1 / 93

Network Security Basics

Network Security Basics. Outline of Network Security Basics. What is Network Security? Threats and Attacks Defenses Cryptography. What is Security?. “ The quality or state of being secure—to be free from danger ” A successful organization should have multiple layers of security in place:

toni
Download Presentation

Network Security Basics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Basics

  2. Outline of Network Security Basics • What is Network Security? • Threats and Attacks • Defenses • Cryptography

  3. What is Security? • “The quality or state of being secure—to be free from danger” • A successful organization should have multiple layers of security in place: • Physical security • Personal security • Operations security • Network security • Information security

  4. What is Network Security? • Network security refers to any activities designed to protect your network, which protect the usability, reliability, integrity, and safety of your network and data. Effective network security targets a variety of threats and stops them from entering or spreading on your network

  5. Balancing Security and Access • Impossible to obtain perfect security—it is a process, not an absolute • Security should be considered balance between protection and availability • To achieve balance, level of security must allow reasonable access, yet protect against threats

  6. Figure 1-6 – Balancing Security and Access

  7. Outline of Network Security Basics • What is Network Security? • Threats and Attacks • Defenses • Cryptography

  8. Threats • Threat: an object, person, or other entity that represents a constant danger to an asset • Management must be informed of the different threats facing the organization • By examining each threat category, management effectively protects information through policy, education, training, and technology controls

  9. Threats to Information Security

  10. Acts of Human Error or Failure • Includes acts performed without malicious intent • Causes include: • Inexperience • Improper training • Incorrect assumptions • Employees are among the greatest threats to an organization’s data

  11. Acts of Human Error or Failure (continued) • Employee mistakes can easily lead to: • Revelation of classified data • Entry of erroneous data • Accidental data deletion or modification • Data storage in unprotected areas • Failure to protect information • Many of these threats can be prevented with controls

  12. Forces of Nature • Forces of nature are among the most dangerous threats • Disrupt not only individual lives, but also storage, transmission, and use of information • Organizations must implement controls to limit damage and prepare contingency plans for continued operations

  13. Deviations in Quality of Service • Includes situations where products or services not delivered as expected • Information system depends on many interdependent support systems • Internet service, communications, and power irregularities dramatically affect availability of information and systems

  14. Internet Service Issues • Internet service provider (ISP) failures can considerably undermine availability of information • Outsourced Web hosting provider assumes responsibility for all Internet services as well as hardware and Web site operating system software

  15. Attacks • Act or action that exploits vulnerability (i.e., an identified weakness) in controlled system • Accomplished by threat agent which damages or steals organization’s information

  16. Table 2-2 - Attack Replication Vectors New Table

  17. Attacks (continued) • Malicious code: includes execution of viruses, worms, Trojan horses, and active Web scripts with intent to destroy or steal information • Back door: gaining access to system or network using known or previously unknown/newly discovered access mechanism

  18. Attacks (continued) • Spoofing: technique used to gain unauthorized access; intruder assumes a trusted IP address • Man-in-the-middle: attacker monitors network packets, modifies them, and inserts them back into network • Spam: unsolicited commercial e-mail; more a nuisance than an attack, though is emerging as a vector for some attacks

  19. Attacks (continued) • Denial-of-service (DoS): attacker sends large number of connection or information requests to a target • Target system cannot handle successfully along with other, legitimate service requests • May result in system crash or inability to perform ordinary functions • Distributed denial-of-service (DDoS): coordinated stream of requests is launched against target from many locations simultaneously

  20. Figure 2-9 - Denial-of-Service Attacks

  21. What Makes DDoS Attacks Possible? • Internet was designed with functionality & not security in mind • Internet security is highly interdependent • Internet resources are limited • Power of many is greater than power of a few

  22. Summary on Threats and Attacks • Threat: object, person, or other entity representing a constant danger to an asset • Attack: a deliberate act that exploits vulnerability

