Ravikumar Natarajan, profile picture
Uploaded byRavikumar Natarajan
DOC, PDF1,073 views

Network security

The document discusses the critical need for enhanced network security, emphasizing that current technologies, mainly firewall-based systems, inadequately protect organizations' data and intellectual property. It advocates for comprehensive data protection across networks, especially as data is often unprotected while in transit, and highlights the necessity for network security forensic tools to document incidents and ensure compliance with regulations. Ultimately, a layered approach incorporating data protection, identity management, and perimeter defense is essential for safeguarding dynamic and interconnected networks.

Downloaded 108 times
Network Security ABSTRACT The biggest threat to network security is underestimating the threat to network security. And as IP networks become the defector standard, ignoring this reality can extract a heavy price down the road. The truth of the matter is that current security technologies pose an unacceptable risk in protecting an organization’s data and intellectual property. Today’s firewall-based security technologies do not fully protect data resources. Only data protection throughout the network can safeguard critical and confidential data, regardless of the success or failure of other security technologies and policies. Therefore, data protection must be the primary layer of defense. As hacking and security threats grow in complexity and organizations face stringent requirements to document access to private data on the network, organizations require a new level of network visibility and surveillance. The world of network security has become an “arms race”. As organizations tighten their external defenses and install improved security tools, threats and attacks emerge to circumvent these security measures. Increasingly, this arms race is taking place in a regulated environment, where government rules such as HIPAA, Sarbanes-Oxley, and the EU Data Protection Directive require organizations to control access to private data and document security breaches. This includes the following. •Identify the need for a network security camera to capture and save all network transactions and activities •Illustrate how network security forensic appliances provide new visibility and evidence for security and compliance investigations •Highlight real-world examples from clients demonstrating the role network security forensics plays in identifying security and compliance violations •Providethekeycomponentstolookforinanynetworksecurityforensicssolution Network security helps investigation.  Network policy violation.  Compliance violation
 Access violation  Security violation Where network security is needed: •Monitoring internal threats •Documenting evidence for investigations •Solving the “Who done it” mystery •Complying with government regulations such as HIPAA, SOX, and the EU data Protection Directive •Complying with corporate HR and network- use policies Data in motion: what’s the worst that could happen? Networks today are not the isolated, self-contained islands they once were. With internet gateways giving network access to remote employees, customers, contractors and partners, the network has opened up, increasing productivity and security risks. Network security has relied primarily on keeping the bad guys out. Hackers, thieves and other ne’er-do-wells seeking to do harm are prevented from getting in, most of the time. However, the nature of networks today is dynamic. While data may spend some time on any number of devices – servers, desktops, disk arrays – some of it is in motion, travelling across the network, all the time. That data zipping around the network is the same data that is thoroughly protected while static. And it is more often than not completely unprotected while in motion. Data residing on desktops, laptops and servers is usually protected with at least a password, if not more complex security. While always a good idea, it should not be enough to ensure a good night’s sleep for IT security. So much for perimeter defence and ID management as a comprehensive network security strategy. There are any numbers of reasons your information may be an attractive target: • Intellectual property – your organization’s “special sauce” that gives you critical market differentiation and a leg up on the competition. • Customer information – personal, financial and/or health information can be very valuable. In fact, protecting that information has spawned a growing number of federal and state regulations, including Gramm-Leach-Bliley, Sarbanes-Oxley and California Senate Bill 1386 • Employee information – personal information such as Social Security numbers, bank account numbers and health information
• Other secret information – including governmental information regarding homeland or national security, Department of Defense activities or communications, and personal, private data used by any number of agencies • Business-enabling information – customer and prospect opportunities, plans and interactions All networks are untrusted Most enterprises and organizations with far-flung offices, remote back-up data centers and multiple buildings in a campus setting have a complex network to meet all of their communication and business needs. more than a single network, it is usually a network of networks that must communicate and share data with one another. This creates a situation where data is physically leaving a protected facility and moving to another. Whether it’s going over the Internet, a service provider backbone or a wireless link between buildings, that data, which has been protected while at rest on servers, has moved out to where it is available to anyone with the motivation and means to get it. If we take a look at a layered approach to network security, data protection, along with ID management and perimeter technologies, provide the three anchors that protect all aspects of the network: data and intellectual property, networking infrastructure and people. Examples of common networks where data in transit is susceptible to unauthorized access. Broadband wireless link between buildings Many organizations have multiple networks in different facilities that must exchange information. When fibre is impossible or too cost-prohibitive, high-speed wireless provides
