1 / 19

Secure Your Network

Secure Your Network. Tianhui Gao. Class : COSC513 Summer, 2000. How Network problems occur. Companies want to connect their private network to the Internet, security has become one of the primary concerns.

elsaa
Télécharger la présentation

Secure Your Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Your Network Tianhui Gao Class: COSC513 Summer, 2000

  2. How Network problems occur • Companies want to connect their private network to the Internet, security has become one of the primary concerns. • Corporations want to offer WWW home pages and FTP servers for public access on the Internet. • Regardless of the business, an increasing number of users on private networks are demanding access to Internet services such as the World Wide Web (WWW), Internet mail, Telnet, and File Transfer Protocol (FTP).

  3. Concerns of Network Security • Intrusions of the Public Switched Network (the telephone company) • Major computer network intrusions • Network integrity violations • Privacy violations • Industrial espionage • Pirated computer software

  4. Main factors of network problems and the percentage of losses

  5. Prevention Measures • Maintain a solid, well thought out corporate security policy; • Install audit trails and ensure them are turned on; • Maintain backups; • Install strong user authentication and encryption capabilities on your firewall; • Use a stand-alone firewall (hardware and software) with network monitoring capabilities; • Do not provide overfriendly log-in procedures for remote users; • Restrict physical access to the server and configure it so that breaking into one server won't compromise the whole network; • Change log-ins/passwords frequently, especially when employees change jobs; and • Minimize the number of modems on the system.

  6. Security policy • The first step an organization must take to achieve a secure system is to define the organization's security policy. • A security policy must apply at all times. The policy must hold for the data stored on disk, data communicated over a telephone line with a dialup modem, information printed on paper, data transported on portable media such as a floppy disk, and data communication over a computer network. • Assessing the costs and benefits of various security policies also adds complexity

  7. Access control and passwords A simple password scheme works well for a conventional computer system because the system doesn't reveal the password to others. In a network, however, a simple password mechanism is susceptible to eavesdropping. In such situations, additional steps must be taken to prevent passwords from being reused.

  8. Audit trail An audit trail is a record showing who has accessed a computer system and what operations he or she has performed during a given period of time. Audit trails are useful both for maintaining security and for recovering lost transactions.

  9. Encryption and privacy To ensure that the content of a message remains confidential despite wiretapping, the message needs to be encrypted. The data is transformed or encrypted into an unreadable format, called cyphertext. Only those who possess a secret key can decipher (or decrypt) the message into plaintext.

  10. Public key encryption • It assigns each user a pair of keys. One is private key that is kept secret, and the other one is called public key that is published along with the user name. Public key encryption can be used to guarantee confidentiality. • The scheme ensures that data remains confidential because only the receiver can decrypt the message.

  11. Antivirus programs Most people use antivirus programs or utilities to prevent viruses and recover from them if they infect a computer. These programs range in cost from free (shareware) to a few hundred dollars. Antivirus programs are developed for different operating systems. For example, Norton Antivirus for Windows 95/98 and NT workstations, Norton Antivirus for Macintosh, etc.

  12. Firewall • A firewall can include hardware and software combinations that act as a barrier between an organization's information and the outside world. It protects private information on server or network from unauthorized access. All messages entering or leaving the network pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

  13. Components of the Firewall System A typical firewall is composed of one or more of the following building blocks: · Packet-filtering router· Application-level gateway (or proxy server)· Circuit-level gateway

  14. Packet-Filtering Routers To prevent each computer on a network from accessing arbitrary computers or services, many sites use a technique known as packet filtering. A packet filter is a program that operates in a router. The packet filter operates by examining fields in the header of each packet. A manager must configure the packet filter to specify which packets are permitted to pass through the router and which should be blocked. The router examines each packet to determine whether it matches one of its packet-filtering rules.

  15. Benefits of Packet-Filtering Routers • The majority of Internet firewall systems are deployed using only a packet-filtering router. Other than the time spent planning the filters and configuring the router, there is little or no cost for implementing packet filtering since the feature is included as part of standard router software releases. • A packet-filtering router is generally transparent to users and applications,so it does not require user training or that specific software be installed on each host.

  16. Problems with packet filtering: There are certain types of attacks that are difficult to identify using basic packet header information. Examples include: • Source IP Address Spoofing Attacks For this type of attack, the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted port. • Source Routing Attacks. In a source routing attack, the source station specifies the route that a packet should take as it crosses the Internet. This type of attack is designed to bypass security measures and cause the packet to follow an unexpected path to its destination.

  17. Application-Level Gateways • Allows the network administrator to implement a much stricter security policy than with a packet-filtering router. • Special-purpose code (a proxy service) is installed on the gateway for each desired application. • If the network administrator does not install the proxy code for a particular application, the service is not supported and cannot be forwarded across the firewall. • The proxy code can be configured to support only those specific features of an application that the network administrator considers acceptable while denying all other features.

  18. Circuit-Level Gateways A circuit-level gateway is a specialized function that can be performed by an application-level gateway. A circuit-level gateway simply relays TCP connections without performing any additional packet processing or filtering.

  19. Summary • Each organization must assess the value of information and then define a security policy that specifies the items to be protected. • A set of mechanisms has been created to provide various aspects of security. Although most system uses a password scheme for protection, simple passwords do not work well in a network environment. To keep information private in an Internet environment, two computers can use encryption. Use antivirus programs or utilities to prevent viruses and recover from them if they infect a computer.Audit trails are useful both for maintaining security and for recovering lost transactions. • Firewall is the first line of defense in protecting private information. A firewall can be constructed using one or more of these techniques: packet filter router, application-level gateway and circuit-level gateway.

More Related