1 / 28

Security

Security. Presented by : Qing Ma. Introduction. Security overview security threats password security, encryption and network security as specific. Security overview. Why do we need security? Security is basic requirement because global computing is inherently insecure.

nerina
Download Presentation

Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Presented by : Qing Ma

  2. Introduction • Security overview • security threats • password security, encryption and network security as specific

  3. Security overview • Why do we need security? Security is basic requirement because global computing is inherently insecure. • Also Information security computer security protects the information you stored in the computer

  4. Security overview • What are you trying to protect? You should analyze your system to know what you protecting and why you are protecting it. What value it has, and who has responsibility for your data and other assets.

  5. Security threats • A security threat can be as simple as interfering with your network normal operation or actively cracking you security and changing or taking control of network resources.

  6. Security threats The major types of threats are: • denial OS service(DoS)attack • buffer overflow • Trojan horses • intruders and physical security • intercepted transmissions • social engineering • lack of user support

  7. Password security and encryption What is encryption? • Transform original information into altered information of random text • intruder can not read password in the file, even if file security is breached • original password not preserved in the memory , when login just do the compare

  8. Password security and encryption • Shadow password file:store encrypted password data in file, which has the most restrictive protection . • Cryptographic keys: private key--use both to encrypt and todecrypt information public key system--use two keys with private one encrypt a message, with public one decrypt by the recipient

  9. Password security and encryption • Shell and file access telnet--use the standard user list for the OS, no encryption or authentication ftp--has basic authentication and access privilege protection SSh(secure shell)--a protocol that lets you log in and execute commands on another machine over network

  10. Password security and encryption Secure socket layer(SSL)--developed by Netscape that sits above the TCP/IP layer but below the higher protocols(http,ftp,ldap) provide standard way for authentication • secure files options SCP--part of SSH, provide authentication and encryption ftp over SSH--render insecure utility more protected SSL ftp--prevent packet sniffing

  11. Network security • Why network security network security is becoming more and more important as people spend more time connected. What makes it worse is that information can be leaked from the inside of your network to the internet.

  12. Network security Protocols • protocol allow user to think at the high level of a communication. • The software and hardware create a protocol stack, which is layered architecture for communication. • Two protocol stack: OSI(open system interconnection) and TCP/IP(transmission control protocol and internet protocol

  13. Network security Network ISO/OSI model • application layer • presentation layer • session layer • transport layer • network layer • data link layer • physical layer

  14. Network security Trusted/untrusted system • communication between trusted and untrusted networks must have rules associated with it. • A trusted system is inside a security perimeter. • Information outside the trusted network treated as single sensitivity level.

  15. Network security • A gateway controls traffic from inside and outside. • The function of gateway is label and filter data. Firewall a firewall is a system designed to prevent unauthorized access to or from a private network.

  16. firewall • How does it work? It is used to prevent unauthorized internet users form accessing private networks connected to the internet and intranet. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that don’t meet the specified security criteria.

  17. firewall • Fig1 firewall/proxy server

  18. firewall How does a proxy server work? • Run at the application level of network protocol stack for each different type of services • control internal users access the Internet and Internet users access the inside the world • return response to request from inside the firewall

  19. firewall Defensive strategies • firewall is perimeter defense system with “choke point” • monitor and block access at choke points • separate department and implement encryption throughout your organization • firewall do not protect against leaks

  20. firewall • Fig2 firewall provide perimeter defenses with choke points, like medieval castles

  21. firewall Classifying firewalls • screening router(packet filters) • proxy server gateway circuit-level gateway application-level gateway • stateful inspection techniques

  22. firewall • Fig 3 a screening router

  23. firewall • Fig4 a proxy server

  24. firewall Firewall policies • block all traffic, then allow specific services on case-by-case basis • network traffic and from outside networks such as the Internet must pass through the firewall. The traffic must be filtered to allow only authorized packets to pass

  25. firewall • Never use a firewall for genera-purpose file storage or to run programs, except for those required by the firewall • do not allow any passwords or internal addresses to cross the firewall • accept the fact that you might need to completely restore public systems from backup in the event of an attack

More Related