Network Security

SUBMITTED TO SUBMITTED BY
Miss. Priya Jain Saurav Jha
Sr. Lecturer 0914IT071077
CS/IT

1 12/08/21 ms
 What do we need to protect

• Data
• Resources
• Reputation

2 12/08/21 ms
 Types of Attacks

• Passive
• Active
– Denial of Services

3 12/08/21 ms
 Security Objectives
• Identification
• Authentication
• Authorization
• Access Control
• Data Integrity
• Confidentiality
• Non-repudiation

4 12/08/21 ms
 Identification
• Something which uniquely identifies a
user and is called UserID.
• Sometime users can select their ID as
long as it is given too another user.
• UserID can be one or combination of
the following:
– User Name
– User Student Number
– User SSN

5 12/08/21 ms
 Authentication
• The process of verifying the identity of
a user
• Typically based on
– Something user knows
• Password
– Something user have
• Key, smart card, disk, or other device
– Something user is
• fingerprint, voice, or retinal scans

6 12/08/21 ms
 Authentication Cont.
• Authentication procedure
– Two-Party Authentication
• One-Way Authentication
• Two-Way Authentication
– Third-Party Authentication
• Kerberos
• X.509
– Single Sign ON
• User can access several network resources
by logging on once to a security system.

7 12/08/21 ms
 C lie n t S e rv e r

U se rID & P a ssw o rd

O n e -w a y A u th e n tic a tio n

A u th e n tic a te d

S e rv e rID &
T w o -w a y A u th e n tic a tio n
P a ssw o rd

A u th e n tic a te d

T w o - P a r ty A u th e n tic a tio n s

8 12/08/21 ms
 S e c u r ity S e r v e r

Se
d
or

rv
sw

er
as

ID
ed
,P

,P
at
ID

as
Au
ic
nt

sw
th
nt
ie

e
e

or
nt
Cl

th

d
ic
Au

at
ed
Exchange Keys
C lie n t S e rv e r
E x c h a n g e D a ta

T h ir d -P a r ty A u th e n tic a tio n s

9 12/08/21 ms
 Authorization

• The process of assigning access right

to user

10 12/08/21 ms
 Access Control
• The process of enforcing access right
• and is based on following three entities
– Subject
• is entity that can access an object
– Object
• is entity to which access can be controlled
– Access Right
• defines the ways in which a subject can
access an object.

11 12/08/21 ms
 Access Control Cont.
• Access Control is divided into two
– Discretionary Access Control (DAC)
• The owner of the object is responsible for
setting the access right.
– Mandatory Access Control (MAC)
• The system defines access right based on
how the subject and object are classified.

12 12/08/21 ms
 Data Integrity.

• Assurance that the data that

arrives is the same as when it was
sent.

13 12/08/21 ms
 Confidentiality

• Assurance that sensitive

information is not visible to an
eavesdropper. This is usually
achieved using encryption.

14 12/08/21 ms
 Non-repudiation

• Assurance that any transaction

that takes place can subsequently
be proved to have taken place.
Both the sender and the receiver
agree that the exchange took
place.

15 12/08/21 ms
 Security Mechanisms

• Web Security
• Cryptographic techniques
• Internet Firewalls

16 12/08/21 ms
 Web Security

• Basic Authentication
• Secure Socket Layer (SSL)

17 12/08/21 ms
 Basic Authentication

A simple user ID and password-based

authentication scheme, and provides the
following:
– To identify which user is accessing the server
– To limit users to accessing specific pages
(identified as Universal Resource Locators, URLs

18 12/08/21 ms
 Secure Socket Layer (SSL)

• Netscape Inc. originally created the SSL protocol, but

now it is implemented in World Wide Web browsers and
servers from many vendors. SSL provides the following
- Confidentiality through an encrypted connection based on
symmetric keys
- Authentication using public key identification and verification
- Connection reliability through integrity checking
• There are two parts to SSL standard, as follows:
 The SSL Handshake is a protocol for initial authentication and
transfer of encryption keys.
 The SSL Record protocol is a protocol for transferring encrypted
data

19 12/08/21 ms
 Secure Socket Layer Cont..
 The client sends a "hello" message to the Web server, and
the server responds with a copy of its digital certificate.
 The client decrypts the server's public key using the well-
known public key of the Certificate Authority such as
VeriSign.
 The client generates two random numbers that will be used
for symmetric key encryption, one number for the receiving
channel and one for the sending channel. These keys are
encrypted using the server's public key and then transmitted
to the server.
 The client issues a challenge (some text encrypted with the
send key) to the server using the send symmetric key and
waits for a response from the server that is using the receive
symmetric key.
 Optional, server authenticates client
 Data is exchanged across the secure channel.

20 12/08/21 ms
 Cryptographic Techniques

• Secret Key Algorithm

• Public Key Algorithm
• Secure Hash Function
• Digital Signature
• Certificate Authority

21 12/08/21 ms
 Secret Key Algorithm

S e c re t K e y S e c re t K e y

E n c r y p t io n D e c r y p tio n
C le a r T e x t C ip h e r T e x t C le a r T e x t

Bob A lic e

22 12/08/21 ms
 Public Key Algorithm

A lic e 's P u b lic A lic e 's

Key P r iv a te K e y

E n c r y p tio n D e c r y p tio n
C le a r T e x t C ip h e r T e x t C le a r T e x t

Bob A lic e

23 12/08/21 ms
 Digital Signature

A lic e 's A lic e 's

P r iv a te K e y P u b lic K e y

D e c r y p tio n &
E n c r y p tio n
A u th e n tic a tio n
C le a r T e x t C ip h e r T e x t C le a r T e x t

A lic e Bob

24 12/08/21 ms
 Certificate Authority

R e q u e s t B o b 's C e r tific a te
P u b lic K e y A u th o r ity P u b lis h P u b lic
Key

B o b 's P u b lic
Key

A lic e Bob
C ip h e r T e x t

25 12/08/21 ms
 Internet Firewall
• A firewall is to control traffic flow between
networks.
• Firewall uses the following techniques:
– Packet Filters
– Application Proxy

26 12/08/21 ms
 Packet Filtering
• Most commonly used firewall technique
• Operates at IP level
• Checks each IP packet against the filter rules
before passing (or not passing) it on to its
destination.
• Very fast than other firewall techniques
• Hard to configure

27 12/08/21 ms
 Packet Filter Cont..

Packet
N o n -S e c u re S e c u re
F ilte r in g
N e tw o rk N e tw o rk
S e rv e r

28 12/08/21 ms
 Application Proxy
• Application Level Gateway
• The communication steps are as follows
– User connects to proxy server
– From proxy server, user connects to destination
server
• Proxy server can provide
– Content Screening
– Logging
– Authentication

29 12/08/21 ms