an inexpensive and easy solution. However, all data transmitted over the air through the wireless links is at risk to anyone wanting to access it. Broadband wireless link between buildings Storage IP Networking It is becoming increasingly common for organizations to store and archive their data in a remote facility. Once again, however, this data must travel over entrusted networks to reach its destination, meaning it could be accessed without anyone knowing it. MPLS MPLS (multi-protocol label switching) networks are becoming more and more popular as service providers look for ways to enable multiple customers to have VPNs on the same network. However, the VPNs on the MPLS network simply separate user groups, they don’t protect the data.
Data protection – the primary layer of defense Your data is running around the network in packets that contain addresses, protocol ids, and the actual data. If you protect the packet from its source to its destination you have created an excellent foundation for a secure network. There are three main aspects of data protection on the network: • Confidentiality – Keep your data private • Authentication – Trust your sources • Integrity—Trust your data IP Security (IPSec), defined by the Internet Engineering Task Force (IETF), is the accepted standard for protecting data in transit over an untrusted network and provides the three levels of security. IPSec is a suite of security protocols that protects IP packets. IPSec works on Layer 3, the network layer of the Open Systems interconnection 7- layer networking model. By running on Layer 3, IPSec is able to function transparently to higher layer applications; the applications do not require any knowledge of IPSec in order to use it. By enabling IPSec everywhere on the network that sensitive data travels, the vulnerability of data traveling in the clear is eliminated. IPSec modes of protection IPSec protects IP packets by defining which traffic is to be protected, IPSec uses a protocol called Encapsulating Security Payload (ESP) that provides proof of data integrity, data source authentication and anti-replay by inserting a new IP address and ESP header in
front of the packet to be protected. This protects the entire IP packet including the originating IP address. Using ESP controls both the encryption and authentication used to protect the IP payload. Tunnel mode ESP (encapsulating security payload) _ Data integrity + authentication _ Anti-replay service _ Confidentiality IPSec encryption IPSec encryption enables confidentiality of data as it travels on the network. • Uses symmetric keys (same keys are used for encryption and decryption) • Uses Diffie-Hellman algorithms and IKE/ISAKMP protocols to derive keys • Encryption algorithms such as AES(Advanced Encryption Standard) Cipher Optics enables IPSec everywhere There are several ways to enable IPSec on the network. The Cipher Optics approach is to use purpose-built appliances designed for Fast Ethernet and Gigabit Ethernet IP networks. With its proprietary TILEA™ architecture, Cipher Optics appliances are paving the way for IPSec everywhere.
To show how Cipher Optics IPSec appliances provide data protection is shown in figure below, Internet Key Exchange (IKE) IKE is used to ensure security for virtual private network negotiation and remote host or network access. IKE defines an automatic means of negotiation and authentication for IPSec security associations (SA). Security associations are security policies defined for communication between two or more entities¾the relationship between the entities is represented by a key. The IKE protocol ensures security for SA communication without the pre-configuration that would otherwise be required.
Conclusion New security tools will continue to emerge to combat constantly evolving security threats. There will never be a single “set it and forget it” security solution for stopping breaches on the network. To effectively address and prevent security breaches requires constant monitoring and adjusting of infrastructure and policy. If a successful attack is perpetrated against an organization, the monitoring solution becomes even more critical to ensure the attack is accurately identified and appropriate steps are taken to prevent future attacks. Network security forensic devices are uniquely positioned to provide a full view of all activities before, during, and after the event. These tools also have the ability to isolate the breach, identify software, scripts and exploits used; and locate potentially compromised infrastructure. The ability to capture all packet-level data is also critical to compliance enforcement and the documentation of potential violations. The ability to accurately diagnose the breach or policy violation through reports and reconstructing communications or web sessions provides evidence necessary for proving compliance.

