1 / 37

CITA 165 Section 4

CITA 165 Section 4. Communication Networks and Network Security. Network. Transparent entity to computer users Provides blood flow for the computing environment Designed to allow information to flow efficiently Maintained by network administrators. Networking Fundamentals.

tomlinson
Download Presentation

CITA 165 Section 4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CITA 165 Section 4 Communication Networks and Network Security

  2. Network • Transparent entity to computer users • Provides blood flow for the computing environment • Designed to allow information to flow efficiently • Maintained by network administrators

  3. Networking Fundamentals • Sender communicates message to receiver • Over some medium • Communication occurs when: • Recipient receives, processes, and comprehends the message

  4. Basic Communication Model

  5. Getting the Message Across • Modulation • Modification of a medium to carry the message • Methods of embedding a message vary depending on type of message and signal

  6. Data-to-Signal Modulation

  7. Analog and Digital Signals

  8. Impedance to Communications • Forms of interference (noise) • Attenuation • Crosstalk • Distortion • Echo • Impulse noise • Jitter • White noise

  9. Networks Categorized by Components • Peer-to-peer (P2P) networks • Users may share hard drives, directories, or printers • Servant model • Music-sharing services • Server-based networks • Uses dedicated system to provide specific services • Distributed multi-server networks

  10. Networks Categorized by Size • Local area network (LAN) • Metropolitan area network (MAN) • Covers region the size of a municipality, county, or district • Wide area network (WAN) • Very large network • Covers large geographic region • State, country, and even the planet

  11. Networks Categorized by Media • Guided (wired) • Use electricity or light waves over cables • Unguided (wireless) • Use radio or infrared electromagnetic energy

  12. Standards • Protocols • Rules for communications • If widely accepted, they become standards • Formal standards • De jure • Reviewed by a group of experts • Endorsed by a standards body • Informal standards • De facto • Widely adopted without formal review

  13. Common Attacks and Defenses

  14. Common Attacks and Defenses

  15. Goals of Network Security • Providing Secure Connectivity • Secure Remote Access • Ensuring Privacy • Providing Nonrepudiation • Confidentiality, Integrity, and Availability

  16. Secure Remote Access • One of the biggest security challenges is to provide secure remote access for contractors and traveling employees • VPN • Virtual Private Network • Uses a combination of encryption and authentication mechanisms • Ideal and cost-effective solution

  17. Providing Nonrepudiation • Nonrepudiation: capability to prevent a participant in an electronic transaction from denying that it performed an action • Ensuring that the sender cannot deny sending a message and the recipient cannot deny receiving it • Encryption provides integrity, confidentiality, and authenticity of digital information • Encryption can also provide nonrepudiation • Nonrepudiation is an important aspect of establishing trusted communication between organizations

  18. Confidentiality, Integrity, and Availability • Confidentiality • Prevents intentional or unintentional disclosure of communications between sender and recipient • Integrity • Ensures the accuracy and consistency of information during all processing • Availability • Assurance that authorized users can access resources in a reliable and timely manner

  19. Physical Security • Refers to measures taken to physically protect a computer or other network device • Physical security measures • Computer locks • Lock protected rooms for critical servers • Burglar alarms • A computer can easily be compromised if a malicious intruder has physical access to it

  20. Packet Filtering • Block or allow transmission of packets based on • Port number • IP addresses • Protocol information • Some types of packet filters • Routers • Most common packet filters • Operating systems • Built-in packet filtering utilities that come with some OSs • Software firewalls • Enterprise-level programs

  21. Firewalls • Installing and configuring a firewalls is the foundation of organization’s overall security policy • Permissive versus restrictive policies • Permissive • Allows all traffic through the gateway and then blocks services on case-by-case basis • Restrictive • Denies all traffic by default and then allows services on case-by-case basis • Enforcement is handled primarily through setting up packet-filtering rules

  22. Demilitarized Zone (DMZ) • Network that sits outside the internal network • DMZ is connected to the firewall • Makes services like HTTP and FTP publicly available • While protecting the internal LAN • DMZ is sometimes called a “service network” or “perimeter network”

  23. Intrusion Detection and Prevention System (IDPS) • Works by recognizing the signs of a possible attack • Some traffic can trigger a response that attempts to actively combat the threat (intrusion prevention) • Signs of possible attacks are called signatures • Combinations of IP address, port number, and frequency of access attempts

  24. Virtual Private Networks (VPNs) • A VPN is a network that uses public telecommunications infrastructure to provide secure access to corporate assets for remote users • Provide a low-cost and secure connection that uses the public Internet • Alternative to expensive leased lines • Provides point-to-point communication • Use authentication to verify users’ identities and encrypt and encapsulate traffic

  25. Wireless Network • Signal transmitted using a radiated signal • Wireless network security is difficult • Signal is uncontrolled • Wireless access point (WAP) • Radio transmitter/receiver • Takes signal from wired network and broadcasts it to wireless receivers • Wireless local area network (WLAN) • Also called Wi-Fi

  26. Wireless Network • Wireless networks differ from wired networks in that: • The signaling method does not have readily observable boundaries • They are susceptible to interference from other devices and networks • They are less reliable • The number of devices being networked may change frequently • They may lack full connectivity among nodes • The signal propagation is less certain

  27. Other Wireless Standards • Bluetooth • Open standard for short-range wireless communication between devices • WiMAX • Standard for devices in geographically dispersed facilities

  28. Other Wireless Standards • WiMedia • Wireless Personal Area Network (WPAN) standard • Low-cost, low-power-consumption network • Application: wireless USB devices communicate remotely with host system • ZigBee • WPAN standard used for monitoring and control devices • Examples of uses: building climate control systems; shipping container tracking devices

  29. Wireless Security Protocols • Radio transmissions used in WLANs • Easily intercepted with receiver and packet sniffer • Networks must use cryptographic security control • Two sets of protocols in use today • Wired Equivalent Privacy (WEP) • Wi-Fi Protected Access (WPA)

  30. Wired Equivalent Privacy (WEP) • Early attempt to provide security with 802.11 network protocol • Now considered too weak cryptographically • Reasons for weakness • No key management defined in protocol • Keys are seldom changed • Initialization vector too small • Tools exist to allow cracking of the WEP key

  31. Wi-Fi Protected Access (WPA/WPA2/WPA3) • Introduced to resolve issues with WEP • WPA key • 128 bits • Dynamically changing • Uses Temporal Key Integrity Protocol (TKIP) • Some compromises made to allow backwards compatibility

  32. WEP versus WPA

  33. WPA2 • Mandatory for all new Wi-Fi devices in 2006 • Robust Security Network (RSN) • Network that only allows connections that provide encryption

  34. WLAN Security Concerns • Threats to a secure WLAN • Rogue access points • Key cracking • Wardriving • ARP poisoning • DoS attacks

  35. WLAN Security Solutions • Recommendations for securing wireless networks • Use at least WPA2 and strong passkeys • Employ wireless IDS to help spot rogue access points • Ensure wireless connections authenticate via a VPN

  36. Bluetooth Security Concerns • Consistently criticized as insecure • Paired devices generate a session key • Used for all future communications • Bluetooth attacks • Bluesnarf • Bluejacking • BlueBug • Evil twin

  37. Bluetooth Security Solutions • Best practices for Bluetooth security • Turn off Bluetooth when not using • Do not accept incoming communications pairing request unless you know the requester • Secure Simple Pairing (SSP) • New security mechanism in Bluetooth 2.1

More Related