SlideShare a Scribd company logo

lecture 7.pptx

Download as PPTX, PDF
M
MelkamuEndale1

This document provides information on network security fundamentals including cryptography and firewalls. It defines cryptography as a method of protecting information using codes that only intended recipients can read. It describes symmetric and asymmetric encryption techniques. Symmetric encryption requires secure key distribution while asymmetric encryption uses public/private key pairs to securely exchange messages. The document also defines firewalls as devices that control network traffic flow according to security policies, and describes common firewall types including packet filters, stateful filters, and application gateways.

Technology
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Chapter seven Security
Fundamentals of secure networks; Cryptography • Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. • Once the data is out of hand, people with bad intention could modify or forge your data, either for amusement or for their own benefit. • Network Security - measures to protect data during their transmission • Cryptography can reformat and transform our data, making it safer on its trip between computers. • The technology is based on the essentials of secret codes, augmented by modern mathematics that protects our data in powerful ways. • Cryptography is a method of protecting information and communication through the use of codes so that only those for whom the information is intended can read and process it.
Basic terminology in cryptographic system • plaintext (P)- original message • ciphertext (C)- coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key • cryptology - field of both cryptography and cryptanalysis
Types of cryptographic techniques • Symmetric key encryption • Asymmetric key encryption 4
Symmetric encryption systems • There two basic kinds of encryptions are symmetric (also called "secret key") and asymmetric (also called "public key"). • The symmetric systems provide a two-way channel to their users: A and B share a secret key, and they can both encrypt information to send to the other as well as decrypt information from the other. • The symmetry of this situation is a major advantage of this type of encryption, but it also leads to a problem: key distribution. How do A and B obtain their shared secret key? And only A and B can use that key for their encrypted communications. • If A wants to share encrypted communication with another user C, A and C need a different shared key. Key generation and key distribution is the major difficulty in using symmetric encryption. 5
Cont.… • In general, n users who want to communicate in pairs need n * (n - 1)/2 keys. • In other words, the number of keys needed increases at a rate proportional to the square of the number of users! So a property of symmetric encryption systems is that they require a means of key distribution.
Asymmetric encryption systems • Public key systems excel at key management. • Asymmetric encryption transforms plaintext into ciphertext using a one of two keys and an encryption algorithm. • Using the paired key and a decryption algorithm, the plaintext is recovered from the ciphertext. • Public key cryptography solves symmetric key encryption problem of having to exchange secret key • Uses two mathematically related digital keys public key (widely disseminated) and private key (kept secret by owner) • Once key is used to encrypt message, same key cannot be used to decrypt message • For example, sender uses recipients public key to encrypt message; recipient uses his/her private key to decrypt it 7
Cont.… • By the nature of the public key approach, we can send a public key in an e-mail message or post it in a public directory. • Only the corresponding private key, which presumably is kept private, can decrypt what has been encrypted with the public key. • But for both kinds of encryption, a key must be kept well secured. • Once the private key is known by an outsider, all messages written previously or in the future can be decrypted (and hence read or modified) by the outsider. • So, for all encryption algorithms, key management is a major issue.
Firewalls • Firewalls are network devices that enforce an organization’s security policy • A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. • A network administrator configures the firewall based on the policy of the organization. The policy may take user productivity and bandwidth usage into account as well as the security concerns of an organization. • A firewall is a combination of hardware and software that isolates an organization’s internal network from the Internet at large, allowing some packets to pass and blocking others. • A firewall allows a network administrator to control access between the outside world and resources within the administered network by managing the traffic flow to and from these resources.
Cont.… • The firewall itself is immune to penetration. The firewall itself is a device connected to the network. • If not designed or installed properly, it can be compromised, in which case it provides only a false sense of security (which is worse than no firewall at all!).
Cont.… • Software firewalls • Software firewalls are installed separately on individual devices. • All devices within an intranet may not be compatible with a single software firewall, and several different firewalls may be required. • Hardware firewalls • Are physical devices, each with its own computing resources. They act as gateways between internal networks and the internet, keeping data packets and traffic requests from untrusted sources outside the private network. •
Cont.. • Firewalls can be classified in three categories: • Packet filters, • Stateful filters, and • Application gateways. 1. Packet filter: • All traffic leaving and entering the internal network passes through this router, and it is at this router where packet filtering occurs. • A packet filter examines each datagram in isolation, determining whether the datagram should be allowed to pass or should be dropped based on administrator-specific rules. • Filtering decisions are typically based on: • Source or destination IP address • Protocol type in IP datagram field: TCP, UDP, ICMP, OSPF, and so on • Source and destination port number •
Cont.… 2. Stateful filtering • They work by creating a state table with source IP, destination IP, source port and destination port once a connection is established. • They create their own rules dynamically to allow expected incoming network traffic instead of relying on a hardcoded set of rules based on this information. • They conveniently drop data packets that do not belong to a verified active connection.
Cont.… 3. Application gateway • Application-level gateways, also known as proxy firewalls, are implemented at the application layer via a proxy device. • Instead of an outsider accessing your internal network directly, the connection is established through the proxy firewall. • The external client sends a request to the proxy firewall. After verifying the authenticity of the request, the proxy firewall forwards it to one of the internal devices or servers on the client’s behalf. • Perform deep packet inspection to analyze the context and content of data packets against a set of user-defined rules. Based on the outcome, they either permit or discard a packet.

