network security basics n.
Skip this Video
Loading SlideShow in 5 Seconds..
Network Security Basics PowerPoint Presentation
Download Presentation
Network Security Basics

Network Security Basics

4541 Vues Download Presentation
Télécharger la présentation

Network Security Basics

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Network Security Basics

  2. Outline of Network Security Basics • What is Network Security? • Threats and Attacks • Defenses • Cryptography

  3. What is Security? • “The quality or state of being secure—to be free from danger” • A successful organization should have multiple layers of security in place: • Physical security • Personal security • Operations security • Network security • Information security

  4. What is Network Security? • Network security refers to any activities designed to protect your network, which protect the usability, reliability, integrity, and safety of your network and data. Effective network security targets a variety of threats and stops them from entering or spreading on your network

  5. Balancing Security and Access • Impossible to obtain perfect security—it is a process, not an absolute • Security should be considered balance between protection and availability • To achieve balance, level of security must allow reasonable access, yet protect against threats

  6. Figure 1-6 – Balancing Security and Access

  7. Outline of Network Security Basics • What is Network Security? • Threats and Attacks • Defenses • Cryptography

  8. Threats • Threat: an object, person, or other entity that represents a constant danger to an asset • Management must be informed of the different threats facing the organization • By examining each threat category, management effectively protects information through policy, education, training, and technology controls

  9. Threats to Information Security

  10. Acts of Human Error or Failure • Includes acts performed without malicious intent • Causes include: • Inexperience • Improper training • Incorrect assumptions • Employees are among the greatest threats to an organization’s data

  11. Acts of Human Error or Failure (continued) • Employee mistakes can easily lead to: • Revelation of classified data • Entry of erroneous data • Accidental data deletion or modification • Data storage in unprotected areas • Failure to protect information • Many of these threats can be prevented with controls

  12. Forces of Nature • Forces of nature are among the most dangerous threats • Disrupt not only individual lives, but also storage, transmission, and use of information • Organizations must implement controls to limit damage and prepare contingency plans for continued operations

  13. Deviations in Quality of Service • Includes situations where products or services not delivered as expected • Information system depends on many interdependent support systems • Internet service, communications, and power irregularities dramatically affect availability of information and systems

  14. Internet Service Issues • Internet service provider (ISP) failures can considerably undermine availability of information • Outsourced Web hosting provider assumes responsibility for all Internet services as well as hardware and Web site operating system software

  15. Attacks • Act or action that exploits vulnerability (i.e., an identified weakness) in controlled system • Accomplished by threat agent which damages or steals organization’s information

  16. Table 2-2 - Attack Replication Vectors New Table

  17. Attacks (continued) • Malicious code: includes execution of viruses, worms, Trojan horses, and active Web scripts with intent to destroy or steal information • Back door: gaining access to system or network using known or previously unknown/newly discovered access mechanism

  18. Attacks (continued) • Spoofing: technique used to gain unauthorized access; intruder assumes a trusted IP address • Man-in-the-middle: attacker monitors network packets, modifies them, and inserts them back into network • Spam: unsolicited commercial e-mail; more a nuisance than an attack, though is emerging as a vector for some attacks

  19. Attacks (continued) • Denial-of-service (DoS): attacker sends large number of connection or information requests to a target • Target system cannot handle successfully along with other, legitimate service requests • May result in system crash or inability to perform ordinary functions • Distributed denial-of-service (DDoS): coordinated stream of requests is launched against target from many locations simultaneously

  20. Figure 2-9 - Denial-of-Service Attacks

  21. What Makes DDoS Attacks Possible? • Internet was designed with functionality & not security in mind • Internet security is highly interdependent • Internet resources are limited • Power of many is greater than power of a few

  22. Summary on Threats and Attacks • Threat: object, person, or other entity representing a constant danger to an asset • Attack: a deliberate act that exploits vulnerability

