120 likes | 225 Views
Chapter 37 Network Security. Aspects of Security. data integrity data received should be same as data sent data availability data should be accessible when there is a legitimate need. data confidentiality and privacy data should be protected from unauthorized users
E N D
Aspects of Security • data integrity • data received should be same as data sent • data availability • data should be accessible when there is a legitimate need. • data confidentiality and privacy • data should be protected from unauthorized users • implemented via username/password mechanism,but data traversing network is still susceptible to eavesdropping
Encryption • Encrypted message = encrypt (Key, Message) • Message = decrypt(Key, Encrypted message) • = decrypt(Key, encrypt(Key, Message))
Symmetric Key Encryption • Same key used for encrypting and decrypting message • Key known only by sender and receiver • Eg. DES, RC4
Public Key Encryption • Aka Asymmetric encryption • uses a pair of keys • a private key known only to a user • a public key that is published along with name of user. • message encrypted with private key can only be decrypted with public key and visa versa. • Used by SSL protocol to send symmetric key • M = decrypt (public key, encrypt(private key, Message)) • good for guarantee authenticity of sender • M = decrypt (private key, encrypt(public key, Message)) • good for guarantee privacy of message
Authenticity and Confidentiality of message • two levels of encryption is used to guarantee that a message is both authentic and private • double encrypted message = encrypt( public key receiver, encrypt (private key sender, Message)) • Message = decrypt (public key sender, decrypt(private key receiver, double encrypted message))
Digital Certificates • Electronic document used to identify an individual, a server, or a company associated with a public key • Analogous to driver’s license or passport • Digital certificates are issued by Certificate Authority
Digital Signature • Used to sign an electronic document • A one-way hash (media digest) of electronic document is encrypted using sender’s private key. • Recipient can verify that document has not been tampered by using sender’s public key to recover the media digest and verifying that this value is the same as the one-way hash value calculated.
Packet Filters • Implement via Internet firewalls or routers • used to prevent certain packets from passing through • operates by examining fields in the header of each packet • network manager specifies boolean combination of various filter parameters such as source and destination IP address, or specific protocol service such FTP or HTTP
Virtual Private Networks • Using pubic network to create “private” network(fig 37.4) • minimizes network connection costs • VPN using routers (fig 37.5) • IPsec • PPTP
Network Attacks • denial of service • Deprives network bandwidth or server resource • eg. ping flooding via running multiple “ping –s destIPaddress 12000&” • Exploits vulnerability in operating system or application software • Eg. Viruses and worms, buffer overflow
Good Security Practices • http://www.itc.virginia.edu/pubs/docs/Respcomp/videos