SlideShare a Scribd company logo

Lecture1 Introduction

R
rajakhurram

Network Security Course (ET1318, ET2437) at Blekinge Institute of Technology, Karlskrona, Sweden

EducationTechnology
1 of 39
Network Security Raja M. Khurram Shahzad
Course Overview • ~16 lectures = 2x45 minutes • Two laborations in Karlskrona (telekom-labbet)  One simple firewall laboration (iptables)  One VPN-laboration • Assignment/s • Course homepage It’s Learning (http://www.bth.se/lms/) • Roll call  Done online through the submission of the assignment, more information on this later on • Course literature  Stallings, W. Network Security Essentials. Applications and Standards. 4/E, Prentice Hall. 2
Security • Security is not a new concept • Quotes from “The Art of War”: • “The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.” • “Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win.” - The Art of War, Sun Tzu (late-sixth century BC) 3
History • ENIGMA:  The most sophisticated encoding machine of its time.  Used during World War II by the Germans.  Intercepting and decoding German transmissions would prove to be a turning point in the war 4
History cont. • U – 2:  US, spy plane  High altitude reconnaissance flights over the Soviet Union.  U-2 was brought down by the Soviet Union.  This incident set in motion a pattern of mistrust that culminated in the Cuban Missile Crisis. No one can predict if the Cold War might have ended sooner had the U-2 incident not occurred! 5
What is SECURITY ??? 1. Measures taken to guard against espionage or sabotage, crime or attack 2. The protection of data against unauthorized access • ” The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts” Computer Recreations: Of Worms, Viruses and Core War" by A. K. Dewdney in Scientific American • The Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3 defines security as "a form of protection where a separation is created between the assets and the threat". • In simple words : Security is the degree of protection against danger, damage, loss, and criminal activity. 6
Security Violations User A transmits a file F having sensitive information to user B. File F is SENSITIVE F A -------> B C CAPTURES F • Unauthorized User C capture copy during transmission F contains data about authorizations A sends message m to B: ”Update file F with names in message m” A(m) m B(F) C INTERCEPTS m and adds name of C A(m) m C(m) m B(F) 7
Computer & Network Security • Computer Security:  generic name for the collection of tools designed to protect data. • Network Security:  protect data during their transmission • There are no clear boundaries between these two forms of security. 8
Computer Security • NIST Computer Security Handbook defines  The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunication). • Three Key Objectives  Also called C I A Triad Confidentiality  Embody fundamental security objectives for – Data and information – Computing services Integrity Availability 9
Computer Security • Confidentiality : Authorized disclosure of information  Data Confidentiality : Not disclosed to unauthorized persons  Privacy : Who will collect information and to whom it will be disclosed  Example : Student grade information • Integrity: Authorized modification or destruction of information  Data Integrity : Information and Programs are changed in specific and authorized manner  System Integrity : No compromised functionality  Example: Patients information in hospital • Availability: Timely and reliable access to and use information.  Service is not denied to authorized users  Example: Authentication to services for critical systems. 10
Computer Security • Additional concepts • Authenticity  The property of being genuine and being able to be verified and trusted • Accountability  Actions of an entity can be traced uniquely to that entity 11
Impact of breach of Security LOW MODERATE HIGH Effect Limited Serious Serious or catastrophic Functional Ability Minor degradation Significant Severe (Primary functions degradation Damage to Assets Minor Significant Major Financial Loss Minor Significant Major Harm to Individual Minor Significant Severe (Loss of life or life- threatining injuries) 12
Secure Networks • Because no absolute definition of secure network exists:  Networks cannot be classified simply as secure or not secure. • Each organization defines the level of access that is permitted or denied, Security Policy  Security policy does not specify how to achieve protection.  The policy must apply to information stored in computers as well as to information traversing a network. 13
Security's impact on overall functionality Security Functionality Ease of use 14
THE OSI Security Architecture • Security Attack: Any action that compromises the security of information. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. Source Dest Normal Flow 15
Security Attacks  Security Attack: Any action that compromises the security of information  Interruption: This is an attack on availability Source Destination Darth  Interception: This is an attack on confidentiality Source Destination Darth 16
Security Attacks  Modification: This is an attack on integrity Source Dest Darth  Fabrication: This is an attack on authenticity Source Dest Darth 17
Security Services • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure)  Denial of Service Attacks  Virus that deletes files 18
Passive & Active Attacks • Passive Attacks: Difficult to detect, No alteration of data, focus on prevention 1. Release of message contents 2. Traffic analysis • Active Attacks: Modification of stream / data or its false creation, difficult to prevent, focus is on detection and recovery 1. Masquerade (impersonation) 2. Replay 3. Modification of message 4. Denial of service 19
Passive Attacks 20
Active Attacks I 21
Active Attacks II 22
