Download Powerpoint Slides

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
Document related concepts

Trusted Computing wikipedia , lookup

Information security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Deep packet inspection wikipedia , lookup

Computer security wikipedia , lookup

Proxy server wikipedia , lookup

Unix security wikipedia , lookup

Security-focused operating system wikipedia , lookup

One-time pad wikipedia , lookup

Authentication wikipedia , lookup

Mobile security wikipedia , lookup

Digital signature wikipedia , lookup

Quantum key distribution wikipedia , lookup

Electronic authentication wikipedia , lookup

Wireless security wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

Cryptanalysis wikipedia , lookup

Public-key cryptography wikipedia , lookup

Cryptography wikipedia , lookup

3-D Secure wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Web of trust wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

History of cryptography wikipedia , lookup

Diffie–Hellman key exchange wikipedia , lookup

Certificate authority wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript 
Network/Information
Security
“The terms network security and
information security refer in a broad sense
to confidence that information and
services available on a network cannot be
accessed by unauthorized users.” (Comer
1995)
Need to protect
Physical resources (disks, computers, cables,
bridges, routers, etc.)
Abstract resources (information)
Security Requirements
Data integrity - protecting information
from unauthorized change.
Data availability - guaranteeing that
outsiders cannot prevent legitimate data
access.
Confidentiality/Privacy - preventing
unauthorized listening.
Security Requirements
(contd..)
Authentication - ensuring that a message
indeed originated from its apparent
source.
Non-repudiation - ensuring that a party to
a transaction cannot subsequently deny
that this transaction took place.
Internet Security
Mechanisms
Authentication Mechanisms: IP source
authentication, Public key encryption
Privacy Mechanism: Encryption
Access Control Mechanisms: Internet
firewall
Authentication and privacy mechanisms can be
added to application programs. Access control
requires basic changes to Internet infrastructure.
IP Source Authentication
Server maintains a list of valid IP source
addresses.
Weak because it can be broken easily.
An imposter can gain control of an
intermediate router and impersonate an
authorized client.
An imposter can also impersonate a
server.
Public Key Encryption System
Each end-entity has a cryptographic key pair
a private key that is kept secret at that endentity, and
a public key which is distributed.
Keys, which are large integers, are used to
encode and decode messages.
A message encoded using one key can be
decoded using the other.
Public Key Encryption
System (contd.)
Message encrypted by a public key can
only be decrypted by the holder of the
corresponding private key.
Private key can be used to generate a
digital signature and anyone knowing the
public key can authenticate it.
Guessing or calculating the secret private
key is an extremely difficult task.
Public Key Encryption
System (contd.)
Public key encryption scheme can also
handle the problem of privacy.
Sender uses the receiver’s public key to
encode the message. Receiver uses it’s
private key to decode the message.
Messages can be encoded twice to
authenticate the sender and to enforce
privacy. First with the sender’s private key
and then with the receiver’s public key.
Certificates and Certification
Authorities
To ensure authenticity, public keys are
generally distributed in the form of
certificates.
A certificate contains
a public key value
identity of the holder of the corresponding
private key
digital signature of the certification authority
(CA)
Certificates and Certification
Authorities (contd.)
A CA is a trusted party whose public key
is known, e.g., VeriSign, Inc.
The recipient uses the public key of the
CA, to decrypt the sender's public key in
the certificate.
The most vulnerable part of this method
is the CA’s private key, which is used to
digitally sign the certificate.
SSL Handshake

Messages exchanged in a typical SSL handshake
CLIENT
SERVER
ClientHello
A list of cipher
suites supported
ClientKeyExchange
A random challenge,
encrypted with the
server’s public key
ServerHello
Server selects a cipher suite,
usually RSA
Certificate
Server sends
its certificate
HTTP communication begins over the secure channel
Source: Abbott, S. 1999. The Debate for Secure E-Commerce.
Performance Computing, February 1999, p.p.. 37-42.
Secure Sockets Layer (SSL)
The leading security protocol on the
internet. Developed by Netscape.
At the start of an SSL session, the browser
sends its public key to the server.
Server uses the browser’s public key to
encrypt a secret key and sends it to the
browser.
During the session, the server and browser
exchange data via secret key encryption.
SSL (contd.)
SSL has merged with other protocols and
authentication methods to create a new
protocol known as Transport Layer
Security (TLS).
Typically only server authentication is
done. Authentication of browser’s (user’s)
identity requires certificates to be issued
to users.
Internet Firewalls
Firewall protects an organization’s internal
networks, routers, computers, and data
against unauthorized access.
Security perimeter involves installing a
firewall at each external connection.
For effective control all firewalls must use
exactly the same access restrictions.
Internet Firewall
Implementation
A firewall must handle datagrams at the
same speed as the connection to the
outside world.
To operate at network speeds, routers
include a high-speed filtering mechanism.
Filters form the basic building blocks of a
firewall.
Packet Filters
Provides a basic level of network security
at the IP level.
Filtering is based on any combination of
source IP address, destination IP address,
protocol, source protocol port number,
and destination protocol port number.
Packet filters do not maintain context or
understand the application they are
dealing with.
Packet Filters
Specifying the datagrams that should be
filtered is not very effective.
Instead we specify which datagrams to
admit.
Security concerns
IP spoofing (mimicing IP addresses of
trusted machines)
IP tunneling (one datagram is temporarily
encapsulated in another)
Packet Filters
“If an organization’s firewall restricts
incoming datagrams except for ports that
correspond to services the organization
makes available externally, an arbitrary
application inside the organization cannot
become a client of a server outside the
organization.” (Comer, 1995)
Proxy Firewalls
Most secure form of firewall
All incoming traffic is tunneled to the
appropriate proxy gateway for mail, HTTP,
FTP, etc.
Proxies then direct the information to the
internal network.
Proxies are applications that make decisions
based on context, authorization, &
authentication rules instead of IP addresses.
Proxy Firewalls (contd.)
Proxy firewall operates at the highest level
of the protocol stack.
Proxies are relays between the Internet
and the organization’s private network.
Proxy’s firewall address is the only one
available to the outside world.
Some firewalls combine router and proxy
techniques to provide more security.
Related documents
Panel: Security and the World Wide Web
Panel: Security and the World Wide Web
Firewall Configuration
Firewall Configuration
Best Practices (Word)
Best Practices (Word)
Chapter 12 slides
Chapter 12 slides
2003 - CIS
2003 - CIS
Types of Encryption Algorithms
Types of Encryption Algorithms
Network Security
Network Security
Network Technology Foundations
Network Technology Foundations
Chapter 24 - William Stallings, Data and Computer
Chapter 24 - William Stallings, Data and Computer
Network Infrastructure Security
Network Infrastructure Security
Network Security
Network Security
Document 62752
Document 62752
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
- Bilal A. Bajwa
- Bilal A. Bajwa
cisco.camre.ac.uk
cisco.camre.ac.uk
public key - staff.city.ac.uk
public key - staff.city.ac.uk
Denial of Service Attacks
Denial of Service Attacks
Identity-Based Security
Identity-Based Security
First Line of Defense: The Firewall
First Line of Defense: The Firewall
Security Devices and Practices
Security Devices and Practices
IP Ports and Protocols used by H.323 Devices
IP Ports and Protocols used by H.323 Devices
All Definitions for
All Definitions for