Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Security Concepts Introduction. 2 Main Themes of the Course Vulnerabilities of networked applications –Worms, denial of service attacks, malicious code.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Security Concepts Introduction. 2 Main Themes of the Course Vulnerabilities of networked applications –Worms, denial of service attacks, malicious code."— Presentation transcript:

1 1 Security Concepts Introduction

2 2 Main Themes of the Course Vulnerabilities of networked applications –Worms, denial of service attacks, malicious code arriving from the network, attacks on infrastructure Defense technologies –Protection of information in transit: cryptography, application- and transport-layer security protocols –Protection of networked applications: firewalls and intrusion detection Study a few deployed systems in detail: from design principles to gory implementation details –Kerberos, SSL/TLS, IPSec Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

3 3 What This Semester Does Not Cover No ethical, legal or economic issues – No file sharing, DMCA, free speech issues Only cursory overview of cryptography Only some issues in systems security –No detail of access control, OS security, secure hardware No language-based security Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

4 4 Set Text William Stalling’s Network Security Essentials: Applications and Standards Published by Pearson ISBN-10: 0132303787 ISBN-13: 978-0132303781 We will follow this text. Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

5 5 This Session - Overview Security Goals The need for security OSI Security Architecture Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork Security Internet standards and RFCs Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

6 6 Security Goals Integrity Confidentiality Avalaibility Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

7 7 Security Goals Confidentiality –Concealment of information or resources Integrity –Trustworthiness of data or resources Availability –Ability to use information or resources Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

8 8 Confidentiality Need for keeping information secret arises from use of computers in sensitive fields such as government and industry Access mechanisms, such as cryptography, support confidentiality –Example: encrypting income tax return Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

9 9 Integrity Often requires preventing unauthorized changes Includes data integrity (content) and origin integrity ( source of data also called authentication) Include prevention mechanisms and detection mechanisms –Example: Newspaper prints info leaked from White House and gives wrong source Includes both correctness and trustworthiness Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

10 10 Availability Is an aspect of reliability and system design Attempts to block availability, called denial of service attacks are difficult to detect –Example: bank with two servers –one is blocked, the other provides false information Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

11 11 The Need for Security Computer Security - the collection of tools designed –to protect data and –to thwart hackers Network security or internet security- security measures needed to protect data during their transmission Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

12 12 Security Motivation: Why do we need security? Increased reliance on Information technology with or with out the use of networks The use of IT has changed our lives drastically. We depend on E-mail, Internet banking, and several other governmental activities that use IT Increased use of E-Commerce and the World wide web on the Internet as a vast repository of various kinds of information (immigration databases, flight tickets, stock markets etc.) Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

13 13 Security Concerns Damage to any IT-based system or activity can result in severe disruption of services and losses Systems connected by networks are more prone to attacks and also suffer more as a result of the attacks than stand-alone systems (Reasons?) Concerns such as the following are common –How do I know the party I am talking on the network is really the one I want to talk? –How can I be assured that no one else is listening and learning the data that I send over a network –Can I ever stay relaxed that no hacker can enter my network and play havoc? Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

14 14 Concerns continued… Is the web site I am downloading information from a legitimate one, or a fake? How do I ensure that the person I just did a financial transaction denies having done it tomorrow or at a later time? I want to buy some thing online, but I don’t want to let them charge my credit card before they deliver the product to me Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

15 15 That is why…..we need security To safeguard the confidentiality, integrity, authenticity and availability of data transmitted over insecure networks Internet is not the only insecure network in this world Many internal networks in organizations are prone to insider attacks In fact, insider attacks are greater both in terms of likelihood of happening and damage caused Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

16 16 However, in reality Security is often over looked (not one of the top criteria) Availability, efficiency and performance tend to be the ones Buggy implementations Systems too complex in nature and rich in features can be filled with security holes Incorporation of security into networks, not growing with the rapidly growing number and size of networks Attacking is becoming so common and easy – there are books clearly explaining how to launch them Security and attacks are a perpetual cat-and-mouse play. The only way to avoid attacks is to keep up-to-date with latest trends and stay ahead of malicious netizens Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

17 17 OSI Security Architecture ITU-T Recommendation X.800 Security Architecture for OSI International Telecommunications Union (ITU) is a United Nations sponsored agency that develops standards relating to telecommunications and to Open system Interconnection (OSI) Extended by ISO 18028- part 2 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

18 18 Attacks, Services and Mechanisms Security Attack: Any action that compromises the security of information. Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

