Build Internet Infrastructure

Training, Teaching and Learning Materials Development Lo-4

Ethiopian TVET-System
INFORMATION TECHNOLOGY
HARDWARE AND NETWORK SERVICE
LEVEL IV

LEARNING GUIDE # 12
Unit of Competence : Build Internet Infrastructure
Module Title : Building Internet Infrastructure
LG Code : ICT HNS4 M03 1110

TTLM Code : ICST HNS4 TTLM 0511

LO 4. Ensure user accounts are verified for security

INTRODUCTIO
Learning Guide # 12
N

This learning guide is developed to provide you the necessary information regarding the following content coverage
and topics –

 Ensure user accounts are verified for security

 Test Security and Internet Access

This guide will also assist you to attain the learning outcome stated in the cover page.
Specifically, upon completion of this Learning Guide, you will be able to –

 Verified User settings to ensure that they conform to security policies.

 Legal notices are displayed at appropriate locations for system users.

Collected & prepared by: ICT Page 1

 Build Internet Infrastructure
Training, Teaching and Learning Materials Development Lo-4

 Policies and verified Passwords are checked in accordance with business software utility tools.

Learning Activities
1. Read the specific objectives of this Learning Guide.
2. Read the information written in the “Information Sheets 1” in pages 3-4.
3. Accomplish the “Self-check” in page 4.
4. If you earned a satisfactory evaluation proceed to “Information Sheet 2”. However, if your rating is unsatisfactory,
see your teacher for further instructions or go back to Learning Activity # 9.
5. Submit your accomplished Self-check. This will form part of your training portfolio.
6. Read the information written in the “Information Sheet 2” in pages 5-6.
7. Accomplish the “Self-check” in page 6.
4. If you earned a satisfactory evaluation proceed to “Information Sheet 3”. However, if your rating is unsatisfactory,
see your teacher for further instructions or go back to Learning Activity # 9.
5. Submit your accomplished Self-check. This will form part of your training portfolio.
6. Read the information written in the “Information Sheet 3” in pages 7-11.
7. Accomplish the “Self-check” in page 11.

8. However, if your rating is unsatisfactory, see your teacher for further instructions or go back to Learning Activity
#9.
9. Your teacher will evaluate your output either satisfactory or unsatisfactory. If unsatisfactory, your teacher shall
advice you on additional work. But if satisfactory you can proceed to Learning Guide 13.

 Your teacher will evaluate your output either satisfactory or unsatisfactory. If unsatisfactory, your teacher
shall advice you on additional work. But if satisfactory you can proceed to the next topic.

Information Sheet 1 Test Security and Internet Access

Test Security and Internet Access
Security Mechanisms
Cryptographic algorithms are just one piece of the picture when it comes to providing security in a network. The
next thing we need is a set of mechanisms and protocols for solving various problems. In this section we
examine mechanisms that are used to authenticate participants, techniques for assuring the integrity of messages,
and some approaches to solving the problem of distributing public keys.
Authentication and Authorization
• Authentication verifies user identification
• Client/server environment
• Ticket-granting system
• Authentication server system

Collected & prepared by: ICT Page 2

 Build Internet Infrastructure
Training, Teaching and Learning Materials Development Lo-4

• Cryptographic authentication
• Messaging environment
• e-mail
• e-commerce
• Authorization grants access to information
• Read, read-write, no-access
• Indefinite period, finite period, one-time use

Firewalls
• The main purpose of firewall is to protect a network from external attacks.
• It monitors and controls traffic into and out of a secure network.
• It can be implemented in a router, gateway, or special host.
• A firewall is normally located at the gateway to a network, but it may also be located at host access points.
• Implementing a firewall to a network yields numerous benefits .
• It reduces the risk of access to hosts from an external network by filtering insecure services.
• Firewalls involve the use of packet filtering or

application-level gateways as the two primary techniques of controlling undesired traffic.

Packet Filters
• Packet filtering is based on protocol-specific criteria.

Collected & prepared by: ICT Page 3

 Build Internet Infrastructure
Training, Teaching and Learning Materials Development Lo-4

• It is done at the OSI data link, network, and transport layers.

• Packet filters are implemented in some commercial routers, called screening routers or packet filtering routers.
• We will use the generic term packet filtering rooters here.
• Although routers do not look at the transport layers, some vendors have implemented this additional feature to
sell them as firewall routers.
• The filtering is done on the following parameters:
• source IP address, destination IPaddress, source TCP/UDP port, and destination TCP/IP port.
• The filtering is implemented in each port of the router and can be programmed independently .