Shane Stephens definition of Hackers • Group A: People who attempt to gain illegal access to machines on the internet for the ”fun” of it, but with no malicious intent. • Group B: People who attempt to gain illegal access to machines on the internet WITH malicious intent. • Group C: People who are adept at writing C/C++ code very quickly to do a specific thing (or similar) • Group D: Everybody else (esp. mainstream media). 23
Shane Stephens definition of Hackers (cont) • Group A call themselves "Hackers". Group A call Group B "Crackers". • Group B usually call themselves 31337 H4x0r5 • Group C call themselves "Hackers". Group C also call Group A "Hackers". • Many people in Group A are also in Group C. • Group D hasn't got any clue, and calls them all the same thing - "hackers". • The following naming scheme is appropriate:  Group A: Hacker  Group B: Cracker  Group C: Hacker (as well. Use context.)  Group D: Morons 24
Inside Security • What hacker´s don´t want you to KNOW • Firewalls are just the beginning:  critical component of an effective defence system, but they are significantly limited in terms of the types of attacks the can detect and repel. • Not all the bad guys are “out there”:  roughly half of all attacks are engineered by insiders who can potentially do more damage than hackers coming in from the outside. • Humans are the weakest link:  well-intentioned but uninformed employees are easily exploited by hackers who know which strings to pull • Passwords are not secure:  the most common form of user authentication is a “secret” password. This happens to be one of the most vulnerable for a verity of reasons. 25
Inside Security • They can see you but you can´t see them:  eavesdropping on network transmissions can reveal more than enough information to a hacker looking to gain higher levels of access. • Defaults are dangerous  a vendor´s choice of defaults for their product might meet their needs perfectly well but might spell disaster for you. • Yesterday´s strong crypto is today´s weak crypto:  just because you´ve encrypted a message is no guarantee that only authorized personnel will be able to read it. 26 FREDRIK ERLANDSSON
Inside Security • “It takes a thief to catch a thief”:  if you want to repel hackers attacks, it helps to think as They do. You can learn the tricks of the hacker trade from the same source that they do – the Internet • They future of hacking is bright:  Hackers are not going away any time soon. Their numbers seem to be growing. Emerging trends in the IT arena point to a brighter day when computers will do even more for us than they do now. These same changes may also usher in a host of new vulnerabilities for the next generation of hackers to exploit. 27 FREDRIK ERLANDSSON
The Golden Age of Hacking • There are so many possible systems to break into, most of them with weak security. • Companies have insufficient information to track these attackers  even if attackers are detected the chances of getting caught are slim • Ironically, companies were afraid of Y2K problem and spent a lot of money trying fixing it. But in most cases it seemed like the problem was overestimated, hyped by the media. Now there is a REAL PROBLEM but companies do not want to invest the money. • Lack of Awareness is the main reasons why so many companies are vulnerable. • It’s also a good time to be a security professional 28 FREDRIK ERLANDSSON
Methods of Defense • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smart-card) • Policies (frequent changes of passwords) • Physical Controls 29
Security Services • Authentication:  peer-entity Security Service:  data-origin A service that enhances • Access Control the security of data • Data Confidentiality: processing systems and  connection, information transfers. A  Connectionless security service makes  selective-field  traffic-flow use of one or more • Data Integrity security mechanisms.  connection [recovery, no-recovery, selective-field]  connectionless [no-recovery,selective-field] • NonRepudiation  Origin  Destination 30
Authentication • The assurance that communicating entity is the one that it claims to be • Data Origin: Provides that source of recieved data as claimed (m not protected) A(m) m B B(m,A)  AUTHENTIC(A)? • Peer Entity: Provide confidence in identities of entities connected A c B S(A,B)  AUTHENTIC(A,B)? S(c,masquerador,replay)  SECURE(c)? * m : message * c : connection 31
Access Control • The prevention of unauthorized use of a resource • Access REQUEST: A(m) m {Host / System} Host MATCHES m to A: {Host / System}(m,A) m’ A A GRANTED read/write access: c A(m’)  {Host / System} * m’ : modified message or authentication message 32
Confidentiality • The protection of data from unauthorized disclosure. • CONNECTION: cK A  B (e.g. TCP) (*K : Key) • CONNECTIONLESS: A mK B • SELECTIVE-FIELD: cK|c’ A  B • TRAFFIC-FLOW: A {} B 33
Integrity • The assurance that data recieved are exactly as sent by an authorized entity. • CONNECTION-RECOVERY: c modification/destruction A m B(m)  recover  m • CONNECTION-NO RECOVERY: c modification/destruction A m B(m)  detect  !! • SELECTIVE FIELD: c modification/destruction A m|m’ B(m)  detect(m)  !! 34
Non-Repudiation • Provides protection against denial by one of the entities involved in communication • SENDER VERIFICATION: A m,[A] B(m,[A])  mA • RECEIVER VERIFICATION: A m B B [m],[B] A([m],[B])  mB 35
Security Mechanism • Encipherment – unintelligible • Digital Signature – data tag to ensure  a) Source b) Integrity c) anti-forgery Security • Access Control Mechanism: • Data Integrity A mechanism • Authentication that is • Traffic Padding – prevent traffic analysis designed to • Routing Control – adapt upon partial failure detect, • Notarization – trusted third party prevent, or • Trusted Functionality recover from • Security Label a security • Event Detection attack. • Audit Trail • Recovery 36
Model for Network Security 37
Network Access Security Model • Gatekeeper: password-based login, screening logic • Internal controls: monitor activity, analyse stored info 38
The End 39

