NETWORK SECURITY OVERVIEW NETWORK SECURITY TUTORIAL

organizations greatly rely on computer networks to share information throughout the organization in an efficient and productive manner

VULNERABILITY thousands of workstations on company network are directly connected to the Internet. This sort of unsecured network becomes a target for an attack which holds valuable information and displays vulnerabilities

PHYSICAL NETWORK TWO OR MORE COMPUTING DEVICES CONNECTED TOGETHER FOR SHARING RESOURCHES EFFICIENTLY

SHARE BY WIRED/ WIRELESS

SHARE BY WIRED/ WIRELESS wireless network are considered less secure than wired network. wireless network can be easily accessed without any physical connection

TCP/IP two distinct computer network protocols mostly used together. Due to their popularity and wide adoption, they are built in all operating systems of networked devices.

Beberapa kerentanan keamanan umum dari protokol TCP / IP HTTP adalah protokol lapisan aplikasi dalam TCP / IP suite yang digunakan untuk mentransfer file yang membentuk halaman web dari server web. Transfer ini dilakukan dalam plain text dan penyusup dapat dengan mudah membaca paket data yang dipertukarkan antara server dan klien

Beberapa kerentanan keamanan umum dari protokol TCP / IP Kerentanan HTTP lainnya adalah otentikasi lemah antara klien dan server web menyebabkan serangan pembajakan sesi di mana penyerang mencuri sesi HTTP dari pengguna yang sah

Beberapa kerentanan keamanan umum dari protokol TCP / IP otentikasi lemah antara klien -- server web selama inisialisasi sesi. Kerentanan ini dapat menyebabkan serangan pembajakan sesi di mana penyerang mencuri sesi HTTP dari pengguna yang sah.

in TCP/IP based network communication, if one layer is hacked, the other layers do not become aware of the hack and the entire communication gets compromised. Hence, there is need to employ security controls at each layer to ensure foolproof security.

DNS Protocol penyerang adalah untuk mengubah catatan DNS yang sah sehingga diselesaikan ke alamat IP yang salah

DNS cache poisoning menyampaikan informasi IP Address yang salah mengenai sebuah host

Goals of network Confidentiality. The function of confidentiality is to protect precious business data from unauthorized persons. Confidentiality part of network security makes sure that the data is available only to the intended and authorized persons.

Goals of network Integrity. This goal means maintaining and assuring the accuracy and consistency of data. The function of integrity is to make sure that the data is reliable and is not changed by unauthorized persons.

Goals of network Availability The function of availability in Network Security is to make sure that the data, network resources/services are continuously available to the legitimate users, whenever they require it.

Security mechanisms at Networking Layers

Security at Application Layer Multipurpose Internet Mail Extensions (S/MIME), which is commonly used to encrypt e-mail messages.

Security at Transport Layer Security measures at this layer can be used to protect the data in a single communication session between two hosts. The most common use for transport layer security protocols is protecting the HTTP and FTP session traffic. The Transport Layer Security (TLS) and Secure Socket Layer (SSL) are the most common protocols used for this purpose

Security at Transport Layer Bob visits Alice’s website for selling goods. In a form on the website, Bob enters the type of good and quantity desired, his address and payment card details. Bob clicks on Submit and waits for delivery of goods with debit of price amount from his account. All this sounds good, but in absence of network security, Bob could be in for a few surprises

Security at Transport Layer If transactions did not use confidentiality (encryption), an attacker could obtain his payment card information. The attacker can then make purchases at Bob's expense. If no data integrity measure is used, an attacker could modify Bob's order in terms of type or quantity of goods. Lastly, if no server authentication is used, a server could display Alice's famous logo but the site could be a malicious site maintained by an attacker, who is masquerading as Alice. After receiving Bob's order, he could take Bob's money and flee. Or he could carry out an identity theft by collecting Bob's name and credit card details.

Security at Network Layer Setiap skema menyediakan keamanan jaringan perlu diimplementasikan pada beberapa lapisan dalam tumpukan protokol seperti yang digambarkan dalam diagram di bawah ini

Security at Network Layer Internet Protocol Security (IPsec) menyediakan solusi yang jauh lebih baik daripada transportasi atau lapisan aplikasi kontrol karena kesulitan dalam menambahkan kontrol ke aplikasi individu.

Buat kelompok terdiri dari 4 orang (masing-masing memiliki alamat IP dalam 1 kelas) Buat rancangan Access Control List menggunakan Packet Tracer, simulasi usaha penyerangan kepada kelompok lain dan buat pertahanan dari kelompok lain.