SlideShare uma empresa Scribd logo

Network and security concepts

Transferir como PPT, PDF
S
sonuagain

Network and security concepts

Tecnologia
1 de 13
Network and Security Concepts
Overview Basic Concepts Web & Security Concepts ◦ ◦ ◦ ◦ ◦ ◦ ◦ TCP/IP Routing DNS NAT Firewall/Router Tunneling DMZ ◦ ◦ ◦ ◦ Proxy Reverse Proxy HTTP/HTTPS Certificates @2010 PTC
Basic Concepts  TCP/IP TCP Uses a Fixed Connection TCP is for communication between applications. If one application wants to communicate with another via TCP, it sends a communication request. This request must be sent to an exact address. After a "handshake" between the two applications, TCP will set up a "full-duplex" communication between the two applications. The "full-duplex" communication will occupy the communication line between the two computers until it is closed by one of the two applications. UDP is very similar to TCP, but simpler and less reliable. IP is Connection-Less IP is for communication between computers. IP is a "connection-less" communication protocol. IP does not occupy the communication line between two computers. IP reduces the need for network lines. Each line can be used for communication between many different computers at the same time. With IP, messages (or other data) are broken up into small independent "packets" and sent between computers via the Internet. IP is responsible for "routing" each packet to the correct destination.   @2010 PTC
Basic Concepts  Routing  Routing is the method in which data finds its destination from one computer to the next. In the Internet there are 3 major aspects of routing.  1. Physical Address Finding 2. Determination of inter-network gateways 3. Numeric and symbolic Addresses If a computer wishes to transmit IP datagram it needs to encapsulate the physical address of the destination network device in the frame. This address can be achieved by using the table that will map the IP address with the physical address. Such table can be configured into a file that can be read into the memory at the boot up time. Computer normally uses the Address Resolution Protocol (ARP), which operates dynamically to maintain the translation table. @2010 PTC
Basic Concepts  DNS The domain name system (DNS) is the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easyto-remember "handle" for an Internet address. Because maintaining a central list of domain name/IP address correspondences would be impractical, the lists of domain names and IP addresses are distributed throughout the Internet in a hierarchy of authority. There is probably a DNS server within close geographic proximity to your access provider that maps the domain names in your Internet requests or forwards them to other servers in the Internet. @2010 PTC
Basic Concepts NAT (Network Address Translation or Network Address Translator) is the translation of an Internet Protocol address (IP address) used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Typically, a company maps its local inside network addresses to one or more global outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP addresses. This helps ensure security since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request. NAT also conserves on the number of global IP addresses that a company needs and it lets the company use a single IP address in its communication with the world.  NAT is included as part of a router and is often part of a corporate firewall. Network administrators create a NAT table that does the global-to-local and local-to-global IP address mapping. NAT can also be used in conjunction with policy routing. NAT can be statically defined or it can be set up to dynamically translate from and to a pool of IP addresses. Cisco's version of NAT lets an administrator create tables that map: A local IP address to one global IP address statically A local IP address to any of a rotating pool of global IP addresses that a company may have A local IP address plus a particular TCP port to a global IP address or one in a pool of them A global IP address to any of a pool of local IP addresses on a round-robin basis @2010 PTC
Basic Concepts  Firewall A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. There are several types of firewall techniques: Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing. Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation. Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking. Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses. In practice, many firewalls use two or more of these techniques in concert. A firewall is considered a first line of defense in protecting private information. For greater security, data can be encrypted. @2010 PTC
Basic Concepts Tunneling Tunneling, also known as "port forwarding," is the transmission of data intended for use only within a private, usually corporate network through a public network in such a way that the routing nodes in the public network are unaware that the transmission is part of a private network.Tunneling is generally done by encapsulating the private network data and protocol information within the public network transmission units so that the private network protocol information appears to the public network as data.Tunneling allows the use of the Internet, which is a public network, to convey data on behalf of a private network. The PPTP makes it possible for authorized users to gain access to a private network - called a virtual private network (VPN) -through an Internet service provider (ISP) or online service. Another commonly used tunneling protocol is generic routing encapsulation (GRE), developed by Cisco Systems. There are numerous, less common tunneling protocols. Application uses Remote Method Invocation (RMI) tunneling incase of Split Configuration. @2010 PTC
Basic Concepts In computer networking, DMZ is a firewall configuration for securing local area networks (LANs). In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet. One or more computers also run outside the firewall, in the DMZ. Those computers on the outside intercept traffic and broker requests for the rest of the LAN, adding an extra layer of protection for computers behind the firewall. Traditional DMZs allow computers behind the firewall to initiate requests outbound to the DMZ. Computers in the DMZ in turn respond, forward or re-issue requests out to the Internet or other public network, as proxy servers do. (Many DMZ implementations, in fact, simply utilize a proxy server or servers as the computers within the DMZ.) The LAN firewall, though, prevents computers in the DMZ from initiating inbound requests. DMZ is a commonly-touted feature of home broadband routers. However, in most instances these features are not true DMZs. Broadband routers often implement a DMZ simply through additional firewall rules, meaning that incoming requests reach the firewall directly. In a true DMZ, incoming requests must first pass through a DMZ computer before reaching the firewall. @2010 PTC
Web &Security Concepts  Proxy In an enterprise that uses the Internet, a proxy server is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.  A proxy server receives a request for an Internet service (such as a Web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache server , looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user. To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The proxy is not quite invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.) An advantage of a proxy server is that its cache can serve all users. If one or more Internet sites are frequently requested, these are likely to be in the proxy's cache, which will improve user response time. In fact, there are special servers called cache servers. A proxy can also do logging. @2010 PTC
Web &Security Concepts Reverse Proxy When web server is configured with reverse proxy functionality, it acts as a proxy for one or more backend servers and serves as a single point of access or gateway in a server farm. In a reverse proxy setup, the web server forwards the HTTP request it received from the browser client to the appropriate backend server. The HTML response from the backend server is sent back to the browser through the web server. Thus, the web server with reverse proxy hides the existence of backend servers. @2010 PTC
Web &Security Concepts over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-themiddle attacks. HTTPS was developed by Netscape. HTTPS and SSL support the use of X.509 digital certificates from the server so that, if necessary, a user can authenticate the sender. Unless a different port is specified, HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.  HTTPS (HTTP @2010 PTC
Certificates The certificates gives 2 important information. The owner of the certificate, and the authority who signed the certificate. When Application is used by real company they are using signed certificates by authorities. If you have to install a test server, you can signed yourself your certificate, but when you will connect to Application you will get a popup stating that the certificate cannot be trusted. @2010 PTC