Recommended

04 coms 525 tcpip - arp and rarp
04 coms 525 tcpip - arp and rarp04 coms 525 tcpip - arp and rarp
04 coms 525 tcpip - arp and rarpPalanivel Kuppusamy
 
Computer networks unit ii
Computer networks unit iiComputer networks unit ii
Computer networks unit iiJAIGANESH SEKAR
 
VLSM & SUPERNETTING
VLSM & SUPERNETTINGVLSM & SUPERNETTING
VLSM & SUPERNETTINGMonsur Ahmed Shafiq
 
atm
atmatm
atmSrinivasa Rao
 
Aca2 01 new
Aca2 01 newAca2 01 new
Aca2 01 newSumit Mittu
 
It 3-icmp-igmp
It 3-icmp-igmpIt 3-icmp-igmp
It 3-icmp-igmpMD SHADAB ALAM
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnettingIGZ Software house
 
Wireless transmission
Wireless transmissionWireless transmission
Wireless transmissionSaba Rathinam
 

Recommended

04 coms 525 tcpip - arp and rarp
04 coms 525 tcpip - arp and rarp04 coms 525 tcpip - arp and rarp
04 coms 525 tcpip - arp and rarpPalanivel Kuppusamy
 
Computer networks unit ii
Computer networks unit iiComputer networks unit ii
Computer networks unit iiJAIGANESH SEKAR
 
VLSM & SUPERNETTING
VLSM & SUPERNETTINGVLSM & SUPERNETTING
VLSM & SUPERNETTINGMonsur Ahmed Shafiq
 
atm
atmatm
atmSrinivasa Rao
 
Aca2 01 new
Aca2 01 newAca2 01 new
Aca2 01 newSumit Mittu
 
It 3-icmp-igmp
It 3-icmp-igmpIt 3-icmp-igmp
It 3-icmp-igmpMD SHADAB ALAM
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnettingIGZ Software house
 
