralized directory service or on individual
    servers.
  • A directory service, such as the Microsoft
    Windows 2000 Active Directory service or Novell
    Directory Services (NDS), provides authentication
    services for an entire network.

13
Peer-to-Peer Networks
  • Each computer maintains its own security
    information and performs its own authentications.
  • Computers on this type of network can function as
    both clients and servers.

14
Peer-to-Peer Networks
  • When a computer functioning as a client attempts
    to use resources (called shares) on another
    computer that is functioning as a server, the
    server itself authenticates the client before
    granting it access.

15
Peer-to-Peer User-Level Security
  • When users log on to their computers, they are
    authenticated against an account on that system.
  • If several people use the same computer, each
    must have a separate user account.
  • When users elsewhere on the network attempt to
    access server resources on that computer, they
    are also authenticated against the accounts on
    the computer that hosts the resources.
  • The user-level, peer-to-peer security model is
    suitable only for relatively small networks.
  • If users want to change their account passwords,
    they must change them on every computer on which
    they have an account.

16
Client/Server User-Level Security
  • Administrators create user accounts in a
    directory service, such as Active Directory in
    Windows 2000 or a Microsoft Windows NT domain.
  • When users log on to their computers, the
    directory service authenticates them.
  • When you want to allow other network users to
    gain access to resources on your computer, you
    select their user accounts from a list provided
    by the domain controller.
  • With all accounts stored in a centralized
    directory service, administrators and users can
    make changes more easily.

17
Peer-to-Peer Share Level Security
  • Microsoft Windows Me, Microsoft Windows 98, and
    Microsoft Windows 95 cannot maintain their own
    user accounts.
  • In peer-to-peer mode, Windows Me, Windows 98, and
    Windows 95 operate by using share-level security.
  • In share-level security, users assign passwords
    to the individual shares they create on their
    computers.
  • When network users want to access a share on
    another computer, they must supply the
    appropriate password.
  • The share passwords are stored on the individual
    computers.
  • When sharing drives, users can specify two
    different passwords to provide both read-only
    access and full control of the share.
  • Share-level security is not as flexible as
    user-level security and does not provide as much
    protection.

18
Setting Share-Level Passwords
19
What Is a Firewall?
  • A firewall is a hardware or software product
    designed to protect a network from unauthorized
    access.
  • A network connected to the Internet must have a
    firewall to protect it from Internet intruders.
  • A firewall is a barrier between two networks that
    evaluates all incoming or outgoing traffic to
    determine whether it should be permitted to pass
    to the other network.
  • Some firewalls are dedicated routers with
    additional software that monitors incoming and
    outgoing traffic.
  • Some firewalls are software products that run on
    a standard computer.

20
Packet Filtering
  • The most basic type of firewall
  • Functions
  • Examines arriving packets
  • Decides whether to allow the packets to gain
    access to the network, based on the information
    found in the protocol headers used to construct
    the packets

21
Packet Filter Types
  • Hardware addresses. Filter packets based on
    hardware addresses, enabling only certain
    computers to transmit data to the network
  • IP addresses. Permit only traffic destined to or
    originating from specific addresses to pass
    through to the network

22
Packet Filter Types
  • Protocol identifiers. Filter packets based on the
    protocol that generated the information carried
    within an Internet Protocol (IP) datagram
  • Port numbers. Filter packets based on the source
    or destination port number specified in a
    packets transport layer protocol header

23
NAT
  • NAT stands for network address translation.
  • NAT is a network layer technique that protects
    the computers on your network from Internet
    intruders by masking their IP addresses.
  • NAT allows you to assign unregistered IP
    addresses to your computers.

24
NAT
  • The router that provides Internet access can use
    NAT.
  • The NAT router functions as an intermediary
    between the private network and the Internet.
  • NAT is implemented in numerous firewall products,
    ranging from high-end routers used on large
    corporate networks to inexpensive Internet
    connection-sharing solutions.

