Security Management - PowerPoint PPT Presentation

About This Presentation
Title:

Security Management

Description:

Plaintext The text which is to be encrypted. ... In most cases, it was possible to spoof in. We ll talk about this in more detail later. Basically, ... – PowerPoint PPT presentation

Number of Views:63
Avg rating:3.0/5.0
Slides: 41
Provided by: g893
Category:

less

Transcript and Presenter's Notes

Title: Security Management


1
Security Management????
  • ??? (Yen-Cheng Chen)
  • yencheng_at_mcu.edu.tw
  • http//www.im.tj.mcu.edu.tw/ycchen/

2
Security Management
  • The process of protecting access to sensitive
    information found on systems attached to a data
    network.

3
???????
  • The creation, deletion, and control of security
    services and mechanisms.
  • The distribution of security-relevant
    information.
  • The reporting of security-relevant events.

4
???????
  • ??? (Confidentiality)
  • ??? (Authentication)
  • ??? (Integrity)
  • ????? (Non-repudiation)
  • ???? (Access control)
  • ??? (Availability)

5
????????
1. Identifying the sensitive information to be
protected 2. Finding the access points 3.
Securing the access points 4. Maintaining the
access points
6
Access Point
  • A piece of network hardware or software that
    allows access to the data network.
  • Software services
  • Hardware components
  • Network media

7
Finding the Access Points
  • Physical Wiring/Media
  • Network Services
  • Remote Login
  • File Transfer
  • E-mail
  • Remote Execution
  • Directory Service
  • NMS

8
Securing the Access Points
  • (1). Packet Filtering
  • (2). Host Authentication
  • (3). User Authentication
  • (4). Key Authentication
  • (5). Encryption

9
(1). Packet Filtering
  • Packet filtering usually can be performed in
    bridges, switches, and routers.
  • Packet filtering stops packets to or from
    unsecured hosts before they reach an access
    point.
  • Issues
  • Each network device to perform packet filtering
    must be configured.
  • Packet filtering doesn't work if the unsecured
    host changes its address.

10
Packet-Filtering Routers
Protected Network
Users
Router with ACLs
ISP and Internet
Users
E-mail Server
Public Access
Web Server
11
(2). Host Authentication
  • Allow access to a service based on a source host
    identifier, e.g. network address.
  • Issues
  • A host can change its network address.
  • Different users in the same host have the same
    authority.

12
(3). User Authentication
  • Enable service to identify each user before
    allowing that user access.
  • Password Mechanism
  • Generally, passwords are transferred on the
    network without any encryption.
  • Use encrypted passwords.
  • Users tend to make passwords easy to remember.
  • If the passwords are not common words, users will
    write them down.
  • Host Authentication User Authentication

13
(4). Key Authentication
  • Key
  • A unique piece of information that authenticates
    the data in a transaction.
  • Key Authentication
  • The destination host requires the source host of
    a transaction to present a key for the
    transaction.
  • Key Server
  • A server that validates requests for transactions
    between hosts by giving out keys.

14
Source (S) Key Server (K) Destination
(D)
1. S requests remote login to D 2. S requests a
key to K. 3. K validates the request. 4.
K send a key to S. 5. S requests login with
valid key to D.
S
K
?
?
S
D
15
(5). Encryption
Network
atek49ffdlffffe ffdsfsfsff
atek49ffdlffffe ffdsfsfsff
decryption
encryption
ciphertext
ciphertext
Dear John I am happy to know ...
Dear John I am happy to know ...
plaintext
plaintext
16
Cryptography / Encryption
  • Encryption
  • Encode, Scramble, or Encipher the plaintext
    information to be sent.
  • Encryption Algorithm
  • The method performed in encryption.
  • Encryption Key
  • A stream of bits that control the encryption
    algorithm.
  • Plaintext
  • The text which is to be encrypted.
  • Ciphertext
  • the text after encryption is performed.

17
Encryption
Encryption Algorithm
Encryption Key
?
Ciphertext
atek49ffdlffffe ffdsfsfsff
Plaintext
Dear John I am happy to know ...
18
Decryption
Decryption Algorithm
Decryption Key
?
Plaintext
Dear John I am happy to know ...
Ciphertext
atek49ffdlffffe ffdsfsfsff
19
Encryption / Decryption
20
Encryption Techniques
  • Private Key Encryption
  • Encryption Key Decryption Key
  • Also called Symmetric-Key Encryption, Secret-Key
    Encryption, or Conventional Cryptography.
  • Public Key Encryption
  • Encryption Key ? Decryption Key
  • Also called Asymmetric Encryption

21
Private Key Encryption - DES (Data Encryption
Standard)
  • Adopted by U.S. Federal Government.
  • Both the sender and receiver must know the same
    secret key code to encrypt and decrypt messages
    with DES
  • Operates on 64-bit blocks with a 56-bit key
  • DES is a fast encryption scheme and works well
    for bulk encryption.
  • Issues
  • How to deliver the key to the sender safely?

