Anvari.Net

Network Security Services

.

Internet security is a tree branch of computer security specifically related to the Internet, often involving browser security but also network security on a more general level as it applies to other applications or operating systems on a whole. Its objective is to establish rules and measures to use against attacks over the Internet.[1] The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing.[2] Different methods have been used to protect the transfer of data, including encryption.

Types of security

Network layer security, TCP/IP which stands for Transmission Control Protocol (TCP) and Internet Protocol (IP) aka Internet protocol suite can be made secure with the help of cryptographic methods and protocols. These protocols include Secure Sockets Layer (SSL), succeeded by Transport Layer Security (TLS) for web traffic, Pretty Good Privacy (PGP) for email, and IPsec for the network layer security.

Internet Protocol Security (IPsec), This protocol is designed to protect communication in a secure manner using TCP/IP aka Internet protocol suite. It is a set of security extensions developed by the Internet Task force IETF, and it provides security and authentication at the IP layer by transforming data using encryption. Two main types of transformation that form the basis of IPsec: the Authentication Header (AH) and ESP. These two protocols provide data integrity, data origin authentication, and anti-replay service. These protocols can be used alone or in combination to provide the desired set of security services for the Internet Protocol (IP) layer.

The basic components of the IPsec security architecture are described in terms of the following functionalities:

 Security protocols for AH and ESP

 Security association for policy management and traffic processing

 Manual and automatic key management for the Internet key exchange (IKE)

 Algorithms for authentication and encryption

The set of security services provided at the IP layer includes access control, data origin integrity, protection against replays, and confidentiality. The algorithm allows these sets to work independently without affecting other parts of the implementation. The IPsec implementation is operated in a host or security gateway environment giving protection to IP traffic.

Security token, Some online sites offer customers the ability to use a six-digit code which randomly changes every 30�60 seconds on a security token. The keys on the security token have built in mathematical computations and manipulate numbers based on the current time built into the device. This means that every thirty seconds there is only a certain array of numbers possible which would be correct to validate access to the online account. The website that the user is logging into would be made aware of that devices' serial number and would know the computation and correct time built into the device to verify that the number given is indeed one of the handful of six-digit numbers that works in that given 30-60 second cycle. After 30�60 seconds the device will present a new random six-digit number which can log into the website.[3]

Electronic mail security (E-mail), Email messages are composed, delivered, and stored in a multiple step process, which starts with the message's composition. When the user finishes composing the message and sends it, the message is transformed into a standard format: an RFC 2822 formatted message. Afterwards, the message can be transmitted. Using a network connection, the mail client, referred to as a mail user agent (MUA), connects to a mail transfer agent (MTA) operating on the mail server. The mail client then provides the sender�s identity to the server. Next, using the mail server commands, the client sends the recipient list to the mail server. The client then supplies the message. Once the mail server receives and processes the message, several events occur: recipient server identification, connection establishment, and message transmission. Using Domain Name System (DNS) services, the sender�s mail server determines the mail server(s) for the recipient(s). Then, the server opens up a connection(s) to the recipient mail server(s) and sends the message employing a process similar to that used by the originating client, delivering the message to the recipient(s).

Pretty Good Privacy (PGP), Pretty Good Privacy provides confidentiality by encrypting messages to be transmitted or data files to be stored using an encryption algorithm such Triple DES or CAST-128. Email messages can be protected by using cryptography in various ways, such as the following:

 Signing an email message to ensure its integrity and confirm the identity of its sender.

 Encrypting the body of an email message to ensure its confidentiality.

 Encrypting the communications between mail servers to protect the confidentiality of both message body and message header.

 

The first two methods, message signing and message body encryption, are often used together; however, encrypting the transmissions between mail servers is typically used only when two organizations want to protect emails regularly sent between each other. For example, the organizations could establish a virtual private network (VPN) to encrypt the communications between their mail servers over the Internet.[4] Unlike methods that can only encrypt a message body, a VPN can encrypt entire messages, including email header information such as senders, recipients, and subjects. In some cases, organizations may need to protect header information. However, a VPN solution alone cannot provide a message signing mechanism, nor can it provide protection for email messages along the entire route from sender to recipient.

