Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Networks Single point of failure Resillence or fault tolerance CS model.

Published byEmily Joseph Modified over 9 years ago

Similar presentations

Presentation on theme: "Security in Networks Single point of failure Resillence or fault tolerance CS model."— Presentation transcript:

1 Security in Networks Single point of failure Resillence or fault tolerance CS model

2 Computer Security Objectives Data confidentiality Assures that private or confidential information is not made available or disclosed to unauthorized individuals Privacy Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed Confidentiality Data integrity Assures that information and programs are changed only in a specified and authorized manner System integrity Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system Integrity Assures that systems work promptly and service is not denied to authorized users Availability

3 CIA Triad

4 4 Securing data

5 Possible additional concepts: Authenticity Verifying that users are who they say they are and that each input arriving at the system came from a trusted sourceVerifying that users are who they say they are and that each input arriving at the system came from a trusted sourceAccountability The security goal that generates the requirement for actions of an entity to be traced uniquely to that entityThe security goal that generates the requirement for actions of an entity to be traced uniquely to that entity

6 Security in Networks caracteristica Environment of use Shape and size Mode of communication Media Protocols Type of networks Topologies

7 Security in Networks caracteristica Environment of use Anonymity Automation Distance Opaqueness Routing diversity

8 Security in Networks caracteristica Shape and size Boundary Ownership Control

9 Security in Networks caracteristica Mode of communication Digital Analog

10 Security in Networks caracteristica Media Cable Optical fiber Wireless Microwave Infrared Satellite

11 Security in Networks caracteristica Protocols ISO OSI TCP/IP Adressing Scheme Routing Concept

12 Security in Networks caracteristica Type of network LAN MAN WAN Internetworks (Internets)

13 Security in Networks caracteristica Topologies Common bus Star or Hub Ring Tree structure Distributed system API’s

14 Security in Networks caracteristica Advanteges of computer networks Ressource sharing Distribution of the workload Increased reliability Expandability

15 Security in Networks Threats What makes a network vulnerable Anonymity Many points of attack – both targets and origins Sharing Complexity of system Unknown perimeter Unknown path

16 Security in Networks Threats Who attacks networks Challenge Fame Money and espionage Ideology Hactivism Cyberterrorism

17 Security in Networks Threats Areas Precursors Authentication Failure Programming flaws Confidentiality Integrity Avaliability

18 Security in Networks Controls Areas Security threat analysis Design and implementation Architecture Encryption Content integrity Strong authentication Acess controls Alarm and alerts Traffic flow Control review

19 Security in Networks Controls Security threat analysis Read communication Modify communication Forge communication Inhibit communication Read data Modify or destroy data at C

20 Security in Networks Controls Architecture Segmentation Redundancy Single point of failure

21 Security in Networks Controls Encryption Link encryption End to end encryption Comparison of encryption methods Virtual Private Networks (VPN) Public Key Infrastructure (PKI) and certificates SSH encryption SSL encryption IPSec Signed code Encrypted e-mail

22 Security in Networks Controls Content integrity Error correction codes Cryptographic checksum

23 Security in Networks Controls Strong Authentication One time password Challenge response systems Digital distributed authentication Kerberos

24 Security in Networks Controls Access controls ACL’s on routers Firewall

25 Security in Networks Controls Alarm and alerts Intrusion detection systems (IDS) Intrusion prevention systems (IPS) Honey pots

26 Precursors Table 7-7. Network Vulnerabilities and Controls. TargetVulnerabilityControl Precursors to attack  Port scan  Firewall  Intrusion detection system  Running as few services as possible  Services that reply with only what is necessary  Social engineering  Education, user awareness  Policies and procedures  Systems in which two people must agree to perform certain security-critical functions  Reconnaissance  Firewall  "Hardened" (self-defensive) operating system and applications  Intrusion detection system  OS and application fingerprinting  Firewall  "Hardened" (self-defensive) applications  Programs that reply with only what is necessary  Intrusion detection system