More Related Content

PPT
Info security & crypto
Shehrevar Davierwala
 
PPTX
Crypto academy
Paul Gillingwater, MBA
 
PPTX
Multilayer Security Architecture for Internet Protocols
Nasir Bhutta
 
PDF
CISSP Week 7
jemtallon
 
PPTX
Security Mechanisms
priya_trehan
 
PPT
Security attacks
Tejaswi Potluri
 
PDF
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
PPTX
Wireless Network Security
SAHEEL FAL DESAI
 
Info security & crypto
Shehrevar Davierwala
 
Crypto academy
Paul Gillingwater, MBA
 
Multilayer Security Architecture for Internet Protocols
Nasir Bhutta
 
CISSP Week 7
jemtallon
 
Security Mechanisms
priya_trehan
 
Security attacks
Tejaswi Potluri
 
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
Wireless Network Security
SAHEEL FAL DESAI
 

What's hot (20)

PDF
Cryptography and Network Lecture Notes
FellowBuddy.com
 
PDF
CS6004 CYBER FORENSICS
Kathirvel Ayyaswamy
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPTX
Cyber security
SAKSHIMAHADIK
 
PPTX
Wireless Network security
Fathima Rahaman
 
PPTX
E-commerce- Security & Encryption
Biroja
 
PDF
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
Sam Bowne
 
PPT
Network security and protocols
Online
 
PPTX
Section c group2_firewall_ final
pg13tarun_g
 
PDF
Network forensics
ArthyR3
 
PPTX
Network traffic analysis with cyber security
KAMALI PRIYA P
 
PPTX
Firewall in Network Security
lalithambiga kamaraj
 
PDF
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
PPTX
Virtual Private Network
Rajendra Dangwal
 
PPT
Chapter 01
nathanurag
 
PPTX
Wireless security
paripec
 
PPTX
Wifi Security
Shital Kat
 
PPTX
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Gopal Sakarkar
 
PPTX
Wireless network security
Vishal Agarwal
 
PPTX
Technology Behind IoT (JNTUK - Unit - 1)
FabMinds
 
Cryptography and Network Lecture Notes
FellowBuddy.com
 
CS6004 CYBER FORENSICS
Kathirvel Ayyaswamy
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Cyber security
SAKSHIMAHADIK
 
Wireless Network security
Fathima Rahaman
 
E-commerce- Security & Encryption
Biroja
 
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
Sam Bowne
 
Network security and protocols
Online
 
Section c group2_firewall_ final
pg13tarun_g
 
Network forensics
ArthyR3
 
Network traffic analysis with cyber security
KAMALI PRIYA P
 
Firewall in Network Security
lalithambiga kamaraj
 
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
Virtual Private Network
Rajendra Dangwal
 
Chapter 01
nathanurag
 
Wireless security
paripec
 
Wifi Security
Shital Kat
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Gopal Sakarkar
 
Wireless network security
Vishal Agarwal
 
Technology Behind IoT (JNTUK - Unit - 1)
FabMinds
 
Ad

Similar to lecture 7.pptx (20)

PPT
Cyber security Unit 3 Cryptography and Network security
eticket4403
 
PPTX
Encryption techniques
MohitManna
 
PPTX
fundamental of network security
Manish Tiwari
 
PDF
Module 2.pdf
Sitamarhi Institute of Technology
 
PDF
Module 2.Cryptography and Cryptanalysis
Sitamarhi Institute of Technology
 
PPTX
IEDA 3302 e-commerce_secure-communications.pptx
ssuser6d0da2
 
PPTX
Computer Introduction-Lecture05
Dr. Mazin Mohamed alkathiri
 
PPTX
Computer Introduction (Data Encryption)-Lecture05
Dr. Mazin Mohamed alkathiri
 
