1. Introduction to Network security

8/18/2019 1. Introduction to Network security

1/34

Network Security

1. Introduction


2/34

Things you need to know …

Instructor: Dr. Rehan Qureshi

Office: C!"1

#$ai%:

ri&ureshi'g$ai%.co$(ri&ureshi'ssuet.edu.)k Student Consu%tation:

Take a))oint$ent *efore $eeting( )refera*%y

+ia e$ai%RQ ,


3/34


-ooks: Cry)togra)hy and Network Security

i%%ia$ Sta%%ings

Cry)togra)hy and Network Security -ehrou/ 0. orou/an

Course o%der: htt)s:dri+e.goog%e.co$fo%der+iew2

id3"-40tti5k67y7S%h-8-&9$k4dDQu

s)3sharing

RQ ;


4/34


The %ecture s%ides )ro+ide on%y the

out%ine of the %ecture. These out%ines are

not a su*stitute for c%ass attendance andnote taking. 9ore i$)ortant%y( these

out%ines are not a su*stitute for the te4t

*ook.In order to )ass the course …

.

RQ ?


5/34

Contents

Security @oa%s

Security 0ttacks

Security Ser+ices

Security 9echanis$s

Security Techni&ues

Security 9ode%s

RQ 5


6/34

Security

The ter$ AsecurityB is used in the

sense of $ini$i/ing the +u%nera*i%ities

of assets and resources. 0n asset is anything of +a%ue.

0 +u%nera*i%ity is any weakness that

cou%d *e e4)%oited to +io%ate a syste$or the infor$ation it contains.

RQ


7/34

The infor$ation stored in )hysica% for$

re&uires )hysica% security $echanis$s

e.g. rugged fi%ing ca*inets for )a)er*ased fi%ing syste$s

ith co$)uters $anaging the $ost of

the infor$ation( too%s are re&uired for 1. Co$)uter security

,. Network or Internet security

Infor$ation security

RQ


8/34

Co$)uter security

The co%%ection of too%s designed to

)rotect data on co$)uters

RQ E


9/34


10/34

Security @oa%s

RQ 1"


11/34

Security @oa%s

Confidentia%ity Frotection of data fro$

unauthori/ed disc%osure

Integrity 0ssurance that data recei+ed is as

sent *y an authori/ed entity.

0+ai%a*i%ity The infor$ation created and stored

*y an organi/ation needs to *e

a+ai%a*%e to authori/ed entities.RQ 11


12/34

1,

Security 0ttacks or Threats

0n attack is an action that co$)ro$ises

the security GConfidentia%ity( 0+ai%a*i%ity(

IntegrityH of infor$ation. 0 threat is a danger which cou%d affect

the security of infor$ation( %eading to

)otentia% %oss or da$age. Often attack threat are used

synony$ous%y.

RQ


13/34

Security 0ttacks

RQ 1;


14/34

0ttacks Threatening

Confidentia%ity

Snooping unauthori/ed access to or

interce)tion of data.

Traffic Analysis O*tain so$einfor$ation *y $onitoring on%ine traffic.

RQ 1?


15/34

0ttacks Threatening Integrity

Modification the attacker interce)ts

the $essage and changes it.

Masquerading or spoofing ha))enswhen the attacker i$)ersonates

so$e*ody e%se.

RQ 15


16/34

0ttacks Threatening Integrity

Replaying the attacker o*tains a

co)y of a $essage sent *y a user and

%ater tries to re)%ay it. Repudiation

sender of the $essage $ight %ater deny

that she has sent the $essageJ the recei+er of the $essage $ight %ater

deny that he has recei+ed the $essage

RQ 1


17/34

0ttacks Threatening 0+ai%a*i%ity

Denial of service (DoS) It $ay s%ow

down or tota%%y interru)t the ser+ice of

a syste$.

RQ 1


18/34

Fassi+e +s. 0cti+e 0ttacks

Fassi+e attack: attackerKs goa% is 8ust to o*tain

infor$ation

the attack does not $odify data or har$

the syste$

difficu%t to detect

0cti+e attack: $ay change the data or har$ the syste$

easier to detect than to )re+entRQ 1E


19/34

Fassi+e +s. 0cti+e 0ttacks

RQ 16


20/34

OSI Security 0rchitecture

IT7!T L.E"" ASecurity 0rchitecture for

OSIB

defines a syste$atic way of definingand )ro+iding security re&uire$ents

s)ecia%%y( it defines security ser+ices

re%ated to security goa%s( and security$echanis$s to )ro+ide these security

ser+icesRQ ,"


21/34

Security Ser+ices and

9echanis$s Security Service

0 ser+ice that enhances the security of data

)rocessing syste$s infor$ation transfers.

Security Mechanism 0 $echanis$ that is designed to detect(

)re+ent or reco+er fro$ a security attack.

0 $echanis$ or co$*ination of$echanis$s are used to )ro+ide a ser+ice.

0 $echanis$ can *e used in one or $ore

ser+ices.RQ ,1


22/34

Security Ser+ices

IT7!T L.E"" has defined fi+e co$$on

ser+ices re%ated to security goa%s:

RQ ,,


23/34

Security Ser+ices

Data Confidentiality designed to

)rotect data fro$ disc%osure attack.

Data Integrity designed to )rotectdata fro$ $odification( insertion(

de%etion and re)%aying *y an ad+ersary.

Authentication This ser+ice )ro+idesthe authentication of the )arty at the

other end of the %ine

RQ ,;


24/34

Security Ser+ices

onrepudiation Ser+ice )rotects

against re)udiation *y either the

sender or the recei+er of the dataG)roof of origin and )roof of de%i+eryH.

Access Control )ro+ides )rotectionagainst unauthori/ed access to data.

RQ ,?


25/34

Security 9echanis$s

IT7!T L.E""

a%so definesso$e security

$echanis$s to

)ro+ide thesecurity ser+ices

RQ ,5


26/34

Re%ationshi) *etween Ser+ices

and 9echanis$s

RQ ,

R % ti hi *t S i 9 h i


27/34

Re%ationshi) *tw Ser+ices 9echanis$s

RQ ,


28/34

Re%ationshi) *tw Ser+ices OSI ayers

RQ ,E


29/34

Techni&ues

9echanis$s discussed so far are on%y

theoretica% reci)es to i$)%e$ent

security. The actua% i$)%e$entation of security

goa%s needs so$e techni&ues.

Two techni&ues are )re+a%ent today: Cry)togra)hy ocus of this course

Steganogra)hyRQ ,6


30/34

Cry)togra)hy

Cry)togra)hy( a word with @reek

origins( $eans Asecret writing.B

=owe+er( we use the ter$ to refer tothe science and art of transfor$ing

$essages to $ake the$ secure and

i$$une to attacks.

RQ ;"


31/34

Steganogra)hy

The word steganogra)hy( with origin in

@reek( $eans Aco+ered writing(B in

contrast with cry)togra)hy( which$eans Asecret writing.B

RQ ;1

Example: covering data under color image


32/34

9ode% for Network Security

RQ ;,


33/34

9ode% for Network 0ccess

Security

RQ ;;


34/34

Su$$ary

=a+e considered: Infor$ation security

Security attacks( ser+ices( $echanis$s Security techni&ues

9ode%s for network GaccessH security

RQ ;?

1. Introduction to Network security

Documents

Transcript of 1. Introduction to Network security