Build Internet Infrastructure

Training, Teaching and Learning Materials Development Lo-4

Ethiopian TVET-System

Unit of Competence : Build Internet Infrastructure
Module Title : Building Internet Infrastructure
LG Code : ICT HNS4 M03 1110


LO 4. Ensure user accounts are verified for security

Learning Guide # 12

This learning guide is developed to provide you the necessary information regarding the following content coverage
and topics –

 Ensure user accounts are verified for security

 Test Security and Internet Access

This guide will also assist you to attain the learning outcome stated in the cover page.
Specifically, upon completion of this Learning Guide, you will be able to –

 Verified User settings to ensure that they conform to security policies.

 Legal notices are displayed at appropriate locations for system users.

Build Internet Infrastructure
Training, Teaching and Learning Materials Development Lo-4

 Policies and verified Passwords are checked in accordance with business software utility tools.

Information Sheet 1 Test Security and Internet Access

Test Security and Internet Access
Security Mechanisms
Cryptographic algorithms are just one piece of the picture when it comes to providing security in a network. The
next thing we need is a set of mechanisms and protocols for solving various problems. In this section we
examine mechanisms that are used to authenticate participants, techniques for assuring the integrity of messages,
and some approaches to solving the problem of distributing public keys.
Authentication and Authorization
• Authentication verifies user identification
• Client/server environment
• Ticket-granting system
• Authentication server system

Build Internet Infrastructure
Training, Teaching and Learning Materials Development Lo-4

• Cryptographic authentication
• Messaging environment
• e-mail
• e-commerce
• Authorization grants access to information
• Read, read-write, no-access
• Indefinite period, finite period, one-time use

• The main purpose of firewall is to protect a network from external attacks.
• It monitors and controls traffic into and out of a secure network.
• It can be implemented in a router, gateway, or special host.
• A firewall is normally located at the gateway to a network, but it may also be located at host access points.
• Implementing a firewall to a network yields numerous benefits .
• It reduces the risk of access to hosts from an external network by filtering insecure services.
• Firewalls involve the use of packet filtering or

application-level gateways as the two primary techniques of controlling undesired traffic.

Packet Filters
• Packet filtering is based on protocol-specific criteria.

Build Internet Infrastructure
Training, Teaching and Learning Materials Development Lo-4

• It is done at the OSI data link, network, and transport layers.

• Packet filters are implemented in some commercial routers, called screening routers or packet filtering routers.
• We will use the generic term packet filtering rooters here.
• Although routers do not look at the transport layers, some vendors have implemented this additional feature to
sell them as firewall routers.
• The filtering is done on the following parameters:
• source IP address, destination IPaddress, source TCP/UDP port, and destination TCP/IP port.
• The filtering is implemented in each port of the router and can be programmed independently .

• Packet filtering routers can either drop packets or redirect them to specific hosts for further screening, as shown
in the above Figure.
• Some packets never reach the local network
because they are trashed.
• A packet filtering firewall works well when the rules to be implemented are simple.
• However, the more rules introduced, the more difficult it is to implement.
• The rules have to be implemented in the right order or they may produce adverse effects.
• Testing arid, debugging are also difficult in packet filtering .
Application-Level Gateway
• An application-level gateway is used to overcome some of the problems identified for packet filtering.

• From the figure Firewalls I and 2 will forward data only if it is going to or coming from the application
• Thus a secured LAN is a gateway LAN.
• An application gateway behaves differently for each application, and filtering is handled by the proxy services
in the gateway.

Build Internet Infrastructure
Training, Teaching and Learning Materials Development Lo-4

• Firewalls protect a secure site by checking addresses (e.g., IP address), transport parameters (e.g., as FTP and
SMTP), and applications.
• However, how do we protect access from an external source based on a user who is using false identification?
• Moreover, how do we protect against an intruder manipulating the data while it is traversing the network
between source and destination?
• These concerns are addressed by ensuring secure communication.
• For secure communication we need to ensure integrity protection and authentication validation.
• Integrity protection makes sure that information has not been tampered with as it moves between source and
• Authentication validation verifies originator identification.
• In other words, when someone receives a message that identifies the sender, can the receiver really be sure who
sent the message?
Cryptographic Communication
• Cryptography means secret (crypto) writing (graphy).
• It deals with techniques of transmitting information from a sender to a receiver without any intermediary being
able to decipher it.

• The basic model of cryptographic communication is shown in the Figure below.

• The input message, called plaintext, is encrypted with a secret (encryption) key.
• The encrypted message is called ciphertext, which moves through an unsecure communication channel, the
Internet for example.
Secret key Cryptography
• The Caesar cipher was later enhanced by the makers of Ovaltine and distributed as Captain Midnight Secret
Decoder rings . Each letter as replaced by another letter n letters later in the alphabet (i.e., key of n). Of course,
the sender and the receiver have to agree ahead of time on the secret key for successful communication.
• It's the same key used for encryption and decryption and is called secret key cryptograph.
• The encryption and decryption modules can be implemented in either: hardware or software.

Public Key Cryptography

• In private key cryptography each pair of users must have a secret key.
• Public key cryptography [Diffe W & Hellman M; Kaufman C, Perlman R, & Speciner MJ overcomes the
difficulty of having too many cryptography keys.
• The secret key cryptography is symmetric in that the same key is used for both encryption and decryption, but
public key cryptography is asymmetric with a public key and a private key, which are different.
• Let us return to Our Ian, Rita, and Ted scenario to illustrate. In Figure below,

Build Internet Infrastructure
Training, Teaching and Learning Materials Development Lo-4

- Write on SNMP (Simple Network Management Protocol) & its Versions
Build Internet Infrastructure
Training, Teaching and Learning Materials Development Lo-4

