1. introduction to network security
TRANSCRIPT
-
8/18/2019 1. Introduction to Network security
1/34
Network Security
1. Introduction
-
8/18/2019 1. Introduction to Network security
2/34
Things you need to know …
Instructor: Dr. Rehan Qureshi
Office: C!"1
#$ai%:
ri&ureshi'g$ai%.co$(ri&ureshi'ssuet.edu.)k Student Consu%tation:
Take a))oint$ent *efore $eeting( )refera*%y
+ia e$ai%RQ ,
-
8/18/2019 1. Introduction to Network security
3/34
Things you need to know …
-ooks: Cry)togra)hy and Network Security
i%%ia$ Sta%%ings
Cry)togra)hy and Network Security -ehrou/ 0. orou/an
Course o%der: htt)s:dri+e.goog%e.co$fo%der+iew2
id3"-40tti5k67y7S%h-8-&9$k4dDQu
s)3sharing
RQ ;
-
8/18/2019 1. Introduction to Network security
4/34
Things you need to know …
The %ecture s%ides )ro+ide on%y the
out%ine of the %ecture. These out%ines are
not a su*stitute for c%ass attendance andnote taking. 9ore i$)ortant%y( these
out%ines are not a su*stitute for the te4t
*ook.In order to )ass the course …
.
RQ ?
-
8/18/2019 1. Introduction to Network security
5/34
Contents
Security @oa%s
Security 0ttacks
Security Ser+ices
Security 9echanis$s
Security Techni&ues
Security 9ode%s
RQ 5
-
8/18/2019 1. Introduction to Network security
6/34
Security
The ter$ AsecurityB is used in the
sense of $ini$i/ing the +u%nera*i%ities
of assets and resources. 0n asset is anything of +a%ue.
0 +u%nera*i%ity is any weakness that
cou%d *e e4)%oited to +io%ate a syste$or the infor$ation it contains.
RQ
-
8/18/2019 1. Introduction to Network security
7/34
The infor$ation stored in )hysica% for$
re&uires )hysica% security $echanis$s
e.g. rugged fi%ing ca*inets for )a)er*ased fi%ing syste$s
ith co$)uters $anaging the $ost of
the infor$ation( too%s are re&uired for 1. Co$)uter security
,. Network or Internet security
Infor$ation security
RQ
-
8/18/2019 1. Introduction to Network security
8/34
Co$)uter security
The co%%ection of too%s designed to
)rotect data on co$)uters
RQ E
-
8/18/2019 1. Introduction to Network security
9/34
-
8/18/2019 1. Introduction to Network security
10/34
Security @oa%s
RQ 1"
-
8/18/2019 1. Introduction to Network security
11/34
Security @oa%s
Confidentia%ity Frotection of data fro$
unauthori/ed disc%osure
Integrity 0ssurance that data recei+ed is as
sent *y an authori/ed entity.
0+ai%a*i%ity The infor$ation created and stored
*y an organi/ation needs to *e
a+ai%a*%e to authori/ed entities.RQ 11
-
8/18/2019 1. Introduction to Network security
12/34
1,
Security 0ttacks or Threats
0n attack is an action that co$)ro$ises
the security GConfidentia%ity( 0+ai%a*i%ity(
IntegrityH of infor$ation. 0 threat is a danger which cou%d affect
the security of infor$ation( %eading to
)otentia% %oss or da$age. Often attack threat are used
synony$ous%y.
RQ
-
8/18/2019 1. Introduction to Network security
13/34
Security 0ttacks
RQ 1;
-
8/18/2019 1. Introduction to Network security
14/34
0ttacks Threatening
Confidentia%ity
Snooping unauthori/ed access to or
interce)tion of data.
Traffic Analysis O*tain so$einfor$ation *y $onitoring on%ine traffic.
RQ 1?
-
8/18/2019 1. Introduction to Network security
15/34
0ttacks Threatening Integrity
Modification the attacker interce)ts
the $essage and changes it.
Masquerading or spoofing ha))enswhen the attacker i$)ersonates
so$e*ody e%se.
RQ 15
-
8/18/2019 1. Introduction to Network security
16/34
0ttacks Threatening Integrity
Replaying the attacker o*tains a
co)y of a $essage sent *y a user and
%ater tries to re)%ay it. Repudiation
sender of the $essage $ight %ater deny
that she has sent the $essageJ the recei+er of the $essage $ight %ater
deny that he has recei+ed the $essage
RQ 1
-
8/18/2019 1. Introduction to Network security
17/34
0ttacks Threatening 0+ai%a*i%ity
Denial of service (DoS) It $ay s%ow
down or tota%%y interru)t the ser+ice of
a syste$.
