
2/33


3/33

SECURITY

PHILOSPHY


4/33

Computer & Network Security hassimilarities with the security innormal life.


5/33

There is no such thing as

%100 Security


6/33

Security at the gates only,

is not enough


7/33

A chain is only as strong as

its weakest link


8/33

As there is no %100 security

So give up?

A possible solution:

Use more than one chain


9/33

MULTI LAYER SECURITY


10/33


11/33

Keep in mind that When Security measures increase,

Usability decrease


12/33

False Sense of Security

A false sense of security is worsethan a true sense of insecurity.

Solution:

Never think your system is secure.


13/33

No Template Which Suits All

There is no templates which suits all.There is a different solution for

different organizations Different needs

Different assets


14/33

To win a war,

one must know the

way

Sun Tzu

The Art of War


15/33

Security is a process, not a product.Bruce Schneier


16/33

MONITOR

The system should be monitored forintrusions

And immediate action should betaken at attacks


17/33

Warn The Attacker


18/33

Network Awareness

Know your enemy (?) Know yourself,

know your assets

know what to protect

Know your systems more than theattacker


19/33

FUNDAMENTALS


20/33

INFORMATION SYSTEM

Information System and

Security

ATTACKER

VULNERABILITY

ATTACK

USERS

SECURITYMEASURES


21/33

Vulnerable Systems

The systems are vulnerable Mainly because of bad coding

Must be patched (but can not be done

rapidly as they should) False sense of security


22/33

A vulnerability timeline


23/33

The Attacker/Intruder

The attacker can be called as:

Lamer, intruder, attacker

(wrongly used as hacker also) Also secret organizations? Also companies

(serious antivirus/defence economy)


24/33

5/10/13 Ar. Gr. Enis Karaaslan 24

Hacker /Lamer /Attacker

Hacker is used as attacker/lamer, in the meaning:

The intruder, who gets in your system and intends

to use for his/her own aims.


25/33

The Attacker

The attackers strength is Dedication

Will not stop until he/she gets in

Can use the computer for days long sleepless

Knows the vulnerabilities of systems


26/33



27/33

Network Security Assets

Network Security Overall

Network Awareness

Firewall, Intrusion Detection Systems etc

More Host (Computer/Server/NW Device) Security

Physical Security

OS and Application Security

User Management Encryption


28/33

Firewall


29/33


Firewall Basics

Rule based access control betweennetworks.

Software/hardware based

Architecture Static Packet Filtering Dynamic Packet Filtering (Statefull

inspection)

Application Level Protection

Logging and alert capabilities


30/33


Encryption

Encryption is the conversion of data

into a form, called a ciphertext, that

cannot be easily understood byunauthorized people.

(Encryption x Decryption)


31/33


Encryption

Two different methods (according to key use) Conventional Two keys are the same

Asymetric (Public Key Encryption)

Key pair (public, private)


32/33


Encryption

To decyrpt an encrypted data

How much time?

How much Processing (Computing power)?

The science which deals with encryption is

Cryptology


33/33

5/10/13 Ar Gr Enis Karaaslan 33

END OF THE SESSION

Dr. Enis [email protected]
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]

Documents

Network Security Basics and Philosophy