Multipurpose Internet Mail Extensions (MIME), MIME transforms non-ASCII data at the sender's site to Network Virtual Terminal (NVT) ASCII data and delivers it to client's Simple Mail Transfer Protocol (SMTP) to be sent through the Internet.[5] The server SMTP at the receiver's side receives the NVT ASCII data and delivers it to MIME to be transformed back to the original non-ASCII data.

Message Authentication Code, A Message authentication code (MAC) is a cryptography method that uses a secret key to encrypt a message. This method outputs a MAC value that can be decrypted by the receiver, using the same secret key used by the sender. The Message Authentication Code protects both a message's data integrity as well as its authenticity.[6]

Firewalls, A computer firewall controls access between networks. It generally consists of gateways and filters which vary from one firewall to another. Firewalls also screen network traffic and are able to block traffic that is dangerous. Firewalls act as the intermediate server between SMTP and Hypertext Transfer Protocol (HTTP) connections.

Role of firewalls in web security, Firewalls impose restrictions on incoming and outgoing Network packets to and from private networks. Incoming or outgoing traffic must pass through the firewall; only authorized traffic is allowed to pass through it. Firewalls create checkpoints between an internal private network and the public Internet, also known as choke points(borrowed from the identical military term of a combat limiting geographical feature). Firewalls can create choke points based on IP source and TCP port number. They can also serve as the platform for IPsec. Using tunnel mode capability, firewall can be used to implement VPNs. Firewalls can also limit network exposure by hiding the internal network system and information from the public Internet.

Types of firewall

Packet filter, A packet filter is a first generation firewall that processes network traffic on a packet-by-packet basis. Its main job is to filter traffic from a remote IP host, so a router is needed to connect the internal network to the Internet. The router is known as a screening router, which screens packets leaving and entering the network.

Stateful packet inspection, In a stateful firewall the circuit-level gateway is a proxy server that operates at the network level of an Open Systems Interconnection (OSI) model and statically defines what traffic will be allowed. Circuit proxies will forward Network packets (formatted unit of data ) containing a given port number, if the port is permitted by the algorithm. The main advantage of a proxy server is its ability to provide Network Address Translation (NAT), which can hide the user's IP address from the Internet, effectively protecting all internal information from the Internet.

Application-level gateway, An application-level firewall is a third generation firewall where a proxy server operates at the very top of the OSI model, the IP suite application level. A network packet is forwarded only if a connection is established using a known protocol. Application-level gateways are notable for analyzing entire messages rather than individual packets of data when the data are being sent or received.

Malicious software, A computer user can be tricked or forced into downloading software onto a computer that is of malicious intent. Such software comes in many forms, such as viruses, Trojan horses, spyware, and worms.

Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. The term badware is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software.� A botnet is a network of zombie computers that have been taken over by a robot or bot that performs large-scale malicious acts for the creator of the botnet.� Computer Viruses are programs that can replicate their structures or effects by infecting other files or structures on a computer. The common use of a virus is to take over a computer to steal data.

Computer worms are programs that can replicate themselves throughout a computer network, performing malicious tasks throughout.

Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.

Scareware is scam software with malicious payloads, usually of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user.

Spyware refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user's consent.

A Trojan horse, commonly known as a Trojan, is a general term for malicious software that pretends to be harmless, so that a user willingly allows it to be downloaded onto the computer.

Denial-of-service attack , A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. According to businesses who participated in an international business security survey, 25% of respondents experienced a DoS attack in 2007 and 16.8% experienced one in 2010.[7]

Phishing, Phishing is another common threat to the Internet. "SA, the Security Division of EMC, today announced the findings of its January 2013 Fraud Report, estimating the global losses from Phishing at $1.5 Billion in 2012.".[8] Filter evasion, website forgery, phone phishing, Covert Redirect are some well known phishing techniques. Hackers use a variety of tools to conduct phishing attacks. They create forged websites that pretend to be other websites in order for users to leave their personal information. These hackers usually host these sites on legitimate hosting services using stolen credit cards while The last trench is to use a mailing system and finding a mailing list of people which they can try and fraud. [9]

