1 / 13

Network Security

Network Security. Keng Siau University of Nebraska-Lincoln. Components of Security Policy. Describes items to be protected and rules for protection Must cover computer systems, LANs, interconnection devices, Internet access, etc.

santa
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Keng Siau University of Nebraska-Lincoln

  2. Components of Security Policy • Describes items to be protected and rules for protection • Must cover computer systems, LANs, interconnection devices, Internet access, etc. • Development must include assessment of cost of protected information versus cost of protection

  3. Aspects of Security • Data accessibility • Contents accessible • Data integrity • Contents remain unchanged • Data confidentiality • Contents not revealed

  4. Responsibility and Control • Must be able to delegate and control responsibility • Accountability • Who is responsible for tracking access to data • Authorization • Who is responsible for who access data

  5. Encryption and Privacy • Encryption • Rewrite contents so that they cannot be read without key • Encrypting function • Produces encrypted message • Decrypting function • Extracts original message • Encryption key • Parameter that controls encryption/decryption; sender and receiver share secret key

  6. Encryption and Privacy • Sender produces • Encrypted Message = encrypt(Key, Message) • Sender transmits Encrypted Message on network • Receiver extracts • Message = decrypt(Key, Encrypted Message) • Requires sharing of secret Key • If Key is discovered, security is compromised

  7. Public Key Encryption • Public key encryption uses two keys: • Private key • Kept secret by user • Public key • Published by user • To send a message to user 1 • Encrypt using User 1’s public key • User 1 decrypts using his/her private key

  8. Authentication -- Digital Signatures • Goal • Guarantee that message must have originated with certain entity • Idea • Encrypt with private key • Decrypt with public key • Only owner of private key could have generated original message

  9. Authentication and Privacy • Combine previous two techniques • A sends a message to B: • X = encrypt(PUB-B, encrypt(PRV-A, M)) • B extracts message: • M = decrypt(PUB-A, decrypt(PRV-B, X))

  10. Packet Filtering • Can configure packet forwarding devices, e.g., routers, to drop certain packets • Consider example: • Suppose 192.5.48.0 is test network and 128.10.0.0 has controlling workstations • Install filter to allow packets only from 192.5.48.0 to 128.10.0.0 • Keeps potentially bad packets away from remainder of Internet

  11. Packet Filtering

  12. Internet Firewall • Packet filter at edge of intranet can disallow unauthorized packets • Restricts external packets to just a few internal hosts

  13. Summary • Security is a problem because Internet is not owned by one entity • Organizations can use firewalls to prevent unauthorized access • Encryption and digital signatures can provide confidentiality and secure identification

More Related