22
Symmetric Key in DES
23
Other Symmetric Key Encryption Techniques
  • 3DES
  • Triple DES
  • RC2, RC4
  • IDEA
  • International Data Encryption Algorithm

24
Key Size Matters!
Centuries Decades Years Hours
168-bits
Triple-DES (recommended for commercial
corporate information)
Information Lifetime
56-bits
40-bits
100s 10K 1M 10M
100M Budget ()
25
Public Key Encryption - RSA
  • The public key is disseminated as widely as
    possible. The secrete key is only known by the
    receiver.
  • Named after its inventors Ron Rivest, Adi Shamir,
    and Leonard Adleman
  • RSA is well established as a de facto standard
  • RSA is fine for encrypting small messages

26
Asymmetric Key in RSA
27
Key Length
Average Time for Exhaustive Key Search
9
32
32 Bits 2 4.3 X 10
56
16
Number of Possible Key
56 Bits 2 7.2 X 10
Symmetric Cipher (Conventional)
Asymmetric (RSA/D-H)
128
38
128 Bits 2 3.4 X 10
40 Bits 274 Bits
56 Bits 384 Bits 64
Bits 512 Bits 80
Bits 1024 Bits 96 Bits
1536 Bits 112 Bits
2048 Bits 120 Bits
2560 Bits 128 Bits
3072 Bits 192 Bits
10240 Bits
31
32 Bits gt 2 usec 36 min
Time required at 1 Encryption/uSEC
127
24
128 Bits gt 2 usec 5X10 Years
32 Bits gt 2 millsec
Time required at 10 Encryption/uSEC
56 Bits gt 10 Hours
Performance
6
18
128 Bits gt 5X10 Years
30200 1
28
Hybrid Encryption Technology PGP (Pretty Good
Privacy)
  • Hybrid Encryption Technique
  • First compresses the plaintext.
  • Then creates a session key, which is a
    one-time-only secret key.
  • Using the session key, apply a fast conventional
    encryption algorithm to encrypt the plaintext.
  • The session key is then encrypted to the
    recipients public key.
  • This public key-encrypted session key is
    transmitted along with the ciphertext to the
    recipient.

29
PGP Encryption
30
PGP Decryption
  • The recipient uses its private key to recover the
    temporary session key
  • Use the session key to decrypt the
    conventionally-encrypted ciphertext.

31
PGP Decryption
32
Digital Signatures
  • Digital signatures enable the recipient of
    information to verify the authenticity of the
    informations origin, and also verify that the
    information is intact.
  • Public key digital signatures provide
  • authentication
  • data integrity
  • non-repudiation
  • Technique public key cryptography

33
Simple Digital Signatures
34
Secure Digital Signatures
35
Maintaining the Secure Access Points
  • Locate potential and actual security breaches.
  • Audit Trail
  • Security Test Programs

36
Attaching to a Public Network
  • No Access
  • Full Access
  • All individual computers should have security
    management.
  • Limited Access
  • Use a firewall to enforce security between
    private and public networks.

37
??? (Firewall)
  • Firewall????????,????????????????
  • Firewall????
  • Packet Filtering Firewall
  • Dual-Homed Host Firewall
  • Screened Host Firewall
  • Screened Subnet Firewall

http//www.movies.acmecity.com/silent/6/doc/fwppt.
zip
38
VPN (Virtual Private Network)
  • VPN ??????
  • ???????,????????????????????????
  • VPN??????????
  • X.25
  • Frame Relay
  • ATM
  • Internet

39
VPN (Virtual Private Network)
40
VPN??
  • ???? (Tunneling)
  • IPSec (IP Security)
  • PPTP (Point-to-Point Tunneling Protocol)
  • L2TP (Layer 2 Tunneling Protocol)
  • ????? (Encryption/Decryption)
  • Private/Public/Hybrid Key Encryption
  • ???? (Key Management)
  • SKIP (Simple Key Management for IP)
  • IKE (ISAKMP/Oakley)
  • ???????????? (Authentication)
  • Username/Password Token Number
  • X.509 Certificate by Certificate Authority (CA)
Write a Comment
User Comments (0)
About PowerShow.com