Upload
ronik-passwala
View
212
Download
0
Embed Size (px)
Citation preview
SUBMITEED TO:Dr. Jaydip Chaudhari
BY: CHAMPANERIA DHARMIN (06)
JOSHI CHIRAG (38)NAIR AKHIL (59)
DEPARTMENT OF BUSSINESS AND INDUSTRIAL MANAGEMENT
NETWORK SECURITY
Understand information security services
Be aware of vulnerabilities and threats
Realize why network security is necessary
What are the elements of a comprehensive security program
PRESENTATION OBJECTIVES
Within the subculture of computer hobbyists and software enthusiasts, the term “Hacker” usually refers to a particulars kind of programmer.
Someone who programs creatively
Someone who programs for pure enjoyment
HACKER
Someone who breaks into computers, often to do something malicious such as steal credit card information
Many times from personal computer
Using the program crackers can break into a system without really knowing how they did it
CRACKER
Passwords are the most fundamental security tool of any modern operating system and the most commonly attacked features.
Don`ts of choosing a password:-
Don`t use a variation of your login name or full name, this will still be an easily guessed password
Don`t use a dictionary word, even if you add numbers or punctuation to it
PASSWORD PROTECTION:-
Do`s of choosing the password:-Good way to choose a strong password is to take the
first latter from each word of an easily remembered sentence. Examples:-
ItMc? - Is that My coat?
System Admin Tips for Password:-
Change or force user to change password periodically
Password files within your server or database
Password protectionProtecting the network by filtering network access and traffic
(i.e. firewall)Running security auditExamine and monitor log filesMake use of intrusion detection toolUse common sense
IMPORTANT STEPS TO SECURITY:-
More information is being created, stored, processed and communicated using computers and networks
Computers are increasingly interconnected, creating new pathways to information assets
The threats to information are becoming more widespread and more sophisticated
Productivity, competitiveness, are tied to the first two trends
Third trend makes it inevitable that we are increasingly vulnerable to the corruption or exploitation of information
TRENDS FOR INFORMATION
Core principle of network security
Confidentiality refers to preventing the disclosure of information to unauthorized individuals or systems.
Confidentiality is necessary for maintaining the privacy of the people whose personal information is held in the system.
CONFIDENTIALITY
Organizations protect against loss of confidentiality with access controls and encryption.
For example, users are first required to authenticate and then access is granted to users based on their proven identity. In short, users are granted access to data via permissions. If users do not have permissions, they are denied access.
There are many other instances where someone can access data without needing to prove their identity.
HOW TO SECURE Confidentiality
Integrity refers to the trustworthiness of information resources
It includes the concept of "data integrity" -- namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity. It also includes "origin" or "source integrity" -- that is, that the data actually came from the person or entity you think it did, rather than an imposter.
INTEGRITY
One of the common ways of ensuring integrity is with hashing. In short, a hash is a number and a hashing algorithm can calculate a hash for a file or string of data.
As long as the data has not changed (and the same hashing algorithm is used), the hash will always be the same. The two primary hashing algorithms used today are Message Digest 5 (MD5) and Secure Hashing Algorithm 1 (SHA-1).
EG, if you calculate the hash of the phrase “ILoveSecurity” with the MD5 hashing algorithm it will always be E7F8B292F4F5C2F98E5DF1435EB73D1B.
HOW TO SECURE INTEGRITY
EG, if you calculate the hash of the phrase “ILoveSecurity” with the MD5 hashing algorithm it will always be E7F8B292F4F5C2F98E5DF1435EB73D1B.
One way hashes are used is by detection systems that calculate hashes of key files. The detection systems later check these files to determine if the hash is the same. If the hash has been modified, the file has lost integrity and is considered suspect.
For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information.
High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks such as a flood of incoming messages to the target system essentially forcing it to shut down.
AVAILABILITY
Primary methods that organizations use to protect against loss of availability are fault tolerant systems.
Fault tolerance means that a system can develop a fault, yet tolerate it and continue to operate. This is often accomplished with redundant systems such as redundant
Backups ensure that that important data is backed up and can be restored if the original data becomes corrupt
HOW TO SECURE AVAILABILITY
Fault tolerance and redundancies can be implemented at multiple levels. For example, RAID-1 is a mirror of two drives; if one drive fails, the other drive still holds all the data. RAID-5 (striping with parity) uses three or more drives and uses parity to recreate the data if any drive fails. RAID-10 combines the features of a RAID-1 with the features of a RAID-0 array.
