Computer Engineering II Computer and Network Security Rabie A. Ramadan

Slides:



Advertisements
Similar presentations
Network Security Chapter 1 - Introduction.
Advertisements

Chapter 1  Introduction 1 Chapter 1: Introduction.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Security Controls – What Works
Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
Computer and Information Security
Computer and Information Security Jen-Chang Liu, 2004
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
SEC835 Database and Web application security Information Security Architecture.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security Chapter 1
Introduction (Based on Lecture slides by J. H. Wang)
Cryptography and Network Security
Information Security Principles (ESGD4222)
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Network Security Essentials Chapter 1
Network Security Essentials Chapter 1 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)
Information Security Dr. Rabie A. Ramadan GUC, Cairo Room C Lecture 1.
@Yuan Xue CS 285 Network Security Fall 2008.
Chapter 1 Overview. The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
ACM 511 Introduction to Computer Networks. Computer Networks.
Computer and Network Security Rabie A. Ramadan. Organization of the Course (Cont.) 2 Textbooks William Stallings, “Cryptography and Network Security,”
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Introduction to Information Security
Introduction to Security CS432 – Security in Computing Copyright © 2005, 2009 by Scott Orr and the Trustees of Indiana University.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
@Yuan Xue CS 285 Network Security Fall 2013 Yuan Xue.
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
Prof. Wenguo Wang Network Information Security Prof. Wenguo Wang Tel College of Computer Science QUFU NORMAL UNIVERSITY.
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
Cryptography and Network Security
CS457 Introduction to Information Security Systems
Issues and Protections
Data & Network Security
Cryptography and Network Security
USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY
Secure Software Confidentiality Integrity Data Security Authentication
CS 450/650 Fundamentals of Integrated Computer Security
Data & Network Security
NET 311 Information Security
Computer and Network Security
Cryptography and Network Security Chapter 1
Qishi Wu University of Memphis
Lecture 1: Foundation of Network Security
Introduction to the course
Cryptography and Network Security
Cryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1
Cryptography and Network Security
Introduction to Course
Cryptography and Network Security Chapter 1
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Computer Engineering II Computer and Network Security Rabie A. Ramadan

2 Welcome Back

Organization of the Course 3 Two lectures weekly Evaluation is based on: Midterm and Final Exams In class quizzes Assignments, Tutorials Project

Organization of the Course (Cont.) 4 Textbooks William Stallings, “Cryptography and Network Security,” Fourth Edition Behrouz A. Forouzan, “Cryptography and Network Security,” 2008 Edition Charles P. Pfleeger and Shari L. Pfleeger, “Security in Computing,” third addition

Course Contents 5 Introduction to Cryptography Authentication Functions Symmetric Key-Exchange Protocols Asymmetric Key-Distribution and Cryptography Network Layer Security Transport Layer Security Introduction to wireless network security

Exams 6 Do not worry about the exam as long as : You are attending Done with your project Done with your presentation Assignments are delivered

Why should I attend ? 7 We will have group activities in class. Some materials will be taught from outside our textbook(s). Some materials will be skipped or left for you to read

Projects 8 There will be a term project Only 4 persons per project You can select your own project after my approval Suggested Projects

TA ?????

Things need to be with you in class 10 For the group activities

Table of Contents 11 Introduction Security Goals Attacks Services and Mechanisms Security mechanisms Techniques

Introduction 12 The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. —The Art of War, Sun Tzu

The Role of Security 13 Security is like adding brakes to cars. The purpose of brakes is not to stop you; it is to enable you to go faster. Brakes help avoid accidents caused by mechanical failures in other cars, rude drivers, and road hazards. Better security is an enabler for greater freedom and confidence in the Cyber world.

Why Security? 14 Play

What is the Internet? 15 Three layers All have vulnerabilities

16 The Transit Layer

17

The Application Layer 18 Source: Olaf Kolkman, Internet Architecture Board

Spectrum of Risk 1.Messaging 2. Storing Information 3. Transactional systems 4. Technology Integration 5. Fully Integrated information based Business Degree of Data Digitization Business has been aggregating data and risk at an unprecedented rate…

We have developed the myth that technology can be an effective fortress – we can have security 20 Traditional focus on: Better Firewalls Boundary Intrusion Detection Critical Offsite Capacity Compliance Certification False myths: IT staff = security staff Compliance failure is the main source of risk Being compliant = being safe

But this concept of security is false – the Internet is fundamentally open 21 Facts: We don’t know what’s on our own nets What’s on our nets is bad, and existing practices aren’t finding everything Threat is in the “interior” Threat is faster than the response “Boundaries” are irrelevant We don’t know what is on our partner’s nets nor on the points of intersection Compromises occur despite defenses Depending on the motivation behind any particular threat, it can be a nuisance, costly or mission threatening Global Internet The critical capability it do develop real time response and resiliency

22

Why is computer and network security important? 23 To protect company assets The assets are comprised of the "information" that is housed on a company's computers and networks. Information is a vital organizational asset. To gain a competitive advantage Security can mean the difference between wide acceptance of a service and customer response.

Why is computer and network security important? 24 To comply with regulatory requirements Ensuring the continuing operation of the organization. Many organizations are subject to governmental regulation, which often stipulates requirements for the safety and security of an organization. To keep your job Security should be part of every network or systems administrator's job. Failure to perform adequately can result in termination.

Historical Aspects of Security 25 In old days, to be secure, Information maintained physically on a secure place Few authorized persons have access to it (confidentiality) Protected from unauthorized change (integrity) Available to authorized entity when is needed (availability) Nowadays, Information are stored on computers Confidentiality are achieved  few authorized persons can access the files. Integrity is achieved  few are allowed to make change Availability is achieved  at least one person has access to the files all the time

Current aspects of security 26 Achieving Confidentiality, Integrity, availability is a challenge: Distributed information Could be captured while it is transmitted Could be altered Could be blocked

Security Trinity Basis for Computer and Network Security 27 Prevention, Detection, and Response,

What is a Computer Security? 28 Different answers It is the password that I use to enter the system or required set of rules (lock the computer before you leave) – End User It is the proper combination of firewall technologies with encryption systems and access controls – Administrator Keeping the bad guys out of my computer– Manager 28

What is a computer security? 29 A computer is secure if you can depend on it and its software to behave as you expect– Simson and Gene in “Practical Unix and Internet Security “ book Which definition is correct ? All of them. However, We need to keep all of these prospectives in mind

CIA Triad 30 Security Goals Confidentiality, Integrity, and Availability

31 CIA Triad Security