Security in Networks Single point of failure Resillence or fault tolerance CS model.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security Sixth Edition by William Stallings.
Advertisements

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Cryptography and Network Security Chapter 1
Chapter 1 This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
IS Network and Telecommunications Risks
7.3 Network Security Controls 1Network Security / G.Steffen.
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Applied Cryptography for Network Security
Security in Networks— Their design, development, usage… Barbara Endicott-Popovsky CSSE592/491 In collaboration with: Deborah Frincke, Ph.D. Director, Center.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Chapter Threats in Networks Network Security / G. Steffen.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza TE computer.
Chapter 7 Security in Networks. Figure 7-1 Simple View of Network.
Week 10 - Wednesday.  What did we talk about last time?  Network basics.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
Cryptography and Network Security
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Introduction to Computer and Network Security
Software Security Testing Vinay Srinivasan cell:
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Chap 7: Security in Networks.  Threats against networked applications, including denial of service, web site defacements, malicious mobile code, and.
Securing Wired Local Area Networks(LANs)
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Security in Computing Security in Networks. I.Threats in networks A. Vulnerabilities 1.Anonymity 2.Shared resources 3.Size (many points of attack) 4.Complexity.
Module 11: Designing Security for Network Perimeters.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
Ingredients of Security
COMPUTER COMMUNICATIONS AND NETWORKS. Networks fundamentals  Basic understanding of networks, its ontology as LAN, WAN, MAN, PAN, WLAN etc with the comprehensive.
CSCE Farkas1 CSCE 522 Network Security. Reading Pfleeger and Pfleeger: Chapter 6 CSCE Farkas2.
Security in network Outline Threats in network Network security controls Firewalls Intrusion detection system Secure Networks and Cryptography Example.
COMMUNICATION CONTROL
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
CST 312 Pablo Breuer. measures to deter, prevent, detect, and correct security violations that involve the transmission of information.
IS3220 Information Technology Infrastructure Security
CHAPTER 6 Security in Networks 1. Objectives  differentiate the security needs in the network and in single,stand alone application and environment 
COMPUTER SECURITY COMP424 1 ST LECTURE OVERVIEW AND TERMINOLOGIES Dr. Sarah Mustafa Eljack
Week 9 - Wednesday.  What did we talk about last time?  Network basics.
@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Information Management System Ali Saeed Khan 29 th April, 2016.
Network Security Overview
Comparison of Network Attacks COSC 356 Kyler Rhoades.
AGENDA:  I.The Basics  II. Threats  III. Controls  IV.Tools Source: Pfleeger & Pfleeger.
COMPUTER SECURITY CONCEPTS
Secure Software Confidentiality Integrity Data Security Authentication
Computer and Network Security
What Makes a Network Vulnerable?
Threats in Networks Jagdish S. Gangolly School of Business
Advanced Computer Networks
Introduction to Cryptography
Definition Of Computer Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Security in Networks Single point of failure Resillence or fault tolerance CS model

Computer Security Objectives Data confidentiality Assures that private or confidential information is not made available or disclosed to unauthorized individuals Privacy Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed Confidentiality Data integrity Assures that information and programs are changed only in a specified and authorized manner System integrity Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system Integrity Assures that systems work promptly and service is not denied to authorized users Availability

CIA Triad

4 Securing data

Possible additional concepts: Authenticity Verifying that users are who they say they are and that each input arriving at the system came from a trusted sourceVerifying that users are who they say they are and that each input arriving at the system came from a trusted sourceAccountability The security goal that generates the requirement for actions of an entity to be traced uniquely to that entityThe security goal that generates the requirement for actions of an entity to be traced uniquely to that entity

Security in Networks caracteristica Environment of use Shape and size Mode of communication Media Protocols Type of networks Topologies

Security in Networks caracteristica Environment of use Anonymity Automation Distance Opaqueness Routing diversity

Security in Networks caracteristica Shape and size Boundary Ownership Control

Security in Networks caracteristica Mode of communication Digital Analog

Security in Networks caracteristica Media Cable Optical fiber Wireless Microwave Infrared Satellite

Security in Networks caracteristica Protocols ISO OSI TCP/IP Adressing Scheme Routing Concept

Security in Networks caracteristica Type of network LAN MAN WAN Internetworks (Internets)

Security in Networks caracteristica Topologies Common bus Star or Hub Ring Tree structure Distributed system API’s

Security in Networks caracteristica Advanteges of computer networks Ressource sharing Distribution of the workload Increased reliability Expandability

Security in Networks Threats What makes a network vulnerable Anonymity Many points of attack – both targets and origins Sharing Complexity of system Unknown perimeter Unknown path

