Network Security

•Dictionary.com says:▫1. Freedom from risk or danger; safety.▫2. Freedom from doubt, anxiety, or fear;

confidence.▫3. Something that gives or assures safety, as:

1. A group or department of private guards: Call building security if a visitor acts suspicious.

2. Measures adopted by a government to prevent espionage, sabotage, or attack.

3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.

…etc.

2

Communication protocol defines the rules and data formats for exchangingInformation in a network

* It consists of policies and provisions adopted by thenetwork administrator to prevent the unauthorizedaccess, misuse, modification, or denial of network and network-accessible resources

˃˃ Network security starts with authenticating the user, commonly with a username and a password. Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users.

˃˃ Communication between two hosts using a network may be encrypted to maintain privacy.

Threats And ToolsThreats And ToolsThreats to network security include:

Viruses : Computer programs written by devious programmers and designed to replicate themselves and infect computers when triggered by a specific event.

Trojan horse programs : Delivery vehicles for destructive code, which appear to be harmless or useful software programs such as games.

Vandals : Software applications or applets that cause destruction .

Attacks : Including all types of attacks like hacking,password cracking and other technical means.

Data interception : Involves eavesdropping on communications or altering data packets being transmitted.

Social engineering : Obtaining confidential network security information through nontechnical means.

Network security tools include:Network security tools include:Antivirus software packages : These packages counter most virus threats if regularly updated and correctly maintained.

Secure network infrastructure : Switches and routers have hardware and software features that support secure connectivity.

Virtual private networks : These networks provide access control and data encryption between two different computers on a network.

Biometrics : These services help to identify users and control their activities and transactions on the network.

Encryption : Encryption ensures that messages cannot be intercepted or read by anyone other than the authorized recipient.

Security management : This is the glue that holds together the other building blocks of a strong security solution.

Some more Prevention Techniques of network security are

Prevention Techniques:˃˃ Cryptography˃˃ Firewall˃˃ Digital Signature˃˃ Biometrics- MOST MODERN

Types Of Threats•Denial-of-Service : DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address.

•Unauthorized Access :``Unauthorized access'' is a very high-level term that can refer to a number of different sorts of attacks.

•Confidentiality Breaches :There is certain information that could be quite damaging if it fell into the hands of a competitor, an enemy, or the public.

•Destructive Behavior :Among the destructive sorts of break-ins and attacks, there are two major categories.

•Data Diddling :The data diddler is likely the worst sort, since the fact of a break-in might not be immediately obvious.

Prevention techniques functionsCryptography˃˃ Cryptography is the science of information

security.

˃˃ cryptography is most often associated with scrambling plaintext into ciphertext.

˃˃ Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people.

˃˃ Decryption is the process of converting encrypted data back into its original form, so it can be understood.

www.bioenabletech.com

Digital Signature˃˃ A digital signature is an electronic

signature that can be used to authenticate the identity of the sender of a message .

˃˃ A digital signature can be used with any kind of message, whether it is encrypted or not.

˃˃ They can be used with PDF,e-mail messages, and word processing documents.

˃˃ The digital signature is simply a small block of data that is attached to documents you sign. It is generated from your digital ID, which includes both a private and public key.

www.bioenabletech.com

•Firewall˃˃ Firewalls can be implemented in both

hardware and software, or a combination of both.

˃˃ Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.

There are several types of firewall techniques:

˃˃ Packet filter˃˃ Application gateway˃˃ Circuit-level gateway˃˃ Proxy server

•Biometrics˃˃ Biometrics is the science and technology

of measuring and analyzing biological data.˃˃ Biometrics is the technique of using

unique, non-transferable, physical characteristics, such as fingerprints, to gain entry for personal identification.

˃˃ This replaces pin codes and passwords, which can be forgotten, lost or stolen. Biometric IDs cannot be transferred.

˃˃ DNA, fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for authentication purposes.

Types of biometricsFinger Print:˃˃ Everyone is known to have unique,

immutable fingerprints. ˃˃ A fingerprint is made of a series of

ridges and furrows on the surface of the finger.

Iris Scan:˃˃ Iris scan biometrics employs the unique

characteristics and features of the human iris in order to verify the identity of an individual.

˃˃ The iris is the area of the eye where the pigmented or colored circle, usually brown or blue, rings the dark pupil of the eye.

www.bioenabletech.com

Face Recognition:˃˃ Facial recognition systems are built on

computer programs that analyze images of human faces for the purpose of identifying them.

˃˃ The programs take a facial image, measure characteristics such as the distance between the eyes, the length of the nose, and the angle of the jaw, and create a unique file called a template.

