SlideShare una empresa de Scribd logo

Network security

Descargar como PPTX, PDF
S
Sidiq Dwi Laksana
Tecnología
1 de 55
 ACLs typically reside on routers to determine which devices are allowed to access them based on the requesting device’s Internet Protocol (IP) address.
 Basicly ACL use IP address for filtering packet but now also use port number.
 ACLs are configured either to apply to inbound traffic or to apply to outbound traffic.
 ACLs are configured either to apply to inbound traffic or to apply to outbound traffic.
 There are two types of Cisco ACLs, standard and extended.  Standard ACLs allow you to permit or deny traffic from source IP addresses.  Extended ACLs filter IP packets based on several attributes, for example, protocol type, source and IP address, destination IP address, source TCP or UDP ports, destination TCP or UDP ports, and optional protocol type information for finer granularity of control.
 The first is a concept called tunneling, which basically means encapsulating one protocol within another to ensure that a transmission is secure.
 Virtual Private Network (VPN)  Remote access VPNs  Site-to-site VPNs  Extranet VPNs
 This security protocol was developed by Netscape to work with its browser. It’s based on Rivest, Shamir, and Adleman (RSA) public-key encryption and used to enable secure Session-layer connections over the Internet between a web browser and a web server
 Layer 2 Tunneling Protocol (L2TP), which was created by the Internet Engineering Task Force (IETF). It comes in handy for supporting non-TCP IP protocols in VPNs over the Internet.
 just mentioned Point to Point Tunneling Protocol (PPTP).  PPTP acts by combining an unsecured Point to Point Protocol (PPP) session with a secured session using the Generic Routing Encapsulation (GRE) protocol.
 The two major protocols you’ll find working in IPSec are the Authentication Header (AH) and Encapsulating Security Payload (ESP). AH serves up authentication services only—no encryption but ESP provides both authentication and encryption abilities.
 Encryption works by running the data (which when encoded is represented as numbers) through a special encryption formula called a key that the designated sending and receiving devices both ―know.‖
 Private Encryption Keys Private keys are commonly referred to as symmetrical keys. Using private-key encryption, both the sender and receiver have the same key and use it to encrypt and decrypt all messages  DES  56-bit key  3DES  168 – bit key  The Advanced Encryption Standard (AES)  128, 192, or 256 bits
 Public Key Encryption Public key encryption uses the Diffie-Hellman algorithm, which employs a public key and a private key to encrypt and decrypt data. The sending machine’s public key is used to encrypt a message to the receiving machine that it uses to decrypt the message with a private key.
 Disabling Accounts  Managing Account  Password-Management Features
 Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) is a system that links users to public key that verifies the user’s identity by using a certificate authority (CA).
 Public Key Infrastructure (PKI)
 Kerberos, created at MIT, isn’t just a protocol, it’s an entire security system that establishes a user’s identity when they first log on to a system that’s running it.
 RADIUS RADIUS is an authentication and accounting service that’s used for verifying users over various types of links, including dial-up. Many ISPs use a RADIUS server to store the usernames and passwords of their clients in a central spot through which connections are configured to pass authentication requests
 The Terminal Access Controller Access-Control System Plus (TACACS+) protocol is an alternative AAA method to RADIUS.  Here are two major differences between TACACS+ and RADIUS:  RADIUS combines user authentication and authorization i NN nto one profile, but TACACS+ separates the two.  TACACS+ utilizes the connection-based TCP protocol, but RADIUS uses UDP instead.
 Denial of Service (DoS) A denial of service (DoS) attack does exactly what it sounds like it would do—it prevents users from accessing the network and/or its resources. Example of DoS: The Ping of Death Ping 192.168.131.67 -l 65000
 It’s a version of a DoS attack that floods its victim with spoofed broadcast ping messages
 They’re called distributed denial of service (DDos) attacks and also make use of IP spoofing
 File Viruses  Macro Viruses  Boot-Sector Viruses  Multipartite Viruses
 Functionally, or not so much if your computer happens to have been infected with one, worms are a lot like viruses—only worse because they’re much harder to stop. Worms can actively replicate without requiring you to do anything like open an infected file.
 IP Spoofing IP spoofing is the process of sending packets with a fake source address that makes it look like those packets actually originate from within the network that the hacker is trying to attack.
 Backdoors Backdoors are simply paths leading into a computer or network. From simple invasions to elaborate Trojan Horses, villains can use their previously placed inroads into a specific host or a network whenever they want to.
 Packet Sniffers A packet sniffer is a software tool that can be incredibly effective in troubleshooting a problematic network but that can also be a hacker’s friend.
