Community Groups Rewards Enterprise

Implementation of Network Security Services

abrahim
abrahim  Diamond  (1)
7 years 10 months ago  View: 679  Reply: 0
1F

Common network security services are carried out through encryption, authentication, access control, and security protocols.

Encryption

Encryption is a process to translate a readable message into an unreadable encrypted text.

It not only ensures communication security, but also serves as the basis of many security mechanisms.

Encryption can be applied in the following mechanisms:

  • Authentication password design

  • Security communication protocol design

  • Digital signature design

Encryption methods are of the following three types:

  • Symmetric password mechanism

    Its security keys of encryption and decryption are the same. One pair of users share one key to exchange messages, and keys must be confidential.

    Includes Data Encryption Standard (DES) and Triple DES (3DES).

  • Public key password mechanism

    It provides two different security keys that separate encryption from decryption. One key is called the private key that must be kept confidential; the other is called the public key that can be distributed publicly.

    Includes Diffie-Hellman (DH) and Rivest-Shamir-Adleman (RSA).

  • Message digest

    It is used to compress a variable message into an invariable code and change it into a hash or message digest.

    The algorithm of message digest that is widely used includes Message Digest 5 (MD5) and Secure Hash Algorithm 1(SHA-1).

Authentication

Authentication is used to verify the legality of a user ID before the user accesses the network or obtains services.

Authentication can be either provided locally by each device on the network, or carried out through a dedicated authentication server. The latter has better flexibility, controllability and expandability.

Now, in a heterogeneous network environment, Remote Authentication Dial in User Service (RADIUS), as an open standard, is widely used for an authentication service.

Access Control

Access control is an enhanced authorization method. Generally, it is classified into the following types:

  • Access control based on an operating system (OS)

    It authorizes a user to access resources on a certain computer. Access control policies can be set based on user IDs, groups, or rules.

  • Access control based on the network

    It authorizes a legal user to access the network. The mechanism is more complex than the access control based on an OS. Usually, an access control component (such as firewalls) is configured on an intermediate point between a requester and the destination to achieve access control.

Security Protocols

Network security protocols play extremely significant roles in network security. The following section describes the widely used security protocols in terms of Transmission Control Protocol / Internet Protocol (TCP/IP) layered model:

  • Application layer security

    It provides the end-to-end security from an application on a host to an application on another host across the network. The application layer security mechanism depends on the specific application, and its security protocol is a supplement of the application protocol. Therefore, general application layer security protocols do not exist.

  • Transport layer security

    It provides a process-to-process security service on a host or different hosts. The transport layer security mechanism is based on the security of Inter-Process Communication (IPC) interface and applications.

    Providing security services at the transport layer is to strengthen its IPC interface. The specific process includes:

    • Authentication of entities at both ends

    • Exchange of data encryption security keys

    Based on this idea, the Secure Socket Layer (SSL) protocol is developed on the basis of reliable transmission service.

  • Network layer security

    Security provided at the network layer can also automatically protect user data, even if the upper layers fail to implement the security. Therefore, Internet Protocol (IP) security is the basis of the whole TCP/IP security and the core of the Internet security.

    At present, the most significant security protocol at the network layer is IP Security Protocol (IPSec). IPSec is a generic term for a series of network security protocols, including security protocols and encryption protocols.

    IPSec can provide communication parties with the following services:

    • Access control
    • Connectionless integrality
    • Data source authentication
    • Anti-replay
    • Encryption
    • Classification encryption of data flow

  • Data link layer security

    It provides a point-to-point security service, such as on a point-to-point link or Frame Relay permanent virtual circuit. Data link layer security is implemented through encryption and decryption at each end on the link using dedicated devices.

Parent topic: Overview of Network Security
Comment| Reply
Favorite Favorite (0) | Like |Report
Reply
Return New post Share

Hot Group

Fixed Network Info Community
Members:9595   Posts:9360
Wireless Network Info Community
Members:2501   Posts:11275
Support HedEx User Group
Members:14004   Posts:4898
Core Network Info Community
Members:1125   Posts:14720
Network OSS Club
Members:4641   Posts:1596
Information For
Consumers
Enterprises
Carriers
Journalist
Suppliers
Job Seekers
About HUAWEI
Corporate Information
Corporate Governance
Executives
Bond Investor Relations
Sustainability
Cyber Security
Publications
Annual Report
News & Events
Latest News
Media Kit
Media Contact
Security Bulletins
Events
Huawei| Huawei Connect| Support| Privacy| Terms of Use
Contact Us:hworld@huawei.com
Follow Huawei Connect :
Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.