Professional Documents
Culture Documents
Chapter 7 Introdaction of Network
Chapter 7 Introdaction of Network
1
What is network security?
• While computer systems today have some of the
best security systems ever, they are more
vulnerable than ever before.
• This vulnerability stems from the world-wide
access to computer systems via the Internet.
• Network security is preventing attackers from
achieving objectives through unauthorized
access or unauthorized use of computers and
networks.
2
Basic Security Measures
The basic security measures for computer systems fall into the following categories:
4
Operational Security
5
Surveillance
6
Passwords and ID Systems
Passwords are the most common form of security and the most
abused.
Simple rules help support safe passwords, including:
1. Change your password often.
2. Pick a good, random password (minimum 8 characters,
mixed symbols).
3. Don’t share passwords or write them down.
4. Don’t select names and familiar objects as passwords.
7
Authentication
• Authentication is the process of reliably verifying
the identity of someone (or something) by means
of:
– A secret (password [one-time], ...)
– An object (smart card, ...)
– Physical characteristics (fingerprint, retina, ...)
– Trust
8
Passwords and ID Systems - Authentication?
9
Auditing
10
Access Rights
11
computer virus and a computer worm?
14
• A key is a number (or a set of numbers) that the cipher, as an
algorithm, operates on.
• To encrypt a message, we need an encryption algorithm, an
encryption key, and the plaintext. These create the ciphertext.
• To decrypt a message, we need a decryption algorithm, a
decryption key, and the ciphertext. These reveal the original
plaintext.
• We can divide all the cryptography algorithms (ciphers) into
two groups: symmetric-key (also called secret-key)
cryptography algorithms and asymmetric (also called public-
key) cryptography algorithms.
15
Symmetric-Key Cryptography
• In symmetric-key cryptography, the same key
is used by both parties. The sender uses this
key and an encryption algorithm to encrypt
data; the receiver uses the same key and the
corresponding decryption algorithm to
decrypt the data
16
Asymmetric-Key Cryptography
17
Keys used in cryptography
18
SYMMETRIC-KEY CRYPTOGRAPHY
• Symmetric-key cryptography started thousands of
years ago when people needed to exchange secrets
(for example, in a war). We still mainly use
symmetric-key cryptography in our network
security.
19
• A substitution cipher replaces one symbol with
another.
• Example:
The following shows a plaintext and its corresponding
ciphertext. Is the cipher monoalphabetic?
Solution
The cipher is probably monoalphabetic because both
occurrences of L’s are encrypted as O’s.
20
Example 2
The following shows a plaintext and its corresponding
ciphertext. Is the cipher monoalphabetic?
Solution
The cipher is not monoalphabetic because each
occurrence of L is encrypted by a different character. The
first L is encrypted as N; the second as Z.
21
• The shift cipher is sometimes referred to as the
Caesar cipher. In this cipher, the encryption
algorithm is "shift key characters down," with
key equal to some number. The decryption
algorithm is "shift key characters up.“
• Example:
Use the shift cipher with key = 15 to encrypt the message
“HELLO.”
Solution
We encrypt one character at a time. Each character is
shifted 15 characters down. Letter H is encrypted to W.
Letter E is encrypted to T. The first L is encrypted to A. The
second L is also encrypted to A. And O is encrypted to D.
22
The cipher text is WTAAD.
Example 2
Use the shift cipher with key = 15 to decrypt the message
“WTAAD.”
Solution
We decrypt one character at a time. Each character is
shifted 15 characters up. Letter W is decrypted to H. Letter
T is decrypted to E. The first A is decrypted to L. The
second A is decrypted to L. And, finally, D is decrypted to
O. The plaintext is HELLO.
23
• A transposition cipher reorders (permutes)
symbols in a block of symbols.
24
Example
Encrypt the message “HELLO MY DEAR,” using the key
shown in Figure above
Solution
We first remove the spaces in the message. We then divide
the text into blocks of four characters. We add a bogus
character Z at the end of the third block. The result is
HELL OMYD EARZ. We create a three-block ciphertext
ELHLMDOYAZER.
25
Data Encryption Standard (DES)
• One example of a complex block cipher is the Data Encryption Standard
(DES). DES was designed by IBM and adopted by the U.S. government
as the standard encryption method for nonmilitary and nonclassified use.
• The algorithm encrypts a 64-bit plaintext block using a 64-bit key
26
ASYMMETRIC-KEY CRYPTOGRAPHY
• An asymmetric-key (or public-key) cipher uses two keys:
one private and one public.
• Example:RSA (Rivest, Shamir, and Adleman )
27
Selecting Keys
• Bob use the following steps to select the private and
public keys:
1. Bob chooses two very large prime numbers p and q.
Remember that a prime number is one that can be
divided evenly only by 1 and itself.
2. Bob multiplies the above two primes to find n, the
modulus for encryption and decryption. In other
words, n=p X q.
3. Bob calculates another number F =(p-1) X (q-1).
4. Bob chooses a random integer e. He then calculates
d so that d x e=1 mod F.=>dxe-1 evenly divide F
5. Bob announces e and n to the public; he keeps F and
d secret
29
Digital Signatures
• A digital signature is much like a hand signature in that it
provides proof that you are the originator of the message
(Authentication); assigns a code to a document.
• Used to bound the message originator with the exact
contents of the message through the use of key pairs. This
allows for the feature of non-repudiation (non-rejection) to
be achieved - this is crucial for electronic commerce.
• Non-repudiation is a property achieved through
cryptographic methods which prevents an individual or
entity from denying having performed a particular action
related to data.
• The private key of the sender is used to compute a
message digest.
Class Activity: How is conventional signature
send? How is it verified by the receiver? 30
Firewalls
What is a firewall?
• Used to control the flow of traffic (both inflows and
outflows, but primarily inflows) between networks
• The connected networks can be internal or a
combination of internal and external networks
• A system or combination of systems that supports an
access control policy between two networks.
• A firewall can limit the types of transactions that enter a
system, as well as the types of transactions that leave a
system.
• Firewalls can be programmed to stop certain types or
ranges of IP addresses, as well as certain types of TCP
port numbers (applications such as ftp, telnet, etc.)
31
Characteristics of Good Firewalls
32
A firewall as it stops certain internet and external transactions
33
Types of Firewall
34
Firewall Functions
• Protect the system from the hackers from logging
into machines on network.
• Provide a single access point from where
security and audit can be imposed.
• Act as an effective tracing tool.
• Provide an important logging and auditing
function
• Provide information about the nature of traffic and
the number of attempts made to break into it.
35
Security Policy Design Issues
36
10 Tips for Computer Network Security