• Tidak ada hasil yang ditemukan

Communication Security and Countermeasure Slide ke-6 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2018

Membagikan "Communication Security and Countermeasure Slide ke-6 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki"

Copied!
36
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 36 Halaman )

Teks penuh

(1)

Communication Security and

Countermeasure

Slide ke-6 Mata Kuliah: Keamanan Jaringan

(2)

Course Objectives

• Virtual Private Network (VPN).

• Network Address Translator (NAT). • Switching Technologies.

• WAN Technologies.

(3)

Virtual Private Network

(VPN)

Communication Tunnel that provides point-to-point transmission of both

authentication and data traffic over an intermediary untrusted network.

– Most VPNs use Encryption to protect the encapsulated traffic

(4)
(5)

Tunneling

Tunneling

is the network communications process that protects the contents of protocol packets by encapsulating them in packets of another protocol.

• The encapsulation is what creates the logical illusion of a communications tunnel over the untrusted network.

– This virtual path exists between the Encapsulation

(6)

Tunneling (Cont.)

In fact, sending a letter to your grandmother

involves the use of a tunneling system. You create the personal letter (the primary content protocol packet) and place it in an envelope (the tunneling

protocol). The envelope is delivered through the

(7)

Tunneling Drawbacks

Inefficient

of communicating:

– Most protocols include their own error detection, error handling, acknowledgment, and session management features, so using more than one protocol at a time compounds the overhead required to communicate a single message.

– Tunneling creates either Larger Packets or

(8)
(9)

Implementing VPN (Cont.)

Point-to-point Tunneling Protocols (PPTP) creates a point-to-point tunnel between two systems and encapsulates PPP packets.

(10)

Implementing VPN (Cont.)

Layer 2 Tunneling Protocol (L2TP) was derived by combining elements from both PPTP and L2F.

(11)

Implementing VPN (Cont.)

IP Security (IPSec)

is both a stand-alone VPN protocol and the security

mechanism for L2TP, and it can be used only for IP traffic.

• IPSec has two primary components, or functions:

Authentication Header (AH).

(12)
(13)

Network Address Translator

(NAT)

• NAT is a mechanism for

Converting

the internal IP addresses found in packet

headers into public IP addresses for transmission over the Internet.

• NAT was developed to allow private

networks to use any IP address set without causing collisions or conflicts with public

(14)

Network Address Translator

(NAT)

(15)

Network Address Translator

(Cont.)

• NAT translates the IP addresses of your internal clients to leased addresses outside your environment.

• NAT offers numerous benefits:

1. Able to connect an entire network to the Internet using only a single (or just a few) leased public IP addresses.

2. Using the private IP addresses in a private

(16)

Network Address Translator

(Cont.)

• NAT offers numerous benefits:

3. Protects a Network by hiding the IP

addressing scheme and network topography from the Internet.

(17)

Switching Technologies:

Circuit Switching

Circuit Switching was originally

developed to manage telephone calls over the public switched telephone network.

– A dedicated physical pathway is created between the two communicating parties.

• Once a call is established, the links

between the two parties remain the same

(18)

Switching Technologies:

Circuit Switching

• Circuit-switching systems employ permanent, physical connections.

– However, the term permanent applies only to each communication session.

– Only after a session has been closed can a

pathway be reused by another communication.

• Circuit switching grants exclusive use of a communication path to the current

(19)
(20)

Switching Technologies:

Packet Switching

Packet-switching: the data is chopped up into small pieces called packets and sent over the network.

– Each packet of data has its own header that contains source and destination information.

(21)
(22)

Switching Technologies:

Comparison

• In circuit switching, a circuit is first

established and then used to carry all data between devices.

• In packet switching no fixed path is created between devices that

communicate;

(23)
(24)

Switching Technologies:

Virtual Circuit

Virtual Circuit or communication path is a logical pathway or circuit created over a

packet-switched network between two specific endpoints.

• Within packet-switching systems are two types of virtual circuits:

(25)

Switching Technologies:

Virtual Circuit

• A PVC is like a dedicated leased line; the logical circuit always exists and is waiting for the customer to send data.

• An SVC is more like a dialup connection because a virtual circuit has to be created before it can be used and then

(26)

Wide Area Network (WAN)

Technologies

WAN links and long-distance connection technologies can be divided into two

primary categories: dedicated and non-dedicated lines.

A dedicated line is always on and waiting

(27)

Wide Area Network (WAN)

Technologies

A non-dedicated line is one that requires a connection to be established before data transmission can occur.

A non-dedicated line can be used to

(28)
(29)

Network Attacks and

Countermeasure

• Understanding the threats and Possible Countermeasures is an important part of securing an environment.

– Any activity that can cause harm to resources must be addressed and mitigated if possible.

• Keep in mind that harm includes more than just destruction or damage.

(30)

Network Attacks and

Countermeasure:

Eavesdropping

• Listening to communication traffic for the purpose of duplicating it.

– Once a copy of traffic content is in the hands of a attacker, they can often Extract Many Forms of confidential information, such as usernames, passwords, process procedures, data, etc.

Wireshark and NetWitness and dedicated

(31)

Network Attacks and

Countermeasure:

Eavesdropping

(32)

Network Attacks and

Countermeasure:

Eavesdropping

• Combating eavesdropping by maintaining

physical access

security to prevent

unauthorized personnel from accessing your IT infrastructure

(33)

Network Attacks and

Countermeasure:

Masquerading

• Act of

Pretending

to be someone or something you are not, to access a

systems.

• Masquerading is often possible through capturing of usernames and passwords

or of session setup procedures.

(34)

Network Attacks and

Countermeasure:

Reply Attack

• An offshoot of masquerading attacks and are made possible through capturing

network traffic via eavesdropping.

– Replay attacks attempt to Reestablish a

Communication Session by replaying captured traffic against a system.

• You can prevent them by using one-time authentication mechanisms and

(35)

Network Attacks and

Countermeasure:

Modification

• An attack in which captured packets are

altered

and then played against a system.

– Modified packets are designed to bypass the restrictions of improved authentication

mechanisms and session sequencing.

• Countermeasures to modification replay attacks include using digital signature verifications and packet checksum

(36)

End of Slides

• Available at

Referensi

Unduh sekarang ( PPT - 36 Halaman - 383.00 KB )

Dokumen terkait