network security chapter 1
TRANSCRIPT
-
7/31/2019 Network Security Chapter 1
1/29
What is Security ?
Security is the degree of protection againstdanger, damage, loss, and crime.
4
Security =
PROTECTION OF DATA
-
7/31/2019 Network Security Chapter 1
2/29
Background
Information Security requirements have changed inrecent times
traditionally provided by physical and administrativemechanisms
computer use requires automated tools to protectfiles and other stored information
use of networks and communications links requiresmeasures to protect data during transmission
5
-
7/31/2019 Network Security Chapter 1
3/29
Definitions Computer Security - generic
name for the collection of toolsdesigned to protect data fromhackers
Network Security - measures to
protect data during theirtransmission
Internet Security - measures toprotect data during their
transmission over a collection ofinterconnected networks
6
-
7/31/2019 Network Security Chapter 1
4/29
Aim of Course
our focus is on Internet Security
which consists of measures to deter, prevent,
detect, and correct security violations that
involve the transmission & storage ofinformation
7
-
7/31/2019 Network Security Chapter 1
5/29
Aspects of Security
consider 3 aspects of information security:
security attack
security mechanism
security service
8
-
7/31/2019 Network Security Chapter 1
6/29
OSI SECURITY ARCHITECTURE
Security architecture for OSI offers a systematic way of defining security
requirements and characterizing the approaches to achieve these requirements.
It was developed as an international standard. (ITU)
The OSI security architecture focus on security attack, mechanism, and services.
These can be defined briefly as fallows:
Security Attack:Any action that compromise the security of information owned byan organization.
Security Mechanism: A process that is designed to detect, prevent or recover froma security attack. And security mechanism is a method which is used to protect you
message from unauthorized entity.
Security Services: Security Services is the services to implement security policies
and implemented by security mechanism.
-
7/31/2019 Network Security Chapter 1
7/29
Security Attack any action that compromises the security of
information owned by an organization information security is about how to prevent attacks,
or failing that, to detect attacks on information-based
systems
often threat& attackused to mean same thing
have a wide range of attacks
10
Information
Source
Information
Destination
(Normal Flow)
-
7/31/2019 Network Security Chapter 1
8/29
11
Interruption:
Any asset of the system is destroyed or becomes
unavailable or unusable.Ex. Destroying some H/W
-Cutting the communication link
-Disabling file system
Information
Source
Information
Destination
(Interruption)
-
7/31/2019 Network Security Chapter 1
9/29
12
Interception:
An unauthorized user group access to an asset. This is
a attack on confidentiality.Ex. Wiretapping to capture data in network.
-Unauthorized copying of files or programs.Wiretapping-(Connect a device to listen secretly monitor)
Information
Source
Information
Destination
(Interception)
-
7/31/2019 Network Security Chapter 1
10/29
13
Modification:
An unauthorized party gains access and tampers an
asset. This is attack on integrity.Ex. Changing data files.
-Altering a program or the contents of a
message.
Information
Source
Information
Destination
(Modification)
-
7/31/2019 Network Security Chapter 1
11/29
14
Fabrication:
An unauthorized party inserts counterfeit object into the
system. This is a attack on authenticity.Ex. Insertion of records in data files.
-Insertion of spurious messages.Counterfeit illegally imitate (copy)
Spurious fake
Information
Source
Information
Destination
(Fabrication)
-
7/31/2019 Network Security Chapter 1
12/29
15
Type of Attacks :- (i) Passive Attacks
(ii) Active Attacks
Passive Attacks :
A Passive Attack is an attack where an unauthorizedattacker monitors or listens communication between twoparties.
Eavesdropping or monitoring of information transmissions
without modifying it.Eavesdropping Secretly listen to a conversation
Type of Passive Attacks
(i)Release of Message contents(ii)Traffic analysis
-
7/31/2019 Network Security Chapter 1
13/29
Passive Attacks
16
-
7/31/2019 Network Security Chapter 1
14/29
17
(i) Release of Message contents :
Attack on like telephone conversation, an email
message, or a transferred file have confidential
information.
(ii) Traffic Analysis :
Traffic analysis is a interception of message withoutmodification, actually find the location of data and
identity of communicating host and observe the
frequency and length of messages.