Recomendados

Network security - Basic concepts
Network security - Basic conceptsNetwork security - Basic concepts
Network security - Basic concepts
Khoa Nguyen
 
Network Security
Network SecurityNetwork Security
Network Security
Jaya sudha
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Network Security
Network SecurityNetwork Security
Network Security
MAJU
 
Network security
Network securityNetwork security
Network security
Ali Kamil
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
Rahmat Suhatman
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
Kudzai Rerayi
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
Karwan Mustafa Kareem
 

Recomendados

Network security - Basic concepts
Network security - Basic conceptsNetwork security - Basic concepts
Network security - Basic concepts
Khoa Nguyen
 
Network Security
Network SecurityNetwork Security
Network Security
Jaya sudha
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Network Security
Network SecurityNetwork Security
Network Security
MAJU
 
Network security
Network securityNetwork security
Network security
Ali Kamil
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
Rahmat Suhatman
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
Kudzai Rerayi
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
Karwan Mustafa Kareem
 
Network security desighn principles and authentication
Network security desighn principles and authenticationNetwork security desighn principles and authentication
Network security desighn principles and authentication
Edgar Mwangangi
 
Network security
Network securityNetwork security
Network security
Nkosinathi Lungu
 
Network security
Network securityNetwork security
Network security
Nandini Raj
 
Network Security
Network SecurityNetwork Security
Network Security
Raymond Jose
 
Network Security Research Paper
Network Security Research PaperNetwork Security Research Paper
Network Security Research Paper
Pankaj Jha
 
Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasure
Edie II
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
Rashed al kamdah network security threats
Rashed al kamdah network security threatsRashed al kamdah network security threats
Rashed al kamdah network security threats
rashidalkamdah
 
