Network security’s week 2 lecture continued on the theme of thinking about and discussing the possibilities associated with network security. Specifically we learnt about the current trade off between security and services. If a computer is providing more services to external users then it is -ceteris paribus- less secure.

Discussed very briefly was the Open Systems Interconnection model which was a good refresher. Interestingly the LAN at my work office appears to be behind an Application layer firewall. Which in lectures was mentioned as being too slow? I imagine that most corporate firewalls would operate on the application layer?

We began discussing a basic port open/close firewall when I was distracted by the question of what is the difference between ports and sockets? A quick search reveals the answer (see bottom of this post).

The lecture got stuck for a while on the topic of the defence forces network security policy and the possibility of intrusion/data loss. Some reasonable arguments where put forth for why the network was secure enough. I think this is tough to confirm as one can’t predict the actions/inactions of the networks users. Email spoofing in conjunction with man-in-the-middle attacks may not threaten a trained network security engineer but will have a good chance of deceiving a general working from home.

Next came Authentication (username, IP, key decrypt response) and Access Control which was skimmed over.

DDoS attacks came up briefly the audience generally agreeing that this kind of attack can’t be defended. As we discussed this I recall that verisign offer some protects that claim to protect from DDoS attacks (see: http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/ddos/index.xhtml). I have not read much on how these products work but according to the promo video above it involves throwing a great deal of resources at the problem 🙂

Sockets vs Ports:

A socket is not a port, though there is a close relationship between them. A socket is associated with a port, though this is a many-to-one relationship. Each port can have a single passive socket, awaiting incoming connections, and multiple active sockets, each corresponding to an open connection on the port.

port is a logical connection method two end points communicate with. Ports operate at the Transport layer of the OSI.

Sockets are a means of plugging the application layer in. Sockets are determined by an IP address and port number. A socket is one end point of a connection

source: http://pro-programmers.blogspot.com/2009/02/socket-vs-port.html