1 / 11

Network Security

Network Security. Introduction

eamon
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business applications by reducing risk, and providing a foundation for expanding your business with Intranet, extranet, and electronic commerce applications.

  2. Reasons choosing Network Security as Topic • Protection from “Crackers” • Cooperate with NT (NT is not enough security) • Learning for my own compnay use • Trying to get the contract from Government in Taiwan for building security system

  3. Network Security •Internet Security - From Infrastructure to Network to Computer •Wide-Area Network Security - Bridge and Router Packet Filtering•Local-Area Network Security - Tape Backup and LAN Admin.•Computer Security - Power Protection and Special Mounting & Fastening Devices to Secure Computer Equipmen

  4. Improving Network Security By Means of Secure Gateways (or Firewall) • Internet sites often use the TCP/IP protocol suite and UNIX for local area networking purposes, UNIX and TCP/IP offer methods for centralizing the management of users and resources. • But. Crackers often roam the Internet searching for unprotected sites; misconfigured systems as well as use of insecure protocols that make the cracker's job much easier. • Two of the TCP/IP services most often used in local area networking, NIS (Network Information Services) and NFS (Network File System), are easily exploited; crackers can use weaknesses in NIS and NFS to read and write files, learn user information, capture passwords, and gain privileged access. • Kerberos and Secure RPC are effective means for reducing risks and vulnerabilities on local area TCP/IP networks, however they suffer from the disadvantages of requiring modified network daemon programs on all participating hosts. • For many sites, the most practical method for securing access to systems and use of inherently vulnerable services is to use a Secure Gateway, or firewall system.

  5. Examples of Firewalls • Packet-filtering-only firewall (is perhaps most common and easiest to employ.) • Dual-homed gateway(are often the least-expensive option for many sites and, if used mainly as an application gateway, can be quite secure.) • Choke-gate firewall(would handle ftp and telnet traffic using group accounts . The choke-gate firewall is more flexible than the dual-homed firewall, however, and more secure.) • Screened-subnet firewall. The telnet/ftp and e-mail gateways could be the only systems accessible from the Internet. providing a high level of security and offering more flexibility for internal systems that need to connect to the Internet

  6. Typical Firewall Architecture • In this architecture, the router that is connected to the Internet (exterior router) forces all incoming traffic to go to the application gateway. The router that is connected to the internal network (interior router) accepts packets only from the application gateway. • The application gateway institutes per-application and per-user policies. In effect, the gateway controls the delivery of network-based services both into and from the internal network. For example, only certain users might be allowed to communicate with the Internet, or only certain applications are permitted to establish connections between an interior and exterior host.

  7. IP security Why do we need IP security: • Loss of privacy • Loss of Data Integrity • Identity spoofing • Denial of services

  8. Confidentiality Integrity Authentication Encryption of data in transit Network-layer encryption Addressing the Threat are key services used to protect against the threats by way of :

  9. Intranet VPNs Intranet VPNs link corporate headquarters, remote and branch offices through dedicated connections

  10. Extranet VPNs • Extranet VPNs connect customers, partners other interest parties to corporate intranets over dedicated connections

  11. Limit the scope of access Understand your environment Limit your trust Remember your physical security Security is pervasive (everywhere) Know your enemy Count the cost Identify your assumptions Control your secrets Remember human factors Know your weaknesses Understanding Network security

More Related