  23. Outline of Network Security Basics • What is Network Security? • Threats and Attacks • Defenses • Cryptography

  24. Firewalls • Prevent specific types of information from moving between the outside world (untrusted network) and the inside world (trusted network) • May be separate computer system; a software service running on existing router or server; or a separate network containing supporting devices

  25. Firewall Categorization • Processing mode • Development era • Intended deployment structure • Architectural implementation

  26. Firewalls Categorized by Processing Modes • Packet filtering • Application gateways • Circuit gateways • MAC layer firewalls • Hybrids

  27. Packet Filtering • Packet filtering firewalls examine header information of data packets • Most often based on combination of: • Internet Protocol (IP) source and destination address • Direction (inbound or outbound) • Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source and destination port requests • Simple firewall models enforce rules designed to prohibit packets with certain addresses or partial addresses

  28. Packet Filtering (continued) • Three subsets of packet filtering firewalls: • Static filtering: requires that filtering rules governing how the firewall decides which packets are allowed and which are denied are developed and installed • Dynamic filtering: allows firewall to react to emergent event and update or create rules to deal with event • Stateful inspection: firewalls that keep track of each network connection between internal and external systems using a state table

  29. Application Gateways • Frequently installed on a dedicated computer; also known as a proxy server • Since proxy server is often placed in unsecured area of the network (e.g., DMZ), it is exposed to higher levels of risk from less trusted networks • Additional filtering routers can be implemented behind the proxy server, further protecting internal systems

  30. Screened Subnet Firewalls (with DMZ) • Dominant architecture used today is the screened subnet firewall • Commonly consists of two or more internal bastion hosts behind packet filtering router, with each host protecting trusted network: • Connections from outside (untrusted network) routed through external filtering router • Connections from outside (untrusted network) are routed into and out of routing firewall to separate network segment known as DMZ • Connections into trusted internal network allowed only from DMZ bastion host servers

  31. Virtual Private Networks (VPNs) • Private and secure network connection between systems; uses data communication capability of unsecured and public network • Securely extends organization’s internal network connections to remote locations beyond trusted network

  32. Virtual Private Networks (VPNs) (continued) • VPN must accomplish: • Encapsulation of incoming and outgoing data • Encryption of incoming and outgoing data • Authentication of remote computer and (perhaps) remote user as well

  33. Transport Mode • Data within IP packet is encrypted, but header information is not • Allows user to establish secure link directly with remote host, encrypting only data contents of packet • Two popular uses: • End-to-end transport of encrypted data • Remote access worker connects to office network over Internet by connecting to a VPN server on the perimeter

  34. Tunnel Mode • Organization establishes two perimeter tunnel servers • These servers act as encryption points, encrypting all traffic that will traverse unsecured network • Primary benefit to this model is that an intercepted packet reveals nothing about true destination system • Example of tunnel mode VPN: Microsoft’s Internet Security and Acceleration (ISA) Server

  35. Summary of Firewalls and VPNs • Firewall technology • Four methods for categorization • Firewall configuration and management • Virtual Private Networks • Two modes

  36. Defenses against Intrusion • Intrusion: type of attack on information assets in which instigator attempts to gain entry into or disrupt system with harmful intent • Intrusion detection: consists of procedures and systems created and operated to detect system intrusions • Intrusion reaction: encompasses actions an organization undertakes when intrusion event is detected • Intrusion correction activities: finalize restoration of operations to a normal state • Intrusion prevention: consists of activities that seek to deter an intrusion from occurring

  37. Intrusion Detection Systems (IDSs) • Detects a violation of its configuration and activates alarm • Many IDSs enable administrators to configure systems to notify them directly of trouble via e-mail or pagers • Systems can also be configured to notify an external security service organization of a “break-in”

  38. IDS Terminology • Alert or alarm • False negative • The failure of an IDS system to react to an actual attack event. • False positive • An alarm or alert that indicates that an attack is in progress or that an attack has successfully occurred when in fact there was no such attack. • Confidence value • Alarm filtering