Network security-intro

8/9/2019 Network security-intro

1/27


2/27

M Pradeep kumar & D Kiran

B.Tech 2 nd year

CSE branch

Gnayana saraswati college of eng. & tech.

Nizamabad


3/27

Network security and Cryptography are the terms involvein the securing of data online.

Cryptography is art of encompassing the principles andmethods of transforming an intelligible message tounintelligible one and then retransforming that message

back to original form.

A s internet is the worlds largest network of networks,whenever the data is transmitting from one user to other user, the techniques of network security are used to

prevent it from unauthorized access.


4/27

some specific security aspects includes.

1. Security attacks

2. Security mechanism

3. Security services


5/27


6/27

Source Destination

INTERCE P TION


7/27

Source Destination

INTERRU P TIONSource Destination

MODIFIC A TION

Source Destination

F AB RIC A TION


8/27

designed to detect, prevent or recover from a securityattack

no single mechanism that will support all services requiredcryptographic techniques underlies many of the security

mechanisms in use.

specific security mechanisms includes encipherment,digital signatures, access controls, data integrity

pervasive security mechanisms includes, event detection,security audit trails, security recovery


9/27

X .800 and RF C 2828 are the major security services .

X .800 ensures adequate security of the systems or of

data transfersIt is defined in 6 ways :

1. Confidentiality

2. A vailability

3. Integrity

4. Non-repudiation

5. A ccess control

6. A uthentication

RF C 2828 provides a specific kind of protection to system resources .


10/27

1. A pplication backdoors

2. SMTP session hijacking

3. Operating system bugs

4. Denial of service

5. E-mail bombs

6. Macros

7. Viruses

8. Spam

9. R edirect bombs


11/27

VirtualPrivateNetwork(VPN)

F irewalls

IPSec

AAA server


12/27

Step 1. The remote user dials into their local ISP and logs into the ISPsnetwork as usual

Step 2. - When connectivity to the corporate network is desired, the user

initiates a tunnel request to the destination Security server on the corporatenetwork. The security server authenticates the user and creates the other end of tunnel

Step 3. - The user then sends data through the tunnel which encrypted bythe VPN software before being sent over the ISP connection

Step 4. - The destination Security server receives the encrypted data anddecrypts. The Security server then forwards the decrypted data packetsonto the corporate network. A ny information sent back to the R emote user is also encrypted before being sent over the Internet.


13/27

provides a strong barrier between your privatenetwork and the Internet

Types of firewalls :

1. A pplication Gateways

2. Packet filtering

3. Hybrid systems


14/27

Internet Protocol Security Protocol (IPSec) provides enhancedsecurity features such as better encryption algorithms andmore comprehensive authentication

IPSec can encrypt data between various devices , such as :

R outer to router

F irewall to router

PC to router

PC to server


15/27

AAA (authentication , authorization and accounting) serversare used for more secure access in a remote-access VPNenvironment

When a request to establish a session comes in from a dial upclient it checks the following :

Who you are (authentication)

What you are allowed to do (authorization)

What you actually do (accounting)


16/27

Model for Network Security


17/27

Model for Network Security

using this model requires us to:1 . design a suitable algorithm for the security

transformation2 . generate the secret information (keys) used by

the algorithm3 . develop methods to distribute and share the

secret information

4 . specify a protocol enabling the principals to usethe transformation and secret information for asecurity service


18/27

Model for Network A ccess Security


19/27

Model for Network A ccess Security

using this model requires us to:1 . select appropriate gatekeeper functions to

identify users2 . implement security controls to ensure only

authorised users access designated informationor resources

trusted computer systems may be useful to

help implement this model


20/27

derived from Greek and means secret writing.

The study of enciphering and encoding (on the

sending end), and decoding (on the receiving end )iscalled cryptography

necessary when communicating over any untrusted

medium, which includes just about any network, particularly the internet


21/27

There are three types of cryptographic algorithms:

Secret Key Cryptography

Public Key Cryptography

Hash A lgorithms


22/27

- involves the use of single key

- as a single key is used for encoding & decoding,it is also called symmetric encryption


23/27


24/27

- also known as message digests or one-way transformations

- following things can be done using hash algorithms :

Message Integrity

Password Hashing

Message fingerprint

Digital Signatures


25/27


26/27

Cryptography is a particularly interesting field because of theamount of work that is, by necessity, done in secret.

The irony is that today, secrecy is not the key to the goodness of a

cryptographic algorithm.In fact, time is the only true test of good cryptography

any cryptographic scheme that stays in use year after year is mostlikely a good one

Cryptography is evergreen and developments in this area are a better option.

. It's important to build systems and networks in such a way that

the user is not constantly reminded of the security system around


27/27

Network security-intro

Documents

Transcript of Network security-intro