network security network security. look at the surroundings before you leap
TRANSCRIPT
![Page 1: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/1.jpg)
Network Network securitysecurity
![Page 2: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/2.jpg)
Look at the Look at the surroundings surroundings
before you leapbefore you leap
![Page 3: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/3.jpg)
LecturersLecturers
PRAVIN SHETTY – 990 31945,B3.35 PRAVIN SHETTY – 990 31945,B3.35 [email protected]@infotech.monash.edu.auau
![Page 4: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/4.jpg)
TopicsTopics Basic principles (Access Control /Authentication/Models of threat Basic principles (Access Control /Authentication/Models of threat
& Practical Countermeasures).& Practical Countermeasures). Security issues over LANS & WANS[Earlier Models & Current Security issues over LANS & WANS[Earlier Models & Current
Solutions].Solutions]. Public key encryptions/ PKI/Digital signatures/KerberosPublic key encryptions/ PKI/Digital signatures/Kerberos Unix security [Internet=TCP/IP Security—VPNs/Firewalls.Unix security [Internet=TCP/IP Security—VPNs/Firewalls. Intrusion detection systems.Intrusion detection systems. Security in E-Commerce and banking, Including WWW, EDI , Security in E-Commerce and banking, Including WWW, EDI ,
EFT,ATM.EFT,ATM.
References:References: Computer Security—Dieter GollmanComputer Security—Dieter Gollman Network and Internetwork Security---William Stallings.Network and Internetwork Security---William Stallings. Open Systems Networking—David M Piscitello/ A Lyman Chapin.Open Systems Networking—David M Piscitello/ A Lyman Chapin.
![Page 5: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/5.jpg)
Today’s lecture isToday’s lecture is
Domain of network securityDomain of network security Taxonomy of security attacksTaxonomy of security attacks Aims or services of securityAims or services of security Model of internetwork securityModel of internetwork security Methods of defenceMethods of defence
![Page 6: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/6.jpg)
SecuritySecurity
Human natureHuman nature physical, financial, mental,…, data and physical, financial, mental,…, data and
information securityinformation security
![Page 7: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/7.jpg)
Information SecurityInformation Security
1. Shift from the physical security to 1. Shift from the physical security to the protection of data and to thwart the protection of data and to thwart hackers (by means of automated hackers (by means of automated software tools) – calledsoftware tools) – called computer securitycomputer security
![Page 8: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/8.jpg)
Network SecurityNetwork Security
2. With the widespread use of 2. With the widespread use of distributed systems and the use of distributed systems and the use of networks and communications networks and communications require protection of data during require protection of data during transmission – calledtransmission – called network securitynetwork security
![Page 9: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/9.jpg)
Internetwork securityInternetwork security
The term The term Network SecurityNetwork Security may be may be misleading, because virtually all misleading, because virtually all business, govt, and academic business, govt, and academic organisations interconnect their organisations interconnect their data processing equipment with a data processing equipment with a collection of interconnected collection of interconnected networks – probably we should call it networks – probably we should call it as as internetwork securityinternetwork security
![Page 10: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/10.jpg)
Aspects of information Aspects of information securitysecurity
Security attack – any action that Security attack – any action that compromises the security of compromises the security of information.information.
Security mechanism – to detect, Security mechanism – to detect, prevent, or recover from a security prevent, or recover from a security attack.attack.
Security service – service that Security service – service that enhances and counters security enhances and counters security attacks.attacks.
![Page 11: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/11.jpg)
Security mechanismsSecurity mechanisms
No single mechanism that can provide No single mechanism that can provide the services mentioned in the previous the services mentioned in the previous slide. However one particular aspect that slide. However one particular aspect that underlines most (if not all) of the security underlines most (if not all) of the security mechanism is the mechanism is the cryptographic cryptographic techniquestechniques..
Encryption or encryption-like Encryption or encryption-like transformation of information are the transformation of information are the most common means of providing most common means of providing security.security.
![Page 12: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/12.jpg)
Why Internetwork Why Internetwork Security?Security?
Internetwork security is not simple as it might Internetwork security is not simple as it might first appear.first appear.
In developing a particular security measure In developing a particular security measure one has to consider potential one has to consider potential countermeasures.countermeasures.
Because of the countermeasures the problem Because of the countermeasures the problem itself becomes complex.itself becomes complex.
Once you have designed the security Once you have designed the security measure, it is necessary to decide where to measure, it is necessary to decide where to use them.use them.
Security mechanisms usually involve more Security mechanisms usually involve more than a particular algorithm or protocol.than a particular algorithm or protocol.