More Related Content

PPTX
Cyber security
byAman Pradhan
 
PPTX
security and privacy-Internet of things
bysreelekha appakondappagari
 
PDF
Cisco cybersecurity essentials chapter 4
byMukesh Chinta
 
PDF
Cisco cybersecurity essentials chapter -5
byMukesh Chinta
 
PPT
Implementing an improved security for collin’s database and telecommuters
byRishabh Gupta
 
DOCX
Security and Privacy considerations in Internet of Things
bySomasundaram Jambunathan
 
PDF
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
byIJSRD
 
PPT
Data+security+sp10
byismaelhaider
 
Cyber security
byAman Pradhan
 
security and privacy-Internet of things
bysreelekha appakondappagari
 
Cisco cybersecurity essentials chapter 4
byMukesh Chinta
 
Cisco cybersecurity essentials chapter -5
byMukesh Chinta
 
Implementing an improved security for collin’s database and telecommuters
byRishabh Gupta
 
Security and Privacy considerations in Internet of Things
bySomasundaram Jambunathan
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
byIJSRD
 
Data+security+sp10
byismaelhaider
 

What's hot

PPTX
Data security
byAbdulBasit938
 
PPTX
A survey in privacy and security in Internet of Things IOT
byUniversity of Ontario Institute of Technology (UOIT)
 
PPTX
IoT Security
byPeter Waher
 
PPT
Ne Course Part Two
bybackdoor
 
PDF
Network Security Tutorial | Introduction to Network Security | Network Securi...
byEdureka!
 
PPTX
Data security
byTapan Khilar
 
PDF
Cisco cybersecurity essentials chapter 8
byMukesh Chinta
 
PPTX
IoT Security Training, IoT Security Awareness 2019
byTonex
 
PPTX
Aspects of data security
bySaranSwathi1
 
PDF
Cisco Cybersecurity Essentials Chapter- 7
byMukesh Chinta
 
DOCX
Report on Network Security And Privacy
byManan Gadhiya
 
PDF
IoT Security and Privacy Considerations
byKenny Huang Ph.D.
 
PDF
Cisco cybersecurity essentials chapter 3
byMukesh Chinta
 
PPTX
Big Data and Security - Where are we now? (2015)
byPeter Wood
 
PDF
Internet Protocol Security as the Network Cryptography System
byUniversitas Pembangunan Panca Budi
 
PDF
Practice case legal for data professional
byNovita Sari
 
PDF
Networking and communications security – network architecture design
byEnterpriseGRC Solutions, Inc.
 
PDF
IE_ERS_CyberAnalysisReport
byCamilo do Carmo Pinto
 
PPTX
Attacking the cloud with social engineering
byPeter Wood
 
PDF
Introduction to the concept of it security
byRAVIKUMAR Digital Signal Processing
 
Data security
byAbdulBasit938
 
A survey in privacy and security in Internet of Things IOT
byUniversity of Ontario Institute of Technology (UOIT)
 
IoT Security
byPeter Waher
 
Ne Course Part Two
bybackdoor
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
byEdureka!
 
Data security
byTapan Khilar
 
Cisco cybersecurity essentials chapter 8
byMukesh Chinta
 
IoT Security Training, IoT Security Awareness 2019
byTonex
 
Aspects of data security
bySaranSwathi1
 
Cisco Cybersecurity Essentials Chapter- 7
byMukesh Chinta
 
Report on Network Security And Privacy
byManan Gadhiya
 
IoT Security and Privacy Considerations
byKenny Huang Ph.D.
 
Cisco cybersecurity essentials chapter 3
byMukesh Chinta
 
Big Data and Security - Where are we now? (2015)
byPeter Wood
 
Internet Protocol Security as the Network Cryptography System
byUniversitas Pembangunan Panca Budi
 
Practice case legal for data professional
byNovita Sari
 
Networking and communications security – network architecture design
byEnterpriseGRC Solutions, Inc.
 