Voice:˃˃ Voice recognition technology utilizes the

distinctive aspects of the voice to verify the identity of individuals.

˃˃ Voice recognition technology, by contrast, verifies the identity of the individual who is speaking.

˃˃ The two technologies are often bundled – speech recognition is used to translate the spoken word into an account number, and voice recognition verifies the vocal characteristics against those associated with this account.

www.bioenabletech.com

Signature:˃˃ Signature verification is the process

used to recognize an individual’s hand-written signature.

˃˃ Dynamic signature verification technology uses the behavioral biometrics of a hand written signature to confirm the identity of a computer user.

˃˃ This is done by analyzing the shape, speed, stroke, pen pressure and timing information during the act of signing.

˃˃ Financial institutions and banks˃˃ Internet service providers˃˃ Pharmaceutical companies˃˃ Government and defense agencies˃˃ Contractors to various government agencies˃˃ Multinational corporations˃˃ ANYONE ON THE NETWORK

18

Basic safety to be followed..

•Don't put data where it doesn't need to be,

•Avoid systems with single points of failure,

•Stay current with relevant operating system patches,

•Don't put data where it doesn't need to be :

Information that doesn't need to be accessible from the outside world sometimes is, and this can needlessly increase the severity of a break-in dramatically.

•Avoid systems with single points of failure :

Any security system that can be broken by breaking through any one component isn't really very strong.

•Stay current with relevant operating system patches :

Be sure that someone who knows what you've got is watching the vendors' security advisories.

What are system securities to be followed?

•Firewalls,

•Router,

•Access Control List (ACL),

•Demilitarized Zone (DMZ),

Intranet

DMZInternet

Web server, email server, web proxy, etc

•Firewalls :

In order to provide some level of separation between an organization's intranet and the Internet, firewalls have been employed. A firewall is simply a group of components that collectively form a barrier between two networks.

•Router :

A special purpose computer for connecting networks together. Routers also handle certain functions, such as routing , or managing the traffic on the networks they connect.

•Access Control List (ACL) :

Many routers now have the ability to selectively perform their duties, based on a number of facts about a packet that comes to it. This includes things like origination address, destination address, destination service port, and so on. These can be employed to limit the sorts of packets that are allowed to come in and go out of a given network.

•Demilitarized Zone (DMZ) :

The importance of a DMZ is tremendous: someone who breaks into your network from the Internet should have to get through several layers in order to successfully do so. Those layers are provided by various components within the DMZ

•Secure Network Devices,

•Secure Modems; Dial-Back Systems,

•Crypto-Capable Routers,

•Virtual Private Networks.

•Secure Network Devices :

It's important to remember that the firewall is only one entry point to your network. Modems, if you allow them to answer incoming calls, can provide an easy means for an attacker to sneak around (rather than through ) your front door

•Secure Modems; Dial-Back Systems :If modem access is to be provided, this should be guarded carefully. The terminal server , or network device that provides dial-up access to your network needs to be actively administered, and its logs need to be examined for strange behavior. Its passwords need to be strong

•Crypto-Capable Routers :A feature that is being built into some routers is the ability to use session encryption between specified routers. Because traffic traveling across the Internet can be seen by people in the middle who have the resources (and time) to snoop around, these are advantageous for providing connectivity between two sites, such that there can be secure routes.

•Virtual Private Networks :For an organization to provide connectivity between a main office and a satellite oneis to provide both offices connectivity to the Internet. Then, using the Internet as the medium, the two offices can communicate.

The danger in doing this, of course, is that there is no privacy on this channel.VPNs provide the ability for two offices to communicate with each other in such a way that it looks like they're directly connected over a private leased line. The session between them, although going over the Internet, is private (because the link is encrypted),

Network Security Toolkit : 

The Network Security Toolkit (NST) is a Linux-based Live CD that provides a set of open source computer security and networking tools to perform routine security and networking diagnostic and monitoring tasks.

Advantage of network security

˃˃ Protects personal data of clients on the network.˃˃ Protects information been shared between

computers on the network. ˃˃ Protects the physical computers from harm based

from possible attacks on the network from the outside.

˃˃ Private networks can be closed off from the internet making them protected from most outside attacks. Which makes them secure from Virus attacks.

Security is a very difficult topic. Everyone has a different idea of what ``security'' is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization . Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. Projects and systems can then be broken down into their components, and it becomes much simpler to decide whether what is proposed will conflict with your security policies and practices.

THANK YOU

BE SECURED & SAFE