Download Network security - Pravin Shetty > Resume

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
Document related concepts

Information security wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
Network
security
Look at the
surroundings before
you leap
Lecturers

PRAVIN SHETTY – 990 31945,B3.35
[email protected]
Topics

Basic principles (Access Control /Authentication/Models of threat & Practical
Countermeasures).
Security issues over LANS & WANS[Earlier Models & Current Solutions].
Public key encryptions/ PKI/Digital signatures/Kerberos
Unix security [Internet=TCP/IP Security—VPNs/Firewalls.
Intrusion detection systems.
Security in E-Commerce and banking, Including WWW, EDI , EFT,ATM.

References:








Computer Security—Dieter Gollman
Network and Internetwork Security---William Stallings.
Open Systems Networking—David M Piscitello/ A Lyman Chapin.
Today’s lecture is





Domain of network security
Taxonomy of security attacks
Aims or services of security
Model of internetwork security
Methods of defence
Security

Human nature

physical, financial, mental,…, data and information
security
Information Security

1. Shift from the physical security to the
protection of data and to thwart hackers (by
means of automated software tools) – called
computer security
Network Security

2. With the widespread use of distributed
systems and the use of networks and
communications require protection of data
during transmission – called
network security
Internetwork security

The term Network Security may be misleading,
because virtually all business, govt, and academic
organisations interconnect their data processing
equipment with a collection of interconnected
networks – probably we should call it as
internetwork security
Aspects of information security



Security attack – any action that compromises
the security of information.
Security mechanism – to detect, prevent, or
recover from a security attack.
Security service – service that enhances and
counters security attacks.
Security mechanisms


No single mechanism that can provide the
services mentioned in the previous slide.
However one particular aspect that underlines
most (if not all) of the security mechanism is
the cryptographic techniques.
Encryption or encryption-like transformation of
information are the most common means of
providing security.
Why Internetwork Security?





Internetwork security is not simple as it might first
appear.
In developing a particular security measure one has to
consider potential countermeasures.
Because of the countermeasures the problem itself
becomes complex.
Once you have designed the security measure, it is
necessary to decide where to use them.
Security mechanisms usually involve more than a
particular algorithm or protocol.
Security Attacks - Taxonomy




Interruption – attack on availability
Interception – attack on confidentiality
Modification – attack on integrity
Fabrication – attack on authenticity
Property
that is
compromised
Interruption



also known as denial of services.
Information resources (hardware, software and
data) are deliberately made unavailable, lost or
unusable, usually through malicious destruction.
e.g: cutting a communication line, disabling a file
management system, etc.
Interception



also known as un-authorised access.
Difficult to trace as no traces of intrusion might
be left.
E.g: illegal eavesdropping or wiretapping or
sniffing, illegal copying.
Modification


also known as tampering a resource.
Resources can be data, programs, hardware
devices, etc.
Fabrication



also known as counterfeiting.
Allows to by pass the authenticity checks.
e.g: insertion of spurious messages in a
network, adding a record to a file, counterfeit
bank notes, fake cheques,…
Security Attacks - Taxonomy
Information
Source
Information
Destination
Normal
Information
Source
Information
Destination
Interruption
Information
Source
Information
Destination
Modification
Information
Source
Information
Destination
Interception
Information
Source
Information
Destination
Fabrication
Attacks – Passive types



Passive (interception) – eavesdropping on,
monitoring of, transmissions.
The goal is to obtain information that is being
transmitted.
Types here are: release of message contents and
traffic analysis.
Attacks – Active types

Involve modification of the data stream or
creation of a false stream and can be subdivided
into – masquerade, replay, modification of
messages and denial of service.
Attacks
Active
Passive
Interception
(confidentiality)
Release of
Message
contents
Interruption
(availability)
Traffic
analysis
Modification
(integrity)
Fabrication
(integrity)
Security services






Confidentiality
Authentication
Integrity
Non-repudiation
Access control
Availability
Model for internetwork security
Trusted
Third party
Principal
Principal
Message
Message
Information channel
Secret
information
Opponent
Gate
Keeper
Secret
information
Methods of defence (1)

Modern cryptology


Encryption, authentication code, digital signature,etc.
Software controls
Standard development tools (design, code, test,
maintain,etc)
 Operating systems controls
 Internal program controls (e.g: access controls to
data in a database)
 Fire walls

Methods of defence (2)

Hardware controls


Physical controls




Security devices, smart cards, …
Lock, guards, backup of data and software, thick
walls, ….
Security polices and procedures
User education
Law
Related documents
No Slide Title
No Slide Title
Honeynet Project
Honeynet Project
Systems Security
Systems Security
Research Areas - The George Washington University
Research Areas - The George Washington University
ImageLock PDF
ImageLock PDF
dos_nanog
dos_nanog
Heart Attack - Coffee Regional Medical Center
Heart Attack - Coffee Regional Medical Center
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS)
Skating on Stilts
Skating on Stilts
Chapter 1 Exploring the Network
Chapter 1 Exploring the Network
7.4.1 Follow Data Through an Internetwork
7.4.1 Follow Data Through an Internetwork
TS 133 107
TS 133 107