 A man-in-the-middle attack happens when someone intercepts packets intended for one computer and reads the data.
 rogue access point is one that’s been installed on a network without the administrator’s knowledge.
 Social engineering, or phishing, refers to the act of attempting to illegally obtain sensitive information by pretending to be a credible source.
 Active Detection  Passive Detection  Proactive Defense
 Security Policies It should precisely define how security is to be implemented within an organization and include physical security, document security, and network security.  Security Audit A security audit is a thorough examination of your network that includes testing all its components to make sure everything is secure.
 Security Policies It should precisely define how security is to be implemented within an organization and include physical security, document security, and network security.  Security Audit A security audit is a thorough examination of your network that includes testing all its components to make sure everything is secure.
 Firewalls are usually a combination of hardware and software. The hardware part is usually a router, but it can also be a computer or a dedicated piece of hardware called a black box that has two Network Interface Cards (NICs) in it. One of the NICs connects to the public side, and the other one connects to the private side. The software part is configured to control how the firewall actually works to protect your network by scrutinizing each incoming and outgoing packet and rejecting any suspicious ones.
 A network-based firewall is what companies use to protect their private network from public networks. The defining characteristic of this type of firewall is that it’s designed to protect an entire network of computers instead of just one system, and it’s usually a combination of hardware and software
 host-based firewall is implemented on a single machine so it only protects that one machine. This type of firewall is usually a software implementation, because you don’t need any additional hardware in your personal computer to run it. All current Windows client operating systems come with Windows Firewall, which is a great example of a host-based solution
 Demilitarized Zone (DMZ) Most firewalls in use today implement something called a demilitarized zone (DMZ), which, as its name implies, is a network segment that isn’t public or local but halfway between the two. A standard DMZ setup typically (but not always) has two or three network cards in the firewall computer.  The first goes to the Internet  Second one goes to the network segment where the commonly targeted servers exist that I recommended be placed in the DMZ  Third connects to your intranet.
 Proxy Services Firewalls can also implement something called proxy services, which actually makes them proxy servers, or proxies for short. Let’s say an internal client sends a request to an external host on the Internet. That request will get to the proxy server first, where it will be examined, broken down, and handled by an application that will create a new packet requesting Information from the external server.
 Proxy Services
 The first firewalls that were developed functioned solely at the Network layer, and the earliest of these were known as packet-filter firewalls. I covered packet filtering a bit earlier in this chapter; as a refresher, all it means is that the firewall looks at an incoming packet and applies it against the set of rules in the ACL(s).
 Basic packet filter doesn’t care about whether the packet it is examining is stand-alone or part of a bigger message stream. That type of packet filter is said to be stateless, in that it does not monitor the status of the connections passing through it.  Stateful firewall is one that keeps track of the various data streams passing through it. If a packet that is a part of an established connection hits the firewall, it’s passed through.
 There are two ways IDS systems can detect attacks or intrusions. The first is based on the signature of an intrusion that’s often referred to as a misuse-detection IDS (MD-IDS).  There are two ways IDS systems can detect attacks or intrusions. The first is based on the signature of an intrusion that’s often referred to as a misuse-detection IDS (MD-IDS),
 network-based IDS (NIDS), where the IDS system is a separate device attached to the network via a machine like a switch or directly via a tap.
 In a host-based IDS (HIDS), software runs on one computer to detect abnormalities on that system alone by monitoring applications, system logs, and event logs—not by directly monitoring network traffic.
 A VPN concentrator is a device that creates remote access for virtual private networks (VPNs) either for users logging in remotely or for a large site-to-site VPN.  VPNs often allow higher data throughput and provide encryption  VPN through a concentrator is usually handled by Internet Protocol Security (IPSec) or by Secure Sockets Layer (SSL), and user authentication can be achieved via Microsoft’s Active Directory, Kerberos, Remote Authentication Dial In User Service (RADIUS), Rivest, Shamir, and Adleman (RSA), and digital certificates.
Network security