PPT
chapter 4.pptWOLAITA SODO UNIVERSITY SCHOOL OF INFORMATICS DEPARTMENT OF INFO...
abititegen3
 
PPT
ch07.ppt
ssuser4198c4
 
PPT
security
Israel Marcus
 
PPTX
Mastering Network Security: Protecting Networks from Cyber Threats with Firew...
Sisodetrupti
 
PPT
Chapter 15 - Security
Wayne Jones Jnr
 
PPTX
Network Security and Cryptography
Manjunath G
 
PPTX
chapter 7.pptx
MelkamtseganewTigabi1
 
PPTX
Network security & cryptography
pinkutinku26
 
PPTX
Network security & cryptography
Kiran Patil
 
PDF
Firewalls
Dr.Florence Dayana
 
PPTX
Information Assurance and Security all in One Handout.pptx
fernandezpineda1016
 
PPTX
network security chapter six for sybbaca
jpsarwade
 
Cyber security Unit 3 Cryptography and Network security
eticket4403
 
Encryption techniques
MohitManna
 
fundamental of network security
Manish Tiwari
 
Module 2.pdf
Sitamarhi Institute of Technology
 
Module 2.Cryptography and Cryptanalysis
Sitamarhi Institute of Technology
 
IEDA 3302 e-commerce_secure-communications.pptx
ssuser6d0da2
 
Computer Introduction-Lecture05
Dr. Mazin Mohamed alkathiri
 
Computer Introduction (Data Encryption)-Lecture05
Dr. Mazin Mohamed alkathiri
 
chapter 4.pptWOLAITA SODO UNIVERSITY SCHOOL OF INFORMATICS DEPARTMENT OF INFO...
abititegen3
 
ch07.ppt
ssuser4198c4
 
security
Israel Marcus
 
Mastering Network Security: Protecting Networks from Cyber Threats with Firew...
Sisodetrupti
 
Chapter 15 - Security
Wayne Jones Jnr
 
Network Security and Cryptography
Manjunath G
 
chapter 7.pptx
MelkamtseganewTigabi1
 
Network security & cryptography
pinkutinku26
 
Network security & cryptography
Kiran Patil
 
Firewalls
Dr.Florence Dayana
 
Information Assurance and Security all in One Handout.pptx
fernandezpineda1016
 
network security chapter six for sybbaca
jpsarwade
 
Ad

More from MelkamuEndale1 (6)

PPTX
lecture 2.pptx
MelkamuEndale1
 
PPTX
lecture 6.pptx
MelkamuEndale1
 
PPTX
lecture 4.pptx
MelkamuEndale1
 
PPTX
lecture 1.pptx
MelkamuEndale1
 
DOCX
new Call for Innovation Competition - Registration Form (2).docx
MelkamuEndale1
 
DOCX
Switching & Multiplexing
MelkamuEndale1
 
lecture 2.pptx
MelkamuEndale1
 
lecture 6.pptx
MelkamuEndale1
 
lecture 4.pptx
MelkamuEndale1
 
lecture 1.pptx
MelkamuEndale1
 
new Call for Innovation Competition - Registration Form (2).docx
MelkamuEndale1
 
Switching & Multiplexing
MelkamuEndale1
 

Recently uploaded (20)

PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
A Presentation on Artificial Intelligence
memembruh336
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
KodekX | Application Modernization Development
KodekX
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Cloud computing and distributed systems.
kkkkkhan
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 

