SUBMITEED TO:Dr. Jaydip Chaudhari 

BY: CHAMPANERIA DHARMIN (06)

JOSHI CHIRAG (38)NAIR AKHIL (59)

DEPARTMENT OF BUSSINESS AND INDUSTRIAL MANAGEMENT

NETWORK SECURITY

Understand information security services

Be aware of vulnerabilities and threats

Realize why network security is necessary

What are the elements of a comprehensive security program

PRESENTATION OBJECTIVES

Within the subculture of computer hobbyists and software enthusiasts, the term “Hacker” usually refers to a particulars kind of programmer.

Someone who programs creatively

Someone who programs for pure enjoyment

HACKER

Someone who breaks into computers, often to do something malicious such as steal credit card information

Many times from personal computer

Using the program crackers can break into a system without really knowing how they did it

CRACKER

Passwords are the most fundamental security tool of any modern operating system and the most commonly attacked features.

Don`ts of choosing a password:-

Don`t use a variation of your login name or full name, this will still be an easily guessed password

Don`t use a dictionary word, even if you add numbers or punctuation to it

PASSWORD PROTECTION:-

Do`s of choosing the password:-Good way to choose a strong password is to take the

first latter from each word of an easily remembered sentence. Examples:-

ItMc? - Is that My coat?

System Admin Tips for Password:-

Change or force user to change password periodically

Password files within your server or database

Password protectionProtecting the network by filtering network access and traffic

(i.e. firewall)Running security auditExamine and monitor log filesMake use of intrusion detection toolUse common sense

IMPORTANT STEPS TO SECURITY:-

More information is being created, stored, processed and communicated using computers and networks

Computers are increasingly interconnected, creating new pathways to information assets

The threats to information are becoming more widespread and more sophisticated

Productivity, competitiveness, are tied to the first two trends

Third trend makes it inevitable that we are increasingly vulnerable to the corruption or exploitation of information

TRENDS FOR INFORMATION

Core principle of network security

Confidentiality refers to preventing the disclosure of information to unauthorized individuals or systems.

Confidentiality is necessary for maintaining the privacy of the people whose personal information is held in the system.

CONFIDENTIALITY

Organizations protect against loss of confidentiality with access controls and encryption.

For example, users are first required to authenticate and then access is granted to users based on their proven identity. In short, users are granted access to data via permissions. If users do not have permissions, they are denied access.

There are many other instances where someone can access data without needing to prove their identity.

HOW TO SECURE  Confidentiality

Integrity refers to the trustworthiness of information resources

It includes the concept of "data integrity" -- namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity.  It also includes "origin" or "source integrity" -- that is, that the data actually came from the person or entity you think it did, rather than an imposter.

INTEGRITY 

One of the common ways of ensuring integrity is with hashing. In short, a hash is a number and a hashing algorithm can calculate a hash for a file or string of data.

As long as the data has not changed (and the same hashing algorithm is used), the hash will always be the same. The two primary hashing algorithms used today are Message Digest 5 (MD5) and Secure Hashing Algorithm 1 (SHA-1).

EG, if you calculate the hash of the phrase “ILoveSecurity” with the MD5 hashing algorithm it will always be E7F8B292F4F5C2F98E5DF1435EB73D1B.

HOW TO SECURE INTEGRITY

EG, if you calculate the hash of the phrase “ILoveSecurity” with the MD5 hashing algorithm it will always be E7F8B292F4F5C2F98E5DF1435EB73D1B.

One way hashes are used is by detection systems that calculate hashes of key files. The detection systems later check these files to determine if the hash is the same. If the hash has been modified, the file has lost integrity and is considered suspect.

For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information.

 High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks such as a flood of incoming messages to the target system essentially forcing it to shut down.

AVAILABILITY

Primary methods that organizations use to protect against loss of availability are fault tolerant systems.

 Fault tolerance means that a system can develop a fault, yet tolerate it and continue to operate. This is often accomplished with redundant systems such as redundant

Backups ensure that that important data is backed up and can be restored if the original data becomes corrupt

HOW TO SECURE AVAILABILITY

Fault tolerance and redundancies can be implemented at multiple levels. For example, RAID-1 is a mirror of two drives; if one drive fails, the other drive still holds all the data. RAID-5 (striping with parity) uses three or more drives and uses parity to recreate the data if any drive fails. RAID-10 combines the features of a RAID-1 with the features of a RAID-0 array.