Recomendados

8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocolsguestfbf635
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpnHarshika Rana
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
Cn36539543
Cn36539543Cn36539543
Cn36539543IJERA Editor
 
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprisesshrutisreddy
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocolsOnline
 
Firewalls
FirewallsFirewalls
FirewallsSonali Parab
 
Chapter 11
Chapter 11Chapter 11
Chapter 11cclay3
 

Recomendados

8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocolsguestfbf635
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpnHarshika Rana
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
Cn36539543
Cn36539543Cn36539543
Cn36539543IJERA Editor
 
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprisesshrutisreddy
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocolsOnline
 
Firewalls
FirewallsFirewalls
FirewallsSonali Parab
 
Chapter 11
Chapter 11Chapter 11
Chapter 11cclay3
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configurationNutan Kumar Panda
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajendra Dangwal
 
Describe firewalls
Describe firewallsDescribe firewalls
Describe firewallsВлад Панасенко
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
 
S/MIME
S/MIMES/MIME
S/MIMEmaria azam
 
Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configurationMuhammad Baqar Kazmi
 
Websecurity
Websecurity Websecurity
Websecurity Merve Bilgen
 
Cns unit4
Cns unit4Cns unit4
Cns unit4PRADEEPJ30
 
Approach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsApproach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsInternational Journal of Science and Research (IJSR)
 
Ch05 Network Defenses
Ch05 Network DefensesCh05 Network Defenses
Ch05 Network DefensesInformation Technology
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Day4
Day4Day4
Day4Jai4uk
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
L4 vpn
L4 vpnL4 vpn
L4 vpnRushdi Shams
 
Chapter 08
Chapter 08Chapter 08
Chapter 08cclay3
 
Ch16
Ch16Ch16
Ch16Joe Christensen
 
Ip sec
Ip secIp sec
Ip secshifanabasheer
 

Más contenido relacionado

La actualidad más candente

Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
Chapter 08
Chapter 08Chapter 08
Chapter 08cclay3
 

La actualidad más candente (20)

Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Firewalls
FirewallsFirewalls
Firewalls
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Describe firewalls
Describe firewallsDescribe firewalls
Describe firewalls
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
Ip security
Ip security Ip security
Ip security
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
 
S/MIME
S/MIMES/MIME
S/MIME
 
Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configuration
 
Websecurity
Websecurity Websecurity
Websecurity
 
Cns unit4
Cns unit4Cns unit4
Cns unit4
 
Approach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsApproach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed Firewalls
 
Ch05 Network Defenses
Ch05 Network DefensesCh05 Network Defenses
Ch05 Network Defenses
 
IP Security
IP SecurityIP Security
IP Security
 
Day4
Day4Day4
Day4
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 
L4 vpn
L4 vpnL4 vpn
L4 vpn
 
Chapter 08
Chapter 08Chapter 08
Chapter 08
 

Destacado

Network security
Network securityNetwork security
Network securityanoop negi
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 

Destacado (6)

Ch16
Ch16Ch16
Ch16
 
Ip sec
Ip secIp sec
Ip sec
 
Network security
Network securityNetwork security
Network security
 
Unit 5
Unit 5Unit 5
Unit 5
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
 

Similar a Network security

Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical HackingSripati Mahapatra
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdfImXaib
 
IT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_ChannelsIT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_ChannelsPalani Kumar
 
Firewall ,Its types and Working.pptx
Firewall ,Its types and Working.pptxFirewall ,Its types and Working.pptx
Firewall ,Its types and Working.pptxShrayamManandhar
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 

Similar a Network security (20)

Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
Firewall Firewall
Firewall
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - III
 
Network security
Network securityNetwork security
Network security
 
Firewall
FirewallFirewall
Firewall
 
RAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARYRAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARY
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final ppt
 
Firewall
FirewallFirewall
Firewall
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
IT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_ChannelsIT8005_EC_Unit_III_Securing_Communication_Channels
IT8005_EC_Unit_III_Securing_Communication_Channels
 
Firewall ,Its types and Working.pptx
Firewall ,Its types and Working.pptxFirewall ,Its types and Working.pptx
Firewall ,Its types and Working.pptx
 
Note8
Note8Note8
Note8
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Firewall
FirewallFirewall
Firewall
 

Último

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Último (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Network security

