Network Design
Contents
Introduction – Why Are Security Protocols Are Needed? 2
What Is TLS? 2
A Diagram Detailing the TLS Handshake 3
What Is SSH? 3
A Diagram Summarising SSH 4
TLS & SSH; A Comparison 4
Similarities 4
Differences 4
Comparative Advantages 5
Network Requirements 5
TLS Requirements 5
SSH Requirements 5
TLS Example 6
SSH Example 6
Conclusion 6
Bibliography 7
Introduction – Why Are Security Protocols Are Needed?
In this modern day and age of computing, networks are a huge part of IT. It is important now more than ever that data sent over any network, whether it be a LAN (Local Area Network) or WAN (Wide Area Network; The Internet) is kept safe, private (when required) and uninterrupted in
…show more content…
Security protocols are primarily & commonly used to protect communication via the web, VPNs (Virtual Private Networks) and the transferring of files. This report will now go on to compare two main security protocols – TLS & SSH. They will be compared in a way that takes into account both the similarities and differences in approach and features and their relative advantages and disadvantages. This information will then be backed up by examples where each protocol would be preferred to the other in a certain situation along with my own personal reasoning based on the research that has been carried out on my part.
What Is TLS?
TLS (Transport Layer Security) is the successor to another security protocol; SSL (Secure Sockets Layer) which was originally developed by ‘Netscape’ (HowStuffWorks "SSL and TLS". 2014). It is a cryptographic security protocol which was designed primarily to ensure communication security across the internet. Communication security is achieved by the use of X.509 certificates and hence asymmetric cryptography which allows the exchange of a symmetric key, which can then be used to encrypt the data that is being transmitted between both parties involved in the communication. The protocol is made up of two main layers; TLS Record Protocol and TLS Handshake Protocol. TLS will be most commonly recognised when ‘https’ is noticed in
Networking is part of our everyday lives now. Weather is us using our phones, computer, using GPS for directions, watching 3D movies and TV’s or in our work environments. Network Security has become search a big issue since our day to day live started to be more involve with us. These problems involve in all type of shapes and forms where some of these issues are cyber attacks, physical attacks, or abuse of policies. People are really exposed due to the amount of internet activities we have going on in most of our networks. There are two fundamentally different when it comes to networking, the data networks and the synchronous network comprised of switches. With that being said there are also
Security is the heart of internetworking. The world has moved from an Internet of implicit trust to an Internet of pervasive distrust. In network security, no packet can be trusted; all packets must earn that trust through a network device’s ability to inspect and enforce policy. Clear text (unencrypted data) services represent a great weakness in networks. Clear text services transmit all information or packets, including user names and passwords, in unencrypted format. Services such as file transfer protocol (FTP), email, telnet and basic HTTP authentication all transmit communications in clear text. A hacker with a sniffer could easily capture user names and passwords from the network without anyone’s knowledge and gain administrator access to the system. Clear text services should be avoided; instead secure services that encrypt communications, such as Secure Shell (SSH) and Secure Socket Layer (SSL), should be used. The use of routers and switches will allow for network segmentation and help defend against sniffing
Internet Protocol Security (IPsec) is a set of protocol for establishment of securing Internet Protocol (IP) communications. Safety on data was established through process of authentication and encryption of each IP packet in every communication session. At the beginning of the session, mutual authentication between agents will established and cryptographic keys to be used will arbitrated during the session. IPsec can be applied in protecting data flows not only between pair of hosts and pair of security gateway but also for between a security gateway and a host.
This paper was prepared for Network and Security Systems, CISK 445, taught by Dr. Marco A. Villarreal
Network security has changed significantly over the past years. There is more and more data to monitor and analyze in order to detect the activity of your data and systems. Securing a network has many variables. Password authentication, network access, patches, anti-virus protection, intrusion detection, firewall and network monitoring tools are just a few of the things you can do to protect yourself.
Some internet protocols such as HTTP, FTP, and ICMP are intrinsically insecure. On the other hand Simple Network Management Protocol (SNMP), Simple Mail Transfer Protocol (SMTP), and SYN floods are closely related to the intrinsic insecure structure design of TCP.
Protecting information and critical infrastructure in a cohesive way that quantifies policies and procedures is imperative for implementing a proactive privacy risk management plan. In doing so, you gain the necessary framework and principals to share essential operational data for use in cybersecurity while focusing on policy cohesiveness between intra government agencies, the private sector, and securing critical infrastructures. (Claffy & Kenneally, 2010).
For this project, I asked the question “is wireless network protection truly safe?” My literature search led me to conclude that, if consumers use the most up-to-date and secure wireless network protection, they can connect to their wireless network and conduct business safely and confidently.
In the last few decades, the world saw a revolution in information and technology, and the main factor of this revolution was the computer. Computers made life easier for millions of people all over the world, especially in the United States, where the latest innovations in the field of computers take place. Information circulates with extreme speed, and a person with a computer and access to the Internet can follow what is happening on Wall Street, even if he is thousands of miles away from there. Any user of this network can buy, sell, and make money by staying in his bed. But in order to guarantee the stability of such a world where a lot of transactions occur, billions of dollars are at stake, there must be
The main objective of this project is to enhance the security of a network using various modern day technologies.
The Internet is the largest global computer network. First developed in the early 1960’s, a computer network is designed to support the sharing of digital information and data between individual computers (Mowery & Simcoe, 2002). The Internet is connected through a global series of servers that act as a “repository for information files” (December, 2006). When an individual accesses the Internet, a request is made to a server that then retrieves the relevant data and information. To allow for computers to send and receive information across the Internet, a series of protocols must be used. These protocols are known as the TCP/IP protocols (Transmission Control Protocols and Internet Protocols), they define how data is exchanged on the Internet (December, 2006). The Internet has developed to also provide infrastructure for applications such as email, file sharing and the World Wide Web.
A reasonable amount of home Internet security can be achieved in an efficiently and effectively.
2. Packet Level Encryption: Another approach is to encrypt traffic at a higher layer in the TCP/IP stack. Several methods exist for the secure authentication and encryption of telnet and rlogin sessions (Kerberos, S/Key and DESlogin), which are examples of encryption at the highest level of the stack (the application layer). The advantages to encrypting
Protocols is a set of rules that governs the communication and the use of the internet (networks). They follow the rules that is introduce by highest authority of the internet (world government); such as data transfer speed, cabling types and hardware us and so on. The protocol includes the programme requirements of the computer such as firewall, security programme (anti-virus), file sharing and more.
It is vital to ensure the safety of a central computer system that is accessed by multiple branches, staff members and remote users. The diversity of an enterprise environment dictates the need to consider multiple aspects when planning for access. Normally, an internal LAN is considered a secure network. Due to its broadcast nature, wireless communications are not considered as secure. Such networks are vulnerable to eavesdropping, rogue access points, and other cracking methods. For remote access, VPN solutions such as dial-up, IPSec VPN, and SSL VPN are commonly used and any access to data center devices must be protected and secured. In the data center,