RQ 1
-
8/18/2019 1. Introduction to Network security
18/34
Fassi+e +s. 0cti+e 0ttacks
Fassi+e attack: attackerKs goa% is 8ust to o*tain
infor$ation
the attack does not $odify data or har$
the syste$
difficu%t to detect
0cti+e attack: $ay change the data or har$ the syste$
easier to detect than to )re+entRQ 1E
-
8/18/2019 1. Introduction to Network security
19/34
Fassi+e +s. 0cti+e 0ttacks
RQ 16
-
8/18/2019 1. Introduction to Network security
20/34
OSI Security 0rchitecture
IT7!T L.E"" ASecurity 0rchitecture for
OSIB
defines a syste$atic way of definingand )ro+iding security re&uire$ents
s)ecia%%y( it defines security ser+ices
re%ated to security goa%s( and security$echanis$s to )ro+ide these security
ser+icesRQ ,"
-
8/18/2019 1. Introduction to Network security
21/34
Security Ser+ices and
9echanis$s Security Service
0 ser+ice that enhances the security of data
)rocessing syste$s infor$ation transfers.
Security Mechanism 0 $echanis$ that is designed to detect(
)re+ent or reco+er fro$ a security attack.
0 $echanis$ or co$*ination of$echanis$s are used to )ro+ide a ser+ice.
0 $echanis$ can *e used in one or $ore
ser+ices.RQ ,1
-
8/18/2019 1. Introduction to Network security
22/34
Security Ser+ices
IT7!T L.E"" has defined fi+e co$$on
ser+ices re%ated to security goa%s:
RQ ,,
-
8/18/2019 1. Introduction to Network security
23/34
Security Ser+ices
Data Confidentiality designed to
)rotect data fro$ disc%osure attack.
Data Integrity designed to )rotectdata fro$ $odification( insertion(
de%etion and re)%aying *y an ad+ersary.
Authentication This ser+ice )ro+idesthe authentication of the )arty at the
other end of the %ine
RQ ,;
-
8/18/2019 1. Introduction to Network security
24/34
Security Ser+ices
onrepudiation Ser+ice )rotects
against re)udiation *y either the
sender or the recei+er of the dataG)roof of origin and )roof of de%i+eryH.
Access Control )ro+ides )rotectionagainst unauthori/ed access to data.
RQ ,?
-
8/18/2019 1. Introduction to Network security
25/34
Security 9echanis$s
IT7!T L.E""
a%so definesso$e security
$echanis$s to
)ro+ide thesecurity ser+ices
RQ ,5
-
8/18/2019 1. Introduction to Network security
26/34
Re%ationshi) *etween Ser+ices
and 9echanis$s
RQ ,
R % ti hi *t S i 9 h i
-
8/18/2019 1. Introduction to Network security
27/34
Re%ationshi) *tw Ser+ices 9echanis$s
RQ ,
-
8/18/2019 1. Introduction to Network security
28/34
Re%ationshi) *tw Ser+ices OSI ayers
RQ ,E
-
8/18/2019 1. Introduction to Network security
29/34
Techni&ues
9echanis$s discussed so far are on%y
theoretica% reci)es to i$)%e$ent
security. The actua% i$)%e$entation of security
goa%s needs so$e techni&ues.
Two techni&ues are )re+a%ent today: Cry)togra)hy ocus of this course
Steganogra)hyRQ ,6
-
8/18/2019 1. Introduction to Network security
30/34
Cry)togra)hy
Cry)togra)hy( a word with @reek
origins( $eans Asecret writing.B
=owe+er( we use the ter$ to refer tothe science and art of transfor$ing
$essages to $ake the$ secure and
i$$une to attacks.
RQ ;"
-
8/18/2019 1. Introduction to Network security
31/34
Steganogra)hy
The word steganogra)hy( with origin in
@reek( $eans Aco+ered writing(B in
contrast with cry)togra)hy( which$eans Asecret writing.B
RQ ;1
Example: covering data under color image
-
8/18/2019 1. Introduction to Network security
32/34
9ode% for Network Security
RQ ;,
-
8/18/2019 1. Introduction to Network security
33/34
9ode% for Network 0ccess
Security
RQ ;;
-
8/18/2019 1. Introduction to Network security
34/34
Su$$ary
=a+e considered: Infor$ation security
Security attacks( ser+ices( $echanis$s Security techni&ues
9ode%s for network GaccessH security
RQ ;?