Anda di halaman 1dari 34

Network Security

1. Introduction

Things you need to know

Instructor:

Office:

CF-01

Email:

Dr. Rehan Qureshi

riqureshi@gmail.com,riqureshi@ssuet.edu.pk

Student Consultation:

RQ

Take appointment before meeting, preferably


via email
2

Things you need to know

Books:

Cryptography and Network Security

Cryptography and Network Security

Behrouz A. Forouzan

Course Folder:

RQ

William Stallings

https://drive.google.com/folderview?
id=0BxAtti5k9UyUSlhBWjBqMmkxdDQ&u
sp=sharing
3

Things you need to know


The lecture slides provide only the
outline of the lecture. These outlines are
not a substitute for class attendance and
note taking. More importantly, these
outlines are not a substitute for the text
book.
In order to pass the course
YOU MUST STUDY FROM THE BOOK.
RQ

Contents

RQ

Security Goals
Security Attacks
Security Services
Security Mechanisms
Security Techniques
Security Models
5

Security

RQ

The term security is used in the


sense of minimizing the vulnerabilities
of assets and resources.
An asset is anything of value.
A vulnerability is any weakness that
could be exploited to violate a system
or the information it contains.
6

Information security

The information stored in physical form


requires physical security mechanisms

With computers managing the most of


the information, tools are required for
1.
2.

RQ

e.g. rugged filing cabinets for paper


based filing systems

Computer security
Network or Internet security
7

Computer security

RQ

The collection of tools designed to


protect data on computers

Network security

RQ

Network or Internet security consists of


measures to prevent, detect, and
correct security violations that involve
the transmission of information

Security Goals

RQ

10

Security Goals

Confidentiality

Integrity

Protection of data from


unauthorized disclosure
Assurance that data received is as
sent by an authorized entity.

Availability

RQ

The information created and stored


by an organization needs to be
available to authorized entities.

11

Security Attacks or Threats

An attack is an action that compromises


the security (Confidentiality, Availability,
Integrity) of information.
A threat is a danger which could affect
the security of information, leading to
potential loss or damage.
Often attack & threat are used
synonymously.
RQ

12

Security Attacks

RQ

13

Attacks Threatening
Confidentiality

RQ

Snooping unauthorized access to or


interception of data.
Traffic Analysis Obtain some
information by monitoring online traffic.

14

Attacks Threatening Integrity

RQ

Modification the attacker intercepts


the message and changes it.
Masquerading or spoofing happens
when the attacker impersonates
somebody else.

15

Attacks Threatening Integrity

Replaying the attacker obtains a


copy of a message sent by a user and
later tries to replay it.
Repudiation

RQ

sender of the message might later deny


that she has sent the message;
the receiver of the message might later
deny that he has received the message
16

Attacks Threatening Availability

RQ

Denial of service (DoS) It may slow


down or totally interrupt the service of
a system.

17

Passive vs. Active Attacks

Passive attack:

Active attack:

RQ

attackers goal is just to obtain


information
the attack does not modify data or harm
the system
difficult to detect
may change the data or harm the system
easier to detect than to prevent
18

Passive vs. Active Attacks

RQ

19

OSI Security Architecture

RQ

ITU-T X.800 Security Architecture for


OSI
defines a systematic way of defining
and providing security requirements
specially, it defines security services
related to security goals, and security
mechanisms to provide these security
services
20

Security Services and


Mechanisms

Security Service

A service that enhances the security of data


processing systems & information transfers.

Security Mechanism

RQ

A mechanism that is designed to detect,


prevent or recover from a security attack.
A mechanism or combination of
mechanisms are used to provide a service.
A mechanism can be used in one or more
services.
21

Security Services

RQ

ITU-T X.800 has defined five common


services related to security goals:

22

Security Services

Data Confidentiality designed to


protect data from disclosure attack.
Data Integrity designed to protect
data from modification, insertion,
deletion and replaying by an adversary.
Authentication This service provides
the authentication of the party at the
other end of the line
RQ

23

Security Services

Nonrepudiation Service protects


against repudiation by either the
sender or the receiver of the data
(proof of origin and proof of delivery).

Access Control provides protection


against unauthorized access to data.

RQ

24

Security Mechanisms
ITU-T X.800
also defines
some security
mechanisms to
provide the
security services
RQ

25

Relationship between Services


and Mechanisms

RQ

26

Relationship btw Services & Mechanisms


Y=Yes, the mechanism is considered to be appropriate, either on its
own or in combination with other mechanisms [ITU-T X.800]

RQ

27

Relationship btw Services & OSI Layers

Y=Yes, service could be incorporated in the standards for the layer as a


provider option [ITU-T X.800]

RQ

28

Techniques

Mechanisms discussed so far are only


theoretical recipes to implement
security.
The actual implementation of security
goals needs some techniques.
Two techniques are prevalent today:

RQ

Cryptography Focus of this course


Steganography
29

Cryptography

RQ

Cryptography, a word with Greek


origins, means secret writing.
However, we use the term to refer to
the science and art of transforming
messages to make them secure and
immune to attacks.

30

Steganography

The word steganography, with origin in


Greek, means covered writing, in
contrast with cryptography, which
means secret writing.
Example: covering data under color image

RQ

31

Model for Network Security

RQ

32

Model for Network Access


Security

RQ

33

Summary

Have considered:

RQ

Information security
Security attacks, services, mechanisms
Security techniques
Models for network (access) security

34