Chapter 37 Network Security
-
Upload
britanni-allison -
Category
Documents
-
view
25 -
download
0
description
Transcript of Chapter 37 Network Security
![Page 1: Chapter 37 Network Security](https://reader036.fdocuments.us/reader036/viewer/2022081806/56812cf2550346895d91c01d/html5/thumbnails/1.jpg)
Chapter 37 Network SecurityChapter 37 Network Security
![Page 2: Chapter 37 Network Security](https://reader036.fdocuments.us/reader036/viewer/2022081806/56812cf2550346895d91c01d/html5/thumbnails/2.jpg)
Aspects of Security Aspects of Security
data integrity– data received should be same as data sent
data availability– data should be accessible when there is a legitimate need.
data confidentiality and privacy– data should be protected from unauthorized users– implemented via username/password mechanism,but data
traversing network is still susceptible to eavesdropping
![Page 3: Chapter 37 Network Security](https://reader036.fdocuments.us/reader036/viewer/2022081806/56812cf2550346895d91c01d/html5/thumbnails/3.jpg)
EncryptionEncryption
Encrypted message = encrypt (Key, Message)Message = decrypt(Key, Encrypted message) = decrypt(Key, encrypt(Key,
Message))
![Page 4: Chapter 37 Network Security](https://reader036.fdocuments.us/reader036/viewer/2022081806/56812cf2550346895d91c01d/html5/thumbnails/4.jpg)
Symmetric Key EncryptionSymmetric Key Encryption
Same key used for encrypting and decrypting message
Key known only by sender and receiverEg. DES, RC4
![Page 5: Chapter 37 Network Security](https://reader036.fdocuments.us/reader036/viewer/2022081806/56812cf2550346895d91c01d/html5/thumbnails/5.jpg)
Public Key Encryption Public Key Encryption
Aka Asymmetric encryption uses a pair of keys
– a private key known only to a user– a public key that is published along with name of user.
message encrypted with private key can only be decrypted with public key and visa versa.
Used by SSL protocol to send symmetric key M = decrypt (public key, encrypt(private key, Message))
– good for guarantee authenticity of sender M = decrypt (private key, encrypt(public key, Message))
– good for guarantee privacy of message
![Page 6: Chapter 37 Network Security](https://reader036.fdocuments.us/reader036/viewer/2022081806/56812cf2550346895d91c01d/html5/thumbnails/6.jpg)
Authenticity and Authenticity and Confidentiality of messageConfidentiality of message
two levels of encryption is used to guarantee that a message is both authentic and private
double encrypted message
= encrypt( public key receiver, encrypt (private key sender, Message))
Message = decrypt (public key sender, decrypt(private key receiver, double encrypted message))
![Page 7: Chapter 37 Network Security](https://reader036.fdocuments.us/reader036/viewer/2022081806/56812cf2550346895d91c01d/html5/thumbnails/7.jpg)
Digital CertificatesDigital Certificates
Electronic document used to identify an individual, a server, or a company associated with a public key
Analogous to driver’s license or passportDigital certificates are issued by Certificate
Authority
![Page 8: Chapter 37 Network Security](https://reader036.fdocuments.us/reader036/viewer/2022081806/56812cf2550346895d91c01d/html5/thumbnails/8.jpg)
Digital SignatureDigital Signature
Used to sign an electronic document A one-way hash (media digest) of electronic
document is encrypted using sender’s private key. Recipient can verify that document has not been
tampered by using sender’s public key to recover the media digest and verifying that this value is the same as the one-way hash value calculated.
![Page 9: Chapter 37 Network Security](https://reader036.fdocuments.us/reader036/viewer/2022081806/56812cf2550346895d91c01d/html5/thumbnails/9.jpg)
Packet Filters Packet Filters
Implement via Internet firewalls or routers used to prevent certain packets from passing
through operates by examining fields in the header of each
packet network manager specifies boolean combination
of various filter parameters such as source and destination IP address, or specific protocol service such FTP or HTTP
![Page 10: Chapter 37 Network Security](https://reader036.fdocuments.us/reader036/viewer/2022081806/56812cf2550346895d91c01d/html5/thumbnails/10.jpg)
Virtual Private NetworksVirtual Private Networks
Using pubic network to create “private” network(fig 37.4)
minimizes network connection costs VPN using routers (fig 37.5)IPsecPPTP
![Page 11: Chapter 37 Network Security](https://reader036.fdocuments.us/reader036/viewer/2022081806/56812cf2550346895d91c01d/html5/thumbnails/11.jpg)
Network Attacks Network Attacks
denial of service – Deprives network bandwidth or server resource– eg. ping flooding via running multiple “ping –s
destIPaddress 12000&”– Exploits vulnerability in operating system or
application software– Eg. Viruses and worms, buffer overflow
![Page 12: Chapter 37 Network Security](https://reader036.fdocuments.us/reader036/viewer/2022081806/56812cf2550346895d91c01d/html5/thumbnails/12.jpg)
Good Security PracticesGood Security Practices
http://www.itc.virginia.edu/pubs/docs/Respcomp/videos