  • 1.
  • 2. ACLs typically reside on routers to determine which devices are allowed to access them based on the requesting device’s Internet Protocol (IP) address.
  • 3. Basicly ACL use IP address for filtering packet but now also use port number.
  • 4.
  • 5. ACLs are configured either to apply to inbound traffic or to apply to outbound traffic.
  • 6. ACLs are configured either to apply to inbound traffic or to apply to outbound traffic.
  • 7. There are two types of Cisco ACLs, standard and extended.  Standard ACLs allow you to permit or deny traffic from source IP addresses.  Extended ACLs filter IP packets based on several attributes, for example, protocol type, source and IP address, destination IP address, source TCP or UDP ports, destination TCP or UDP ports, and optional protocol type information for finer granularity of control.
  • 8. The first is a concept called tunneling, which basically means encapsulating one protocol within another to ensure that a transmission is secure.
  • 9. Virtual Private Network (VPN)  Remote access VPNs  Site-to-site VPNs  Extranet VPNs
  • 10. This security protocol was developed by Netscape to work with its browser. It’s based on Rivest, Shamir, and Adleman (RSA) public-key encryption and used to enable secure Session-layer connections over the Internet between a web browser and a web server
  • 11. Layer 2 Tunneling Protocol (L2TP), which was created by the Internet Engineering Task Force (IETF). It comes in handy for supporting non-TCP IP protocols in VPNs over the Internet.
  • 12. just mentioned Point to Point Tunneling Protocol (PPTP).  PPTP acts by combining an unsecured Point to Point Protocol (PPP) session with a secured session using the Generic Routing Encapsulation (GRE) protocol.
  • 13.
  • 14. The two major protocols you’ll find working in IPSec are the Authentication Header (AH) and Encapsulating Security Payload (ESP). AH serves up authentication services only—no encryption but ESP provides both authentication and encryption abilities.
  • 15.
  • 16.
  • 17. Encryption works by running the data (which when encoded is represented as numbers) through a special encryption formula called a key that the designated sending and receiving devices both ―know.‖
  • 18. Private Encryption Keys Private keys are commonly referred to as symmetrical keys. Using private-key encryption, both the sender and receiver have the same key and use it to encrypt and decrypt all messages  DES  56-bit key  3DES  168 – bit key  The Advanced Encryption Standard (AES)  128, 192, or 256 bits
  • 19. Public Key Encryption Public key encryption uses the Diffie-Hellman algorithm, which employs a public key and a private key to encrypt and decrypt data. The sending machine’s public key is used to encrypt a message to the receiving machine that it uses to decrypt the message with a private key.
  • 20. Disabling Accounts  Managing Account  Password-Management Features
  • 21. Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) is a system that links users to public key that verifies the user’s identity by using a certificate authority (CA).
  • 22. Public Key Infrastructure (PKI)
  • 23. Kerberos, created at MIT, isn’t just a protocol, it’s an entire security system that establishes a user’s identity when they first log on to a system that’s running it.
  • 24. RADIUS RADIUS is an authentication and accounting service that’s used for verifying users over various types of links, including dial-up. Many ISPs use a RADIUS server to store the usernames and passwords of their clients in a central spot through which connections are configured to pass authentication requests
  • 25. The Terminal Access Controller Access-Control System Plus (TACACS+) protocol is an alternative AAA method to RADIUS.  Here are two major differences between TACACS+ and RADIUS:  RADIUS combines user authentication and authorization i NN nto one profile, but TACACS+ separates the two.  TACACS+ utilizes the connection-based TCP protocol, but RADIUS uses UDP instead.
  • 26.
  • 27. Denial of Service (DoS) A denial of service (DoS) attack does exactly what it sounds like it would do—it prevents users from accessing the network and/or its resources. Example of DoS: The Ping of Death Ping 192.168.131.67 -l 65000
  • 28. It’s a version of a DoS attack that floods its victim with spoofed broadcast ping messages
  • 29. They’re called distributed denial of service (DDos) attacks and also make use of IP spoofing
  • 30. File Viruses  Macro Viruses  Boot-Sector Viruses  Multipartite Viruses
  • 31. Functionally, or not so much if your computer happens to have been infected with one, worms are a lot like viruses—only worse because they’re much harder to stop. Worms can actively replicate without requiring you to do anything like open an infected file.
  • 32. IP Spoofing IP spoofing is the process of sending packets with a fake source address that makes it look like those packets actually originate from within the network that the hacker is trying to attack.
  • 33. Backdoors Backdoors are simply paths leading into a computer or network. From simple invasions to elaborate Trojan Horses, villains can use their previously placed inroads into a specific host or a network whenever they want to.
  • 34. Packet Sniffers A packet sniffer is a software tool that can be incredibly effective in troubleshooting a problematic network but that can also be a hacker’s friend.
