Download Network Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts

Buffer overflow protection wikipedia , lookup

Wireless security wikipedia , lookup

Computer security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript 
Network Security
Reasons to attack
• Steal information
• Modify information
• Deny service (DoS)
Targets
•
•
•
•
•
DB
Servers
Traffic
Workstations
Bandwidth
Types of attack
• Snooping: listening to data
• Corrupting: modifying data
• Spoofing: generate traffic that will be
perceived as legitimate traffic
• Denial of service
DoS methods
• Ping of death: offset in packet causes buffer
overflow => memory corruption
• Tear drop: misfragmented packet => OS
crashes trying to reconstruct
• Land: SYN w/ identical src and dest =>
loop
• SYN attack/flood: massive number of SYNs
IP Sec
• Encryption + authentication
• Authentication header (AH): authenticates
non-variable part of frame (MD5 hash)
• Encapsulation Security Payload (ESP):
Encrypts payload (DES)
Modes of operation: Tunnel
•
•
•
•
GW to GW
GWs need to be IPSEC enabled
ESP encrypts initial frame
AH authenticates non variable parts
Modes of operation: Transport
•
•
•
•
Host to host
Hosts need to IPSEC enabled
ESP encrypts payload
AH authenticates non-variable part
Encapsulation
Security Associations
• One-way connections => a communications
requires 2 SA
• Negotiation managed by IKE (Internet Key
Exchange) => Dynamic and secure
establishment of SA
• IKE authenticates each peer in an IPSec
transaction, negotiates security policy, and
handles the exchange of session keys.
Firewalls
• Inside devices are not directly accessible
from the outside
• Filters traffic based on defined RULES
(rules can apply to addresses, ports,
protocols, etc… )
• Can be either software or hardware
• Can not protect from everything
DMZ
• DeMilitarized zone
• Private area that can be accessed from the
outside (FTP or Web servers for example)
• Different or no rules
Firewall with DMZ
+ NAT
Related documents
The main goal of this thesis is to articulate and to prove security
The main goal of this thesis is to articulate and to prove security
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
Network Layer Security
Network Layer Security
IPSec (IP Security)
IPSec (IP Security)
Slide 1
Slide 1
Role of ESP`s Marketing Committee
Role of ESP`s Marketing Committee
CSCE 790: Computer Network Security
CSCE 790: Computer Network Security
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
View File
View File
William Stallings, Cryptography and Network Security 4/e
William Stallings, Cryptography and Network Security 4/e
home address
home address
Slides
Slides