240 likes | 400 Views
Network Security. CHRISTOPHER D. CONEWAY. under the direction of Dr. Foorood Amirmadhi for the CASS/CREST STARS Program Tennessee State University. Agenda. Objective Basic Network Components The Lab Systems Securing the Network Current Work Conclusion. Objective.
E N D
Network Security CHRISTOPHER D. CONEWAY under the direction of Dr. Foorood Amirmadhifor theCASS/CREST STARS Program Tennessee State University
Agenda • Objective • Basic Network Components • The Lab Systems • Securing the Network • Current Work • Conclusion
Objective • Our objective is to better understand Network Security issues, and means to protect it. • Our goals are as follows: • Network Layer • Host Layer • Application Layer
A Conceptual Packet Structure Control Source Destination Protocol Data
Basic Network Components • PCs • Router • Switch • Hub • Firewall
The Lab Systems • Hardware components • Switch, Hub, PC’s • Operating Systems • Unix: Sun Os 5.5 • Linux: Red Hat 9.0, SuSE 8.2 • Windows: 2000, 2000 Server, NT4.0
Network Diagram Internet Hub Router Firewall NG NAT Network Address Translator Firewall Network 1 Private Class-C: Address Network 2 Private Class-C: Address Hub Switch UNIX BOX W2K server Linux SUSE/W2K W2K/REDHAT W2K/REDHAT W2K/SUSE W2K-WS1/REDHAT SUSE
Firewall • Firewall –Hardware or software that examines and controls the traffic between two or more networks (i,e; Internal, and Internet) • Firewall policies are a collection rules: internet
Securing the Network:Security Tools • Port Scanner (Protocol holes) • Security Analyzer (Application Holes) • Network Analyzer/Sniffer (Decoding)
Current Works • Secure Mail • Microsoft Active Directory • VPN (Virtual Private Network) • Unix systems
Secure Mail • Virus protection - Server based virus protection using your existing antivirus software. • Spam filtering - Checks to see if the computer which sent a message is blacklisted on the major RBL lists. Quarantines or deletes any such messages. • Content filtering -. Check for unacceptable language. • Attachment filtering - Part of the content filtering. Removes unwanted types of file attachment before they reach the end user. • IMAP (Internet Message Access Protocol)support - Store all message folders centrally, allowing side by side access from a mail client or web-mail. • Web-based mail client - Provide users with web-based access to their e-mail. • Web-based administration - Remotely administer mail using a web browser. • Http-s- An extension to the http protocol to support sending data securely over the web.
Secure Mail Diagram Mail Server Client Computers
Active Directory • Microsoft Active Directory • Domain Name Service • User and Group account management • Organizational units and resources management
VPN (Virtual Private Network) • VPN (Virtual Private Network) • Checkpoint VPN (CP2000, CPNG) • Data integrity and confidentiality are protected through authentication and encryption • Data can be securely transmitted between two locations across the Internet or be encrypted between a server and a client within a Local Area Network
Unix Systems • Unix systems • Internet services (web, mail, proxy, etc..) • Redhat & Suse, Sun system platforms
Conclusions • Security in All Layers Required • Be Up-to-date in New Security Issues • Consistency in the process of securing systems