09-03-2011, 11:07 AM
Presented by:
Maaz bin ahmad.
[attachment=9840]
Network Security
• Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of interconnected networks
• Aim of Course
• our focus is on Internet Security
• consists of measures to prevent, detect, and correct security violations that involve the transmission of information.
Attacks, Services and Mechanisms
• Security Attack: Any action that compromises the security of information.
• Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
• Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
• Services, Mechanisms, Attacks
• need systematic way to define requirements
• consider three aspects of information security:
– security attack
– security mechanism
– security service
• consider in reverse order
• Security Service
– is something that enhances the security of the data processing systems and the information transfers of an organization.
– intended to counter security attacks.
– make use of one or more security mechanisms to provide the service.
• Security Services
• Authentication - assurance that the communicating entity is the one claimed
• Access Control - prevention of the unauthorized use of a resource
• Data Confidentiality –protection of data from unauthorized disclosure
• Data Integrity - assurance that data received is as sent by an authorized entity
• Non-Repudiation - protection against denial by one of the parties in a communication
Security Services
• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
– Denial of Service Attacks
– Virus that deletes files
Security Mechanism
• a mechanism that is designed to detect, prevent, or recover from a security attack
• no single mechanism that will support all functions required
• however one particular element underlies many of the security mechanisms in use: cryptographic techniques
• hence our focus on this area
• Security Mechanism
• specific security mechanisms:
– encipherment, digital signatures, access controls, authentication exchange, traffic padding, routing control etc..
Security Attack
• any action that compromises the security of information owned by an organization
• information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems
• have a wide range of attacks
• can focus of generic types of attacks
• note: often threat & attack mean same
Security Attacks
• Interruption: This is an attack on availability
• Interception: This is an attack on confidentiality
• Modification: This is an attack on integrity
• Fabrication: This is an attack on authenticity
• Classify Security Attacks as
• passive attacks - eavesdropping on, or monitoring of, transmissions to:
– obtain message contents, or
– monitor traffic flows
• active attacks – modification of data stream to:
– masquerade of one entity as some other
– replay previous messages
– modify messages in transit
– denial of service
Model for Network Security
• using this model requires us to:
– design a suitable algorithm for the security transformation
– generate the secret information (keys) used by the algorithm
– develop methods to distribute and share the secret information
– specify a protocol enabling the principals to use the transformation and secret information for a security service
Model for Network Access Security
• using this model requires us to:
– select appropriate gatekeeper functions to identify users
– implement security controls to ensure only authorised users access designated information or resources
Summary
• have considered:
– computer, network, internet security def’s
– security services, mechanisms, attacks
-- models for network (access) security
Maaz bin ahmad.
[attachment=9840]
Network Security
• Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of interconnected networks
• Aim of Course
• our focus is on Internet Security
• consists of measures to prevent, detect, and correct security violations that involve the transmission of information.
Attacks, Services and Mechanisms
• Security Attack: Any action that compromises the security of information.
• Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
• Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
• Services, Mechanisms, Attacks
• need systematic way to define requirements
• consider three aspects of information security:
– security attack
– security mechanism
– security service
• consider in reverse order
• Security Service
– is something that enhances the security of the data processing systems and the information transfers of an organization.
– intended to counter security attacks.
– make use of one or more security mechanisms to provide the service.
• Security Services
• Authentication - assurance that the communicating entity is the one claimed
• Access Control - prevention of the unauthorized use of a resource
• Data Confidentiality –protection of data from unauthorized disclosure
• Data Integrity - assurance that data received is as sent by an authorized entity
• Non-Repudiation - protection against denial by one of the parties in a communication
Security Services
• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
– Denial of Service Attacks
– Virus that deletes files
Security Mechanism
• a mechanism that is designed to detect, prevent, or recover from a security attack
• no single mechanism that will support all functions required
• however one particular element underlies many of the security mechanisms in use: cryptographic techniques
• hence our focus on this area
• Security Mechanism
• specific security mechanisms:
– encipherment, digital signatures, access controls, authentication exchange, traffic padding, routing control etc..
Security Attack
• any action that compromises the security of information owned by an organization
• information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems
• have a wide range of attacks
• can focus of generic types of attacks
• note: often threat & attack mean same
Security Attacks
• Interruption: This is an attack on availability
• Interception: This is an attack on confidentiality
• Modification: This is an attack on integrity
• Fabrication: This is an attack on authenticity
• Classify Security Attacks as
• passive attacks - eavesdropping on, or monitoring of, transmissions to:
– obtain message contents, or
– monitor traffic flows
• active attacks – modification of data stream to:
– masquerade of one entity as some other
– replay previous messages
– modify messages in transit
– denial of service
Model for Network Security
• using this model requires us to:
– design a suitable algorithm for the security transformation
– generate the secret information (keys) used by the algorithm
– develop methods to distribute and share the secret information
– specify a protocol enabling the principals to use the transformation and secret information for a security service
Model for Network Access Security
• using this model requires us to:
– select appropriate gatekeeper functions to identify users
– implement security controls to ensure only authorised users access designated information or resources
Summary
• have considered:
– computer, network, internet security def’s
– security services, mechanisms, attacks
-- models for network (access) security