A potential cause of an incident, that may result in harm of systems and organization

Computer networks are typically a shared resource used by many applications representing different interests.

The Internet is particularly widely shared, being used by competing businesses, mutually antagonistic governments, and opportunistic criminals.

THREATS

Key Pre DistributionAuthentication ProtocolsExample SystemsFirewalls

CHAPTER OUTLINE

To use ciphers and authenticators, the communicating participants need to know what keys to use.

In the case of a symmetric-key cipher, how does a pair of participants obtain the key they share?

In the case of a public-key cipher, how do participants know what public key belongs to a certain participant?

The answer differs depending on whether the keys are short-lived session keys or longer-lived pre-distributed keys.

1) KEY PRE DISTRIBUTION

A session key is a key used to secure a single, relatively short episode of communication: a session. Each distinct session between a pair of participants uses a

new session key, which is always a symmetric-key key for speed.

The participants determine what session key to use by means of a protocol—a session key establishment protocol.

A session key establishment protocol needs its own security (so that, for example, an adversary cannot learn the new session key); that security is based on the longer-lived pre-distributed keys.

There are several motivations for this division of labor between session keys and pre-distributed keys:Limiting the amount of time a key is used results in less

time for computationally intensive attacks, less ciphertext for cryptanalysis, and less information exposed should the key be broken.

Pre-distribution of symmetric keys is problematic.Public key ciphers are generally superior for authentication

and session key establishment but too slow to use encrypting entire messages for confidentiality.

Pre-Distribution of Public KeysOne of the major standards for certificates is known as

X.509. This standard leaves a lot of details open, but specifies a basic structure. A certificate clearly must includethe identity of the entity being certifiedthe public key of the entity being certifiedthe identity of the signerthe digital signaturea digital signature algorithm identifier (which cryptographic hash

and which cipher)

Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) is a widely used approach to providing

security for electronic mail. It provides authentication, confidentiality, data integrity, and nonrepudiation.

Originally devised by Phil Zimmerman, it has evolved into an IETF standard known as OpenPGP

PGP’s confidentiality and receiver authentication depend on the receiver of an email message having a public key that is known to the sender.

To provide sender authentication and nonrepudiation, the sender must have a public key that is known by the receiver.

These public keys are pre-distributed using certificates and a web-of-trust PKI.

PGP supports RSA and DSS for public key certificates.

EXAMPLE SYSTEMS

Secure Shell (SSH)The Secure Shell (SSH) protocol is used to provide a remote

login service, and is intended to replace the less-secure Telnet and rlogin programs used in the early days of the Internet.

SSH is most often used to provide strong client/server authentication/ message integrity—where the SSH client runs on the user’s desktop machine and the SSH server runs on some remote machine that the user wants to log into—but it also supports confidentiality.

Telnet and rlogin provide none of these capabilities. Note that “SSH” is often used to refer to both the SSH

protocol and applications that use it; you need to figure out which from the context.

A firewall is a system that typically sits at some point of connectivity between a site it protects and the rest of the network.

It is usually implemented as an “appliance” or part of a router, although a “personal firewall” may be implemented on an end user machine.

Firewall-based security depends on the firewall being the only connectivity to the site from outside; there should be no way to bypass the firewall via other gateways, wireless connections, or dial-up connections.

FIREWALLS

In effect, a firewall divides a network into a more-trusted zone internal to the firewall, and a less-trusted zone external to the firewall.

This is useful if you do not want external users to access a particular host or service within your site.

Firewalls may be used to create multiple zones of trust, such as a hierarchy of increasingly trusted zones.

A common arrangement involves three zones of trust: the internal network; the DMZ (“demilitarized zone”); and the rest of the Internet.

Firewalls filter based on IP, TCP, and UDP information, among other things.

They are configured with a table of addresses that characterize the packets they will, and will not, forward.

By addresses, we mean more than just the destination’s IP address, although that is one possibility.

Generally, each entry in the table is a 4-tuple: It gives the IP address and TCP (or UDP) port number for both the source and destination.

A firewall filters packets flowing between a site and the rest of the Internet