Network Security
Network SecurityNetwork Security
Network Security
forpalmigho
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
AfiqEfendy Zaen
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internet
dpd
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Network management and security
Network management and securityNetwork management and security
Network management and security
Ankit Bhandari
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
Murali Mohan
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
Faith Zeller
 
Network security
Network security Network security
Network security
Vikas Jagtap
 
Network and web security
Network and web securityNetwork and web security
Network and web security
Nitesh Saitwal
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
waqasahmad1995
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
Dushyant Singh
 
Lecture5
Lecture5Lecture5
Lecture5
Majid Taghiloo
 
Security concepts
Security conceptsSecurity concepts
Security concepts
artisriva
 

Mais conteúdo relacionado

Mais procurados

Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasure
Edie II
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
AfiqEfendy Zaen
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internet
dpd
 

Mais procurados (20)

Network security desighn principles and authentication
Network security desighn principles and authenticationNetwork security desighn principles and authentication
Network security desighn principles and authentication
 
Network security
Network securityNetwork security
Network security
 
Network security
Network securityNetwork security
Network security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Network Security Research Paper
Network Security Research PaperNetwork Security Research Paper
Network Security Research Paper
 
Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasure
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
Rashed al kamdah network security threats
Rashed al kamdah network security threatsRashed al kamdah network security threats
Rashed al kamdah network security threats
 
Network Security
Network SecurityNetwork Security
Network Security
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 
Tutorial 9 - Security on the Internet
Tutorial 9 - Security on the InternetTutorial 9 - Security on the Internet
Tutorial 9 - Security on the Internet
 
Network security
Network security Network security
Network security
 
Network management and security
Network management and securityNetwork management and security
Network management and security
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 
Network security
Network security Network security
Network security
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
 

Destaque

Basic Network Concepts
Basic Network ConceptsBasic Network Concepts
Basic Network Concepts
Abhishek Singh
 

Destaque (20)

Lecture5
Lecture5Lecture5
Lecture5
 
Security concepts
Security conceptsSecurity concepts
Security concepts
 
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgNetworking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
 
360suite Business Objects Xi3 New Security Concepts
360suite Business Objects Xi3 New Security Concepts360suite Business Objects Xi3 New Security Concepts
360suite Business Objects Xi3 New Security Concepts
 
PACE-IT: Basic Network Concepts (part 2)
PACE-IT: Basic Network Concepts (part 2)PACE-IT: Basic Network Concepts (part 2)
PACE-IT: Basic Network Concepts (part 2)
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
PACE-IT, Security+1.2: Secure Network Administration Concepts
PACE-IT, Security+1.2: Secure Network Administration ConceptsPACE-IT, Security+1.2: Secure Network Administration Concepts
PACE-IT, Security+1.2: Secure Network Administration Concepts
 
PACE-IT: Basic Network Concepts (part 1)
PACE-IT: Basic Network Concepts (part 1)PACE-IT: Basic Network Concepts (part 1)
PACE-IT: Basic Network Concepts (part 1)
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
 
SAP BI 7 security concepts
SAP BI 7 security conceptsSAP BI 7 security concepts
SAP BI 7 security concepts
 
A review of network concepts base on CISCO by Ali Shahbazi
A review of network concepts base on CISCO by Ali ShahbaziA review of network concepts base on CISCO by Ali Shahbazi
A review of network concepts base on CISCO by Ali Shahbazi
 
Basic Network Concepts
Basic Network ConceptsBasic Network Concepts
Basic Network Concepts
 
5G Wireless Technology - pavankumar_912
5G Wireless Technology - pavankumar_9125G Wireless Technology - pavankumar_912
5G Wireless Technology - pavankumar_912
 
Smart irrigation ppt
Smart irrigation pptSmart irrigation ppt
Smart irrigation ppt
 
Motivational Slides
Motivational SlidesMotivational Slides
Motivational Slides
 
How to study well
How to study wellHow to study well
How to study well
 
File Management
File ManagementFile Management
File Management
 
Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6
 
Flip Flop
Flip FlopFlip Flop
Flip Flop
 
Memory and file system concepts
Memory and file system conceptsMemory and file system concepts
Memory and file system concepts
 

