Network Security Protocols

Loading...

From the course by University of London

Information Security: Context and Introduction

334 оценки

University of London

Information Security: Context and Introduction

334 оценки

In this course you will explore information security through some introductory material and gain an appreciation of the scope and context around the subject. This includes a brief introduction to cryptography, security management and network and computer security that allows you to begin the journey into the study of information security and develop your appreciation of some key information security concepts. The course concludes with a discussion around a simple model of the information security industry and explores skills, knowledge and roles so that you can determine and analyse potential career opportunities in this developing profession and consider how you may need to develop personally to attain your career goals. After completing the course you will have gained an awareness of key information security principles regarding information, confidentiality, integrity and availability. You will be able to explain some of the key aspects of information risk and security management, in addition, summarise some of the key aspects in computer and network security, including some appreciation of threats, attacks, exploits and vulnerabilities. You will also gain an awareness of some of the skills, knowledge and roles/careers opportunities within the information security industry.

From the lesson

Network and Computer Security

Information being used by computers and being transmitted through a network is susceptible to many different threats. During this week's module, you will learn how the security of information can be put at risk and what we can do to mitigate these risks.

Computer Networks and Information3:59

Network Security Protocols4:53

Network Security Systems3:26

Meet the Instructors

Professor Peter Komisarczuk
Programme Director
Information Security Group, Royal Holloway, University of London
Professor Keith M. Martin
Professor of Information Security
Information Security Group, Royal Holloway, University of London
Dr Jorge Blasco Alis
Lecturer in Information Security
Information Security Group, Royal Holloway, University of London

[MUSIC]

In the previous video, we saw that we can transmit different kinds of sensitive

information through the network.

In fact, most of the information we transmit today can be considered sensitive

in one way or another.

Logging credentials, financial data, and personal information are transferred

constantly over networks outside our control.

This means that anyone with access to those networks could potentially inspect,

modify, or even destroy it for their own purposes.

Security protocols try to overcome these limitations by providing methods to avoid

and detect the formation threats.

Depending on the network and the security requirements,

we will be using a different security protocol to protect our communications.

Wired connections require the adversary to have physical access to a network cable.

This is extremely difficult to achieve for an attacker as it requires him to

physically modify the cable which increases the risk of being caught.

Consequently, dial wired network connections between two devices are rarely

secured using security protocols.

In a local wireless network,

we must protect messages from adversaries who aren't relatively close but

don't require physical interaction to access the communication channel.

Wireless communication standards provides several security protocols for

local wireless connections.

The Wired Equivalent Privacy, or

WEP, was the first security protocol used to protect these networks.

However, it was proven insecure more than ten years ago.

It's not longer supported and you shouldn't be using it for

any kind of wireless communication.

To overcome the problems of WEP,

the Wi-Fi Alliance proposed two new wireless security protocols.

Wi-Fi protected access and Wi-Fi protected access 2.

Actually we call them just WPA and WPA2.

These two protocols can work in two different modes.

With a pre-shared key that is configured with both in the access point and

the client or with a radio server.

In the later,

each user's given a different set of credentials to access another port.

The access point forwards the credentials to the radio server

before allowing the client to access the network.

Over time, wireless protocols included in WPA has been proven insecure.

This leaves WPA2 as the only local wireless protocol that

we should be using today.

Unfortunately, most public Wi-Fi access point are just open and

do not provide any kind of protection.

So be aware that when you connect to them, some people may be watching.

In a cellular network, we must protect the methods while it's being send from

the smartphone to the carrier network.

The first widely spread cellular protocols,

GSM and GPRS, are known to be vulnerable and would allow a skilled and

attacker to intercept and modify messages being sent through a network.

Newer protocols, such UMTS and

LTE, are considered more secured, but fail safe options can enable

an attacker to downgrade the connection to less secure versions of the protocols.

Previous security protocols secured the connection between

two consecutive nodes in the network.

In our example of scenarios, one of those was their own device and

the other the device that gave us access to the Internet.

But what happens with information after that point?

Do you think these protocols are enough to ensure the security of Internet

communications?

Depending on the nature of the network connection and/or security requirements,

we can use different security protocols to protect our connection.

Security protocols at the application layer,

allow us to establish a secure connection between two applications running

on different devices, independently of the network architecture between them.

One example of this, are secure connections to web servers.

Do you remember this example from the previous video?

In this,

a user was sending his login credentials across the network to access a web server.

The credentials traveled from the home router to the destination server through

the Internet infrastructure being read by machines that are outside our control.

The Transport Layer Security protocol, or TLS, protects the connection between

the client, in this case a web browser, and the web server.

First, both entities exchange cryptographic information

to establish a secure channel between them.

The server uses a digital certificate that is based on public key cryptography

to prove its identity to the user.

And once the secure channel has been established,

the web browser sends the user credentials.

If the channel was properly initialized,

only the server will be able to read the user name and password.

In this video, we have seen that sensitive information can be sent through very

heterogeneous networks.

Each of these networks provides a specific protocols to ensure that

unauthorized parties cannot read or modify the network packets.

In addition to network specific protocols,

application layer security protocols allow us to secure communications

between two entities with a core infrastructure between them.

We have left some network security protocols out of this video.

Can you think about some of them?

The next activity of this lesson is a discussion about these protocols.

Think about any other kind of security protocol not mentioned here and

share it with your fellow students.

[MUSIC]

Ознакомьтесь с нашим каталогом

Присоединяйтесь бесплатно и получайте персонализированные рекомендации, обновления и предложения.

Coursera делает лучшее в мире образование доступным каждому, предлагая онлайн-курсы от ведущих университетов и организаций.

© Coursera Inc., 2018 Все права защищены.

Загрузить из App Store

Загрузить в Google Play