Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network security Network security. Look at the surroundings before you leap.

Published byRoxanne Harvey Modified over 8 years ago

Similar presentations

Presentation on theme: "Network security Network security. Look at the surroundings before you leap."— Presentation transcript:

1 Network security Network security

2 Look at the surroundings before you leap

3 Lecturers PRAVIN SHETTY – 990 31945,B3.35 pravin.shetty@infotech.monash.edu.au PRAVIN SHETTY – 990 31945,B3.35 pravin.shetty@infotech.monash.edu.au pravin.shetty@infotech.monash.edu.au

4 Topics Basic principles (Access Control /Authentication/Models of threat & Practical Countermeasures). Basic principles (Access Control /Authentication/Models of threat & Practical Countermeasures). Security issues over LANS & WANS[Earlier Models & Current Solutions]. Security issues over LANS & WANS[Earlier Models & Current Solutions]. Public key encryptions/ PKI/Digital signatures/Kerberos Public key encryptions/ PKI/Digital signatures/Kerberos Unix security [Internet=TCP/IP Security—VPNs/Firewalls. Unix security [Internet=TCP/IP Security—VPNs/Firewalls. Intrusion detection systems. Intrusion detection systems. Security in E-Commerce and banking, Including WWW, EDI, EFT,ATM. Security in E-Commerce and banking, Including WWW, EDI, EFT,ATM. References: References: Computer Security—Dieter Gollman Computer Security—Dieter Gollman Network and Internetwork Security---William Stallings. Network and Internetwork Security---William Stallings. Open Systems Networking—David M Piscitello/ A Lyman Chapin. Open Systems Networking—David M Piscitello/ A Lyman Chapin.

5 Today’s lecture is Domain of network security Domain of network security Taxonomy of security attacks Taxonomy of security attacks Aims or services of security Aims or services of security Model of internetwork security Model of internetwork security Methods of defence Methods of defence

6 Security Human nature Human nature physical, financial, mental,…, data and information security physical, financial, mental,…, data and information security

7 Information Security 1. Shift from the physical security to the protection of data and to thwart hackers (by means of automated software tools) – called computer security 1. Shift from the physical security to the protection of data and to thwart hackers (by means of automated software tools) – called computer security

8 Network Security 2. With the widespread use of distributed systems and the use of networks and communications require protection of data during transmission – called network security 2. With the widespread use of distributed systems and the use of networks and communications require protection of data during transmission – called network security

9 Internetwork security The term Network Security may be misleading, because virtually all business, govt, and academic organisations interconnect their data processing equipment with a collection of interconnected networks – probably we should call it as internetwork security The term Network Security may be misleading, because virtually all business, govt, and academic organisations interconnect their data processing equipment with a collection of interconnected networks – probably we should call it as internetwork security

10 Aspects of information security Security attack – any action that compromises the security of information. Security attack – any action that compromises the security of information. Security mechanism – to detect, prevent, or recover from a security attack. Security mechanism – to detect, prevent, or recover from a security attack. Security service – service that enhances and counters security attacks. Security service – service that enhances and counters security attacks.

11 Security mechanisms No single mechanism that can provide the services mentioned in the previous slide. However one particular aspect that underlines most (if not all) of the security mechanism is the cryptographic techniques. No single mechanism that can provide the services mentioned in the previous slide. However one particular aspect that underlines most (if not all) of the security mechanism is the cryptographic techniques. Encryption or encryption-like transformation of information are the most common means of providing security. Encryption or encryption-like transformation of information are the most common means of providing security.

12 Why Internetwork Security? Internetwork security is not simple as it might first appear. Internetwork security is not simple as it might first appear. In developing a particular security measure one has to consider potential countermeasures. In developing a particular security measure one has to consider potential countermeasures. Because of the countermeasures the problem itself becomes complex. Because of the countermeasures the problem itself becomes complex. Once you have designed the security measure, it is necessary to decide where to use them. Once you have designed the security measure, it is necessary to decide where to use them. Security mechanisms usually involve more than a particular algorithm or protocol. Security mechanisms usually involve more than a particular algorithm or protocol.