lecture 7.pptx

  • 2. Fundamentals of secure networks; Cryptography • Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. • Once the data is out of hand, people with bad intention could modify or forge your data, either for amusement or for their own benefit. • Network Security - measures to protect data during their transmission • Cryptography can reformat and transform our data, making it safer on its trip between computers. • The technology is based on the essentials of secret codes, augmented by modern mathematics that protects our data in powerful ways. • Cryptography is a method of protecting information and communication through the use of codes so that only those for whom the information is intended can read and process it.
  • 3. Basic terminology in cryptographic system • plaintext (P)- original message • ciphertext (C)- coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key • cryptology - field of both cryptography and cryptanalysis
  • 4. Types of cryptographic techniques • Symmetric key encryption • Asymmetric key encryption 4
  • 5. Symmetric encryption systems • There two basic kinds of encryptions are symmetric (also called "secret key") and asymmetric (also called "public key"). • The symmetric systems provide a two-way channel to their users: A and B share a secret key, and they can both encrypt information to send to the other as well as decrypt information from the other. • The symmetry of this situation is a major advantage of this type of encryption, but it also leads to a problem: key distribution. How do A and B obtain their shared secret key? And only A and B can use that key for their encrypted communications. • If A wants to share encrypted communication with another user C, A and C need a different shared key. Key generation and key distribution is the major difficulty in using symmetric encryption. 5
  • 6. Cont.… • In general, n users who want to communicate in pairs need n * (n - 1)/2 keys. • In other words, the number of keys needed increases at a rate proportional to the square of the number of users! So a property of symmetric encryption systems is that they require a means of key distribution.
  • 7. Asymmetric encryption systems • Public key systems excel at key management. • Asymmetric encryption transforms plaintext into ciphertext using a one of two keys and an encryption algorithm. • Using the paired key and a decryption algorithm, the plaintext is recovered from the ciphertext. • Public key cryptography solves symmetric key encryption problem of having to exchange secret key • Uses two mathematically related digital keys public key (widely disseminated) and private key (kept secret by owner) • Once key is used to encrypt message, same key cannot be used to decrypt message • For example, sender uses recipients public key to encrypt message; recipient uses his/her private key to decrypt it 7
  • 8. Cont.… • By the nature of the public key approach, we can send a public key in an e-mail message or post it in a public directory. • Only the corresponding private key, which presumably is kept private, can decrypt what has been encrypted with the public key. • But for both kinds of encryption, a key must be kept well secured. • Once the private key is known by an outsider, all messages written previously or in the future can be decrypted (and hence read or modified) by the outsider. • So, for all encryption algorithms, key management is a major issue.
  • 9. Firewalls • Firewalls are network devices that enforce an organization’s security policy • A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. • A network administrator configures the firewall based on the policy of the organization. The policy may take user productivity and bandwidth usage into account as well as the security concerns of an organization. • A firewall is a combination of hardware and software that isolates an organization’s internal network from the Internet at large, allowing some packets to pass and blocking others. • A firewall allows a network administrator to control access between the outside world and resources within the administered network by managing the traffic flow to and from these resources.
  • 10. Cont.… • The firewall itself is immune to penetration. The firewall itself is a device connected to the network. • If not designed or installed properly, it can be compromised, in which case it provides only a false sense of security (which is worse than no firewall at all!).
  • 11. Cont.… • Software firewalls • Software firewalls are installed separately on individual devices. • All devices within an intranet may not be compatible with a single software firewall, and several different firewalls may be required. • Hardware firewalls • Are physical devices, each with its own computing resources. They act as gateways between internal networks and the internet, keeping data packets and traffic requests from untrusted sources outside the private network. •
  • 12. Cont.. • Firewalls can be classified in three categories: • Packet filters, • Stateful filters, and • Application gateways. 1. Packet filter: • All traffic leaving and entering the internal network passes through this router, and it is at this router where packet filtering occurs. • A packet filter examines each datagram in isolation, determining whether the datagram should be allowed to pass or should be dropped based on administrator-specific rules. • Filtering decisions are typically based on: • Source or destination IP address • Protocol type in IP datagram field: TCP, UDP, ICMP, OSPF, and so on • Source and destination port number •
  • 13. Cont.… 2. Stateful filtering • They work by creating a state table with source IP, destination IP, source port and destination port once a connection is established. • They create their own rules dynamically to allow expected incoming network traffic instead of relying on a hardcoded set of rules based on this information. • They conveniently drop data packets that do not belong to a verified active connection.
  • 14. Cont.… 3. Application gateway • Application-level gateways, also known as proxy firewalls, are implemented at the application layer via a proxy device. • Instead of an outsider accessing your internal network directly, the connection is established through the proxy firewall. • The external client sends a request to the proxy firewall. After verifying the authenticity of the request, the proxy firewall forwards it to one of the internal devices or servers on the client’s behalf. • Perform deep packet inspection to analyze the context and content of data packets against a set of user-defined rules. Based on the outcome, they either permit or discard a packet.

Editor's Notes

  • #10: These methods filter network traffic at one or more of the seven layers of the ISO network model, most commonly at the application, transport, network, and data-link levels. Types of firewall