* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download download
Survey
Document related concepts
Multilevel security wikipedia , lookup
Unix security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Distributed firewall wikipedia , lookup
Cyberwarfare wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Information security wikipedia , lookup
Wireless security wikipedia , lookup
Security printing wikipedia , lookup
Airport security wikipedia , lookup
Mobile security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Security-focused operating system wikipedia , lookup
Transcript
Matakuliah Tahun Versi : H0242 / Keamanan Jaringan : 2006 :1 Pertemuan 02 Aspek dasar keamanan Jaringan dan ketentuan baku OSI 1 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : • Mahasiswa dapat menggunakan Aspek dasar keamanan jaringan dan ketentuan baku OSI untuk keamanan jaringan 2 Outline Materi • • • • Latar Belakang Network Security Trend Definisi Arsitektur OSI untuk Network Security 3 Why Is Security Important • Computers and networks are the nerves of the basic services and critical infrastructures in our society – Financial services and commerce – Transportation – Power grids – Etc. • Computers and networks are targets of attacks by our adversaries 4 Why Is Security Hard • The complexity of computers and networks • User expectation • User ignorance – Social engineering • Defense is inherently more expensive – Offense only needs the weakest link 5 Vulnerability Trends • Flaws can be found without source code – common: system call trace – new: subroutine call trace – protocols can be examined for vulnerabilities – program instabilities (buffer overflow, etc.) • Good news — the public & vendors becoming more security conscious • Patches now being released via Internet • Still untested — product liability 6 What is Security • Security is concerned with preventing undesired behavior – An enemy/opponent/hacker/adversary may be actively and maliciously trying to circumvent any protective measures you put in place 7 Goal • Security is always a trade-off • The goal should never be “to make the system as secure as possible”… • …but instead, “to make the system as secure as possible within certain constraints” (cost, usability, convenience) 8 Concerns • Detection and response – How do you know when you are being attacked? – How quickly can you stop the attack? – Can you prevent the attack from recurring? • Recovery – Can be much more important than prevention • Legal issues? 9 Definitions • Computer Security – generic name for the collection of tools designed to protect data and to thwart hackers • Network Security (Includes Internet Security) – measures to protect data during their transmission – measures to protect data during their transmission over a collection of interconnected networks – consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information 10 OSI Security Architecture • ITU-T X.800 Security Architecture for OSI • Defines a systematic way of defining and providing security requirements • International Standard • 5 Categories • 14 Services 11 Service Categories 1. Authentication • Peer-entity, Data-origin • Assurance that the communicating entity is the one claimed 2. Access Control • Prevention of the unauthorized use of a resource 3. Data Confidentiality • Connection, connectionless, selective-field, traffic-flow) • Protection of data from unauthorized disclosure 12 Service Categories 4. Data Integrity • Connection recovery, no-recovery, selective-field • Connectionless no-recovery,selective-field • assurance that data received is as sent by an authorized entity 5. Non Repudiation • origin, destination • protection against denial by one of the parties in a communication 13 Security Service – Something that enhances the security of the data processing systems and the information transfers of an organization – Intended to counter security attacks – Make use of one or more security mechanisms to provide the service – Replicate functions normally associated with physical documents • eg. have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed 14 Security Mechanism • A mechanism that is designed to detect, prevent, or recover from a security attack • No single mechanism that will support all functions required • One particular element underlies many of the security mechanisms in use: cryptographic techniques 15 Security Attack • Any action that compromises the security of information owned by an organization • Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems • Have a wide range of attacks • Can focus of generic types of attacks • note: often threat & attack mean same 16 Network Security Model 17 Network Access Security 18 Security Policies • A security policy is a statement that partitions the state of the system into a set of authorized (or secure) states, and a set of unauthorized (or nonsecure) states • A secure system is a system that starts in an authorized state and cannot enter an unauthorized state – A breach of security occurs when a system enters an unauthorized state 19