• Packet filtering routers can either drop packets or redirect them to specific hosts for further screening, as shown
in the above Figure.
• Some packets never reach the local network
because they are trashed.
• A packet filtering firewall works well when the rules to be implemented are simple.
• However, the more rules introduced, the more difficult it is to implement.
• The rules have to be implemented in the right order or they may produce adverse effects.
• Testing arid, debugging are also difficult in packet filtering .
Application-Level Gateway
• An application-level gateway is used to overcome some of the problems identified for packet filtering.

• From the figure Firewalls I and 2 will forward data only if it is going to or coming from the application
gateway.
• Thus a secured LAN is a gateway LAN.
• An application gateway behaves differently for each application, and filtering is handled by the proxy services
in the gateway.

Collected & prepared by: ICT Page 4

 Build Internet Infrastructure
Training, Teaching and Learning Materials Development Lo-4

• Firewalls protect a secure site by checking addresses (e.g., IP address), transport parameters (e.g., as FTP and
SMTP), and applications.
• However, how do we protect access from an external source based on a user who is using false identification?
• Moreover, how do we protect against an intruder manipulating the data while it is traversing the network
between source and destination?
• These concerns are addressed by ensuring secure communication.
Cryptography
• For secure communication we need to ensure integrity protection and authentication validation.
• Integrity protection makes sure that information has not been tampered with as it moves between source and
destination.
• Authentication validation verifies originator identification.
• In other words, when someone receives a message that identifies the sender, can the receiver really be sure who
sent the message?
Cryptographic Communication
• Cryptography means secret (crypto) writing (graphy).
• It deals with techniques of transmitting information from a sender to a receiver without any intermediary being
able to decipher it.

• The basic model of cryptographic communication is shown in the Figure below.

• The input message, called plaintext, is encrypted with a secret (encryption) key.
• The encrypted message is called ciphertext, which moves through an unsecure communication channel, the
Internet for example.
Secret key Cryptography
• The Caesar cipher was later enhanced by the makers of Ovaltine and distributed as Captain Midnight Secret
Decoder rings . Each letter as replaced by another letter n letters later in the alphabet (i.e., key of n). Of course,
the sender and the receiver have to agree ahead of time on the secret key for successful communication.
• It's the same key used for encryption and decryption and is called secret key cryptograph.
• The encryption and decryption modules can be implemented in either: hardware or software.

Public Key Cryptography

• In private key cryptography each pair of users must have a secret key.
• Public key cryptography [Diffe W & Hellman M; Kaufman C, Perlman R, & Speciner MJ overcomes the
difficulty of having too many cryptography keys.
• The secret key cryptography is symmetric in that the same key is used for both encryption and decryption, but
public key cryptography is asymmetric with a public key and a private key, which are different.
• Let us return to Our Ian, Rita, and Ted scenario to illustrate. In Figure below,

Collected & prepared by: ICT Page 5

 Build Internet Infrastructure
Training, Teaching and Learning Materials Development Lo-4

Assignment:-
- Write on SNMP (Simple Network Management Protocol) & its Versions
Self-Check 1 Written Test
Name:____________________ Date:_________________
Instruction: Answer all the questions listed below, if you have some clarifications- feel free to ask your teacher.
1. ________ are just one piece of the picture when it comes to providing security in a network.? (2 point)
2. What is Public Key Cryptography? (2 point)
3. What is Secret key Cryptography? (2 point)
4. What is Authentication and Authorization? (2 point)
5. What is Cryptography? (2 point)
6. What is Application-Level Gateway? (2 point)
7. What is Packet Filters ? (2 point)
8. What is Firewalls ? (2 point)
9. What is Cryptographic Communication? (2 point)
Note: Satisfactory rating – 18 points above / Unsatisfactory - below 12 points

You can ask you teacher for the copy of the correct answers

Collected & prepared by: ICT Page 6

 Build Internet Infrastructure
Training, Teaching and Learning Materials Development Lo-4

Formative exam lo4

Name_________________________________________ Id No.________ Date ____________

Part I Short answer

1. ________ are just one piece of the picture when it comes to providing security in a network.? (2 point)
2. What is Public Key Cryptography?
3. What is Secret key Cryptography?
4. What is Authentication and Authorization?
5. What is Cryptography?
6. What is Application-Level Gateway?
7. What is Packet Filters ?
8. What is Firewalls ?
9. What is Cryptographic Communication?

Collected & prepared by: ICT Page 7