Scribd
Upload
4 views

Chapter 7_Computer Network Security Basics

Uploaded by

gadisa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
4 views

Chapter 7_Computer Network Security Basics

Uploaded by

gadisa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 13

Wollega University

Department of Informatics
Data Communication and Computer
Networking

Jan 2021
1
Chapter Seven
Computer Network
Security Basics
2
What is “Security”?
• Dictionary.com says:
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear; confidence.
3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor
acts suspicious.
2. Measures adopted by a government to prevent espionage, sabotage, or
attack.
3. Measures adopted, as by a business or homeowner, to prevent a crime
such as burglary or assault: Security was lax at the firm's smaller plant.
…etc.
Why do we need “Security”?
• Protect vital information while still allowing
access to those who need it
• Trade secrets, medical records, etc.
• Provide authentication and access control for
resources
• Ex: AFS
• Guarantee availability of resources
• Ex: 5 9’s (99.999% reliability)
Who is vulnerable?
• Financial institutions and banks
• Internet service providers
• Pharmaceutical companies
• Government and defense agencies
• Contractors to various government agencies
• Multinational corporations
• ANYONE ON THE NETWORK
Common Security Attacks & their
countermeasures
• Finding a way into the network
Firewalls
• Exploiting software bugs, buffer overflows
Intrusion Detection Systems
• Denial of Service
Ingress filtering, IDS
• TCP hijacking
IPSec
• Packet sniffing
Encryption (SSH, SSL, HTTPS)
• Social problems
Education
Firewall
• Basic problem – many network applications and protocols have security problems
that are fixed over time
 Difficult for users to keep up with changes and keep host secure
 Solution
 Administrators limit access to end hosts by using a firewall
 Firewall is kept up-to-date by administrators

• A firewall is a device (usually a router or a computer) installed between the


internal network of an organization and the rest of the Internet.
 It is designed to forward some packets and filter (not forward) others.
• A firewall is like a castle with a drawbridge
 Only one point of access into the network
 This can be good or bad
Firewall
• Can be hardware or software
 Ex. Some routers come with firewall functionality
 ipfw, ipchains, pf on Unix systems, Windows XP and Mac OS X
have built in firewalls

Internet DMZ
Web server, email
server, web proxy, etc
Firewall

Firewall
Intranet
Intrusion Detection
• Used to monitor for “suspicious activity” on a network
 Can protect against known software exploits, like buffer overflows
• Open Source IDS: Snort, www.snort.org
• Uses “intrusion signatures”
 Well known patterns of behavior
Ping sweeps, port scanning, web server indexing, OS fingerprinting, DoS
attempts, etc.
Denial of Service
• Purpose: Make a network service unusable, usually by
overloading the server or network
• Many different kinds of DoS attacks
 SYN flooding
 SMURF
 Distributed attacks
TCP Attack
• Recall how IP works…
 End hosts create IP packets and routers process them
purely based on destination address alone
• Problem: End hosts may lie about other fields which
do not affect delivery
 Source address – host may trick destination into believing
that the packet is from a trusted source
Especially applications which use IP addresses as a simple authentication
method
Solution – use better authentication methods
Packet Sniffing
• Recall how Ethernet works …
• When someone wants to send a packet to some else …
• They put the bits on the wire with the destination MAC address …
• And remember that other hosts are listening on the wire to detect for
collisions …
• It couldn’t get any easier to figure out what data is being transmitted
over the network!
• This works for wireless too!
• In fact, it works for any broadcast-based medium
Social Problems
• People can be just as dangerous as unprotected computer
systems
 People can be lied to, manipulated, bribed, threatened, harmed,
tortured, etc. to give up valuable information
 Most humans will breakdown once they are at the “harmed” stage,
unless they have been specially trained
Think government here…

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy