1 / 0

Network Security

Network Security . Erik steingas , carter mode, jennifer morse , and aaron thibault. Lecture overview. Encryption: PGP SSL SSH IPSec Authentication: Types of Protocols RADIUS PAP CHAP EAP . Lecture overview . Firewalls: Types Packet Filters Stateful Inspections

lakia
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security

    Erik steingas, carter mode, jennifermorse, and aaronthibault
  2. Lecture overview Encryption: PGP SSL SSH IPSec Authentication: Types of Protocols RADIUS PAP CHAP EAP
  3. Lecture overview Firewalls: Types Packet Filters Stateful Inspections Network Addressing Translation Proxy Server Cloud Computing: Three models Data loss Traffic Hijacking Denial of Service Malicious Insiders Insecure Interfaces and API;s

  4. Encryption

  5. Key encryption Public Key: Uses a combination of a public and a private key. The private key is for your computer only and the public key is shared between the two devices that are attempting to communicate. Private Key: Uses the same key for encryption and decryption.
  6. PGP: pretty good privacy Provides cryptographic and authentication for data communication. Most commonly used for signing and encrypting texts, emails, files and directories. Uses a serial combination of hashing, data compression and each of these steps uses a supported algorithm. PGP combines symmetric and public key encryption to send confidential messages. To this day, there is no known method that will allow a person to break through this type of encryption.
  7. SSL: Secure Sockets layer Protocol developed by Netscape for transmitting confidential documents over the internet. Uses public and private key encryption. Internet Explorer uses this protocol along with many websites that use it for gathering user information, such as credit card numbers. URLs that start with https instead of http require this protocol. http://www.youtube.com/watch?v=SJJmoDZ3il8
  8. Ssh: secure shell SSH is a secure program which allows you to remotely connect to another device, exchange files, and execute commands. It provides strong authentication and secure communications over insecure channels. PuTTY and OpenSSH are examples of SSH clients.
  9. IPSec: IP security Supports secure exchanges of packets at the IP layer. Transport: Encrypts only the data portion (payload) of the packet. Tunnel: encrypts both the payload and the header of each packet. An IPSec – compliant device must be on the receiving end to decrypt each packet. Sending and receiving devices must both share a common public key.

  10. Authentication

  11. Authentication Protocols Authentication: Verifying a users credentials to grant access to secured resources Authentication Protocols: Rules that computers follow to accomplish authentication
  12. Authentication Protocols(TYPES) RADIUS PAP CHAP EAP EAPoL
  13. Remote Authentication Dial-In User Service (RADIUS) Used when many simultaneous dial-up connections must be supported Software on remote access server or a dedicated computer (RADIUS SERVER) Highly Scalable
  14. RaDius Diagram
  15. Password Authentication Protocol (PAP) Link with a server must be established through Point-To-Point Protocol (PPP) PAP sends authentication request including its credentials to server Server matches credentials against its user database Simple Unsecure and does not use encryption
  16. Challenge Handshake Authentication Protocol (CHAP) Like PAP, it works in tandem with PPP Encryption Three step process (three-way handshake) Step 1: Server sends Client a challenge Step 2: Client and Server add the User’s password to the challenge and encrypt it Step 3: Server compares the two encrypted strings to see if they match
  17. Extensible Authentication Protocol (EAP) Another PPP extension Used in tandem with other authentication and encryption schemes Server sends multiple requests to client Asks identity and indicates authentication type Info to prove clients identity Flexible
  18. 802.1x EAPoL (EAP overLan) Grants access to, and dynamically generates and updates authentication keys for transmissions to, a particular port Commonly used in conjunction with RADIUS Port-based authentication
  19. 802.1x Process Diagram