IE_ERS_CyberAnalysisReport
byCamilo do Carmo Pinto
 
Attacking the cloud with social engineering
byPeter Wood
 
Introduction to the concept of it security
byRAVIKUMAR Digital Signal Processing
 

Viewers also liked

PPTX
Grand Chase
bybloodwhiz17
 
PDF
Terna 2010 consolidated results
byTerna SpA
 
PPT
Clase 3
bynidiareal
 
PPTX
Gwig update 29 april 2013
bySudirman Sultan
 
DOCX
Open source พื้นฐานที่ควรมี
byสมชาย ทุมอาริยะ
 
PDF
Successful testing continuous delivery (Testnet 2013)
byPascal Dufour
 
PPTX
Optimizing Client-Side Performance
byandrew4web
 
PPTX
PR Newswire Emerging Media Presentation
byLeif Clarke
 
PDF
Il tempo dei se e dei ma è finito
byDaniel Cerami
 
DOCX
Insert latest articles on blogger
byStefano Vinci
 
PPS
Origi nof numbers_0_9_
byThea Long
 
PPT
Au Psy 492 Baroness Thompson Doc M7 A2
byBaroness Thompson
 
PDF
GT Study Day Mesagne
byEmanuele Rosato
 
PPTX
Inquiry
byDavid Geelan
 
PDF
Wishing you all a happy and lucky 2015
byIn-depth Consulting
 
PDF
SAHNI SPORTS Uttar Pradesh India
bySAHNI SPORTS
 
PPT
280 слайдов
bylubov17
 
DOC
Au psy492 m6 a2 thompson b doc
byBaroness Thompson
 
PDF
The Colours of Pollution
byAlessio Cuccu
 
PDF
Garbage white
byAlessio Cuccu
 
Grand Chase
bybloodwhiz17
 
Terna 2010 consolidated results
byTerna SpA
 
Clase 3
bynidiareal
 
Gwig update 29 april 2013
bySudirman Sultan
 
Open source พื้นฐานที่ควรมี
byสมชาย ทุมอาริยะ
 
Successful testing continuous delivery (Testnet 2013)
byPascal Dufour
 
Optimizing Client-Side Performance
byandrew4web
 
PR Newswire Emerging Media Presentation
byLeif Clarke
 
Il tempo dei se e dei ma è finito
byDaniel Cerami
 
Insert latest articles on blogger
byStefano Vinci
 
Origi nof numbers_0_9_
byThea Long
 
Au Psy 492 Baroness Thompson Doc M7 A2
byBaroness Thompson
 
GT Study Day Mesagne
byEmanuele Rosato
 
Inquiry
byDavid Geelan
 
Wishing you all a happy and lucky 2015
byIn-depth Consulting
 
SAHNI SPORTS Uttar Pradesh India
bySAHNI SPORTS
 
280 слайдов
bylubov17
 
Au psy492 m6 a2 thompson b doc
byBaroness Thompson
 
The Colours of Pollution
byAlessio Cuccu
 
Garbage white
byAlessio Cuccu
 

Similar to Network security

PPTX
Computer Security Essentials.pptx
byGuna Dhondwad
 
PPTX
Unit 1 Network Fundamentals and Security .pptx
byGuna Dhondwad
 
PPTX
Network Security of Data Protection
byUthsoNandy
 
PPT
Network Security
byforpalmigho
 
PPTX
Network security
byPooja Dewangan
 
PDF
Network_Security1.pdf.pdf
byahmed53254
 
PDF
What are data networks?
byJames Steele
 
PDF
Network Security Fundamentals presentation
byRosy G
 
DOCX
Network security
byMadhumithah Ilango
 
PDF
Fundamentals of Securing Network Devices.pptx.pdf
byapurvar399
 
PDF
Understanding the Need of Network Security.pptx (1).pdf
byapurvar399
 
PDF
A Review On Network Security And Privacy
byTodd Turner
 
DOCX
IJISRT22MAR7471.docx
byballolliemin
 
PDF
Toward Continuous Cybersecurity with Network Automation
byE.S.G. JR. Consulting, Inc.
 
PDF
Toward Continuous Cybersecurity With Network Automation
byKen Flott
 
PPTX
Wireless Networking
byGulshanAra14
 
PDF
network_security.docx_2.pdf
byahmed53254
 
PDF
Network Security and Privacy in Medium Scale Businesses in Nigeria
byINFOGAIN PUBLICATION
 
PDF
Network security
bynageshkanna13
 
PDF
Understanding the Need of Network Security.pptx.pdf
byapurvar399
 
Computer Security Essentials.pptx
byGuna Dhondwad
 
Unit 1 Network Fundamentals and Security .pptx
byGuna Dhondwad
 
Network Security of Data Protection
byUthsoNandy
 
Network Security
byforpalmigho
 
Network security
byPooja Dewangan
 
Network_Security1.pdf.pdf
byahmed53254
 
What are data networks?
byJames Steele
 
Network Security Fundamentals presentation
byRosy G
 
Network security
byMadhumithah Ilango
 
Fundamentals of Securing Network Devices.pptx.pdf
byapurvar399
 
Understanding the Need of Network Security.pptx (1).pdf
byapurvar399
 
A Review On Network Security And Privacy
byTodd Turner
 
IJISRT22MAR7471.docx
byballolliemin
 
Toward Continuous Cybersecurity with Network Automation
byE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
byKen Flott
 
