2. INTRODUCTION
The world is becoming more interconnected with advent of internet
and networking solutions
There is a large amount of personal, commercial, military, and
government information on networking infrastructures worldwide.
Network security is becoming of great importance because of
intellectual property that can be easily acquired through internet
In practice single security technology is not sufficient
to build a secure network system
Integrated application of multiple technologies will be able to
control the security risks as much as possible within the scope of the
small
Prevention through a variety of techniques is to resist the
overwhelming majority of attacks from outside.
3. NETWORK SECURITY
Network security has become more important to personal
computer users, and in several organizations
With the advent of the internet, security became a major
concern and the history of security allows a better
understanding of the emergence of security technology.
More enterprises using web services helps to accelerate its
own development
In further we introduce the architecture of network
security, and further information on the types of security
threats, network security so that readers with some basic
understanding of the types of security services
In accordance with established safety precautions, and
finally the introduction of security rules can be achieved.
4. SECURITY THREATS
CONCEPTS OF SECURITY THREATS
This has not been filtered for the protection of the network
nodes, the times have to bear the test of a large number of
network attacks.
Even if the purpose of these attacks are random, but there are
still very likely that those who failed to break through the
computer facilities management, impact on the network and
even network paralysis.
CLASSIFICATION OF SECURITY THREATS
Internet network security threats often roughly divided into the
following categories:
Illegal use of Network
Denial of Service
Information theft
Data tampering
5. CATEGORIES
Illegal use of network is the resource are illegal users or
unauthorized users using in illegal way, For example, the
attacker through the speculation out of account and password
into the computer system
Denial of service is Server refused the users to access
information or resources to normal requests. For example, an
attacker using a large number of packets a short period of time
continuously connected to the server was launched, resulting in
overloaded servers cannot handle tasks.
Information theft is invasion did not directly attack the target
system, but by tapping the Internet to access important data or
information.
Data tampering is attacks on the system data or message flow
selective edit, delete, delay, re-sort and insertion of false
information, such as operations, destruction of data
consistency.
6. NETWORK SECURITY CLASSIFICATIONS
In response to these security threats, security measures taken
by security services
The classification of security services and explained as
follows:
Availability of services is information or services to ensure that
when needed can be a normal visit.
Confidential service is to ensure that sensitive data or
information will not be leaked or exposed to unauthorized
entities.
7. SECURITY CLASSFN CONTN
Integrity services is to ensure that data is not the way to
unauthorized alteration or destruction.
Identification is to identity of an entity to provide the
guarantee the legitimacy of security service.
Authorization is the use of system resources for the
implementation of control provisions, such as the visitor's
access permissions.
8. IMPLEMENTATION OF SECURITY
As a result of the early stage of the Internet has not been
designed for the specific IP security program, it is necessary to
network security, services and products to improve the IP
network, Internet Protocol in order to weaken the inherent
security risks, and the following precautions.
TABLE I. SAFETY PRECAUTIONS AND SUMMARY
EVALUVATION ASPECTS SUMMARY
Encryption Encryption technology
Authentication Identification and
verification of identity
Access control Access control and access
rights
Visit to the security Network security protocols
agreement and layering
9. ENCRYPTION
Encrypted message is converted into readable From
unreadable text encrypted process. Not only to provide users
with encrypted communication security, but also many other
security mechanisms.
Encryption technology can be used in the following
mechanisms:
Password authentication process design
Safety communication protocol design
Design of digital signatures
Encryption methods are mainly classified into three
Types:
10. Symmetric cryptosystem
Key is same to Characterize for the encryption and
decryption, each pair of users share the same key to exchange
information, and key must be kept confidential.
A typical representative include:
Data Encryption Standard DES
Triple Data Encryption Standard 3DES
Public-key cryptosystem
Compared with the symmetric cryptography, public key
cryptography there are two different keys can be encryption
and decryption functions separately.
A key known as the private key must be secret preservation;
another called the public key can be distributed publicly
11. Hash function
For a variable-length messages to a fixed-length
compressed code word into a hash or message digest.
Hash function, including MD5 (Message Digest
5), Secure Hash Algorithm SHA (Secure Hash
Algorithm)
Typical representatives: DH (Diffie-Hellman), RSA
(Rivest, Shamir, adleman) are representatives for
public key cryptosystem
12. AUTHENTICATION
Certification is usually used to access the network or
networks to provide services to identify the user before the
legality of identity.
Certification by the network for each piece of equipment
in the local provision of, nor can the implementation of a
dedicated authentication server.
Comparatively speaking, the latter has better
flexibility, controllability and scalability. At present, in the
heterogeneous network environment, the authentication
service using RADIUS (Remote Authentication Dial in
user service
13. ACCESS CONTROL
Access Control is a way to strengthen the mandate.
Generally divided into two categories:
Based on the operating system access control
Access to the resources of a computer system on the user's
visit to conduct designated authorized. Can be based on
the identity of groups, the rules of access control policy
configuration.
Web-based access control
Refers to the access network to limit the authority. Due to
the complexity of the network, much of its mechanism of
access control based on the operating system more
complex.
14. VISIT TO THE SECURITY
AGREEMENT
Refers to the access network to limit the authority. Due to
the complexity of the network, much of its mechanism of
access control based on the operating system more
complex.
Application Layer Security
It offers from a host of applications through the network
to another host on the end-to-end application security.
Application-layer security mechanisms must be tailored to
specific applications of the security agreement is the
application of the supplementary agreement. It can be
seen, there is no generic application-layer security
protocol.
15. CONTD ….
Transport Layer Security
In the transport layer to provide security services to
strengthen the idea that the IPC interface, such as BSD
sockets and so on. Including double-end entity
authentication, data encryption key exchange.
According to this line of thought, there has been built on
the reliable transmission service based on the Secure
Sockets Layer protocol SSL (Secure Socket Layer).
16. CONTD…
Network Layer Security
If the agreement does not achieve the security level of
protection, through the network layer packet to protect
user information can also be automatically provided from
the network layer security benefit.
Therefore, IP (Internet Protocol) security is the TCP / IP
security, but also the core of Internet security.
Data Link Layer Security
Provide point-to-point security, such as in a point to-point
link to provide security. Link layer security is the main
link connecting each end of the use of special equipment
for the completion of encryption and decryption.
17. CONCLUSION
Network operating system security and database
management systems security and security is closely
integrated.
The application must be tailored to specific needs of
the environment matched analysis and the
development of various safety management strategy to
ensure network security.
18. REFERNCES
www.google.com
www.wikepedia.com
www.ieee.org
TAN Chun-xia .On Information Technology and
Computer Network Security and Computer
Knowledge and Technology(Academic Exchange)