Wireless transmission
Wireless transmissionWireless transmission
Wireless transmissionSaba Rathinam
 
Compiler: Programming Language= Assignments and statements
Compiler: Programming Language= Assignments and statementsCompiler: Programming Language= Assignments and statements
Compiler: Programming Language= Assignments and statementsGeo Marian
 
Input buffering
Input bufferingInput buffering
Input bufferingRushikeshKadam23
 
IP classes and subnetting.
IP classes and subnetting.IP classes and subnetting.
IP classes and subnetting.university of Gujrat, pakistan
 
Unit 2 data link control
Unit 2 data link controlUnit 2 data link control
Unit 2 data link controlVishal kakade
 
Subnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examplesSubnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examplesKrishna Mohan
 
Shortest path (Dijkistra's Algorithm) & Spanning Tree (Prim's Algorithm)
Shortest path (Dijkistra's Algorithm) & Spanning Tree (Prim's Algorithm)Shortest path (Dijkistra's Algorithm) & Spanning Tree (Prim's Algorithm)
Shortest path (Dijkistra's Algorithm) & Spanning Tree (Prim's Algorithm)Mohanlal Sukhadia University (MLSU)
 
Block ciphers & public key cryptography
Block ciphers & public key cryptographyBlock ciphers & public key cryptography
Block ciphers & public key cryptographyRAMPRAKASHT1
 
IPV6 ADDRESS
IPV6 ADDRESSIPV6 ADDRESS
IPV6 ADDRESSJothi Lakshmi
 
Dbms ii mca-ch1-ch2-intro-datamodel-2013
Dbms ii mca-ch1-ch2-intro-datamodel-2013Dbms ii mca-ch1-ch2-intro-datamodel-2013
Dbms ii mca-ch1-ch2-intro-datamodel-2013Prosanta Ghosh
 
Topic : X.25, Frame relay and ATM
Topic : X.25, Frame relay and ATMTopic : X.25, Frame relay and ATM
Topic : X.25, Frame relay and ATMDr Rajiv Srivastava
 
What is a static ip address
What is a static ip addressWhat is a static ip address
What is a static ip addressHexa Howe
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Load balancing
Load balancingLoad balancing
Load balancingSoujanya V
 
08 subprograms
08 subprograms08 subprograms
08 subprogramsbaran19901990
 
Email and DNS
Email and DNSEmail and DNS
Email and DNSDhananjaysinh Jhala
 
Spiral model
Spiral modelSpiral model
Spiral modelrewa_monami
 
distributed Computing system model
distributed Computing system modeldistributed Computing system model
distributed Computing system modelHarshad Umredkar
 
Unicasting , Broadcasting And Multicasting New
Unicasting , Broadcasting And Multicasting NewUnicasting , Broadcasting And Multicasting New
Unicasting , Broadcasting And Multicasting Newtechbed
 
Ch08
Ch08Ch08
Ch08nathanurag
 
message passing
message passing message passing
message passingAshish Kumar
 
Message digest & digital signature
Message digest & digital signatureMessage digest & digital signature
Message digest & digital signatureDinesh Kodam
 
Jb ia
Jb iaJb ia
Jb iaDeepal Samaraweera
 

More Related Content

What's hot

Compiler: Programming Language= Assignments and statements
Compiler: Programming Language= Assignments and statementsCompiler: Programming Language= Assignments and statements
Compiler: Programming Language= Assignments and statementsGeo Marian
 
Unit 2 data link control
Unit 2 data link controlUnit 2 data link control
Unit 2 data link controlVishal kakade
 
Subnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examplesSubnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examplesKrishna Mohan
 
