Network Security
Download
Report
Transcript Network Security
Network Security
Introduction
Security technologies
protect mission-critical
networks from corruption
and intrusion. Network
security enables new
business applications by
reducing risk, and
providing a foundation
for expanding your
business with Intranet,
extranet, and electronic
commerce applications.
Reasons choosing Network Security
as Topic
Protection from “Crackers”
Cooperate with NT
(NT is not enough security)
Learning for my own compnay use
Trying to get the contract from Government in Taiwan
for building security system
Network Security
•Internet Security - From Infrastructure to
Network to Computer
•Wide-Area Network Security - Bridge and
Router Packet Filtering
•Local-Area Network Security - Tape Backup
and LAN Admin.
•Computer Security - Power Protection and
Special Mounting & Fastening
Devices to Secure Computer Equipmen
Improving Network Security By Means of Secure
Gateways (or Firewall)
Internet sites often use the TCP/IP protocol suite and UNIX
for local area networking purposes, UNIX and TCP/IP offer
methods for centralizing the management of users and
resources.
But. Crackers often roam the Internet searching for
unprotected sites; misconfigured systems as well as use of
insecure protocols that make the cracker's job much easier.
Two of the TCP/IP services most often used in local area
networking, NIS (Network Information Services) and NFS
(Network File System), are easily exploited; crackers can use
weaknesses in NIS and NFS to read and write files, learn user
information, capture passwords, and gain privileged access.
Kerberos and Secure RPC are effective means for reducing
risks and vulnerabilities on local area TCP/IP networks,
however they suffer from the disadvantages of requiring
modified network daemon programs on all participating hosts.
For many sites, the most practical method for securing access
to systems and use of inherently vulnerable services is to use a
Secure Gateway, or firewall system.
Examples of Firewalls
Packet-filtering-only
firewall (is perhaps most common
and easiest to employ.)
Dual-homed gateway(are
often the least-expensive option for
many sites and, if used mainly as an
application gateway, can be quite
secure.)
Choke-gate firewall (would
handle ftp and telnet traffic using
group accounts . The choke-gate
firewall is more flexible than the dualhomed firewall, however, and more
secure.)
Screened-subnet firewall.
The telnet/ftp and e-mail gateways
could be the only systems accessible
from the Internet. providing a high
level of security and offering more
flexibility for internal systems that
need to connect to the Internet
Typical Firewall Architecture
In this architecture, the router that is connected to the
Internet (exterior router) forces all incoming traffic to go to
the application gateway. The router that is connected to the
internal network (interior router) accepts packets only from
the application gateway.
The application gateway institutes per-application and peruser policies. In effect, the gateway controls the delivery of
network-based services both into and from the internal
network. For example, only certain users might be allowed to
communicate with the Internet, or only certain applications
are permitted to establish connections between an interior
and exterior host.
IP security
Why do we need IP security:
Loss of privacy
Loss of Data Integrity
Identity spoofing
Denial of services
Addressing the Threat
Confidentiality
Integrity
Authentication
are key services used to protect
against the threats by way of :
Encryption of data in transit
Network-layer encryption
Intranet VPNs
Intranet VPNs link
corporate headquarters,
remote and branch
offices through
dedicated connections
Extranet VPNs
Extranet VPNs
connect customers,
partners other
interest parties to
corporate intranets
over dedicated
connections
Understanding Network
security
Know your enemy
Count the cost
Identify your
assumptions
Control your secrets
Remember human
factors
Know your
weaknesses
Limit the scope of
access
Understand your
environment
Limit your trust
Remember your
physical security
Security is pervasive
(everywhere)