-
7/31/2019 Network Security Chapter 1
15/29
Active Attacks
18
-
7/31/2019 Network Security Chapter 1
16/29
19
Active Attack:
Active attack means that the attackers actively
attempting to cause harm to a network or system.
The attacker is not just monitoring on the traffic butdisturb or shutdown a service.
Types of Active attacks
Masquerade Attack :- It is a type ofattack in which one system assumes
the identity of another. (false identity)
Message Replay :- It involves the re-use
of captured data at a later time thanoriginally intended in order to repeat
some action of benefit to the attacker.
-
7/31/2019 Network Security Chapter 1
17/29
20
Active Attack cont
1. Message Modification :- It involve modifying a packetheader address for the purpose of directing it to anunintended destination or modifying the user data.
2. Denial of Service (DoS):- It is a type of attack on anetwork that is designed to bring the network to itsknees by flooding it with useless traffic. (Ex-Ping of death (bugsin TCP/IP implementation)
Internet or other
comms facility
Disrupts service
provided by server
Server
-
7/31/2019 Network Security Chapter 1
18/29
Security Service
enhance security of data processing systems and
information transfers of an organization
intended to counter security attacks
using one or more security mechanisms often replicates functions normally associated with
physical documents
which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction; benotarized or witnessed; be recorded or licensed
21
-
7/31/2019 Network Security Chapter 1
19/29
Security Services
X.800:a service provided by a protocol layer of
communicating open systems, which ensuresadequate security of the systems or of data
transfers X.800 is a information processingsystem open systems interconnection
RFC 2828:
a processing or communication service provided bya system to give a specific kind of protection tosystem resources
22
-
7/31/2019 Network Security Chapter 1
20/29
Security Services (X.800)
Authentication This service concerned withassuring that a communication is authentic.
Authentication verify that who you are ?
Authorization verify that what you are authorized to do ?
Access Control is the ability to limit and controlthe access to host systems and application viacommunication links.
Data Confidentialityis the protection oftransmitted data from the assurance to an entity thatone can read a particular piece of data except thereceiver explicitly intended.
23
-
7/31/2019 Network Security Chapter 1
21/29
24
Data Integrity In integrity service that a messageassures that messages are received as sent, with no
duplication, insertion, modification, reordering orreplays.
Non-Repudiation means the ability to prove thattransaction originated from a particular party, so thatparty cannot deny that he performed a certain
transaction. A receiver cannot deny that received acertain message from a sender and sender cannotdeny that he sent a message to the receiver.
-
7/31/2019 Network Security Chapter 1
22/29
Security Mechanism
feature designed to detect, prevent, or recoverfrom a security attack
no single mechanism that will support allservices required
however one particular element underliesmany of the security mechanisms in use:
cryptographic techniques
hence our focus on this topic
25
-
7/31/2019 Network Security Chapter 1
23/29
Security Mechanisms (X.800)
specific security mechanisms: encipherment, digital signatures, access controls,
data integrity, authentication exchange, trafficpadding, routing control, notarization
pervasive security mechanisms: trusted functionality, security labels, event
detection, security audit trails, security recovery
26
-
7/31/2019 Network Security Chapter 1
24/29
-
7/31/2019 Network Security Chapter 1
25/29
Model for Network Security
28
-
7/31/2019 Network Security Chapter 1
26/29
Model for Network Security
using this model requires us to:1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by thealgorithm
3. develop methods to distribute and share the secretinformation
4. specify a protocol enabling the principals to use thetransformation and secret information for a securityservice
29
-
7/31/2019 Network Security Chapter 1
27/29
Model for Network Access Security
30
Password based loginprocedures,
unauthorized users,
virus, spyware attack
-
7/31/2019 Network Security Chapter 1
28/29
Model for Network Access Security
using this model requires us to:1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only
authorised users access designated informationor resources
trusted computer systems may be useful tohelp implement this model
31
-
7/31/2019 Network Security Chapter 1
29/29
Summary
have considered: definitions for:
computer, network, internet security
X.800 standard security attacks, services, mechanisms
models for network (access) security
32