Lec 5:SECURITY IN NETWORK

Definition

A computing network is a computing environment with more than one independent processors.
May be multiple users per system. Distance between computing systems is not considered (a communications media problem) Size of computing systems is not relevant.

What is a Network can Provide?

~ Logical interface function

~ Sending messages

~ Receiving messages

~ Executing program

~ Obtaining status information

~ Obtaining status information on other network users and their status

Type of Network

One way to categorize the different types of computer network designs is by their scope or scale. For historical reasons, the networking industry refers to nearly every type of design as some kind of area network. Common examples of area network types are:

• LAN - Local Area Network
• WLAN - Wireless Local Area Network
• WAN - Wide Area Network
• MAN - Metropolitan Area Network
• SAN - Storage Area Network, System Area Network, Server Area Network, or sometimes Small Area Network

Three Network Topologies

The network topology describes the method used to do the physical wiring of the network. The main ones are bus, star, and ring.

1. Bus - Both ends of the network must be terminated with a terminator. A barrel connector can be used to extend it.
2. Star - All devices revolve around a central hub, which is what controls the network communications, and can communicate with other hubs. Range limits are about 100 meters from the hub.
3. Ring - Devices are connected from one to another, as in a ring. A data token is used to grant permission for each computer to communicate.

There are also hybrid networks including a star-bus hybrid, star-ring network, and mesh networks with connections between various computers on the network. Mesh networks ideally allow each computer to have a direct connection to each of the other computers. The topology this documentation deals with most is star topology since that is what ethernet networks use.

Who Couse Security Problem

Ò

Ò~Hacker

Ò~Spy

Ò~Student

Ò~Businessman

Ò~Ex-employee

Ò~Stockbroker

Ò~Terrorist

Network Security Control

Ò~Encryption

Ò~Strong Authentication

Ò~IPSec,VPN,SSH

Ò~Kerberos

Ò~Firewall

Ò~Intrusion Detection System (IDS)

Ò~Intrusion Prevention System (IPS)

Ò~Honeypot

Encryption

Encryption is the most effective way to achieve data security . To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text; encrypt data is referred to as cipher text


Hacking And Preventation

Ò~motivated by thrill of access and status

É @hacking community a strong meritocracy

É @status is determined by level of competence

Ò~benign intruders might be tolerable

É @do consume resources and may slow performance

É @can’t know in advance whether benign or malign

Ò~IDS / IPS / VPNs can help counter

Ò~awareness led to establishment of CERTs

É @collect / disseminate vulnerability info / responses

Covering Track

Ò~Every activity is logged
~Syslog, accesslog, eventlog,