Semelhante a Network and security concepts

Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Security
phanleson
 
Notes e commerce
Notes e commerceNotes e commerce
Notes e commerce
S S
 
Network Address Translation ( Nat ) Essay
Network Address Translation ( Nat ) EssayNetwork Address Translation ( Nat ) Essay
Network Address Translation ( Nat ) Essay
Jill Crawford
 
Basic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesBasic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notes
Vamsi Krishna Kalavala
 
Internetbasics
InternetbasicsInternetbasics
Internetbasics
patinijava
 

Semelhante a Network and security concepts (20)

Firewall
FirewallFirewall
Firewall
 
Mcse question
Mcse questionMcse question
Mcse question
 
Network Testing ques
Network Testing quesNetwork Testing ques
Network Testing ques
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Network security
Network securityNetwork security
Network security
 
Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Security
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Notes e commerce
Notes e commerceNotes e commerce
Notes e commerce
 
Network Address Translation ( Nat ) Essay
Network Address Translation ( Nat ) EssayNetwork Address Translation ( Nat ) Essay
Network Address Translation ( Nat ) Essay
 
Basic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesBasic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notes
 
Iap final
Iap finalIap final
Iap final
 
Computer networks - CBSE New Syllabus (083) Class - XII
Computer networks - CBSE New Syllabus (083) Class - XIIComputer networks - CBSE New Syllabus (083) Class - XII
Computer networks - CBSE New Syllabus (083) Class - XII
 
Internetbasics
InternetbasicsInternetbasics
Internetbasics
 
Web Technology
Web TechnologyWeb Technology
Web Technology
 
Web Technology
Web TechnologyWeb Technology
Web Technology
 
Web Technology
Web TechnologyWeb Technology
Web Technology
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
Basic to advance protocols
Basic to advance protocolsBasic to advance protocols
Basic to advance protocols
 
Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its Services
 
Tcpip Intro
Tcpip IntroTcpip Intro
Tcpip Intro
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Último (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Network and security concepts