Wireless Networking
byGulshanAra14
 
network_security.docx_2.pdf
byahmed53254
 
Network Security and Privacy in Medium Scale Businesses in Nigeria
byINFOGAIN PUBLICATION
 
Network security
bynageshkanna13
 
Understanding the Need of Network Security.pptx.pdf
byapurvar399
 

Recently uploaded

PPTX
Duplication of Records in Odoo 18.1 Studio
byCeline George
 
PPTX
Overview of Uploading a bill in Odoo 19
byCeline George
 
PPTX
Overview of Cash on delivery in Odoo 19
byCeline George
 
PDF
Guidelines for Management of Libraries: KVS Library Policy-2025
byBISWA BAG
 
PPTX
History in your Hands Class 2 November 2025.pptx
byEilsONeill
 
PPTX
Merge similar leads and opportunities in Odoo 18 CRM
byCeline George
 
PDF
Unit - I Communication Skills. B.pharmacy and D. Pharmacy
bySayyadTarannum
 
PDF
JRF Plant Science Syllabus | Complete Unit-Wise Discussion & Preparation Stra...
bySatyam Sharma
 
PDF
Genetic Erosion in Crop Plants: Causes, Consequences, and Conservation Strate...
bySatyam Sharma
 
PDF
BP605 T PHARMACEUTICAL BIOTECHNOLOGY UNIT 3 PART 1
byRushiMandali
 
PPTX
THERAPEUTIC COMMUNICATION for 2nd year GNM, 2ND YEAR P.B.B.SC NSG, 5TH SEM B....
byparmarjuli1412
 
PDF
BP704T: NOVEL DRUG DELIVERY SYSTEMS UNIT 4 PART 1
byRushiMandali
 
PDF
Gene Pool in Crop Plants: Diversity, Classification, and Role in Plant Breedi...
bySatyam Sharma
 
PDF
How to (Re)Build Your District's Enrollment Numbers
byMebane Rash
 
PPTX
10CLA Term 4 Week 6 Exam preparation reminders.pptx
bymansk2
 
PPTX
Gender, School and Society - B.Ed Course
byRejoshaRajendran
 
PDF
🧬 ICAR SRF & ASRB NET Exam – Genetics and Plant Breeding Syllabus | Complete ...
bySatyam Sharma
 
PPTX
Unit 6- Heme Catabolism.pptx............
byAkanksha Kotangale
 
PPTX
Historical Background of Pharmacy .pptx
bySneha Gaurkar
 
DOCX
ANATOMY NOTES- Dr. Sudhadevi Sadanandan
byDr. Sudhadevi Sadanandan
 
Duplication of Records in Odoo 18.1 Studio
byCeline George
 
Overview of Uploading a bill in Odoo 19
byCeline George
 
Overview of Cash on delivery in Odoo 19
byCeline George
 
Guidelines for Management of Libraries: KVS Library Policy-2025
byBISWA BAG
 
History in your Hands Class 2 November 2025.pptx
byEilsONeill
 
Merge similar leads and opportunities in Odoo 18 CRM
byCeline George
 
Unit - I Communication Skills. B.pharmacy and D. Pharmacy
bySayyadTarannum
 
JRF Plant Science Syllabus | Complete Unit-Wise Discussion & Preparation Stra...
bySatyam Sharma
 
Genetic Erosion in Crop Plants: Causes, Consequences, and Conservation Strate...
bySatyam Sharma
 
BP605 T PHARMACEUTICAL BIOTECHNOLOGY UNIT 3 PART 1
byRushiMandali
 
THERAPEUTIC COMMUNICATION for 2nd year GNM, 2ND YEAR P.B.B.SC NSG, 5TH SEM B....
byparmarjuli1412
 
BP704T: NOVEL DRUG DELIVERY SYSTEMS UNIT 4 PART 1
byRushiMandali
 
Gene Pool in Crop Plants: Diversity, Classification, and Role in Plant Breedi...
bySatyam Sharma
 