A potential cause of an incident, that may result in harm of systems and organization
Computer networks are typically a shared resource used by many applications representing different interests.
The Internet is particularly widely shared, being used by competing businesses, mutually antagonistic governments, and opportunistic criminals.
THREATS
Key Pre DistributionAuthentication ProtocolsExample SystemsFirewalls
CHAPTER OUTLINE
To use ciphers and authenticators, the communicating participants need to know what keys to use.
In the case of a symmetric-key cipher, how does a pair of participants obtain the key they share?
In the case of a public-key cipher, how do participants know what public key belongs to a certain participant?
The answer differs depending on whether the keys are short-lived session keys or longer-lived pre-distributed keys.
1) KEY PRE DISTRIBUTION
A session key is a key used to secure a single, relatively short episode of communication: a session. Each distinct session between a pair of participants uses a
new session key, which is always a symmetric-key key for speed.
The participants determine what session key to use by means of a protocol—a session key establishment protocol.
A session key establishment protocol needs its own security (so that, for example, an adversary cannot learn the new session key); that security is based on the longer-lived pre-distributed keys.
There are several motivations for this division of labor between session keys and pre-distributed keys:Limiting the amount of time a key is used results in less
time for computationally intensive attacks, less ciphertext for cryptanalysis, and less information exposed should the key be broken.
Pre-distribution of symmetric keys is problematic.Public key ciphers are generally superior for authentication
and session key establishment but too slow to use encrypting entire messages for confidentiality.
Pre-Distribution of Public KeysOne of the major standards for certificates is known as
X.509. This standard leaves a lot of details open, but specifies a basic structure. A certificate clearly must includethe identity of the entity being certifiedthe public key of the entity being certifiedthe identity of the signerthe digital signaturea digital signature algorithm identifier (which cryptographic hash
and which cipher)
Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) is a widely used approach to providing
security for electronic mail. It provides authentication, confidentiality, data integrity, and nonrepudiation.
Originally devised by Phil Zimmerman, it has evolved into an IETF standard known as OpenPGP
PGP’s confidentiality and receiver authentication depend on the receiver of an email message having a public key that is known to the sender.
To provide sender authentication and nonrepudiation, the sender must have a public key that is known by the receiver.
These public keys are pre-distributed using certificates and a web-of-trust PKI.
PGP supports RSA and DSS for public key certificates.
EXAMPLE SYSTEMS
Secure Shell (SSH)The Secure Shell (SSH) protocol is used to provide a remote
login service, and is intended to replace the less-secure Telnet and rlogin programs used in the early days of the Internet.
SSH is most often used to provide strong client/server authentication/ message integrity—where the SSH client runs on the user’s desktop machine and the SSH server runs on some remote machine that the user wants to log into—but it also supports confidentiality.
Telnet and rlogin provide none of these capabilities. Note that “SSH” is often used to refer to both the SSH
protocol and applications that use it; you need to figure out which from the context.
A firewall is a system that typically sits at some point of connectivity between a site it protects and the rest of the network.
It is usually implemented as an “appliance” or part of a router, although a “personal firewall” may be implemented on an end user machine.
Firewall-based security depends on the firewall being the only connectivity to the site from outside; there should be no way to bypass the firewall via other gateways, wireless connections, or dial-up connections.
FIREWALLS
In effect, a firewall divides a network into a more-trusted zone internal to the firewall, and a less-trusted zone external to the firewall.
This is useful if you do not want external users to access a particular host or service within your site.
Firewalls may be used to create multiple zones of trust, such as a hierarchy of increasingly trusted zones.
A common arrangement involves three zones of trust: the internal network; the DMZ (“demilitarized zone”); and the rest of the Internet.
Firewalls filter based on IP, TCP, and UDP information, among other things.
They are configured with a table of addresses that characterize the packets they will, and will not, forward.
By addresses, we mean more than just the destination’s IP address, although that is one possibility.
Generally, each entry in the table is a 4-tuple: It gives the IP address and TCP (or UDP) port number for both the source and destination.
A firewall filters packets flowing between a site and the rest of the Internet