13 Security Attacks - Taxonomy Interruption – attack on availability Interruption – attack on availability Interception – attack on confidentiality Interception – attack on confidentiality Modification – attack on integrity Modification – attack on integrity Fabrication – attack on authenticity Fabrication – attack on authenticity Property that is compromised

14 Interruption also known as denial of services. also known as denial of services. Information resources (hardware, software and data) are deliberately made unavailable, lost or unusable, usually through malicious destruction. Information resources (hardware, software and data) are deliberately made unavailable, lost or unusable, usually through malicious destruction. e.g: cutting a communication line, disabling a file management system, etc. e.g: cutting a communication line, disabling a file management system, etc.

15 Interception also known as un-authorised access. also known as un-authorised access. Difficult to trace as no traces of intrusion might be left. Difficult to trace as no traces of intrusion might be left. E.g: illegal eavesdropping or wiretapping or sniffing, illegal copying. E.g: illegal eavesdropping or wiretapping or sniffing, illegal copying.

16 Modification also known as tampering a resource. also known as tampering a resource. Resources can be data, programs, hardware devices, etc. Resources can be data, programs, hardware devices, etc.

17 Fabrication also known as counterfeiting. also known as counterfeiting. Allows to by pass the authenticity checks. Allows to by pass the authenticity checks. e.g: insertion of spurious messages in a network, adding a record to a file, counterfeit bank notes, fake cheques,… e.g: insertion of spurious messages in a network, adding a record to a file, counterfeit bank notes, fake cheques,…

18 Security Attacks - Taxonomy Information Source Information Destination Normal Information Source Information Destination Interruption Information Source Information Destination Interception Information Source Information Destination Modification Information Source Information Destination Fabrication

19 Attacks – Passive types Passive (interception) – eavesdropping on, monitoring of, transmissions. Passive (interception) – eavesdropping on, monitoring of, transmissions. The goal is to obtain information that is being transmitted. The goal is to obtain information that is being transmitted. Types here are: release of message contents and traffic analysis. Types here are: release of message contents and traffic analysis.

20 Attacks – Active types Involve modification of the data stream or creation of a false stream and can be subdivided into – masquerade, replay, modification of messages and denial of service. Involve modification of the data stream or creation of a false stream and can be subdivided into – masquerade, replay, modification of messages and denial of service.

21 Attacks Passive Interception (confidentiality) Release of Message contents Traffic analysis Active Modification (integrity) Fabrication (integrity) Interruption (availability)

22 Security services Confidentiality Confidentiality Authentication Authentication Integrity Integrity Non-repudiation Non-repudiation Access control Access control Availability Availability

23 Model for internetwork security Information channel Message Secret information Secret information Principal Opponent Trusted Third party Gate Keeper

24 Methods of defence (1) Modern cryptology Modern cryptology Encryption, authentication code, digital signature,etc. Encryption, authentication code, digital signature,etc. Software controls Software controls Standard development tools (design, code, test, maintain,etc) Standard development tools (design, code, test, maintain,etc) Operating systems controls Operating systems controls Internal program controls (e.g: access controls to data in a database) Internal program controls (e.g: access controls to data in a database) Fire walls Fire walls

25 Methods of defence (2) Hardware controls Hardware controls Security devices, smart cards, … Security devices, smart cards, … Physical controls Physical controls Lock, guards, backup of data and software, thick walls, …. Lock, guards, backup of data and software, thick walls, …. Security polices and procedures Security polices and procedures User education User education Law Law

Download ppt "Network security Network security. Look at the surroundings before you leap."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.

Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
Chapter 1 – Introduction

Chapter 1 – Introduction
4/16/2017 Network Security Mehrdad Nourani.

4/16/2017 Network Security Mehrdad Nourani.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
CPE 5002 Network security. Look at the surroundings before you leap.

CPE 5002 Network security. Look at the surroundings before you leap.
CSE2500 System Security and Privacy. CSE2500 System Security and Privacy  Nandita&Srini 2 Lecturers Prof B Srinivasan Phone: 990 31333 Room No: C4.47.

CSE2500 System Security and Privacy. CSE2500 System Security and Privacy  Nandita&Srini 2 Lecturers Prof B Srinivasan Phone: Room No: C4.47.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)

“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Similar presentations

Ads by Google