Networking Security Overview

Networking Security Overview

Key Concepts in Networking Security

• Threat: An event that has potential to violate security policies.
• Vulnerability: A weakness in a system that makes a threat possible.
• Attack: The realization of a threat that exploits vulnerabilities in the system.

Understanding Protocols

• Protocol Stack:
  • Each layer adds a different header to the packet:
  • Application Layer: Adds application-specific header for control information.
  • Transport Layer: Ensures reliable data transmission and identifies application processes.
  • Link Layer: Adds ethernet packet header and calculates CRC.

Internet Gateway and LAN Configuration

• A network typically consists of a local area network (LAN) connecting to the internet through a gateway (often managed by an ISP) which provides firewall protection.

Examples of Network Attacks

1. SYN Flood: Floods the protocol stack with SYN packets to produce half-open connections.
2. Source Routing Attack: Redirects traffic to an impersonating host using specific IP header options.
3. IP Spoofing: Forges the sender’s IP address, often requiring correct sequence number guessing.
4. Cache Poisoning: Misleads DNS resolvers into accepting bogus data.
5. Denial of Service (DoS): Overloads servers like root servers to inhibit their response capability.

Network Threats and Vulnerabilities

• Identifying threats involves understanding how attacks can exploit vulnerabilities:
  • Assess the potential of a threat to violate system policies.

Network Security Techniques

1. Traffic Filtering and Connectivity

• Packet Filtering: Discards unwanted packets based on:
  • MAC Address (source/destination)
  • IP Address (source/destination)
  • Application Protocol (based on port numbers)
  • Content Patterns
• Typically, inbound connections are filtered unless specifically configured.

2. Encryption and Signature

• Utilizes cryptography to ensure data remains confidential:
  • Symmetric Encryption: Same key for both encryption and decryption.
  • Asymmetric Encryption: Public key to encrypt, private key to decrypt.
  • Digital Signatures: Hashing data for verification purposes.

Key Management Challenges

• Proper management of cryptographic keys is crucial:
  • Distribution: Ensure the right keys reach the right individuals.
  • Revocation: Update or change keys when necessary (e.g., employee access changes).
  • Default Key Risks: Beware of vendor-installed keys that may be known to attackers.

Technical Solutions for Key Management

• Hardware Security Module (HSM) and Trusted Platform Module (TPM) are utilized for storing and securing keys:
  • HSM: standalone, tamper-proof device meant solely for key storage.
  • TPM: chip integrated into a device ensuring key security on desktops and laptops.

Key Distribution Strategies

1. Single Cryptonet: Shared secret key among all users.
2. Group Cryptonets: Shared key for certain groups.
3. Pairwise Key Sharing: Unique key for each pair of endpoints.
4. Key Distribution Center: Central server that distributes keys.
5. Public Key Distribution: Techniques to distribute keys using public key cryptography.

Protocols for Secure Communication

1. IPsec:

• May be used in VPNs to secure communications at the IP layer explicitly.

2. SSL/TLS:

• Provides encryption and secure data exchange between client (e.g., a web browser) and server:
  • Handshake Protocol: Initiates a secure connection and performs key exchanges.
  • Record Protocol: Handles data transmission securely.

1. VPNs (Virtual Private Networks): Enables secure access to a network over the internet, providing confidentiality and integrity for data transfers.

Case Studies in Security Protocols

• Case 1: Preventing impersonation of legitimate nodes; use IPSec.
• Case 2: Remote access to internal resources; use VPN for secure connection.
• Case 3: Secure file transfers; use SSL for encryption of data at transit.

Summary

• Understanding network security requires familiarity with different types of threats, countermeasures, protocols, and key management principles. Effective implementation ensures confidentiality, integrity, and availability of network resources.