How to (Re)Build Your District's Enrollment Numbers
byMebane Rash
 
10CLA Term 4 Week 6 Exam preparation reminders.pptx
bymansk2
 
Gender, School and Society - B.Ed Course
byRejoshaRajendran
 
🧬 ICAR SRF & ASRB NET Exam – Genetics and Plant Breeding Syllabus | Complete ...
bySatyam Sharma
 
Unit 6- Heme Catabolism.pptx............
byAkanksha Kotangale
 
Historical Background of Pharmacy .pptx
bySneha Gaurkar
 
ANATOMY NOTES- Dr. Sudhadevi Sadanandan
byDr. Sudhadevi Sadanandan
 

Network security

  • 1.
    Network Security ABSTRACT The biggest threat to network security is underestimating the threat to network security. And as IP networks become the defector standard, ignoring this reality can extract a heavy price down the road. The truth of the matter is that current security technologies pose an unacceptable risk in protecting an organization’s data and intellectual property. Today’s firewall-based security technologies do not fully protect data resources. Only data protection throughout the network can safeguard critical and confidential data, regardless of the success or failure of other security technologies and policies. Therefore, data protection must be the primary layer of defense. As hacking and security threats grow in complexity and organizations face stringent requirements to document access to private data on the network, organizations require a new level of network visibility and surveillance. The world of network security has become an “arms race”. As organizations tighten their external defenses and install improved security tools, threats and attacks emerge to circumvent these security measures. Increasingly, this arms race is taking place in a regulated environment, where government rules such as HIPAA, Sarbanes-Oxley, and the EU Data Protection Directive require organizations to control access to private data and document security breaches. This includes the following. •Identify the need for a network security camera to capture and save all network transactions and activities •Illustrate how network security forensic appliances provide new visibility and evidence for security and compliance investigations •Highlight real-world examples from clients demonstrating the role network security forensics plays in identifying security and compliance violations •Providethekeycomponentstolookforinanynetworksecurityforensicssolution Network security helps investigation.  Network policy violation.  Compliance violation
  • 2.
     Access violation  Security violation Where network security is needed: •Monitoring internal threats •Documenting evidence for investigations •Solving the “Who done it” mystery •Complying with government regulations such as HIPAA, SOX, and the EU data Protection Directive •Complying with corporate HR and network- use policies Data in motion: what’s the worst that could happen? Networks today are not the isolated, self-contained islands they once were. With internet gateways giving network access to remote employees, customers, contractors and partners, the network has opened up, increasing productivity and security risks. Network security has relied primarily on keeping the bad guys out. Hackers, thieves and other ne’er-do-wells seeking to do harm are prevented from getting in, most of the time. However, the nature of networks today is dynamic. While data may spend some time on any number of devices – servers, desktops, disk arrays – some of it is in motion, travelling across the network, all the time. That data zipping around the network is the same data that is thoroughly protected while static. And it is more often than not completely unprotected while in motion. Data residing on desktops, laptops and servers is usually protected with at least a password, if not more complex security. While always a good idea, it should not be enough to ensure a good night’s sleep for IT security. So much for perimeter defence and ID management as a comprehensive network security strategy. There are any numbers of reasons your information may be an attractive target: • Intellectual property – your organization’s “special sauce” that gives you critical market differentiation and a leg up on the competition. • Customer information – personal, financial and/or health information can be very valuable. In fact, protecting that information has spawned a growing number of federal and state regulations, including Gramm-Leach-Bliley, Sarbanes-Oxley and California Senate Bill 1386 • Employee information – personal information such as Social Security numbers, bank account numbers and health information
  • 3.
    • Other secretinformation – including governmental information regarding homeland or national security, Department of Defense activities or communications, and personal, private data used by any number of agencies • Business-enabling information – customer and prospect opportunities, plans and interactions All networks are untrusted Most enterprises and organizations with far-flung offices, remote back-up data centers and multiple buildings in a campus setting have a complex network to meet all of their communication and business needs. more than a single network, it is usually a network of networks that must communicate and share data with one another. This creates a situation where data is physically leaving a protected facility and moving to another. Whether it’s going over the Internet, a service provider backbone or a wireless link between buildings, that data, which has been protected while at rest on servers, has moved out to where it is available to anyone with the motivation and means to get it. If we take a look at a layered approach to network security, data protection, along with ID management and perimeter technologies, provide the three anchors that protect all aspects of the network: data and intellectual property, networking infrastructure and people. Examples of common networks where data in transit is susceptible to unauthorized access. Broadband wireless link between buildings Many organizations have multiple networks in different facilities that must exchange information. When fibre is impossible or too cost-prohibitive, high-speed wireless provides