Browser choice, Web browser statistics tend to affect the amount a Web browser is exploited. For example, Internet Explorer 6, which used to own a majority of the Web browser market share,[10] is considered extremely insecure[11] because vulnerabilities were exploited due to its former popularity. Since browser choice is more evenly distributed (Internet Explorer at 28.5%, Firefox at 18.4%, Google Chrome at 40.8%, and so on)[10] and vulnerabilities are exploited in many different browsers.[12][13][14]

Application vulnerabilities, Applications used to access Internet resources may contain security vulnerabilities such as memory safety bugs or flawed authentication checks. The most severe of these bugs can give network attackers full control over the computer. Most security applications and suites are incapable of adequate defense against these kinds of attacks.[citation needed]

Internet security products

Antivirus, Antivirus and Internet security programs can protect a programmable device from malware by detecting and eliminating viruses; Antivirus software was mainly shareware in the early years of the Internet, but there are now several free security applications on the Internet to choose from for all platforms.[15]

Security suites, So called "security suites" were first offered for sale in 2003 (McAfee) and contain a suite of firewalls, anti-virus, anti-spyware and more.[16] They may now offer theft protection, portable storage device safety check, private Internet browsing, cloud anti-spam, a file shredder or make security-related decisions (answering popup windows) and several were free of charge as of at least 2012.

In computing, Network Security Services (NSS) comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware SSL acceleration on the server side and hardware smart cards on the client side.

A network security policy, or NSP, is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment. The document itself is usually several pages long and written by a committee. A security policy goes far beyond the simple idea of "keep the bad guys out". It's a very complex document, meant to govern data access, web-browsing habits, use of passwords and encryption, email attachments and more. It specifies these rules for individuals or groups of individuals throughout the company.

Security policy should keep the malicious users out and also exert control over potential risky users within your organization. The first step in creating a policy is to understand what information and services are available (and to which users), what the potential is for damage and whether any protection is already in place to prevent misuse.

The course materials listed on this web site are copy rights � by the subject authors and publishers. They are solely intended for classroom teaching and online reference. Copy and/or redistribution of these contents are prohibited by the US copyright law.

 

 

-Networking & Security Topics:

A- Office 2013

B� Excel2013�

C- Computer Security: Principles and Practice

1- Data Communication:

2- Computer Networks

3- Business Data Communications:

4- Network Management, MIBs and MPLS

5- Related References

6- Operating Systems:

7- Computer Architecture

8- Network Security:

9- Internet and Intranet

10- Web Development Charts - 1

11- Web Development Charts - 2

12- Microsoft Office: 2007

13- Students Projects

14- IT Multimedia Glossary

15- Computers Price

-

 

C- Computer Security: Principles and Practice

Computer Systems Overview

Cryptographic Tools

User Authentication

Access Control

Database and Cloud Security

Malicious Software

Denial-of-Service Attacks

Intrusion Detection

Firewalls and Intrusion Prevention Systems

Buffer Overflow

Software Security

Operating System Security

Trusted Computing and Multilevel Security

IT Security Management and Risk Assessment

IT Security Controls, Plans, and Procedures

Physical and Infrastructure Security

Human Resources Security

Security Auditing

Legal and Ethical Aspects

Symmetric Encryption and Message Confidentiality

Public-Key Cryptography and Message Authentication

Internet Security Protocols and Standards

Internet Authentication Applications

Wireless Network Security

Linux Security

Windows Security

_______________

 

1-Data Communication:

-1. Introduction to Data Communication

-2. Protocols and Architecture

-3. Data Transmission

-4. Transmission Media

-5. Data Encoding

-6. The Data Communications Interface

-7. Data Link Control

-8. Multiplexing

-9. Circuit Switching

-10. Packet Switching

-11. Asynchronous Transfer & Frame Relay

-12. Congestion in Data Networks

-13. Local Area Network Technology

-14. LAN Systems

-15. Inter-network Protocols

-16. Inter-network Operation

-17. Transport Protocols

-18. Network Security

-

2-Computer Networks

-1. Introduction

-2. Physical Layer

-3. Data Link Layer

-4. LAN Bridges and Switches,

-5. Network Layer

-6. Transport Layer

-7. Congestion Control

-8. Congestion Avoidance

-9. Applications Layer

-10. Network Management

-11. Security

-12. WAN Technologies

-13. IP Multicast

-14. Mobile IP

-15. IPv6

-16. Other Network Protocols

-17. Internet 2

-

3-Business Data Communications:

-1. Introduction

-2: Business Information

-3. Distributed Data Processing

-4: TCP/IP and OSI

-5: The Internet: Addressing & Services

-6: Data Transmission

-7: Transmission Media

-8: Data Communication

-9: Data Link Control

-Fundamentals

-10: Transmission Efficiency

-11: Approaches to Networking

-12: Wide Area Networks

-13: Wireless Networks

-14: Local Area Network Technology

-15: LAN Systems

-16: Distributed Applications

-17: Client/Server Computing

-18: Doing Business on the Internet

-19: Network Management

-20: Network Security

-

4-Network Management, MIBs and MPLS

-1. Large Enterprise Networks

-2. SNMPv3 and Network Management

-3. The Network Management Problem

-4. Solving the Network Management Problem

-5. A Real Network Management System

-6. Network Management Software Components

-7. Rudimentary NMS Software Components

-8. Case Study: MPLS Network Management

-9. Network Management Theory and Practice

-

5-Related References

1-Network protocol analyzing tools List 1

2-Network protocol analyzing tools List 2

3-Evolutionary Approach to G-MPLS

4-Quality of Service in IP Networks

5-Strategy for ATM to MPLS Convergence

6-Network Processors

7-HP Openview NMS

8-What's Up Gold NMS

9-MPLS Implementation Survey

10-Enterprise Network Management � CIS 516 

11-GFI LANguard NMS

12-Generalized MPLS

13-Network Management Tutorial

14-Course Syllabus

15-eHealth Network Monitoring

16-Next Generation Internet

17-MPLS Network Tuning

-

6-Operating Systems:

-1. Computer System Overview

-2. Operating System Overview

-3. Process Description and Control

-4. Threads, SMP, & Microkernels

-5.Concurrency: Mutual Exclusion and Synchronization

-6. Concurrency: Deadlock and Starvation

-7. Memory Management

-8. Virtual Memory

-9. Uni-processor Scheduling

-10. Multiprocessor & Real-Time Scheduling

-11. I/O Management and Disk Scheduling

-12. File Management

-13. Distributed Processing, Client/Server, and Clusters

-14. Distributed Process Management

-15. Security

-

7-Computer Architecture

-1: Computer Systems

-2. Number Systems

-3.a Data Formats

-3.b Data Formats

-4. Representing Integer Data

-5. Floating Point Numbers

-6. The Little Man Computer

-7. The CPU and Memory

-8. Design, Implementation, and Enhancement

-9. Input / Output

-10. Computer Peripherals

-11.Computer Systems, Clusters, and Networks

-12. Three System Examples

-13. Operating Systems: An Overview

-14. The User View of Operating Systems

-15.a the Internal Operating System

-15.b Networks the Internal Operating System

-16. File Management

-17. Programming Tools

-18. Three Operating Systems

a-An Introduction to Digital Logic

b-Communication Channel Technology

c-Instruction Addressing Modes

d-SUPLEMENTARY CHAPTER 1:

e-SUPPLEMENTARY CHAPTER 2

f-SUPPLEMENTARY CHAPTER 3:

A- Office 2013

Effective Business Communication

Job Search Strategies

 

B- Office 2013 Excel - PowerPoints

Introduction to Excel

Formulas and Functions

Excel Charts

Excel Datasets and Tables

Subtotals, PivotTables, and Pivot Charts

What-If Analysis

Specialized Functions

Statistical Functions

Multiple-Sheet Workbook Management

Imports, Web Queries, and XML

Collaboration and Workbook Distribution

Templates, Styles, and Macros

Office Fundamental and File Management

Office 2013 Excel - Instructions

Introduction to Excel

Formulas and Functions

Excel Charts

Excel Datasets and Tables

Subtotals, PivotTables, and Pivot Charts

What-If Analysis

Specialized Functions

Statistical Functions

Multiple-Sheet Workbook Management

Imports, Web Queries, and XML

Collaboration and Workbook Distribution

Templates, Styles, and Macros

Office Fundamental and File Management

 

