Professional Documents
Culture Documents
G.MANOGNA K.HIMATHA
3RD B.TECH 3RD B.TECH
C.S.E C.S.E
manogna_gudipudi@yahoo.co.in himatha_k007@yahoo.com
Abstract
Network security is a complicated subject, historically only tackled by well-
trained and experienced experts. However, as more and more people become ``wired'', an
increasing number of people need to understand the basics of security in a networked
world. This document was written manager in mind, explaining the concepts needed to
read through the hype in the marketplace and understand risks and how to deal with them.
communications is that of cryptography. Cryptography, then, not only protects data from
theft or alteration, but can also be used for user
Cryptography is the science of writing in
authentication.
secret code and is an ancient art. The first
documented use of cryptography in writing • The three types of cryptographic algorithms
dates back to circa 1900 B.C. when an that will be discussed are (Figure 1):
Egyptian scribe used non-standard
• Secret Key Cryptography (SKC): Uses a
hieroglyphs in an inscription.
single key for both encryption and decryption
In data and
Public Key Cryptography (PKC): Uses one
telecommunications,cryptography is necessary
key for encryption and another for decryption
when communicating over any untrusted
medium, which includes just about any network, • Hash Functions: Uses a mathematical
particularly the Internet.Within the context of transformation to irreversibly "encrypt" information
any application-to-application communication,
there are some specific security requirements,
including:
difficulty with this approach, of
course, is the distribution of the
key.Secret key cryptography schemes
are generally categorized as being
either stream ciphers or block ciphers.
Types of authority
• Establish identity: Associate, or
bind, a public key to an individual,
organization, corporate position, or Hellman for key exchange and digital
other entity. signatures. And much more techniques used.
• Assign authority: Establish what Time is the only true test of good
actions the holder may or may not cryptography; any cryptographic scheme that
take based upon this certificate. stays in use year after year is most likely a
good one. The strength of cryptography lies in
• Secure confidential information the choice (and management) of the keys;
(e.g., encrypting the session's longer keys will resist attack better than
symmetric key for data shorter keys
confidentiality). Encrypt and decrypt messages using any of
------------------------------------------------ the classical substitution ciphers discussed,
2.Firewalls:
A firewall provides a strong barrier between
your private network and the Internet . You
can set firewalls to restrict the number of open
ports , what type of packets are passed through
and which protocols are allowed through . You
should already have a good firewall in place
before you implement a VPN , but a firewall
can also be used to terminate the VPN
sessions .
Fig2: A fire wall consisting of two packet filters and servers are used for more secure access in a
an application gateway
remote-access VPN environment . When a request
to establish a session comes in from a dial up
3.IPSec - client , the Request is proxies to the AAA
Internet Protocol Security Protocol (IPSec) server . AAA then checks the following :
provides enhanced security features such as Who you are (authentication)
better encryption algorithms and more What you are allowed to do (authorization)
comprehensive authentication . IPSec has two What you actually do (accounting) The accounting
encryption modes : tunnel and transport . Tunnel information is especially useful for tracking
encrypts the header and the payload of each client. Use for security auditing , billing or
packet while transport only encrypts the reporting purposes .
payload. Only systems that are IPSec compliant
can take advantage of this Protocol . Also , all
devices must use a common key and the
firewalls of each network must have very
similar security policies set up. IPSec can
encrypt data between various devices , such as :
Router to router
Firewall to router
PC to router
PC to server