Why is Network Security Come out to the Forefront. Increased Internet usage Increased telecommuting. Recent high profile attacks on government and private web sites have also contributed to the high exposure of network security. SPDLC depicted as a Cycle.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Figure 13-7 Assests, Threats, Vulnerabilities, Risks, and Protective Measures
1) Challenge response
2) Time synchronous token authentication systems.
Attack Strategies often concentrate on:
Figure 13-13 Representative Security Architecture Protective Measures
Network /information System Attack Strategies vulnerability of TCP
Man in the Middle Attack
Trojan Horse Attack
Denial Of Service Attack
Digital Certificates,Digital Signatures
Encrypted Message Digest
Strong Passwords, Intruder detection
Time stamping or sequence numbering
Virus management policy
Authentication, service filteringNetwork information System Vulnerabilities and Protective Measures (Fig. 13-8)
i) Manual Audits
Manual audits can be done by either internal or external personnel. Manual audits serve to verify the effectiveness of policy development and implementation, especially the extent to which people understand and effectively execute assigned processes in the overall corporate security policy.
Manual audits are also referred to as policyauditsor off-lineaudits.
ii) Automated Audits
Automated audits, otherwise known as event detectionor real-time audits depend on software that is able to assess the weaknesses of your network security and security standards.
Most audit software depends on capturing large amounts of event data and then filtering that data for exceptional or unusual events.
a) Telephone calls,
b) Login attempts,
c) Network server directory access attempts,
d) Access to Internet news groups or web sites, or
remote access attempts via dial-up lines.
Security Analyzing Tool for Networks (SATAN) actively tests various aspects of enterprise network security and reports results is a type of Security probe
2) signature scanners.
3) CRC checkers and hashing checkers
Figure 13-19 Virus Infection Points of Attack and Protective Measures
Figure 13-20(a) Packet Filters and Application Gateways Protective Measures
A filter is a program that examines the source address
and destination address of every incoming packet to the
Network access devices known as routers are also
capable of filtering data packets.
Filter tables are lists of addresses whose data
Packets and embedded messages are either allowed
Or prohibited from proceeding through the firewall
Server and into the corporate network.
A filtering program which only examines source
and destination addresses and determines
access based on the entries in a filter table is
known as a port level filter or network level
filter or packet filter.
Application level filters (Proxies) go beyond port level filters in their
attempts to prevent unauthorized access to corporate data.
While port level filters determine the legitimacy of the party asking
for information, application level filters assure the validity of what
they are asking for. Application level filters examine the entire
request for data rather than just the source and destination
Secure files can be marked as such and application level filters will
not allow those files to be transferred, even to users authorized by
port level filters.
1) Packet Filtering
works based on discriminating traffic
based on source and destination
2) Application Gateways of Proxies
examine individual commands within applications
This involves the following steps:
Figure 13-24 Challange-Response vs. Time-Synchronous Token Authentication
ensured by Encryption.
through the use of keys.
secure the transmission.
Figure 13-25 Kerberos Architecture Authentication
Figure 13-26 Private Key Encryption, Public Key Encryption, and Digital Signature Encryption
unauthorized decryption is nearly impossible. The safe and reliable distribution of these private keys among numerous encryption devices can be difficult. If this private keyis somehow intercepted, the integrity of the encryption system is compromised.
Sending encryption device encrypts a document using the intended recipient's public key and the originating party’s private key. This public key is readily available in a public directory or is sent by the intended recipient to the message sender.
However, in order to decrypt the document, the receiving encryption/decryption device must be programmed with their own private key and the sending party’s public key. In this method, the need for transmission of private keys between sending and receiving parties is eliminated. As an added security measure.
Providesan electronic means of guaranteeing authenticity of the sending party and assurance that encrypted documents have not been altered during transmission.
Figure 13-27 summarizes some key facts about currently popular encryption standards.
c) SecurID token authentication.
Figure 13-28 Remote Authentication Dial-In User Services (RADIUS) Architecture
It is broken into two primary parts; the first is illustrated in Figure 13-31.
It specifies the criteria that must be met in
order to achieve a specific rating. The criteria are defined in hierarchical fashion, with four different ratings possible.
The ‘A’ rating is the most secure possible and the ‘D’ rating corresponds to the least secure rating possible.
Specifically, C2 rating defines protection as controlled access, encapsulating resources and providing login and explicit auditing.