  • 3. Basic Concepts  TCP/IP TCP Uses a Fixed Connection TCP is for communication between applications. If one application wants to communicate with another via TCP, it sends a communication request. This request must be sent to an exact address. After a "handshake" between the two applications, TCP will set up a "full-duplex" communication between the two applications. The "full-duplex" communication will occupy the communication line between the two computers until it is closed by one of the two applications. UDP is very similar to TCP, but simpler and less reliable. IP is Connection-Less IP is for communication between computers. IP is a "connection-less" communication protocol. IP does not occupy the communication line between two computers. IP reduces the need for network lines. Each line can be used for communication between many different computers at the same time. With IP, messages (or other data) are broken up into small independent "packets" and sent between computers via the Internet. IP is responsible for "routing" each packet to the correct destination.   @2010 PTC
  • 4. Basic Concepts  Routing  Routing is the method in which data finds its destination from one computer to the next. In the Internet there are 3 major aspects of routing.  1. Physical Address Finding 2. Determination of inter-network gateways 3. Numeric and symbolic Addresses If a computer wishes to transmit IP datagram it needs to encapsulate the physical address of the destination network device in the frame. This address can be achieved by using the table that will map the IP address with the physical address. Such table can be configured into a file that can be read into the memory at the boot up time. Computer normally uses the Address Resolution Protocol (ARP), which operates dynamically to maintain the translation table. @2010 PTC
  • 5. Basic Concepts  DNS The domain name system (DNS) is the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easyto-remember "handle" for an Internet address. Because maintaining a central list of domain name/IP address correspondences would be impractical, the lists of domain names and IP addresses are distributed throughout the Internet in a hierarchy of authority. There is probably a DNS server within close geographic proximity to your access provider that maps the domain names in your Internet requests or forwards them to other servers in the Internet. @2010 PTC
  • 6. Basic Concepts NAT (Network Address Translation or Network Address Translator) is the translation of an Internet Protocol address (IP address) used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Typically, a company maps its local inside network addresses to one or more global outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP addresses. This helps ensure security since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request. NAT also conserves on the number of global IP addresses that a company needs and it lets the company use a single IP address in its communication with the world.  NAT is included as part of a router and is often part of a corporate firewall. Network administrators create a NAT table that does the global-to-local and local-to-global IP address mapping. NAT can also be used in conjunction with policy routing. NAT can be statically defined or it can be set up to dynamically translate from and to a pool of IP addresses. Cisco's version of NAT lets an administrator create tables that map: A local IP address to one global IP address statically A local IP address to any of a rotating pool of global IP addresses that a company may have A local IP address plus a particular TCP port to a global IP address or one in a pool of them A global IP address to any of a pool of local IP addresses on a round-robin basis @2010 PTC
  • 7. Basic Concepts  Firewall A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. There are several types of firewall techniques: Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing. Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation. Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking. Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses. In practice, many firewalls use two or more of these techniques in concert. A firewall is considered a first line of defense in protecting private information. For greater security, data can be encrypted. @2010 PTC
  • 8. Basic Concepts Tunneling Tunneling, also known as "port forwarding," is the transmission of data intended for use only within a private, usually corporate network through a public network in such a way that the routing nodes in the public network are unaware that the transmission is part of a private network.Tunneling is generally done by encapsulating the private network data and protocol information within the public network transmission units so that the private network protocol information appears to the public network as data.Tunneling allows the use of the Internet, which is a public network, to convey data on behalf of a private network. The PPTP makes it possible for authorized users to gain access to a private network - called a virtual private network (VPN) -through an Internet service provider (ISP) or online service. Another commonly used tunneling protocol is generic routing encapsulation (GRE), developed by Cisco Systems. There are numerous, less common tunneling protocols. Application uses Remote Method Invocation (RMI) tunneling incase of Split Configuration. @2010 PTC
  • 9. Basic Concepts In computer networking, DMZ is a firewall configuration for securing local area networks (LANs). In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet. One or more computers also run outside the firewall, in the DMZ. Those computers on the outside intercept traffic and broker requests for the rest of the LAN, adding an extra layer of protection for computers behind the firewall. Traditional DMZs allow computers behind the firewall to initiate requests outbound to the DMZ. Computers in the DMZ in turn respond, forward or re-issue requests out to the Internet or other public network, as proxy servers do. (Many DMZ implementations, in fact, simply utilize a proxy server or servers as the computers within the DMZ.) The LAN firewall, though, prevents computers in the DMZ from initiating inbound requests. DMZ is a commonly-touted feature of home broadband routers. However, in most instances these features are not true DMZs. Broadband routers often implement a DMZ simply through additional firewall rules, meaning that incoming requests reach the firewall directly. In a true DMZ, incoming requests must first pass through a DMZ computer before reaching the firewall. @2010 PTC
  • 10. Web &Security Concepts  Proxy In an enterprise that uses the Internet, a proxy server is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.  A proxy server receives a request for an Internet service (such as a Web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache server , looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user. To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The proxy is not quite invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.) An advantage of a proxy server is that its cache can serve all users. If one or more Internet sites are frequently requested, these are likely to be in the proxy's cache, which will improve user response time. In fact, there are special servers called cache servers. A proxy can also do logging. @2010 PTC
  • 11. Web &Security Concepts Reverse Proxy When web server is configured with reverse proxy functionality, it acts as a proxy for one or more backend servers and serves as a single point of access or gateway in a server farm. In a reverse proxy setup, the web server forwards the HTTP request it received from the browser client to the appropriate backend server. The HTML response from the backend server is sent back to the browser through the web server. Thus, the web server with reverse proxy hides the existence of backend servers. @2010 PTC
  • 12. Web &Security Concepts over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-themiddle attacks. HTTPS was developed by Netscape. HTTPS and SSL support the use of X.509 digital certificates from the server so that, if necessary, a user can authenticate the sender. Unless a different port is specified, HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.  HTTPS (HTTP @2010 PTC
  • 13. Certificates The certificates gives 2 important information. The owner of the certificate, and the authority who signed the certificate. When Application is used by real company they are using signed certificates by authorities. If you have to install a test server, you can signed yourself your certificate, but when you will connect to Application you will get a popup stating that the certificate cannot be trusted. @2010 PTC

Notas do Editor

  1. Done
  2. Done
  3. Done
  4. Done
  5. Done
  6. A finir