�������

 

8-Network Security:

1-Designing and Implementing a Secure Network Infrastructure

2-Introduction to Network Systems Security

3-Block Ciphers

4- Points of Vulnerability

5-Message Authentication

6-Ethernet

7-Network Layer Security

8-Authentication Applications

9- Cryptography

10-An Overview of Network Security

11-Network Protocols

12-After DES�

13-Key Management

14-Replay Attacks

15- Web Security

16-Denial-of-Service (DoS) Attacks

17-Certificates

18-Lecture Presentations for Network Analysis and Design

19-Wireless Networking

20-IPv6, the Protocol of the Future

21-Introduction to Client/Server Information Server (IS)

22-Network Security:  Hackers Beware (Eric Cole)

23-Networking and Network Security -Part1

24-Networking and Network Security -Part2

25-An Overview of Biometrics

26-Introduction to Secure Protocols

27- Secure Protocols - IPSec

28-Secure Protocols - SSL/TLS and SSH

29-GSM and UMTS security

30-Wireless LAN security

31-E-mail security

32-Firewalls

33-IDS, IPS, and Vulnerability

34-Secure Network Infrastructure

35-Principles of Computer Security

36-Hackers

37-Secure Communication � Cryptography

38-Tech Aspects of E-Commerce 1

39-Tech Aspects of E-Commerce 2

40-Denial of Service Attacks: Tools, and Defenses

41-Introduction to Encryption Technology

42- Intrusion Detection and Firewall Appliances

43-Steganography

44-Security Technologies

45-Network Security Legal Liability

46-U.S. Encryption Export Control Policy

47-IT Security Metrics

48-Efficient Fault-Tolerant Certificate Revocation

49-Practice Exam 1 for Security Certification

50-Practice Exam 2 for Security Certification

51-Exposing Vulnerabilities of Denial of Service Attacks

-

9-Internet and Intranet

-1. Getting Started Introduction to Internet Technologies

-2. More Internet Technology Client-Side Web Technology

-3. More HTML Cascading Style Sheets

-4. Web Server Technology HTTP Protocol, Log Files

-5. Web Server Security Intro Javascript

-6. JavaScript, DHTML and the DOM

-7. HTML Forms

-8. Perl / CGI Scripting

-9. Streaming Multimedia Plug-Ins

-10.Building Web Robots

-

10-Web Development Charts - 1

-1. Creating a Web Page

-2. Adding Hypertext Links to a Web Page

-3. Working with Fonts, Colors, and Graphics

-4. Designing a Web Page with Tables

-5. Designing a Web Site with Frames

-6. Creating Web Page Forms

-7. Working with Cascading Style Sheets

-8. Using Multimedia on the Web

-9. Working with XHTML 

-10. Working with JavaScript

-11. Working with Objects

-12. Working with Special Effects

-13. Working with Windows and Frames

-14. Working with Forms and Regular Expressions

-15. Working with the Event Model 

-16. Working with Dynamic Content and Styles

-

11-Web Development Charts - 2

-1. Variables in the Web Design Environment

-2. Web Site Design Principles

-3. Planning the Site

-4. Planning Site Navigation

-5. Creating Page Templates

-6. Web Typography

-7. Graphics and Color

-8. HTML Frames

-9. Publishing & Maintaining Web Site

-

12-Microsoft Office 2007:

1-Essential Intro to Computers

2-Introduction to Windows XP

3-MS Word Chapter 1

4-MS Word Chapter 2

5-MS Word Chapter 3

6-MS Word Web Feature

7-MS PowerPoint Chapter 1

8-MS PowerPoint Chapter 2

9-MS PowerPoint Web Feature

10-MS Excel Chapter 1

11-MS Excel Chapter 2

12-MS Excel Chapter 3

13-MS Excel Web Feature

14-MS Access Chapter 1

15-MS Access Chapter 2

16-MS Access Chapter 3

17-MS Access Integration Feature

18-MS Outlook Chapter 1

19-MS Office 2007 Integration

-

 13-Students Projects