Seminar on

Fundamentals of Network Security

PRESENTED TO-Mr B. P. Dubey

PRESENTED BY-MANISH TIWARICS-BROLL NO-29

Introduction to Network Security

networks are used to transfer valuable and confidential information for a variety of purposes. As a consequence, they attract the attention of people who intend to steal or misuse information, or to disrupt or destroy the systems storing or communicating it. 

Importance of Effective Network Security Strategies

Security breaches can be very expensive in terms of business disruption and the financial losses that may result.

Increasing volumes of sensitive information are transferred across the Internet or intranets connected to it.

Networks that make use of Internet links are becoming more popular because they are cheaper than dedicated leased lines. This, however, involves different users sharing Internet links to transport their data.

Directors of business organisations are increasingly required to provide effective information security.

Terminology about Data Storage, Processing or Transmission

Confidentiality Integrity of dataFreshness of dataAuthentication of the source of informationAvailability of network servicesPassive attackActive attack

Passive Attacks and Active Attacks

Principles of Encryption

Symmetric Key Systems

sharing a single secret key between the two communicating entities – this key is used for both encryption and decryption

Algorithm

DES (Data Encryptions Standard) Triple-DES (or 3DES) IDEA(International Data Encryption Algorithm) Blowfish RC2 (Rivest cipher no. 2) RC4 (Rivest cipher no. 4)

Asymmetric key Systems

Algorithm

RSA (named after its creators–Rivest, Shamir and Adleman) DSS (Digital Signature Standard)

Vulnerability to attack

Cryptanalysis is the science of breaking a cipher without knowledge of the key (and often the algorithm) used. Its goal is either to recover the plaintext of the message or to deduce the decryption key so that other messages encrypted with the same key can be decrypted.

• brute force attack• one-time pad

Implementing Encryption in Networks

Link layer Encryption 

Packets are encrypted when they leave a node and decrypted when they enter a node.

Link Layer Encryption

End-to-end Encryption

Network layer encryption  Application Layer Encryption

Network layer Encryption 

normally implemented between specific source and destination nodes as identified, for example, by IP addresses.

Network Layer Encryption

Application Layer Encryption

end-to-end security is provided at a user level by encryption applications. Examples of application layer encryption are

S/MIME (secure/multipurpose internet mail extensions), S-HTTP (secure hypertext transfer protocol), PGP (Pretty Good Privacy) MSP (message security protocol)

Application Layer Encryption

Hash Values

A common use of a hash value is the storage of passwords on a computer system. If the passwords are stored in the clear, anyone gaining unlawful access to the computer files could discover and use them. 

Algorithm

MD5 SHA (secure hash algorithm)

Access Control

Password Firewalls packet-filtering routers  application level gateways circuit level gateways 

Firewalls

Firewalls play an important role in restricting and controlling access to networks.

Packet-filtering Router

A packet-filtering router either blocks or passes packets presented to it according to a set of filtering rules.

Filtering rules are based on various features.

the packet header information, e.g. IP source and destination addresses

the encapsulated protocol being used, e.g. TCP or UDP, ICMP or IP

the transport layer source and destination ports

the incoming and outgoing interfaces for the packet.

Application Level Gateways

Implemented through a proxy server, which acts as an intermediary between a client and a server .

Circuit Level Gateways

checks the validity of connections at the transport layer against a table of allowed connections, before a session can be opened and data exchanged.

work at the session layer of the OSI model.

Bibliography Halsall, F. (2001) Multimedia Communications, Addison Wesley. ITU-T X.509 (2000) Information Technology – Open Systems Interconnection – The

Directory: Public-Key and Attribute Certificate Frameworks, International Telecommunication Union.

King, T. and Newson, D. (1999) Data Network Engineering, Kluwer. Peterson, L. L. and Davie, B. S. (1996) Computer Networks: A Systems Approach, Morgan

Kaufmann. RFC 2401 (1998) Security Architecture for the Internet Protocol, Kent, S., Atkinson, R. Anderson, R. (2001) Security Engineering: A Guide to Building Dependable Distributed

Systems, Wiley. BS 7799-2 (2002) Information Security Management Systems – Specification with Guidance

for Use, British Standards Institution http://www.open.edu http://www.alison.com http://www.iana.org/assignments/port-numbers

Thank you