Download Network Security: It`s Time to Take It Seriously

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Computer network wikipedia , lookup

Airborne Networking wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Network tap wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Computer security wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript
Network Security:
It’s Time to Take It Seriously
• Introduction
• Why network security should be treated
seriously
• Fundamentals of network security plan
• Security devices and measures
• Conclusion
• Question
Introduction
• This article is written in 1998 by Patrick W. Dowd who
was an associate professor of electrical engineering at the
University of Maryland
• In this article, the writer discusses common issues of
computer network security and introduce some
fundamentals of building up a network security plan
• Some applicable security devices and measures are
introduced.
Why network security should be
treated seriously
• “Security is usually discarded when it contends with
performance”
“Performance directly contributes to bottom line, while security only
provides indirect benefits”
• “The word becomes more tightly interconnected”
anyone can reach out the network of ten means some one can reach in.
• “There is a staggering amount of personal, commercial,
governmental, and military information are kept in
networks”.
Success in attacking some of these information may cause disasters.
Fundamentals of network
security plan
•
“Consider the security system as a whole, a plan must
encompass all the elements that make up the network
and provide five important services:”
1.
Access: Transmitting and receiving events of users are authorized
communications.
Confidentiality: Ensure the information in the network remains
private. This usually accomplished by encryption.
Authentication: Ensure the sender of the message is who the
receiver claims to be.
Integrity: Ensure the message has not been modified in transit.
Nonrepudiation: Ensure the originator of the massage cannot deny
sending the message.
2.
3.
4.
5.
Fundamentals of network
security plan(continued)
•
Thorough understanding of security aspects that are
involved in, such as :
1.
Know yourself
Know what you are protecting, what its value is to you, and what its
potential value to others, what is the costs to implement the plan.
Know your attacker
The attacker is just looking for fun or has special purpose, are you
the only target or are you in a class of target ?
Determine the pain thresholds
“The thresholds representing the resources you and your potential
attackers are willing to commit”.
The threshold of pain is a estimated level that your and you
opposition willing to tolerate.
2.
3.
Security devices and measures
•
Here are two kinds of common devices
1.
Firewalls
Firewalls enforce an access policy by operating as gateway between
two networks.
--Packet filter firewall through examining endpoint identifier in
datagrams to determine if the packet should be allowed to proceed.
e.g. IP packet filter.
--Proxy firewalls act as mediator between two devices
attempting to communicate through the firewall. It provide proxy
service to terminates events flow at one side and examine the data in
the flow, then re-create the flow at the other side.
Security devices and
measures(continued)
• 2. Network intrusion detection devices
This kind of devices try to detect and call attention to odd
and suspicious behavior
--Anomaly detection devices uses statistical methods to generate
logs and alert system administrator when they detect suspicious
activities.
--Misuse detection devices examine traffic and use patterns, and
compare them with known dangerous or suspicious patterns
Security devices and measures(continued)
• Message encryption
– the way to make plaintext to ciphertext
• Encryption schemes
– Symmetric key (also known as secret-key, single-key, one-key)
algorithms
• Encryption key can be used as decryption key
– Asymmetric key algorithms
• Encryption key and decryption key are mathematically related,
but the decryption key can’t be reasonably determined from
encryption key.
Security devices and measures(continued)
• Encryption schemes
– Digital signature
• A way to verify the sender of the message
• Using asymmetric key algorithms in reverse way.
Conclusion
• This article aims to give readers a deeper
understanding of the fundamentals an
effective security plan should address.
• In the real word, both the problems and
solutions are complex, and some aspects
need more special attention when designing
or implementing a plan
Question
• Why there is no system absolutely secure