370 likes | 391 Views
CITA 165 Section 4. Communication Networks and Network Security. Network. Transparent entity to computer users Provides blood flow for the computing environment Designed to allow information to flow efficiently Maintained by network administrators. Networking Fundamentals.
E N D
CITA 165 Section 4 Communication Networks and Network Security
Network • Transparent entity to computer users • Provides blood flow for the computing environment • Designed to allow information to flow efficiently • Maintained by network administrators
Networking Fundamentals • Sender communicates message to receiver • Over some medium • Communication occurs when: • Recipient receives, processes, and comprehends the message
Getting the Message Across • Modulation • Modification of a medium to carry the message • Methods of embedding a message vary depending on type of message and signal
Impedance to Communications • Forms of interference (noise) • Attenuation • Crosstalk • Distortion • Echo • Impulse noise • Jitter • White noise
Networks Categorized by Components • Peer-to-peer (P2P) networks • Users may share hard drives, directories, or printers • Servant model • Music-sharing services • Server-based networks • Uses dedicated system to provide specific services • Distributed multi-server networks
Networks Categorized by Size • Local area network (LAN) • Metropolitan area network (MAN) • Covers region the size of a municipality, county, or district • Wide area network (WAN) • Very large network • Covers large geographic region • State, country, and even the planet
Networks Categorized by Media • Guided (wired) • Use electricity or light waves over cables • Unguided (wireless) • Use radio or infrared electromagnetic energy
Standards • Protocols • Rules for communications • If widely accepted, they become standards • Formal standards • De jure • Reviewed by a group of experts • Endorsed by a standards body • Informal standards • De facto • Widely adopted without formal review
Goals of Network Security • Providing Secure Connectivity • Secure Remote Access • Ensuring Privacy • Providing Nonrepudiation • Confidentiality, Integrity, and Availability
Secure Remote Access • One of the biggest security challenges is to provide secure remote access for contractors and traveling employees • VPN • Virtual Private Network • Uses a combination of encryption and authentication mechanisms • Ideal and cost-effective solution
Providing Nonrepudiation • Nonrepudiation: capability to prevent a participant in an electronic transaction from denying that it performed an action • Ensuring that the sender cannot deny sending a message and the recipient cannot deny receiving it • Encryption provides integrity, confidentiality, and authenticity of digital information • Encryption can also provide nonrepudiation • Nonrepudiation is an important aspect of establishing trusted communication between organizations
Confidentiality, Integrity, and Availability • Confidentiality • Prevents intentional or unintentional disclosure of communications between sender and recipient • Integrity • Ensures the accuracy and consistency of information during all processing • Availability • Assurance that authorized users can access resources in a reliable and timely manner
Physical Security • Refers to measures taken to physically protect a computer or other network device • Physical security measures • Computer locks • Lock protected rooms for critical servers • Burglar alarms • A computer can easily be compromised if a malicious intruder has physical access to it
Packet Filtering • Block or allow transmission of packets based on • Port number • IP addresses • Protocol information • Some types of packet filters • Routers • Most common packet filters • Operating systems • Built-in packet filtering utilities that come with some OSs • Software firewalls • Enterprise-level programs
Firewalls • Installing and configuring a firewalls is the foundation of organization’s overall security policy • Permissive versus restrictive policies • Permissive • Allows all traffic through the gateway and then blocks services on case-by-case basis • Restrictive • Denies all traffic by default and then allows services on case-by-case basis • Enforcement is handled primarily through setting up packet-filtering rules
Demilitarized Zone (DMZ) • Network that sits outside the internal network • DMZ is connected to the firewall • Makes services like HTTP and FTP publicly available • While protecting the internal LAN • DMZ is sometimes called a “service network” or “perimeter network”
Intrusion Detection and Prevention System (IDPS) • Works by recognizing the signs of a possible attack • Some traffic can trigger a response that attempts to actively combat the threat (intrusion prevention) • Signs of possible attacks are called signatures • Combinations of IP address, port number, and frequency of access attempts
Virtual Private Networks (VPNs) • A VPN is a network that uses public telecommunications infrastructure to provide secure access to corporate assets for remote users • Provide a low-cost and secure connection that uses the public Internet • Alternative to expensive leased lines • Provides point-to-point communication • Use authentication to verify users’ identities and encrypt and encapsulate traffic
Wireless Network • Signal transmitted using a radiated signal • Wireless network security is difficult • Signal is uncontrolled • Wireless access point (WAP) • Radio transmitter/receiver • Takes signal from wired network and broadcasts it to wireless receivers • Wireless local area network (WLAN) • Also called Wi-Fi
Wireless Network • Wireless networks differ from wired networks in that: • The signaling method does not have readily observable boundaries • They are susceptible to interference from other devices and networks • They are less reliable • The number of devices being networked may change frequently • They may lack full connectivity among nodes • The signal propagation is less certain
Other Wireless Standards • Bluetooth • Open standard for short-range wireless communication between devices • WiMAX • Standard for devices in geographically dispersed facilities
Other Wireless Standards • WiMedia • Wireless Personal Area Network (WPAN) standard • Low-cost, low-power-consumption network • Application: wireless USB devices communicate remotely with host system • ZigBee • WPAN standard used for monitoring and control devices • Examples of uses: building climate control systems; shipping container tracking devices
Wireless Security Protocols • Radio transmissions used in WLANs • Easily intercepted with receiver and packet sniffer • Networks must use cryptographic security control • Two sets of protocols in use today • Wired Equivalent Privacy (WEP) • Wi-Fi Protected Access (WPA)
Wired Equivalent Privacy (WEP) • Early attempt to provide security with 802.11 network protocol • Now considered too weak cryptographically • Reasons for weakness • No key management defined in protocol • Keys are seldom changed • Initialization vector too small • Tools exist to allow cracking of the WEP key
Wi-Fi Protected Access (WPA/WPA2/WPA3) • Introduced to resolve issues with WEP • WPA key • 128 bits • Dynamically changing • Uses Temporal Key Integrity Protocol (TKIP) • Some compromises made to allow backwards compatibility
WPA2 • Mandatory for all new Wi-Fi devices in 2006 • Robust Security Network (RSN) • Network that only allows connections that provide encryption
WLAN Security Concerns • Threats to a secure WLAN • Rogue access points • Key cracking • Wardriving • ARP poisoning • DoS attacks
WLAN Security Solutions • Recommendations for securing wireless networks • Use at least WPA2 and strong passkeys • Employ wireless IDS to help spot rogue access points • Ensure wireless connections authenticate via a VPN
Bluetooth Security Concerns • Consistently criticized as insecure • Paired devices generate a session key • Used for all future communications • Bluetooth attacks • Bluesnarf • Bluejacking • BlueBug • Evil twin
Bluetooth Security Solutions • Best practices for Bluetooth security • Turn off Bluetooth when not using • Do not accept incoming communications pairing request unless you know the requester • Secure Simple Pairing (SSP) • New security mechanism in Bluetooth 2.1