  • 4.
    an inexpensive andeasy solution. However, all data transmitted over the air through the wireless links is at risk to anyone wanting to access it. Broadband wireless link between buildings Storage IP Networking It is becoming increasingly common for organizations to store and archive their data in a remote facility. Once again, however, this data must travel over entrusted networks to reach its destination, meaning it could be accessed without anyone knowing it. MPLS MPLS (multi-protocol label switching) networks are becoming more and more popular as service providers look for ways to enable multiple customers to have VPNs on the same network. However, the VPNs on the MPLS network simply separate user groups, they don’t protect the data.
  • 5.
    Data protection –the primary layer of defense Your data is running around the network in packets that contain addresses, protocol ids, and the actual data. If you protect the packet from its source to its destination you have created an excellent foundation for a secure network. There are three main aspects of data protection on the network: • Confidentiality – Keep your data private • Authentication – Trust your sources • Integrity—Trust your data IP Security (IPSec), defined by the Internet Engineering Task Force (IETF), is the accepted standard for protecting data in transit over an untrusted network and provides the three levels of security. IPSec is a suite of security protocols that protects IP packets. IPSec works on Layer 3, the network layer of the Open Systems interconnection 7- layer networking model. By running on Layer 3, IPSec is able to function transparently to higher layer applications; the applications do not require any knowledge of IPSec in order to use it. By enabling IPSec everywhere on the network that sensitive data travels, the vulnerability of data traveling in the clear is eliminated. IPSec modes of protection IPSec protects IP packets by defining which traffic is to be protected, IPSec uses a protocol called Encapsulating Security Payload (ESP) that provides proof of data integrity, data source authentication and anti-replay by inserting a new IP address and ESP header in
  • 6.
    front of thepacket to be protected. This protects the entire IP packet including the originating IP address. Using ESP controls both the encryption and authentication used to protect the IP payload. Tunnel mode ESP (encapsulating security payload) _ Data integrity + authentication _ Anti-replay service _ Confidentiality IPSec encryption IPSec encryption enables confidentiality of data as it travels on the network. • Uses symmetric keys (same keys are used for encryption and decryption) • Uses Diffie-Hellman algorithms and IKE/ISAKMP protocols to derive keys • Encryption algorithms such as AES(Advanced Encryption Standard) Cipher Optics enables IPSec everywhere There are several ways to enable IPSec on the network. The Cipher Optics approach is to use purpose-built appliances designed for Fast Ethernet and Gigabit Ethernet IP networks. With its proprietary TILEA™ architecture, Cipher Optics appliances are paving the way for IPSec everywhere.
  • 7.
    To show howCipher Optics IPSec appliances provide data protection is shown in figure below, Internet Key Exchange (IKE) IKE is used to ensure security for virtual private network negotiation and remote host or network access. IKE defines an automatic means of negotiation and authentication for IPSec security associations (SA). Security associations are security policies defined for communication between two or more entities¾the relationship between the entities is represented by a key. The IKE protocol ensures security for SA communication without the pre-configuration that would otherwise be required.
  • 8.
    Conclusion New security toolswill continue to emerge to combat constantly evolving security threats. There will never be a single “set it and forget it” security solution for stopping breaches on the network. To effectively address and prevent security breaches requires constant monitoring and adjusting of infrastructure and policy. If a successful attack is perpetrated against an organization, the monitoring solution becomes even more critical to ensure the attack is accurately identified and appropriate steps are taken to prevent future attacks. Network security forensic devices are uniquely positioned to provide a full view of all activities before, during, and after the event. These tools also have the ability to isolate the breach, identify software, scripts and exploits used; and locate potentially compromised infrastructure. The ability to capture all packet-level data is also critical to compliance enforcement and the documentation of potential violations. The ability to accurately diagnose the breach or policy violation through reports and reconstructing communications or web sessions provides evidence necessary for proving compliance.