network security chapter 1

7/31/2019 Network Security Chapter 1

1/29

What is Security ?

Security is the degree of protection againstdanger, damage, loss, and crime.

4

Security =

PROTECTION OF DATA


2/29

Background

Information Security requirements have changed inrecent times

traditionally provided by physical and administrativemechanisms

computer use requires automated tools to protectfiles and other stored information

use of networks and communications links requiresmeasures to protect data during transmission

5


3/29

Definitions Computer Security - generic

name for the collection of toolsdesigned to protect data fromhackers

Network Security - measures to

protect data during theirtransmission

Internet Security - measures toprotect data during their

transmission over a collection ofinterconnected networks

6


4/29

Aim of Course

our focus is on Internet Security

which consists of measures to deter, prevent,

detect, and correct security violations that

involve the transmission & storage ofinformation

7


5/29

Aspects of Security

consider 3 aspects of information security:

security attack

security mechanism

security service

8


6/29

OSI SECURITY ARCHITECTURE

Security architecture for OSI offers a systematic way of defining security

requirements and characterizing the approaches to achieve these requirements.

It was developed as an international standard. (ITU)

The OSI security architecture focus on security attack, mechanism, and services.

These can be defined briefly as fallows:

Security Attack:Any action that compromise the security of information owned byan organization.

Security Mechanism: A process that is designed to detect, prevent or recover froma security attack. And security mechanism is a method which is used to protect you

message from unauthorized entity.

Security Services: Security Services is the services to implement security policies

and implemented by security mechanism.


7/29

Security Attack any action that compromises the security of

information owned by an organization information security is about how to prevent attacks,

or failing that, to detect attacks on information-based

systems

often threat& attackused to mean same thing

have a wide range of attacks

10

Information

Source

Information

Destination

(Normal Flow)


8/29

11

Interruption:

Any asset of the system is destroyed or becomes

unavailable or unusable.Ex. Destroying some H/W

-Cutting the communication link

-Disabling file system

Information

Source

Information

Destination

(Interruption)


9/29

12

Interception:

An unauthorized user group access to an asset. This is

a attack on confidentiality.Ex. Wiretapping to capture data in network.

-Unauthorized copying of files or programs.Wiretapping-(Connect a device to listen secretly monitor)

Information

Source

Information

Destination

(Interception)


10/29

13

Modification:

An unauthorized party gains access and tampers an

asset. This is attack on integrity.Ex. Changing data files.

-Altering a program or the contents of a

message.

Information

Source

Information

Destination

(Modification)


11/29

14

Fabrication:

An unauthorized party inserts counterfeit object into the

system. This is a attack on authenticity.Ex. Insertion of records in data files.

-Insertion of spurious messages.Counterfeit illegally imitate (copy)

Spurious fake

Information

Source

Information

Destination

(Fabrication)


12/29

15

Type of Attacks :- (i) Passive Attacks

(ii) Active Attacks

Passive Attacks :

A Passive Attack is an attack where an unauthorizedattacker monitors or listens communication between twoparties.

Eavesdropping or monitoring of information transmissions

without modifying it.Eavesdropping Secretly listen to a conversation

Type of Passive Attacks

(i)Release of Message contents(ii)Traffic analysis


13/29

Passive Attacks

16


14/29

17

(i) Release of Message contents :

Attack on like telephone conversation, an email

message, or a transferred file have confidential

information.

(ii) Traffic Analysis :

Traffic analysis is a interception of message withoutmodification, actually find the location of data and

identity of communicating host and observe the

frequency and length of messages.


15/29

Active Attacks

18


16/29

19

Active Attack:

Active attack means that the attackers actively

attempting to cause harm to a network or system.

The attacker is not just monitoring on the traffic butdisturb or shutdown a service.

Types of Active attacks

Masquerade Attack :- It is a type ofattack in which one system assumes

the identity of another. (false identity)

Message Replay :- It involves the re-use

of captured data at a later time thanoriginally intended in order to repeat

some action of benefit to the attacker.


17/29

20

Active Attack cont

1. Message Modification :- It involve modifying a packetheader address for the purpose of directing it to anunintended destination or modifying the user data.

2. Denial of Service (DoS):- It is a type of attack on anetwork that is designed to bring the network to itsknees by flooding it with useless traffic. (Ex-Ping of death (bugsin TCP/IP implementation)

Internet or other

comms facility

Disrupts service

provided by server

Server


18/29

Security Service

enhance security of data processing systems and

information transfers of an organization

intended to counter security attacks

using one or more security mechanisms often replicates functions normally associated with

physical documents

which, for example, have signatures, dates; need

protection from disclosure, tampering, or destruction; benotarized or witnessed; be recorded or licensed

21


19/29

Security Services

X.800:a service provided by a protocol layer of

communicating open systems, which ensuresadequate security of the systems or of data

transfers X.800 is a information processingsystem open systems interconnection

RFC 2828:

a processing or communication service provided bya system to give a specific kind of protection tosystem resources

22


20/29

Security Services (X.800)

Authentication This service concerned withassuring that a communication is authentic.

Authentication verify that who you are ?

Authorization verify that what you are authorized to do ?

Access Control is the ability to limit and controlthe access to host systems and application viacommunication links.

Data Confidentialityis the protection oftransmitted data from the assurance to an entity thatone can read a particular piece of data except thereceiver explicitly intended.

23


21/29

24

Data Integrity In integrity service that a messageassures that messages are received as sent, with no

duplication, insertion, modification, reordering orreplays.

Non-Repudiation means the ability to prove thattransaction originated from a particular party, so thatparty cannot deny that he performed a certain

transaction. A receiver cannot deny that received acertain message from a sender and sender cannotdeny that he sent a message to the receiver.


22/29

Security Mechanism

feature designed to detect, prevent, or recoverfrom a security attack

no single mechanism that will support allservices required

however one particular element underliesmany of the security mechanisms in use:

cryptographic techniques

hence our focus on this topic

25


23/29

Security Mechanisms (X.800)

specific security mechanisms: encipherment, digital signatures, access controls,

data integrity, authentication exchange, trafficpadding, routing control, notarization

pervasive security mechanisms: trusted functionality, security labels, event

detection, security audit trails, security recovery

26


24/29


25/29

Model for Network Security

28


26/29

Model for Network Security

using this model requires us to:1. design a suitable algorithm for the security

transformation

2. generate the secret information (keys) used by thealgorithm

3. develop methods to distribute and share the secretinformation

4. specify a protocol enabling the principals to use thetransformation and secret information for a securityservice

29


27/29

Model for Network Access Security

30

Password based loginprocedures,

unauthorized users,

virus, spyware attack


28/29

Model for Network Access Security

using this model requires us to:1. select appropriate gatekeeper functions to

identify users

2. implement security controls to ensure only

authorised users access designated informationor resources

trusted computer systems may be useful tohelp implement this model

31


29/29

Summary

have considered: definitions for:

computer, network, internet security

X.800 standard security attacks, services, mechanisms

models for network (access) security

32

network security chapter 1

Documents