Shortest path (Dijkistra's Algorithm) & Spanning Tree (Prim's Algorithm)
Shortest path (Dijkistra's Algorithm) & Spanning Tree (Prim's Algorithm)Shortest path (Dijkistra's Algorithm) & Spanning Tree (Prim's Algorithm)
Shortest path (Dijkistra's Algorithm) & Spanning Tree (Prim's Algorithm)Mohanlal Sukhadia University (MLSU)
 
Block ciphers & public key cryptography
Block ciphers & public key cryptographyBlock ciphers & public key cryptography
Block ciphers & public key cryptographyRAMPRAKASHT1
 
Dbms ii mca-ch1-ch2-intro-datamodel-2013
Dbms ii mca-ch1-ch2-intro-datamodel-2013Dbms ii mca-ch1-ch2-intro-datamodel-2013
Dbms ii mca-ch1-ch2-intro-datamodel-2013Prosanta Ghosh
 
Topic : X.25, Frame relay and ATM
Topic : X.25, Frame relay and ATMTopic : X.25, Frame relay and ATM
Topic : X.25, Frame relay and ATMDr Rajiv Srivastava
 
What is a static ip address
What is a static ip addressWhat is a static ip address
What is a static ip addressHexa Howe
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Load balancing
Load balancingLoad balancing
Load balancingSoujanya V
 
distributed Computing system model
distributed Computing system modeldistributed Computing system model
distributed Computing system modelHarshad Umredkar
 
Unicasting , Broadcasting And Multicasting New
Unicasting , Broadcasting And Multicasting NewUnicasting , Broadcasting And Multicasting New
Unicasting , Broadcasting And Multicasting Newtechbed
 

What's hot (20)

Compiler: Programming Language= Assignments and statements
Compiler: Programming Language= Assignments and statementsCompiler: Programming Language= Assignments and statements
Compiler: Programming Language= Assignments and statements
 
Input buffering
Input bufferingInput buffering
Input buffering
 
IP classes and subnetting.
IP classes and subnetting.IP classes and subnetting.
IP classes and subnetting.
 
Unit 2 data link control
Unit 2 data link controlUnit 2 data link control
Unit 2 data link control
 
Subnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examplesSubnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examples
 
Shortest path (Dijkistra's Algorithm) & Spanning Tree (Prim's Algorithm)
Shortest path (Dijkistra's Algorithm) & Spanning Tree (Prim's Algorithm)Shortest path (Dijkistra's Algorithm) & Spanning Tree (Prim's Algorithm)
Shortest path (Dijkistra's Algorithm) & Spanning Tree (Prim's Algorithm)
 
Block ciphers & public key cryptography
Block ciphers & public key cryptographyBlock ciphers & public key cryptography
Block ciphers & public key cryptography
 
IPV6 ADDRESS
IPV6 ADDRESSIPV6 ADDRESS
IPV6 ADDRESS
 
Dbms ii mca-ch1-ch2-intro-datamodel-2013
Dbms ii mca-ch1-ch2-intro-datamodel-2013Dbms ii mca-ch1-ch2-intro-datamodel-2013
Dbms ii mca-ch1-ch2-intro-datamodel-2013
 
Topic : X.25, Frame relay and ATM
Topic : X.25, Frame relay and ATMTopic : X.25, Frame relay and ATM
Topic : X.25, Frame relay and ATM
 
What is a static ip address
What is a static ip addressWhat is a static ip address
What is a static ip address
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
Load balancing
Load balancingLoad balancing
Load balancing
 
08 subprograms
08 subprograms08 subprograms
08 subprograms
 
Email and DNS
Email and DNSEmail and DNS
Email and DNS
 
Spiral model
Spiral modelSpiral model
Spiral model
 
distributed Computing system model
distributed Computing system modeldistributed Computing system model
distributed Computing system model
 
Unicasting , Broadcasting And Multicasting New
Unicasting , Broadcasting And Multicasting NewUnicasting , Broadcasting And Multicasting New
Unicasting , Broadcasting And Multicasting New
 
Ch08
Ch08Ch08
Ch08
 
message passing
message passing message passing
message passing
 

Viewers also liked

Message digest & digital signature
Message digest & digital signatureMessage digest & digital signature
Message digest & digital signatureDinesh Kodam
 
