saad haj bakry, phd, ceng, fiee 1 understanding network security: the iso principles saad haj bakry,...

Saad Haj Bakry, PhD, CEng, FIEE

1

Understanding Network Security:the ISO Principles

Saad Haj Bakry, PhD, CEng, FIEE

PRESENTATIONS IN NETWORK SECURITYPRESENTATIONS IN NETWORK SECURITY

Saad Haj Bakry, PhD, CEng, FIEE 2

Information & Data. Networks. Security. Security Policy Issues.

Objectives / Contents

Understanding Network Security: the ISO Principles


Information / Data (1)ISO Information Processing Vocabulary

Term DefinitionData The representation of facts, concepts

and instructions in a formalized manner suitable for communication, interpretation, or processing.

Information The meaning that is currently assigned to data by means of conventions applied to that data.



ISO Information Processing Vocabulary

Term DefinitionData Quality The correctness, timeliness,

accuracy, completeness, relevance, and accessibility that make data appropriate for use.

Information / Data (2)




Term DefinitionData Integrity The data quality that exists as

long as accidental or malicious destruction, alteration, or loss of data does not occur

Data Corruption /

Contamination

The violation of data integrity.

Information / Data (3)



Networks (1)ISO Information Processing Vocabulary

Term DefinitionFunctional

UnitThe entity of hardware, or software, or both capable of accomplishing a specific purpose.

Data Source The functional unit that originates data for transmission.

Data Source The functional unit that accepts transmitted data.




Term DefinitionDTE:

Data Terminal Equipment

The part of a data station that serves as a data source, data sink, or both .

DCE:Data Circuit Terminating

(Communication) Equipment

In a data station, the equipment that provides the signal conversion

and coding between the DTE and

the (communication) line.



Networks (3)


Term DefinitionNode In a data network, a point where one

or more functional units interconnects channels or data circuits.

Data Network

An arrangement of data circuits and switching facilities for establishing connections between DTEs



Network (4): Structure

HH

Host / DTE

Nodes

Users

NN

NN NN

NN

COMMUNICATIONS

SUBNETWORK:HH

HH HH

HH

HH

UUUU

UU

UU

UU

UU

UU

ACCESS / SERVICES SUBNETWORK

DTE

DCE

DTE DCE

Nodes

Data Network




Term DefinitionData

TransmissionThe conveying of data from one place for reception elsewhere by telecommunication means.

Data Transmission

Channel

A means of one way transmission




Term DefinitionData

CommunicationsTransfer of information between functional units by means of data transmission according to a protocol.

Protocol A set of semantic and syntactic rules that determines the behaviour of functional units in achieving communications



Networks (7): ISO-OSI Protocols

APPLICATIONAPPLICATION

PRESENTATIONPRESENTATION

SESSIONSESSION

TRANSPORT`TRANSPORT`

NETWORKNETWORK

DATA LINKDATA LINK

PHYSICALPHYSICAL

APPLICATIONAPPLICATION

PRESENTATIONPRESENTATION

SESSIONSESSION

TRANSPORT`TRANSPORT`

NETWORKNETWORK

DATA LINKDATA LINK

PHYSICALPHYSICAL

COMMUNICATION MEDIUM


PHYSICALPHYSICAL

DATA LINKDATA LINK

NETWORKNETWORK

COMMUNICATION SUBNETWORKCOMMUNICATION SUBNETWORK



PEER LEVELS



Networks (8)Internet Vocabulary

Term DefinitionInternet A global network of computer networks

based on TCP/IP protocols. It has the World Wide Web as its foundation

Intranet A private (company) network based on Internet technologies, featuring the same client-server architecture.

Extranet An Intranet extended to users outside the company (partners, providers, customers)



Network (9)

The Internet Level Potential World Wide Business Activities

The Internet Level Potential World Wide Business Activities

The Extranet Level Partners / Suppliers / Customers “Business Activities”

The Extranet Level Partners / Suppliers / Customers “Business Activities”

The Intranet Level Intra-organization ActivitiesThe Intranet Level

Intra-organization Activities

SecuritySecurity



Network (10): Internet ProtocolsApplication User Interface: E-mail / http / ftp /…

TCP / UDP Transmission Control Protocol

User Datagram Protocol

ICMP Internet Control Message Protocol

Address Resolution Protocol

Internet Protocol: Addressing / Routing / Congestion Control

IP

ARP

Data Link Point-to-Point Control: LAN / WAN

Physical Communication Interface: T-R / Links



Security (1)ISO Information Processing Vocabulary

Term DefinitionSecurity The condition of being secure

or the condition of being protected from or exposed danger.