  20. firewalls

  21. General: Firewalls are a network technology used to control internet traffic based upon set rules. Can be hardware and software but an ideal firewall consists of both. Users can customize the firewall settings. For example blocking certain ports.
  22. Types of firewalls Software Usually used with computers in homes where a firewall service can be purchased to protect your home network from the Internet Hardware Firewalls built into Routers with an Ethernet card and hub
  23. Firewall methods Packet Filters Stateful Inspections Network Addressing Translation(NAT) Proxy Server
  24. Packet filters Packet Filtering simply inspects the header of each packet transferred from computer to computer . If the packet meets the set upon rules it will pass, if not it will be discarded. Works in the first 3 layers of the OSI model Disadvantage is IP spoofing where an unauthorized user tries to gain access to the network by saying its from a trusted host
  25. Stateful inspections The main job is to check that all packets coming in were from an outbound request. Therefore it can identify packets that weren't requested and can deny it of potential harm Also only packets that match a known active connection are allowed to be processed through Works in Layers 1-4 on the OSI Model
  26. Network addressing translation (NAT) NAT is has the capabilities of changing the source and/or IP address. With the firewall it gives everyone inside the network different addresses that are shown to the public making it difficult to attack. Only works at the TCP/IP level
  27. Proxy server Adding a proxy service with the packet filter can make a very secure network. Also known as application layer gateway Works by determining whether a process should accept any connections. It also inspects packs for content that looks like a threat Proxy servers connect the application layer with the lower layers of the OSI model
  28. Characteristics Service control: Controls the types of inbound and outbound Internet services that can be accessed on the network Direction control: Determines which direction requested services are allowed to flow
  29. Characteristics Behavior control: Controls how services are used Ex: Filtering emails User control Acts as a control access to services allowing only certain access to users that have permission

  30. Cloud computing

  31. Cloud Computing Definition: “The practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.” http://www.youtube.com/watch?v=ae_DKNwK_ms
  32. Three Models SaaS(Software as a Service) PaaS (Platform as a Service) IaaS(Infrastructure as a Service)
  33. Software as a service Most popular form of cloud computing Easy to use Applications managed by third party but accessed on the client side Pay-per-use cost structure All maintenance and support managed by vendors Example: Gmail
  34. Platform as a Service More complicated Customizable applications Provides the computing infrastructure, hardware and platforms installed on top of the hardware Scalable Users manage: Applications and data Vendors manage: Runtime, Middleware, O/S, Virtualization, Servers, Storage, and Networking
  35. Infrastructure as a Service Computer infrastructure, storage and networking Users pay for the services they want and have more management control Users manage: Applications, Data, Runtime, Middleware, and O/S Vendors manage: Virtualization, Servers, Hard drives, Storage, and Networking
  36. Security Challenges Data Loss Traffic Hijacking Denial of Service Malicious Insiders Insecure Interfaces and API’s
  37. Data loss An increase in sensitive information stored on cloud providers causes an increase in risk for data loss – accidentally and intentionally Encrypting data can provide protection, unless the encryption key is lost Service provider could be destroyed due to a natural disaster Ex: Fire, flood, earthquake Offline backups are often not secure and can lead to data breaches
  38. Traffic hijacking Hackers can gain information regarding services and direct users to fake websites Risk is increased when account services are accessed from remote locations such as laptops Should implement two way authentication methods
  39. Denial of service Companies pay for services based on use or consumed disk space Hackers can cause delays in use, causing expensive processing times Denies access
  40. Malicious insiders Employees (past and present) have access to information and use it in a detrimental way Can cause significant financial damage and loss of productivity Important to have a way to monitor what employees have access to and only give sensitive information to those who need it
  41. Insecure interfaces and api’s Application Program Interface (API) “Set of routines, protocols and tools for building software applications” Interfaces are responsible for cloud provisioning, management, orchestration, and monitoring Interfaces and API’s are involved in encryption and authentication Security issues include: Confidentiality, integrity, availability and accountability
  42. Sources http://www.unixwiz.net/techtips/iguide-ipsec.html http://www.webopedia.com/TERM/S/SSH.html http://www.webopedia.com/TERM/S/SSL.html http://www.pgpi.org/doc/pgpintro/ http://blogs-images.forbes.com/ciocentral/files/2010/12/256px-Cloud_computing_icon.svg_.png http://apprenda.com/library/cloud/cloud-computing-security/ http://apprenda.com/library/paas/iaas-paas-saas-explained-compared/ https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf http://www.infoworld.com/t/cloud-security/9-top-threats-cloud-computing-security-213428 http://www.pcmag.com/encyclopedia/term/43218/firewall http://www.webopedia.com/TERM/F/firewall.html http://www.firewallinformation.com Textbook
More Related