Friday, 29 April 2011

Network Security

You can put the safety of the network into two general categories: 

1) The methods used to protect data passing through network 2) The methods of control packets transiting the network can
Meanwhile significantly affect traffic coming and going from one place, but their goals are very different. 

1) Highway Safety: There is no system in place to keep data secure as it transits a public network. Number of methods available to encrypt the traffic between sites. Two general approaches are:
Virtual Private Networks: The construction of a private network using TCP / IP on the lower levels of a second TCP / IP. In a way of encapsulating IP traffic across different types of physical networks is sent. Each system connects to the physical network that implements a standard for sending IP messages from this link. The rules for transmitting IP packets through different types of links exist and are the most common and Ethernet point to point. Once an IP packet is received, where the upper layers of the TCP / IP processing.
is designed for a virtual private network, the lower levels of TCP / IP was developed using a TCP / IP. There are several ways to achieve this balance between abstraction and efficiency. This provides an advantage in terms of secure data transmission is only a little further than the VPN allows complete control over the physical layer. It is wholly owned by the network designer to encrypt the connection to the physical layer. In all this traffic of any kind is encrypted in the VPN, either in the application layer or lower layers of the stack. The main advantages of VPNs are: the availability of private address space and also offer a higher encryption or translation is performed on dedicated systems to reduce the burden on production machines.
encryption at the packet levelAnother way is to encrypt your traffic on an upper layer of the TCP / IP packet encryption.The number of files opened for authentication and encryption of telnet and rlogin are examples of encryption at the highest level of the stack (application layer). The advantages of the encryption of data traffic at the highest level, CPU overhead is just a VPN is reduced, no compatibility with existing applications may be affected and is much simpler, a client program that supports encryption compile the application level to build a VPN. 

The methods have an effect on the performance of the host, which implement the protocols and networks that connect the hosts. The best way to summarize or conversion of a package needs a new form of CPU time and uses additional network capacity. Encryption is a process CPU-intensive and encrypted packets must be filled with a uniform length to ensure the robustness of some algorithms. In addition, both methods, the impact on other areas that take into account before a decision on what should be the best for a particular case.
2) The rules of the road The most common form of network security on the Internet is traffic control. If all packets, something malicious to a remote host, there to go to the remote host is not affected.screen provides control of air traffic between the military and remote sites. This is done in three basic areas: firewalls, routers and hosts. Each offers similar services in different parts of the network.
a) Router Traffic Control: Each air traffic control, to be held in a server or router to a terminal-based package properties. This application contains no entries, but does not address translation. 

b) traffic control Firewall: Applications for traffic control or gateway filtering performed 

c) provide for the air traffic control: Take to a control packet traffic carried. In air traffic control, armies are to play a lesser role with the arrival of filtering routers and firewalls.
Filters and access lists control packets flow between two sites is a pretty simple on the surface. All router or a firewall, it is difficult to decide not only to transmit all packets of a particular site. One of the basic techniques 

i) To restrict access but not to: All packages are sent to the destination UDP or TCP sockets. Packets from remote machines attempt to achieve one of the largest ports. These ports are seen by applications, offering services such as mail forwarding, shipping, Usenet News, Weather, Domain Name Service, and various access protocols. It does not matter, routers and firewalls modern packages that allow the specific machine that offers a particular service. Try to send all other packets will not be allowed. This protects the internal hosts, but all packages finish.
ii) the problem of return package: If remote users a secure, encrypted S / Key Remote users have no access to their systems. Using Telnet or FTP users can connect to remote sites. Restrict remote connections to a packet type and allow any outgoing connection. Given the interactive nature of the protocols, you should check to use a unique port number when establishing a connection.
new routers and firewalls support the modern ability to dynamically open a small window for these packages, which were recently transferred to occur when packets from an internal host to the external server on the same port. This allows connections initiated internally to communicate and does not accept external connection attempts, if you want.
iii) Road Dynamic Filter: If you encounter a particular set of circumstances, an offer the latest news from the opportunity to fill dynamically route add filters to a remote site. Using these techniques, it is possible that the router automatically suspicious activities and access to a machine or the entire site for a short period. In many cases this is any kind of auto-attack on a Web site to prevent. filter lists and access are the three types of systems are maintained, but more often on the routers.
Conclusion: There are two types of regulation of network security, road safety and traffic, so they can be combined to guarantee correct information is sure to be transported to the right place. It should be clear that it is a prerequisite for guests that sufficient information for a process, then the full spectrum increases security of the host: a large area, which varies greatly in each system. With the growth of the commercial use of the Internet network security is important for the development of the Internet. Safety is an integral part of our everyday use of the Internet and other networks.

1 comment:

  1. Informative ! The concept of network security is not only vast but very interesting to study. The posted detail highlights the two main types of regulations that should be followed for securing network. Thanks for explaining them.
    digital signature FAQ