Security in Networks Threats Who attacks networks Challenge Fame Money and espionage Ideology Hactivism Cyberterrorism

Security in Networks Threats Areas Precursors Authentication Failure Programming flaws Confidentiality Integrity Avaliability

Security in Networks Controls Areas Security threat analysis Design and implementation Architecture Encryption Content integrity Strong authentication Acess controls Alarm and alerts Traffic flow Control review

Security in Networks Controls Security threat analysis Read communication Modify communication Forge communication Inhibit communication Read data Modify or destroy data at C

Security in Networks Controls Architecture Segmentation Redundancy Single point of failure

Security in Networks Controls Encryption Link encryption End to end encryption Comparison of encryption methods Virtual Private Networks (VPN) Public Key Infrastructure (PKI) and certificates SSH encryption SSL encryption IPSec Signed code Encrypted

Security in Networks Controls Content integrity Error correction codes Cryptographic checksum

Security in Networks Controls Strong Authentication One time password Challenge response systems Digital distributed authentication Kerberos

Security in Networks Controls Access controls ACL’s on routers Firewall

Security in Networks Controls Alarm and alerts Intrusion detection systems (IDS) Intrusion prevention systems (IPS) Honey pots

Precursors Table 7-7. Network Vulnerabilities and Controls. TargetVulnerabilityControl Precursors to attack  Port scan  Firewall  Intrusion detection system  Running as few services as possible  Services that reply with only what is necessary  Social engineering  Education, user awareness  Policies and procedures  Systems in which two people must agree to perform certain security-critical functions  Reconnaissance  Firewall  "Hardened" (self-defensive) operating system and applications  Intrusion detection system  OS and application fingerprinting  Firewall  "Hardened" (self-defensive) applications  Programs that reply with only what is necessary  Intrusion detection system

Authentication Authentication failures Impersonation  Strong, one-time authentication  Guessing Strong, one-time authentication Education, user awareness  Eavesdropping  Strong, one-time authentication  Encrypted authentication channel  Spoofing  Strong, one-time authentication  Session hijacking  Strong, one-time authentication  Encrypted authentication channel  Virtual private network  Man-in-the-middle attack  Strong, one-time authentication  Virtual private network  Protocol analysis

Programming flaws  Buffer overflow  Programming controls  Intrusion detection system  Controlled execution environment  Personal firewall  Addressing errors  Programming controls  Intrusion detection system  Controlled execution environment  Personal firewall  Two-way authentication  Parameter modification, time- of-check to time-of-use errors  Programming controls  Intrusion detection system  Controlled execution environment  Intrusion detection system  Personal firewall  Server-side include  Programming controls  Personal firewall  Controlled execution environment  Intrusion detection system

Programming flaws cont.  Cookie  Firewall  Intrusion detection system  Controlled execution environment  Personal firewall  Malicious active code: Java, ActiveX  Intrusion detection system  Programming controls  Signed code  Malicious code: virus, worm, Trojan horse  Intrusion detection system  Signed code  Controlled execution environment  Intrusion detection system  Malicious typed code  Signed code  Intrusion detection system  Controlled execution environment

Confidentiality  Protocol flaw  Programming controls  Controlled execution environment  Eavesdropping  Encryption Passive wiretap  Encryption  Misdelivery  Encryption  Exposure within the network  End-to-end encryption Traffic flow analysis Encryption Traffic padding Onion routing Cookie  Firewall  Intrusion detection system  Controlled execution environment

Integrity  Protocol flaw  Firewall  Controlled execution environment  Intrusion detection system  Protocol analysis  Audit  Active wiretap  Encryption  Error detection code  Audit  Impersonation  Firewall  Strong, one-time authentication  Encryption  Error detection code  Audit  Falsification of message  Firewall  Encryption  Strong authentication  Error detection code  Audit

Integrity cont.  Noise  Error detection code  Web site defacement  Error detection code  Intrusion detection system  Controlled execution environment  Hardened host  Honeypot  Audit  DNS attack  Firewall  Intrusion detection system  Strong authentication for DNS changes  Audit

Avaliability Availability  Protocol flaw  Firewall  Redundant architecture  Transmission or component failure  Architecture  Connection flooding, e.g., echo-chargen, ping of death, smurf, syn flood  Firewall  Intrusion detection system  ACL on border router  Honeypot  DNS attack Firewall Intrusion detection system ACL on border router Honeypot  Traffic redirection  Encryption  Audit  Distributed denial of service Firewall Intrusion detection system ACL on border router Honeypot

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.