1. Introduction to network security
L. Tahani Al jehani

2. COMPUTER SECURITY CONCEPTS
Information security :
Before the widespread use of data processing equipment, the security of information felt to be valuable to an organization was provide primarily by physical and administrative means.
An example of the former is the use of rugged filing cabinets with a combination lock for storing sensitive documents.

3. computer security (cyber security)
With the introduction of the computer, the need for automated tools for protecting files and other information stored on the computer became evident.
Especially the case for a shared system, such as a time- sharing system, and for systems that can be accessed over a public telephone network, data network, or the Internet. (server)
The generic name for the collection of tools designed to protect data is computer security.

4. Computer security
"Security is the ability of a system to protect information and system resources with respect to confidentiality , availability, and integrity." Note that the definition includes system resources, which include CPUs, disks, and programs, in addition to information.

5. Challenges of computer and network security
Security is not simple as it might first appear to the novice: we need to consider potential attacks . Security mechanisms typically involve more than a paticular algorithm.
Having designed various security mechanisms, it is necessary to decide where to use them (physical and logical sense). What points in a network are certain secured mechanisms needed? What layer or layers of our architecture should mechanisms be placed?

6. Key Security Concepts
Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym "CIA“
Confidentiality -- Ensuring that information is not accessed by unauthorized persons
Integrity -- Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users
Authentication -- Ensuring that users are the persons they claim to be

7. CIA
A strong security protocol addresses all three of these areas. Take, for example, Netscape's SSL (Secure Sockets Layer) protocol. It has enabled an explosion in ecommerce which is really about trust (or more precisely, about the lack of trust). SSL overcomes the lack of trust between transacting parties by ensuring confidentiality through encryption, integrity through checksums, and authentication via server certificates

8. CIA
Computer security is not restricted to these three broad concepts. Additional ideas that are often considered part of the taxonomy of computer security include:
Access control -- Ensuring that users access only those resources and services that they are entitled to access.
Nonrepudiation -- Ensuring that the originators of messages cannot deny that they in fact sent the messages
Availability -- Ensuring that a system is operational and functional at a given moment, usually provided through redundancy; loss of availability is often referred to as "denial-of-service"
Privacy -- Ensuring that individuals maintain the right to control what information is collected about them, how it is used, who has used it, who maintains it, and what purpose it is used for

9. Network security
The second major change that affected security is the introduction of distributed systems (telecommunication , internet , wireless sensors network ) and the use of networks and communications facilities for carrying data between terminal user and computer and between computer and computer.
Network security measures are needed to protect data during their transmission
Protecting network and telecommunications equipment, protecting network servers and transmissions, combatting eavesdropping, controlling access from untrusted networks, firewalls, and detecting intrusions

10. Scenario of massage interception in network
User A transmits a file to user B. The file contains sensitive information that is to be protected from disclosure. User C, who is not authorized to read the file, is able to monitor the transmission and capture a copy of the file during its transmission.

11. Security Trends
In 1994, the Internet Architecture Board (IAB) issued a report entitled "Security in the Internet Architecture“
The report stated that the Internet needs more and better security.
the need to secure the network infrastructure from unauthorized monitoring and control of network traffic and the need to secure end-user-to-end-user traffic using authentication and encryption .

12. OSI
The OSI model is a layered model that describes how information moves from an application running on one networked computer to an application running on another networked computer

13. Security Architecture for OSI
Security Architecture for OSI defines systematic way to :
Defining the requirements for security
Characterizing the approaches to satisfying those requirements