25
Proxy Servers
  • Proxy servers are similar to NAT routers, except
    that they function at the application layer of
    the Open Systems Interconnection (OSI) reference
    model.
  • A proxy server acts as an intermediary between
    the clients on a private network and the Internet
    resources they want to access.
  • Clients send their requests to the proxy server,
    which sends a duplicate request to the desired
    Internet server.
  • The Internet server replies to the proxy server,
    which relays the response to the client.

26
Proxy Servers
  • Proxy servers can cache the information they
    receive from the Internet.
  • Administrators can configure proxy servers to
    filter the traffic they receive, blocking users
    on the private network from accessing certain
    services.
  • The main problem with proxy servers is that you
    sometimes must configure applications to use
    them.

27
Configuring a Proxy Server Client
28
Security Protocols
  • IPSec Internet Protocol Security, Protects data
    transmitted over the LAN
  • IP AH IP Authentication Header
  • IP ESP IP Encapsulating Security Payload
  • L2TP Layer 2 Tunneling Protocol
  • SSL Secure Socket Layer

29
IPSec
  • IPSec stands for Internet Protocol Security.
  • IPSec is a series of draft standards published by
    the Internet Engineering Task Force (IETF).
  • IPSec defines a methodology that uses
    authentication and encryption to secure the data
    transmitted over a local area network (LAN).
  • IPSec consists of two separate protocols that
    provide different levels of security protection
    IP Authentication Header (AH) and IP
    Encapsulating Security Payload (ESP).
  • Using the two protocols together provides the
    best possible security IPSec can offer.

30
IP AH Protocol
  • AH provides authentication and guaranteed
    integrity of IP datagrams.
  • AH adds an extra header, right after the IP
    header, to the datagrams generated by the
    transmitting computer.
  • When you use AH, the Protocol field in the IP
    header identifies the AH protocol, instead of the
    transport layer protocol contained in the
    datagram.
  • The AH header contains
  • A sequence number that prevents unauthorized
    computers from replying to a message
  • An integrity check value (ICV) that the receiving
    computer uses to verify that incoming packets
    have not been altered

31
IP ESP Protocol
  • Provides datagram encryption
  • Encapsulates the transport layer data in each
    datagram by using its own header and trailer
  • Encrypts all of the data following the ESP header
  • Also contains a sequence number and an ICV

32
L2TP
  • L2TP stands for Layer 2 Tunneling Protocol.
  • L2TP is derived from the Cisco Systems Layer 2
    Forwarding protocol and the Microsoft
    Point-to-Point Tunneling Protocol (PPTP).
  • IPSec can operate in tunnel mode independently or
    with L2TP.
  • L2TP creates a tunnel by encapsulating
    Point-to-Point Protocol (PPP) frames inside User
    Datagram Protocol (UDP) packets.

33
SSL
  • SSL stands for Secure Sockets Layer.
  • SSL is a special-purpose security protocol that
    is designed to protect the data transmitted
    between Web servers and their client browsers.
  • Virtually all of the Web servers and browsers
    available today support SSL.
  • For example, when you access a secured site on
    the Internet to purchase a product with a credit
    card, your browser is probably using SSL to
    communicate with the server.
  • Like IPSec, SSL provides authentication and
    encryption services.

34
Kerberos
  • Kerberos is an authentication protocol typically
    used by directory services, such as Active
    Directory, to provide users with a single network
    logon capability.
  • Kerberos was developed at the MIT and is now
    standardized by the IETF.
  • When a server running Kerberos (called an
    authentication server) authenticates a client,
    the server grants that client the credentials
    needed to access resources anywhere on the
    network.
  • Windows 2000 and other operating systems rely
    heavily on Kerberos to secure their client/server
    network exchanges.

35
Chapter Summary
  • Password policies ensure that users choose
    effective passwords.
  • User-level security requires a separate account
    for each user.
  • In share-level security, all users access shares
    by using the same passwords.
  • A firewall is a hardware or software product that
    protects a network from unauthorized access,
    using techniques such as packet filtering, NAT,
    or proxy servers.
  • Applications and operating systems use security
    protocols, such as IPSec, L2TP, SSL, and
    Kerberos, to protect their data as it is
    transmitted over the network.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Chapter 13 " is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!