27 Authentication Authentication failures Impersonation  Strong, one-time authentication  Guessing Strong, one-time authentication Education, user awareness  Eavesdropping  Strong, one-time authentication  Encrypted authentication channel  Spoofing  Strong, one-time authentication  Session hijacking  Strong, one-time authentication  Encrypted authentication channel  Virtual private network  Man-in-the-middle attack  Strong, one-time authentication  Virtual private network  Protocol analysis

28 Programming flaws  Buffer overflow  Programming controls  Intrusion detection system  Controlled execution environment  Personal firewall  Addressing errors  Programming controls  Intrusion detection system  Controlled execution environment  Personal firewall  Two-way authentication  Parameter modification, time- of-check to time-of-use errors  Programming controls  Intrusion detection system  Controlled execution environment  Intrusion detection system  Personal firewall  Server-side include  Programming controls  Personal firewall  Controlled execution environment  Intrusion detection system

29 Programming flaws cont.  Cookie  Firewall  Intrusion detection system  Controlled execution environment  Personal firewall  Malicious active code: Java, ActiveX  Intrusion detection system  Programming controls  Signed code  Malicious code: virus, worm, Trojan horse  Intrusion detection system  Signed code  Controlled execution environment  Intrusion detection system  Malicious typed code  Signed code  Intrusion detection system  Controlled execution environment

30 Confidentiality  Protocol flaw  Programming controls  Controlled execution environment  Eavesdropping  Encryption Passive wiretap  Encryption  Misdelivery  Encryption  Exposure within the network  End-to-end encryption Traffic flow analysis Encryption Traffic padding Onion routing Cookie  Firewall  Intrusion detection system  Controlled execution environment

31 Integrity  Protocol flaw  Firewall  Controlled execution environment  Intrusion detection system  Protocol analysis  Audit  Active wiretap  Encryption  Error detection code  Audit  Impersonation  Firewall  Strong, one-time authentication  Encryption  Error detection code  Audit  Falsification of message  Firewall  Encryption  Strong authentication  Error detection code  Audit

32 Integrity cont.  Noise  Error detection code  Web site defacement  Error detection code  Intrusion detection system  Controlled execution environment  Hardened host  Honeypot  Audit  DNS attack  Firewall  Intrusion detection system  Strong authentication for DNS changes  Audit

33 Avaliability Availability  Protocol flaw  Firewall  Redundant architecture  Transmission or component failure  Architecture  Connection flooding, e.g., echo-chargen, ping of death, smurf, syn flood  Firewall  Intrusion detection system  ACL on border router  Honeypot  DNS attack Firewall Intrusion detection system ACL on border router Honeypot  Traffic redirection  Encryption  Audit  Distributed denial of service Firewall Intrusion detection system ACL on border router Honeypot

Download ppt "Security in Networks Single point of failure Resillence or fault tolerance CS model."

Similar presentations

Cryptography and Network Security Sixth Edition by William Stallings.

Cryptography and Network Security Sixth Edition by William Stallings.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
Chapter 1 This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet.

Chapter 1 This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
7.3 Network Security Controls 1Network Security / G.Steffen.

7.3 Network Security Controls 1Network Security / G.Steffen.
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.

NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Security in Networks— Their design, development, usage… Barbara Endicott-Popovsky CSSE592/491 In collaboration with: Deborah Frincke, Ph.D. Director, Center.

Security in Networks— Their design, development, usage… Barbara Endicott-Popovsky CSSE592/491 In collaboration with: Deborah Frincke, Ph.D. Director, Center.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Chapter 7 7.2 Threats in Networks Network Security / G. Steffen.

Chapter Threats in Networks Network Security / G. Steffen.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza 411109 TE computer.

C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza TE computer.
Chapter 7 Security in Networks. Figure 7-1 Simple View of Network.

Chapter 7 Security in Networks. Figure 7-1 Simple View of Network.
Week 10 - Wednesday.  What did we talk about last time?  Network basics.

Week 10 - Wednesday.  What did we talk about last time?  Network basics.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Similar presentations

Ads by Google