14. Examples of Security Requirements
confidentiality – student grades
integrity – patient information
availability – authentication service
We now provide some examples of applications that illustrate the requirements just enumerated.
• Confidentiality - Student grade information is an asset whose confidentiality is considered to be highly important by students. Grade information should only be available to students, their parents, and employees that require the information to do their job. Student enrollment information may have a moderate confidentiality rating. While still coveredby FERPA, this information is seen by more people on a daily basis, is less likely to be targeted than grade information, and results in less damage if disclosed. Directory information, such as lists of students or faculty or departmental lists, may be assigned a low confidentiality rating or indeed no rating. This information is typically freely available to the public and published on a school's Web site.
• Integrity – Consider a hospital patient's allergy information stored in a database. The doctor should be able to trust that the information is correct and current. Now suppose that an employee (e.g., a nurse) who is authorized to view and update this information deliberately falsifies the data to cause harm to the hospital. The database needs to be restored to a trusted basis quickly, and it should be possible to trace the error back to the person responsible. Patient allergy information is an example of an asset with a high requirement for integrity. Inaccurate information could result in serious harm or death to a patient and expose the hospital to massive liability.
• Availability - The more critical a component or service, the higher is the level of availability required. Consider a system that provides authentication services for critical systems, applications, and devices. An interruption of service results in the inability for customers to access computing resources and staff to access the resources they need to perform critical tasks. The loss of the service translates into a large financial loss in lost employee productivity and potential customer loss.

15. Security Architecture for OSI
The OSI security architecture focuses on security attacks, mechanisms, and services.
• Security attack: Any actions that compromises the
security of information owned by an organization (or a
person)
• Security mechanism: a mechanism that is designed to
detect, prevent, or recover from a security attack
• Security service: a service that enhances the security of
the data processing systems and the information transfers
of an organization. The services make use of one or more
security mechanisms to provide the service

16. Security attacks Passive attack: aims to learn or make use of
information from the system but does not affect system resources.
Like eavesdropping on, or monitoring of, transmissions. The goal is to obtain information that is being transmitted
Active attack: attempts to alter system resources
or affect their operation

17. Passive Attacks Passive Attacks : the release of message contents
A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions.
Traffic analysis also encrypted data can be read

18. the release of message contents

19. Traffic analysis

20. Passive attacks
Passive attacks are very difficult to detect, because they do not involve an alteration of the data. Typically, the message traffic is sent and received in an apparently normal fashion, and neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern.

21. Active Attacks
Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:
Masquerade.
Replay.
modification of messages.
denial of service.

22. Masquerade
A masquerade attack usually includes one of the other forms of active attack.
For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges.

23. Masquerade

24. Replay
Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect

25. Modification of messages
Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect
For example, a message meaning “Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”

26. denial of service
prevents or inhibits the normal use or management of communications facilities
the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance.

27. denial of service

28. SECURITY SERVICES
Network security can provide one of the five services as shown in Figure. Four of these services are related to the message exchanged using the network: message confidentiality, integrity, authentication, and nonrepudiation.
The fifth service provides entity authentication or identification.

29. SECURITY SERVICES

30. Message Confidentiality
Message confidentiality or privacy means that the sender and the receiver expect confidentiality. The transmitted message must make sense to only the intended receiver. To all others, the message must be garbage. When a customer communicates with her bank, she expects that the communication is totally confidential.

31. Message Integrity
Message integrity means that the data must arrive at the receiver exactly as they were sent. There must be no changes during the transmission, neither accidentally nor maliciously.
For example, it would be disastrous if a request for transferring $100 changed to a request for $10,000 or $100,000.
The integrity of the message must be preserved in a secure communication.

32. Message Authentication
Message authentication is a service beyond message integrity. In message authentication the receiver needs to be sure of the sender'sidentity and that an imposter has not sent the message.

33. Message Nonrepudiation
Message nonrepudiation means that a sender must not be able to deny sending a message that he or she, in fact, did send. The burden of proof falls on the receiver. For example, when a customer sends a message to transfer money from one account to another, the bank must have proof that the customer actually requested this transaction.

34. Entity Authentication
In entity authentication (or user identification) the entity or user is verified prior to access to the system resources(files(
For example, a student who needs to access her university resources needs to be authenticated during the logging process. This is to protect the interests of the university and the student.

35. Problem
Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access.
Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement.

36. Solution Confidentiality requirements: Integrity requirements:
the communication channel between the ATM and the bank must be encrypted
the PIN must be encrypted (wherever it is stored)
Integrity requirements:
the actions performed via the ATM must be associated to the account associated with the card
Availability requirements:
the system must be able to serve at least X concurrent users at any given time
the system must be available 99.9% of the time

37. Assignment#1 Choose one of internet protocol (TCP/IP , UDP ,..)
Then give an example of integrity , availability and confidentiality