Network Security Philosophy &...
Transcript of Network Security Philosophy &...
![Page 1: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/1.jpg)
2/24/15 Dr. Enis Karaarslan 1
Network SecurityPhilosophy & Introduction
Dr. Enis Karaarslan
Muğla University
Computer Engineering
Department
Netseclab.mu.edu.tr
![Page 2: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/2.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 2
![Page 3: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/3.jpg)
SECURITYPHILOSPHY
2/24/15 Ar. Gör. Enis Karaaslan 3
![Page 4: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/4.jpg)
Computer & Network Security has similarities with the security in normal life.
2/24/15 Ar. Gör. Enis Karaaslan 4
![Page 5: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/5.jpg)
There is no such thing as %100 Security
2/24/15 Ar. Gör. Enis Karaaslan 5
![Page 6: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/6.jpg)
Security at the gates only, is not enough
2/24/15 Ar. Gör. Enis Karaaslan 6
![Page 7: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/7.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 7
A chain is only as strong as its weakest link
![Page 8: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/8.jpg)
As there is no %100 security …So give up?
A possible solution:Use more than one chain
2/24/15 Ar. Gör. Enis Karaaslan 8
![Page 9: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/9.jpg)
MULTI LAYER SECURITY
2/24/15 Ar. Gör. Enis Karaaslan 9
![Page 10: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/10.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 10
![Page 11: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/11.jpg)
Security x Usability
2/24/15 Ar. Gör. Enis Karaaslan 11
![Page 12: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/12.jpg)
Value of Assets and Expenditures
What is the VALUE of your asset (data, prestige …)?
Keep in mind that Security expenditures should not be
greater than the value of the assets
2/24/15 Ar. Gör. Enis Karaaslan 12
![Page 13: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/13.jpg)
Risk Analysis
Risk analysis is essential If the risk is too low, that/some
precaution(s) can be cancelled …
2/24/15 Ar. Gör. Enis Karaaslan 13
![Page 14: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/14.jpg)
False Sense of Security
A “false sense of security” is worse than “a true sense of insecurity”.
Solution:Never think your system is secure.
2/24/15 Ar. Gör. Enis Karaaslan 14
![Page 15: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/15.jpg)
No Template Which Suits All
There is no templates which suits all. There is a different solution for
different organizations• Different needs• Different assets
2/24/15 Ar. Gör. Enis Karaaslan 15
![Page 16: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/16.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 16
To win a war,one must know the way
Sun TzuThe Art of War
![Page 17: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/17.jpg)
Security is a process, not a product.Bruce Schneier
2/24/15 Ar. Gör. Enis Karaaslan 17
![Page 18: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/18.jpg)
MONITOR
The system should be monitored for intrusions
And immediate action should be taken at attacks
2/24/15 Ar. Gör. Enis Karaaslan 18
![Page 19: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/19.jpg)
Warn The Attacker
2/24/15 Ar. Gör. Enis Karaaslan 19
![Page 20: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/20.jpg)
Try to Buy time for …
Make attacking difficult for … • Discovery of the attack• Take measures
Make decryption difficult so that• The data is not valid or valuable any
more.
2/24/15 Ar. Gör. Enis Karaaslan 20
![Page 21: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/21.jpg)
Network Awareness
Know your enemy (?) Know yourself,
• know your assets• know what to protect
Know your systems more than the attacker
2/24/15 Ar. Gör. Enis Karaaslan 21
![Page 22: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/22.jpg)
FUNDAMENTALS
2/24/15 Ar. Gör. Enis Karaaslan 22
![Page 23: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/23.jpg)
INFORMATION SYSTEM
Information System and Security
ATTACKER
VULNERABILITY
ATTACK
USERS
SECURITYMEASURES
![Page 24: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/24.jpg)
Vulnerable Systems
The systems are vulnerable• Mainly because of bad coding• Must be patched (but can not be done
rapidly as they should)• False sense of security
2/24/15 Ar. Gör. Enis Karaaslan 24
![Page 25: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/25.jpg)
A vulnerability timeline …
![Page 26: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/26.jpg)
The Attacker/Intruder
The attacker can be called as:Lamer, intruder, attacker … (wrongly used as hacker also)
Also secret organizations? Also companies(serious antivirus/defence economy)
2/24/15 Ar. Gör. Enis Karaaslan 26
![Page 27: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/27.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 27
Hacker /Lamer /Attacker …
Hacker is used as attacker/lamer, in the meaning:
The intruder, who gets in your system and intends to use for his/her own aims.
![Page 28: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/28.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 28
The Attacker
The attackers strength is Dedication• Will not stop until he/she gets in• Can use the computer for days long sleepless• Knows the vulnerabilities of systems
![Page 29: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/29.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 29
![Page 30: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/30.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 30
Network Security Assets
Network Security Overall• Network Awareness• Firewall, Intrusion Detection Systems … etc• More …
Host (Computer/Server/NW Device) Security• Physical Security
• OS and Application Security• User Management
Encryption
![Page 31: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/31.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 31
Firewall
![Page 32: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/32.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 32
Firewall Basics
Rule based access control between networks.
Software/hardware based Architecture
• Static Packet Filtering• Dynamic Packet Filtering (Statefull
inspection)• Application Level Protection
Logging and alert capabilities
![Page 33: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/33.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 33
Encryption
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people.
(Encryption x Decryption)
![Page 34: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/34.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 34
Encryption Two different methods (according to key use)
• Conventional– Two keys are the same• Asymetric – (Public Key Encryption) –
Key pair (public, private)
![Page 35: Network Security Philosophy & Introductionwiki.netseclab.mu.edu.tr/images/8/88/Ceng3544-Network_Security_Basics.pdf · 2/24/15 Dr. Enis Karaarslan 1 Network Security Philosophy &](https://reader031.fdocuments.in/reader031/viewer/2022041514/5e29c09c1226001c94281d6b/html5/thumbnails/35.jpg)
2/24/15 Ar. Gör. Enis Karaaslan 35
Encryption
To decyrpt an encrypted data• How much time?• How much Processing (Computing power)?
The science which deals with encryption is Cryptology