Network Security Introduction
William Stallings Network Security Index Network Security
Definitions information security computer security network
security
Security of your information or data computer security Protect data
in local time-shared computers network security protect data during
their transmission Network Security THE OSI Security
Architecture
ITU-T2 Recommendation X.800, Security Architecture for OSI Security
attack: Any action compromises security of information owned by an
organization. Security mechanism: A mechanism that is designed to
detect, prevent, or recover from a security attack. . Security
service: A service that enhances the security of the data
processing systems and the information transfers of an
organization. they make use of one or more security mechanisms
Network Security THE OSI Security Architecture
Vulnerability Threat Attack Network Security Security Attacks
passive attacks active attacks
attempts to learn or make use of information from the system but
does not affect system resources. active attacks attempts to alter
system resources or affect their operation Network Security
Security Attacks Passive Attacks
release of message contents Listening to telephone conversation,
sniffing file transferring Traffic analysis Traffics are encrypted
, but guess content of message based on identity of peers ,
frequency of messages or lengthof messages Passive attacks are very
difficult to detect However, it is feasible to prevent the success
of these attacks, usually by means of encryption Network Security
Security Attacks Passive Attacks
Network Security Security Attacks Passive Attacks
Network Security Security Attacks Active Attacks
Masquerade one entity pretends to be a different entity to escalate
privileges Replay passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect Modification of
messages some portion of a Legitimate message is altered messages
are delayed or reordered, to produce an unauthorized effect denial
of service prevents or inhibits the normal use of a service in
specific target or communications facilities usually through
overloading Active attacks are very difficult to Prevent However,
it is feasible to Detect the success of these attacks, usually by
means of Monitoring Network Security Security Attacks Active
Attacks
Network Security Security Attacks Active Attacks
Network Security Security Attacks Active Attacks
Network Security Security Attacks Active Attacks
Network Security Security Services Authentication Access Control
Data Confidentiality
Peer entity authentication Data origin authentication Access
Control Data Confidentiality Data Integrity Non repudiation
Availability Service Network Security Security Services
Authentication
Peer entity authentication: Authenticate identity of a peer entity
at the establishment of a connection at times during the data
transfer Applicable in connection-oriented services Prevent
masquerade and unauthorized replay Data origin authentication:
Authenticate the source of a data unit Applicable in
connection-less services like does not provide protection
againstduplication or modification of data units Network Security
Security Services Access Control
control the access to host systems and applications via
communications links Access is based on Authentication Network
Security Security Services Data Confidentiality
protection of transmitted data from passive attacks Protection of
service messages protection of traffic flow from analysis Attacker
not be able to observe the source and destination, frequency,
length, or other characteristics of the traffic Network Security
Security Services Data Confidentiality
Network Security Security Services Data Integrity
connection-oriented integrity service: assures that messages are
received as sent, with no duplication, insertion, modification,
reordering, or replays addresses both message stream modification
and denial of service a connectionless integrity service: provides
protection against message modification only Network Security
Security Services Data Integrity
Network Security Security Services Nonrepudiation
prevents either sender or receiver from denying a transmitted
message. receiver can prove that alleged sender sent the message
(source Nonrepudation) sender can prove that alleged receiver
received the message (destination Nonrepudation) Network Security
Security Services Availability Service
system is available if it provides services according to the system
design whenever users request them addresses the security concerns
raised by denial-of-service attacks Network Security Attacks and
Security Services
Network Security Security Mechanism Incorporated in protocol
layer
Network Security Security Mechanism not specific to any protocol
layer
Network Security Security Mechanism and Services
Network Security Security Models Network Security Model (Part2 of
the Book)
Confidentiality, Authentication, Data Integrity,
Nonrepudation,AvavilabilityServices Network Access Security Model
(Part3 of the Book) Access Control Service Information access
threats Service threats Network Security Network Security
Model
Encrypted and signed message is transfered Network Security Network
Security Model
1. security-related algorithm (encryption, Authentication and
integrity) 2. secret information used with the algorithm 3. methods
for distribution of secret information 4. protocol to be used by
the two principals (parties) , makes use of the security algorithm
and the secret information to achieve a particular security service
Network Security Network Access Security Model
Network Security Network Access Security Model
Gatekeeper Function password-based login and Resource Access detect
and reject worms, viruses, and other similar attacks. Internal
controls monitor activity and analyze stored information in an
attempt to detect the presence of unwanted intruders Network
Security