  • 35. A man-in-the-middle attack happens when someone intercepts packets intended for one computer and reads the data.
  • 36. rogue access point is one that’s been installed on a network without the administrator’s knowledge.
  • 37. Social engineering, or phishing, refers to the act of attempting to illegally obtain sensitive information by pretending to be a credible source.
  • 38. Active Detection  Passive Detection  Proactive Defense
  • 39. Security Policies It should precisely define how security is to be implemented within an organization and include physical security, document security, and network security.  Security Audit A security audit is a thorough examination of your network that includes testing all its components to make sure everything is secure.
  • 40. Security Policies It should precisely define how security is to be implemented within an organization and include physical security, document security, and network security.  Security Audit A security audit is a thorough examination of your network that includes testing all its components to make sure everything is secure.
  • 41. Firewalls are usually a combination of hardware and software. The hardware part is usually a router, but it can also be a computer or a dedicated piece of hardware called a black box that has two Network Interface Cards (NICs) in it. One of the NICs connects to the public side, and the other one connects to the private side. The software part is configured to control how the firewall actually works to protect your network by scrutinizing each incoming and outgoing packet and rejecting any suspicious ones.
  • 42.
  • 43. A network-based firewall is what companies use to protect their private network from public networks. The defining characteristic of this type of firewall is that it’s designed to protect an entire network of computers instead of just one system, and it’s usually a combination of hardware and software
  • 44. host-based firewall is implemented on a single machine so it only protects that one machine. This type of firewall is usually a software implementation, because you don’t need any additional hardware in your personal computer to run it. All current Windows client operating systems come with Windows Firewall, which is a great example of a host-based solution
  • 45. Demilitarized Zone (DMZ) Most firewalls in use today implement something called a demilitarized zone (DMZ), which, as its name implies, is a network segment that isn’t public or local but halfway between the two. A standard DMZ setup typically (but not always) has two or three network cards in the firewall computer.  The first goes to the Internet  Second one goes to the network segment where the commonly targeted servers exist that I recommended be placed in the DMZ  Third connects to your intranet.
  • 46. Proxy Services Firewalls can also implement something called proxy services, which actually makes them proxy servers, or proxies for short. Let’s say an internal client sends a request to an external host on the Internet. That request will get to the proxy server first, where it will be examined, broken down, and handled by an application that will create a new packet requesting Information from the external server.
  • 47. Proxy Services
  • 48. The first firewalls that were developed functioned solely at the Network layer, and the earliest of these were known as packet-filter firewalls. I covered packet filtering a bit earlier in this chapter; as a refresher, all it means is that the firewall looks at an incoming packet and applies it against the set of rules in the ACL(s).
  • 49. Basic packet filter doesn’t care about whether the packet it is examining is stand-alone or part of a bigger message stream. That type of packet filter is said to be stateless, in that it does not monitor the status of the connections passing through it.  Stateful firewall is one that keeps track of the various data streams passing through it. If a packet that is a part of an established connection hits the firewall, it’s passed through.
  • 50. There are two ways IDS systems can detect attacks or intrusions. The first is based on the signature of an intrusion that’s often referred to as a misuse-detection IDS (MD-IDS).  There are two ways IDS systems can detect attacks or intrusions. The first is based on the signature of an intrusion that’s often referred to as a misuse-detection IDS (MD-IDS),
  • 51.
  • 52. network-based IDS (NIDS), where the IDS system is a separate device attached to the network via a machine like a switch or directly via a tap.
  • 53. In a host-based IDS (HIDS), software runs on one computer to detect abnormalities on that system alone by monitoring applications, system logs, and event logs—not by directly monitoring network traffic.
  • 54. A VPN concentrator is a device that creates remote access for virtual private networks (VPNs) either for users logging in remotely or for a large site-to-site VPN.  VPNs often allow higher data throughput and provide encryption  VPN through a concentrator is usually handled by Internet Protocol Security (IPSec) or by Secure Sockets Layer (SSL), and user authentication can be achieved via Microsoft’s Active Directory, Kerberos, Remote Authentication Dial In User Service (RADIUS), Rivest, Shamir, and Adleman (RSA), and digital certificates.