A Comparative Study between RSA and MD5 algorithms
A Comparative Study between RSA and MD5 algorithms A Comparative Study between RSA and MD5 algorithms
A Comparative Study between RSA and MD5 algorithms Er Piyush Gupta IN ⊞⌘
 
A Comparative Analysis between SHA and MD5 algorithms
A Comparative Analysis between SHA and MD5 algorithms A Comparative Analysis between SHA and MD5 algorithms
A Comparative Analysis between SHA and MD5 algorithms Er Piyush Gupta IN ⊞⌘
 
Hashing Algorithm: MD5
Hashing Algorithm: MD5Hashing Algorithm: MD5
Hashing Algorithm: MD5ijsrd.com
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithmBob Landstrom
 
Security and ethical challenges
Security and ethical challengesSecurity and ethical challenges
Security and ethical challengesVishakha Joshi
 
Message Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmMessage Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmAjay Karri
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithmSiva Rushi
 

Viewers also liked (17)

Message digest & digital signature
Message digest & digital signatureMessage digest & digital signature
Message digest & digital signature
 
Jb ia
Jb iaJb ia
Jb ia
 
A Comparative Study between RSA and MD5 algorithms
A Comparative Study between RSA and MD5 algorithms A Comparative Study between RSA and MD5 algorithms
A Comparative Study between RSA and MD5 algorithms
 
Modified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password EncryptionModified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password Encryption
 
A Comparative Analysis between SHA and MD5 algorithms
A Comparative Analysis between SHA and MD5 algorithms A Comparative Analysis between SHA and MD5 algorithms
A Comparative Analysis between SHA and MD5 algorithms
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 
Hashing Algorithm: MD5
Hashing Algorithm: MD5Hashing Algorithm: MD5
Hashing Algorithm: MD5
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithm
 
Security and ethical challenges
Security and ethical challengesSecurity and ethical challenges
Security and ethical challenges
 
Md5
Md5Md5
Md5
 
Message Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmMessage Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 Algorithm
 
Hashing
HashingHashing
Hashing
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
ISO 14000
ISO 14000ISO 14000
ISO 14000
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithm
 

Similar to Lecture1 Introduction

Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptshahadd2021
 
Describing the challenges of securing information
Describing the challenges of securing informationDescribing the challenges of securing information
Describing the challenges of securing informationNicholas Davis
 
Describing The Challenges Of Securing Information
Describing The Challenges Of Securing InformationDescribing The Challenges Of Securing Information
Describing The Challenges Of Securing InformationNicholas Davis
 
It Security Awareness Overview
It Security Awareness OverviewIt Security Awareness Overview
It Security Awareness OverviewNicholas Davis
 
It security awareness overview
It security awareness overviewIt security awareness overview
It security awareness overviewNicholas Davis
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPiBits
 
02-overview.pptx
02-overview.pptx02-overview.pptx
02-overview.pptxEmanAzam
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfVishwanathMahalle
 
Introduction to Computer Security
Introduction to Computer SecurityIntroduction to Computer Security
Introduction to Computer SecurityKamal Acharya
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
Introduction to Computer Security.ppt
Introduction to Computer Security.pptIntroduction to Computer Security.ppt
Introduction to Computer Security.pptKojaSb
 

Similar to Lecture1 Introduction (20)

Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
 
Describing the challenges of securing information
Describing the challenges of securing informationDescribing the challenges of securing information
Describing the challenges of securing information
 
Describing The Challenges Of Securing Information
Describing The Challenges Of Securing InformationDescribing The Challenges Of Securing Information
Describing The Challenges Of Securing Information
 
It Security Awareness Overview
It Security Awareness OverviewIt Security Awareness Overview
It Security Awareness Overview
 
It security awareness overview
It security awareness overviewIt security awareness overview
It security awareness overview
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
 
02-overview.pptx
02-overview.pptx02-overview.pptx
02-overview.pptx
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
Introduction to Computer Security
Introduction to Computer SecurityIntroduction to Computer Security
Introduction to Computer Security
 