  23. Outline of Network Security Basics • What is Network Security? • Threats and Attacks • Defenses • Cryptography

  24. Firewalls • Prevent specific types of information from moving between the outside world (untrusted network) and the inside world (trusted network) • May be separate computer system; a software service running on existing router or server; or a separate network containing supporting devices

  25. Firewall Categorization • Processing mode • Development era • Intended deployment structure • Architectural implementation

  26. Firewalls Categorized by Processing Modes • Packet filtering • Application gateways • Circuit gateways • MAC layer firewalls • Hybrids

  27. Packet Filtering • Packet filtering firewalls examine header information of data packets • Most often based on combination of: • Internet Protocol (IP) source and destination address • Direction (inbound or outbound) • Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source and destination port requests • Simple firewall models enforce rules designed to prohibit packets with certain addresses or partial addresses

  28. Packet Filtering (continued) • Three subsets of packet filtering firewalls: • Static filtering: requires that filtering rules governing how the firewall decides which packets are allowed and which are denied are developed and installed • Dynamic filtering: allows firewall to react to emergent event and update or create rules to deal with event • Stateful inspection: firewalls that keep track of each network connection between internal and external systems using a state table

  29. Application Gateways • Frequently installed on a dedicated computer; also known as a proxy server • Since proxy server is often placed in unsecured area of the network (e.g., DMZ), it is exposed to higher levels of risk from less trusted networks • Additional filtering routers can be implemented behind the proxy server, further protecting internal systems

  30. Screened Subnet Firewalls (with DMZ) • Dominant architecture used today is the screened subnet firewall • Commonly consists of two or more internal bastion hosts behind packet filtering router, with each host protecting trusted network: • Connections from outside (untrusted network) routed through external filtering router • Connections from outside (untrusted network) are routed into and out of routing firewall to separate network segment known as DMZ • Connections into trusted internal network allowed only from DMZ bastion host servers

  31. Virtual Private Networks (VPNs) • Private and secure network connection between systems; uses data communication capability of unsecured and public network • Securely extends organization’s internal network connections to remote locations beyond trusted network

  32. Virtual Private Networks (VPNs) (continued) • VPN must accomplish: • Encapsulation of incoming and outgoing data • Encryption of incoming and outgoing data • Authentication of remote computer and (perhaps) remote user as well

  33. Transport Mode • Data within IP packet is encrypted, but header information is not • Allows user to establish secure link directly with remote host, encrypting only data contents of packet • Two popular uses: • End-to-end transport of encrypted data • Remote access worker connects to office network over Internet by connecting to a VPN server on the perimeter

  34. Tunnel Mode • Organization establishes two perimeter tunnel servers • These servers act as encryption points, encrypting all traffic that will traverse unsecured network • Primary benefit to this model is that an intercepted packet reveals nothing about true destination system • Example of tunnel mode VPN: Microsoft’s Internet Security and Acceleration (ISA) Server

  35. Summary of Firewalls and VPNs • Firewall technology • Four methods for categorization • Firewall configuration and management • Virtual Private Networks • Two modes

  36. Defenses against Intrusion • Intrusion: type of attack on information assets in which instigator attempts to gain entry into or disrupt system with harmful intent • Intrusion detection: consists of procedures and systems created and operated to detect system intrusions • Intrusion reaction: encompasses actions an organization undertakes when intrusion event is detected • Intrusion correction activities: finalize restoration of operations to a normal state • Intrusion prevention: consists of activities that seek to deter an intrusion from occurring

  37. Intrusion Detection Systems (IDSs) • Detects a violation of its configuration and activates alarm • Many IDSs enable administrators to configure systems to notify them directly of trouble via e-mail or pagers • Systems can also be configured to notify an external security service organization of a “break-in”

  38. IDS Terminology • Alert or alarm • False negative • The failure of an IDS system to react to an actual attack event. • False positive • An alarm or alert that indicates that an attack is in progress or that an attack has successfully occurred when in fact there was no such attack. • Confidence value • Alarm filtering

More Related