![Page 13: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/13.jpg)
Security Attacks - Security Attacks - TaxonomyTaxonomy
Interruption – attack on Interruption – attack on availabilityavailability Interception – attack on Interception – attack on
confidentialityconfidentiality Modification – attack on Modification – attack on integrityintegrity Fabrication – attack on Fabrication – attack on authenticityauthenticity
Propertythat is
compromised
![Page 14: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/14.jpg)
InterruptionInterruption
also known as also known as denial of servicesdenial of services.. Information resources Information resources (hardware, (hardware,
software and data) are deliberately software and data) are deliberately made unavailable, lost or unusable, made unavailable, lost or unusable, usually through malicious usually through malicious destruction.destruction.
e.g: cutting a communication line, e.g: cutting a communication line, disabling a file management system, disabling a file management system, etc.etc.
![Page 15: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/15.jpg)
InterceptionInterception
also known as also known as un-authorised accessun-authorised access.. Difficult to trace as no traces of Difficult to trace as no traces of
intrusion might be left.intrusion might be left. E.g: illegal eavesdropping or E.g: illegal eavesdropping or
wiretapping or sniffing, illegal wiretapping or sniffing, illegal copying.copying.
![Page 16: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/16.jpg)
ModificationModification
also known as also known as tampering a tampering a resourceresource..
Resources can be data, programs, Resources can be data, programs, hardware devices, etc.hardware devices, etc.
![Page 17: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/17.jpg)
FabricationFabrication
also known as also known as counterfeitingcounterfeiting.. Allows to by pass the authenticity Allows to by pass the authenticity
checks.checks. e.g: insertion of spurious messages e.g: insertion of spurious messages
in a network, adding a record to a in a network, adding a record to a file, counterfeit bank notes, fake file, counterfeit bank notes, fake cheques,…cheques,…
![Page 18: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/18.jpg)
Security Attacks - Security Attacks - TaxonomyTaxonomy
InformationSource
InformationDestination
Normal
InformationSource
InformationDestination
Interruption
InformationSource
InformationDestination
Interception
InformationSource
InformationDestination
Modification
InformationSource
InformationDestination
Fabrication
![Page 19: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/19.jpg)
Attacks – Passive typesAttacks – Passive types
Passive (Passive (interceptioninterception) – ) – eavesdropping on, monitoring of, eavesdropping on, monitoring of, transmissions.transmissions.
The goal is to obtain information The goal is to obtain information that is being transmitted.that is being transmitted.
Types here are: release of message Types here are: release of message contents and traffic analysis.contents and traffic analysis.
![Page 20: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/20.jpg)
Attacks – Active typesAttacks – Active types
Involve modification of the data Involve modification of the data stream or creation of a false stream stream or creation of a false stream and can be subdivided into – and can be subdivided into – masquerade, replay, modification of masquerade, replay, modification of messages and denial of service.messages and denial of service.
![Page 21: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/21.jpg)
AttacksAttacks
Passive
Interception(confidentiality)
Release ofMessage contents
Trafficanalysis
Active
Modification(integrity)
Fabrication(integrity)
Interruption(availability)
![Page 22: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/22.jpg)
Security servicesSecurity services
ConfidentialityConfidentiality AuthenticationAuthentication IntegrityIntegrity Non-repudiationNon-repudiation Access controlAccess control AvailabilityAvailability
![Page 23: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/23.jpg)
Model for internetwork Model for internetwork securitysecurity
Information channel
Message Message
SecretinformationSecret
information
PrincipalPrincipal
Opponent
Trusted Third party
Gate Keeper
![Page 24: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/24.jpg)
Methods of defence (1)Methods of defence (1)
Modern cryptologyModern cryptology Encryption, authentication code, digital Encryption, authentication code, digital
signature,etc.signature,etc. Software controlsSoftware controls
Standard development tools (design, Standard development tools (design, code, test, maintain,etc)code, test, maintain,etc)
Operating systems controlsOperating systems controls Internal program controls (e.g: access Internal program controls (e.g: access
controls to data in a database)controls to data in a database) Fire wallsFire walls
![Page 25: Network security Network security. Look at the surroundings before you leap](https://reader036.vdocument.in/reader036/viewer/2022062321/56649ee65503460f94bf5ded/html5/thumbnails/25.jpg)
Methods of defence (2)Methods of defence (2)
Hardware controlsHardware controls Security devices, smart cards, …Security devices, smart cards, …
Physical controlsPhysical controls Lock, guards, backup of data and Lock, guards, backup of data and
software, thick walls, ….software, thick walls, …. Security polices and proceduresSecurity polices and procedures User educationUser education LawLaw