Privacy The state or quality of being private.




Computer System SecurityThe technological and the administrative safeguards established and applied to data processing to protect hardware, software, and data from accidental or malicious destruction or disclosure.

Security (2)



Security (3): Analysis of Definition

Issue DescriptionObject

(to be protected)

Hardware / Software / Data

Challenges (source)

Accidental / Malicious

Effect (protection from)

Destruction / Disclosure

Means (of

protection)

Technological / Administrative




Privacy ProtectionThe implementation of appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of data records, and to protect both security and confidentiality against any threat or hazard that could result in substantial harm, embarrassment, inconvenience or unfairness to any individual about whom such information is maintained.



Issue DescriptionObject (to be

protected)

Information / Data: Records (associated with individuals, or organizations: privacy)

Challenge (to object)

Security / Privacy

Effect (protection

from)

Threat & hazard that could result in harm, embarrassment, inconvenience,

or unfairness

Means (of protection)

Physical / Administrative / Technical

Security (5): Analysis of DefinitionUnderstanding Network Security: the ISO Principles



Term DefinitionCryptography A discipline involving

principles, means, and methods for changing data so that it is not readable.

Cryptanalysis An attack on one of the principles, means, or methods (to recover readability)




Term DefinitionEncryption / Enciphering

The process of changing data (plain text) so that it becomes unreadable (cipher text).

Decryption / Deciphering

The process of transforming cipher text back into plain text.



Policy (1): Security Levels

ISO Security Perimeters / LevelsAround the Network

Perimeter of trust: Trusted users (no hackers) Trusted system (reliability / testing)

Around the Process

Passport rules Vaccination for processes

programs & applications

Layered Perimeters

On each layer (ISO layered protocols): Peer entity (same level) services



Policy (2): Information Security Goals

ISO-OSI Special Interest Group on Security

Information Security GoalsProtection of data against: undetected loss and repetition unauthorized modification unauthorized disclosure

Data is Sequenced

Sealed

Private

Ensuring correct identity of sender & receiver

Signed by Sender Stamped by Receiver



Intranet-Extranet-Internet Flow / Flooding

Security of Information FlowProtection from undesired data

streams entering the Intranet (Private / National Networks)

Firewalls

Protection of private data streams from leaking out of the Intranet

Protection from denial of service :

Flooding “undesired generation of data”.

Anti-Virus

Policy (3): Goals Information Flow



Challenges on: HW / SW / Information

Security / Privacy

ISO Network Security Scope Technology (Systems) Administration / Management (Organization) People (Users / Hackers) Accidental / Malicious.

Policy Recommendations: ISO / Internet

Remarks / Understanding



References M.D. Abrams and A.B. Jeng, “Network security protocol reference

model, and the trusted system evaluation criteria”, IEEE Network Magazine, Vol.1, No.2, pp 34-39, April 1987.

D.K. Branstad, “Considerations for security in the OSI architecture”, IEEE Network Magazine, Vol.1, No.2, pp 34-39, April 1987.

S.H. Bakry, “Security issues in computer networks”, Middle East Communications, Vol. 5, No. 12, pp. 13-16, December 1990.

D.Minoli, Telecommunications Technology Handbook, Artech House(US), 1991.

ISO Dictionary of Computer Science: The Standardized Vocabulary (23882), ISO, 1997.

F. Botto, Dictionary of e-Business, Wiley (UK), 2000. H.M. Deitel, P.J. Deitel, K. Steinbuhler, e-Business and e-Commerce

for Managers, Prentice-Hall (USA), 2001


saad haj bakry, phd, ceng, fiee 1 understanding network security: the iso principles saad haj bakry,...

Documents