1 / 12

Chapter 37 Network Security

This chapter focuses on the critical aspects of network security, particularly data integrity, availability, and confidentiality. It explores methods for ensuring that data remains unchanged during transmission, accessible to authorized users, and protected from unauthorized access. Key encryption methods, including symmetric and asymmetric encryption, are discussed, along with digital signatures and certificates that verify authenticity. Additionally, it covers practical implementations such as packet filters and virtual private networks (VPNs) to safeguard network resources against various attacks.

britanni-allison
Télécharger la présentation

Chapter 37 Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 37 Network Security

  2. Aspects of Security • data integrity • data received should be same as data sent • data availability • data should be accessible when there is a legitimate need. • data confidentiality and privacy • data should be protected from unauthorized users • implemented via username/password mechanism,but data traversing network is still susceptible to eavesdropping

  3. Encryption • Encrypted message = encrypt (Key, Message) • Message = decrypt(Key, Encrypted message) • = decrypt(Key, encrypt(Key, Message))

  4. Symmetric Key Encryption • Same key used for encrypting and decrypting message • Key known only by sender and receiver • Eg. DES, RC4

  5. Public Key Encryption • Aka Asymmetric encryption • uses a pair of keys • a private key known only to a user • a public key that is published along with name of user. • message encrypted with private key can only be decrypted with public key and visa versa.  • Used by SSL protocol to send symmetric key • M = decrypt (public key, encrypt(private key, Message)) • good for guarantee authenticity of sender • M = decrypt (private key, encrypt(public key, Message)) • good for guarantee privacy of message

  6. Authenticity and Confidentiality of message • two levels of encryption is used to guarantee that a message is both authentic and private • double encrypted message = encrypt( public key receiver, encrypt (private key sender, Message)) • Message = decrypt (public key sender, decrypt(private key receiver, double encrypted message))

  7. Digital Certificates • Electronic document used to identify an individual, a server, or a company associated with a public key • Analogous to driver’s license or passport • Digital certificates are issued by Certificate Authority

  8. Digital Signature • Used to sign an electronic document • A one-way hash (media digest) of electronic document is encrypted using sender’s private key. • Recipient can verify that document has not been tampered by using sender’s public key to recover the media digest and verifying that this value is the same as the one-way hash value calculated.

  9. Packet Filters • Implement via Internet firewalls or routers • used to prevent certain packets from passing through • operates by examining fields in the header of each packet • network manager specifies boolean combination of various filter parameters such as source and destination IP address, or specific protocol service such FTP or HTTP

  10. Virtual Private Networks • Using pubic network to create “private” network(fig 37.4) • minimizes network connection costs • VPN using routers (fig 37.5) • IPsec • PPTP

  11. Network Attacks • denial of service • Deprives network bandwidth or server resource • eg. ping flooding via running multiple “ping –s destIPaddress 12000&” • Exploits vulnerability in operating system or application software • Eg. Viruses and worms, buffer overflow

  12. Good Security Practices • http://www.itc.virginia.edu/pubs/docs/Respcomp/videos

More Related