1 / 17

Chapter Seventeen

Chapter Seventeen. Network Security. The Need for Security. Increased reliance on data communications results in greater vulnerability of data and systems Losses associated with computerized fraud and thefts are much larger than non-computerized fraud and theft

harlan
Download Presentation

Chapter Seventeen

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter Seventeen Network Security CIS 325: Data Communications

  2. The Need for Security • Increased reliance on data communications results in greater vulnerability of data and systems • Losses associated with computerized fraud and thefts are much larger than non-computerized fraud and theft • Average bank robbery loss: $3000 • Average computer fraud loss: $300,000 CIS 325: Data Communications

  3. Types of Security Threats • Disruption, Destruction, & Disaster • Viruses • Hardware, software, operator errors • Fires/floods/earthquakes • Unauthorized Access • Hackers • Disgruntled employees CIS 325: Data Communications

  4. Passive Attacks • Primarily listening to traffic • Auth. Users can eavesdrop on line • Tap into patch panels • Intercept microwave transmissions • Tap lines to phone co. • Capture electromagnetic emissions • Fiber optic prevents most opportunities CIS 325: Data Communications

  5. Active Attacks • Read stored data • Modify data in storage or during transmission • Disrupt service • Computer Emergency Response Team (CERT) • An expensive problem CIS 325: Data Communications

  6. Conventional Encryption • 5 ingredients • plain text • encryption algorithm • secret key • ciphertext • decryption algorithm • Needs strong encryption algorithm • Sender and receiver must have same key CIS 325: Data Communications

  7. Conventional Encryption • How to attack or de-cipher • cryptanalysis • brute force • Data Encryption Standard (DES) • Symmetric (same key to encrypt and decrypt) • Uses 64-bit key (100 quadrillion possibilities) CIS 325: Data Communications

  8. Public Key Encryption • 6 ingredients • plain text • encryption algorithm • public key • private key • ciphertext • decryption algorithm CIS 325: Data Communications

  9. Public Key Encryption • Process works regardless of order that keys are used • Many know your public key • Only you know private key • Keys and algorithm designed so they can’t be figured out even with one key known CIS 325: Data Communications

  10. Public Key Process • You encode msg using rcvrs PUBLIC key • Only rcvr can decode and read with private key • No one else can read msg • Anyone with public key can send msg to that rcvr CIS 325: Data Communications

  11. Public Key Process • Also can be used for authentication of sender • sender send msg using private key • rcvr decodes using public key • since only sender knows private key, that authenticates the sender • however, anyone with public key can read msg, so no good for secrecy CIS 325: Data Communications

  12. Encryption Management • Link Encryption • devices to protect path from node to node • all traffic on path is secure • traffic most be decoded at each node for switching • traffic is vulnerable at switch CIS 325: Data Communications

  13. Encryption Management • End-to-end Encryption • devices at each work station • traffic secure on path AND switches • But, switch needs to read control bits, so only data encrypted • Solution is to use combination of both CIS 325: Data Communications

  14. Key Distribution • How to get keys to all parties • A physically delivers key to B • 3rd party delivers to A and B • A transmits key online to B • 3rd party transmits to A and B • Key Distribution Center • Session key for a single session CIS 325: Data Communications

  15. Digital Signatures • Conventional Key doesn’t support non-repudiation • Authentication does, but very slow for big messages • Digital Signature relies on public-key and ‘secure hash function’ CIS 325: Data Communications

  16. Digital Signatures • Hash Code created by doing some function on plain text • like a very fancy frame check sequence • Use private key to encrypt hash code only • Prevents anyone from modifying message • Provides authentication of sender CIS 325: Data Communications

  17. Web Security • Problems • Alteration of web page • Access to server op sys • Eavesdropping • Impersonation • Solutions • Secure web site server • Secure site access CIS 325: Data Communications

More Related