19 19 Security Attacks Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

20 20 Security Attacks Interruption: This is an attack on availability –Disrupting traffic –Physically breaking communication line Interception: This is an attack on confidentiality –Overhearing, eavesdropping over a communication line Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

21 21 Security Attacks (continued) Modification: This is an attack on integrity –Corrupting transmitted data or tampering with it before it reaches its destination Fabrication: This is an attack on authenticity –Faking data as if it were created by a legitimate and authentic party Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

22 22 Threats and Attacks Threat - a potential for violation of security or a possible danger that might exploit a vulnerability Attack - an assault on system security- an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system. Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

23 23 Passive and active attacks Passive attacks –No modification of content or fabrication –Eavesdropping to learn contents or other information (transfer patterns, traffic flows etc.) Active attacks –Modification of content and/or participation in communication to Impersonate legitimate parties Modify the content in transit Launch denial of service attacks Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

24 24 Fundamental threats Information leakage –Disclosure to unauthorized parties Prince Charles mobile phone calls, 2006 ( and 1993) Sarah Palin’s email hack (Sept. 2008) Integrity violation –Corruption of data or loss of data Top Iraqi cleric’s web site defaced (Sept 2008) Denial of service –Unavailability of system/service/network Xbox (Jan 2008) Illegitimate use –Sasser worm 2004 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

25 25 Services and Mechanisms A security policy is a statement of what is and what is not allowed. A security service is a measure to address a threat –E.g. authenticate individuals to prevent unauthorized access A security mechanism is a means to provide a service –E.g. encryption, cryptographic protocols Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

26 26 Security Services A security service is a service provided by the protocol layer of a communicating system (X.800) 5 Categories –Authentication –Access Control –Data confidentiality –Data Integrity –Nonrepudiation (and Availability) Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

27 27 Security Services Authentication (who created or sent the data) Access control (prevent misuse of resources) Confidentiality (privacy) Integrity (has not been altered) Non-repudiation (the order is final) Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

28 28 Security Mechanisms Examples Two types –Specific mechanisms existing to provide certain security services E.g. encryption used for authentication –Pervasive mechanisms which are general mechanisms incorporated into the system and not specific to a service E.g. security audit trail Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

29 29 OSI Network Stack and Attacks (V. Shmatikov) application presentation session transport network data link physical IP TCP email,Web,NFS RPC 802.11 Sendmail, FTP, NFS bugs SYN flooding, RIP attacks, sequence number prediction IP smurfing and other address spoofing attacks RPC worms, portmapper exploits WEP attacks Only as secure as the single weakest layer… Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

30 30 Model for Network Security Basic tasks –Design an algorithm that opponent cannot defeat –Generate the secret information to be used with the algorithm –Develop methods for distributing secret information –Specify a protocol to be used May need a trusted third part to assist Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

31 31 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

32 32 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

33 33 Methods of Defense Encryption Software Controls –(access limitations in a data base, in operating system protect each user from other users) Hardware Controls –(smartcard) Policies –(frequent changes of passwords) Physical Controls Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

34 34 Internet standards and RFCs The Internet society (ISOC) Internet Architecture Board (IAB) Internet Engineering Task Force (IETF) Internet Engineering Steering Group (IESG) International Standards Organisation (ISO) Numerous security related standards especially 17799, 18028, 27001 National Institute of Standards and Technology (NIST) Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Download ppt "1 Security Concepts Introduction. 2 Main Themes of the Course Vulnerabilities of networked applications –Worms, denial of service attacks, malicious code."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
1 Network Security Ola Flygt Växjö University +46 470 70 86 49.

1 Network Security Ola Flygt Växjö University
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction

Chapter 1 – Introduction
Computer and Information Security

Computer and Information Security
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Blekinge Institute of Technology, Sweden

Blekinge Institute of Technology, Sweden
1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.

1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Introduction CS-480b Dick Steflik. X.800 – OSI Security Services Security Service – a service provided by a protocol layer of communicating open systems,

Introduction CS-480b Dick Steflik. X.800 – OSI Security Services Security Service – a service provided by a protocol layer of communicating open systems,
Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.

Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Bazara Barry1 Security on Networks and Information Systems Bazara I. A. Barry Department of Computer Science – University of Khartoum www.itrc.sd/staff/bazara.html.

Bazara Barry1 Security on Networks and Information Systems Bazara I. A. Barry Department of Computer Science – University of Khartoum
“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)

“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.

Similar presentations

Ads by Google