Blog picture

Lecturer(c)

Blog image Anjana Kumari Shared publicly - May 11 2020 2:02PM

Network Security


Network Security


In its simplest form, it is concerned with making sure that nosy people cannot read, or worse yet, secretly modify messages intended for other recipients. It is concerned with people trying to access remote services that they are not authorized to use. It also deals with ways to tell whether that message purportedly from the IRS ‘‘Pay by Friday, or else’’ is really from the IRS and not from the Mafia. Security also deals with the problems of legitimate messages being captured and replayed, and with people later trying to deny that they sent certain messages.

Network security problems can be divided roughly into four closely intertwined areas: secrecy, authentication, nonrepudiation, and integrity control. Secrecy, also called confidentiality, has to do with keeping information out of the grubby little hands of unauthorized users.

 Authentication deals with determining whom you are talking to before revealing sensitive information or entering into a business deal. Nonrepudiation deals with signatures:

All these issues (secrecy, authentication, nonrepudiation, and integrity control) occur in traditional systems, too, but with some significant differences. Integrity and secrecy are achieved by using registered mail and locking documents up.

 

Solution:

In the data link layer, packets on a point-to-point line can be encrypted as they leave one machine and decrypted as they enter another. All the details can be handled in the data link layer, with higher layers oblivious to what is going on. This solution breaks down when packets have to traverse multiple routers, however, because packets have to be decrypted at each router, leaving them vulnerable to attacks from within the router. Also, it does not allow some sessions to be protected (e.g., those involving online purchases by credit card) and others not. Nevertheless, link encryption, as this method is called, can be added to any network easily and is often useful.

·       In the network layer, firewalls can be installed to keep good packets and bad packets out. IP security also functions in this layer. 

·       In the transport layer, entire connections can be encrypted end to end, that is, process to process. For maximum security, end-to-end security is required.

·       Finally, issues such as user authentication and nonrepudiation can only be handled in the application layer.

·       Since security does not fit neatly into any layer, it does not fit into any chapter.



Post a Comment

Comments (0)