CNS Unit-1.pptx
CNS Unit-1.pptxCNS Unit-1.pptx
CNS Unit-1.pptx
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Introduction to Computer Security.ppt
Introduction to Computer Security.pptIntroduction to Computer Security.ppt
Introduction to Computer Security.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1 (1).ppt
hel1 (1).ppthel1 (1).ppt
hel1 (1).ppt
 

More from rajakhurram

Malicious software
Malicious softwareMalicious software
Malicious softwarerajakhurram
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious softwarerajakhurram
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
Lecture 11 wifi security
Lecture 11 wifi securityLecture 11 wifi security
Lecture 11 wifi securityrajakhurram
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication rajakhurram
 
Lecture 7 certificates
Lecture 7 certificatesLecture 7 certificates
Lecture 7 certificatesrajakhurram
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web securityrajakhurram
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
Lecture 3b public key_encryption
Lecture 3b public key_encryptionLecture 3b public key_encryption
Lecture 3b public key_encryptionrajakhurram
 
Lecture3a symmetric encryption
Lecture3a symmetric encryptionLecture3a symmetric encryption
Lecture3a symmetric encryptionrajakhurram
 
Lecture2 network attack
Lecture2 network attackLecture2 network attack
Lecture2 network attackrajakhurram
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 

More from rajakhurram (14)

Malicious software
Malicious softwareMalicious software
Malicious software
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
Lecture 11 wifi security
Lecture 11 wifi securityLecture 11 wifi security
Lecture 11 wifi security
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
 
Lecture 7 certificates
Lecture 7 certificatesLecture 7 certificates
Lecture 7 certificates
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewalls
 
Lecture 3b public key_encryption
Lecture 3b public key_encryptionLecture 3b public key_encryption
Lecture 3b public key_encryption
 
Lecture3a symmetric encryption
Lecture3a symmetric encryptionLecture3a symmetric encryption
Lecture3a symmetric encryption
 
Lecture2 network attack
Lecture2 network attackLecture2 network attack
Lecture2 network attack
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail security
 

Recently uploaded

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterMateoGardella
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...KokoStevan
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.MateoGardella
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 

Recently uploaded (20)

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 

Lecture1 Introduction

  • 1. Network Security Raja M. Khurram Shahzad
  • 2. Course Overview • ~16 lectures = 2x45 minutes • Two laborations in Karlskrona (telekom-labbet)  One simple firewall laboration (iptables)  One VPN-laboration • Assignment/s • Course homepage It’s Learning (http://www.bth.se/lms/) • Roll call  Done online through the submission of the assignment, more information on this later on • Course literature  Stallings, W. Network Security Essentials. Applications and Standards. 4/E, Prentice Hall. 2
  • 3. Security • Security is not a new concept • Quotes from “The Art of War”: • “The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.” • “Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win.” - The Art of War, Sun Tzu (late-sixth century BC) 3
  • 4. History • ENIGMA:  The most sophisticated encoding machine of its time.  Used during World War II by the Germans.  Intercepting and decoding German transmissions would prove to be a turning point in the war 4
  • 5. History cont. • U – 2:  US, spy plane  High altitude reconnaissance flights over the Soviet Union.  U-2 was brought down by the Soviet Union.  This incident set in motion a pattern of mistrust that culminated in the Cuban Missile Crisis. No one can predict if the Cold War might have ended sooner had the U-2 incident not occurred! 5
  • 6. What is SECURITY ??? 1. Measures taken to guard against espionage or sabotage, crime or attack 2. The protection of data against unauthorized access • ” The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts” Computer Recreations: Of Worms, Viruses and Core War" by A. K. Dewdney in Scientific American • The Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3 defines security as "a form of protection where a separation is created between the assets and the threat". • In simple words : Security is the degree of protection against danger, damage, loss, and criminal activity. 6
  • 7. Security Violations User A transmits a file F having sensitive information to user B. File F is SENSITIVE F A -------> B C CAPTURES F • Unauthorized User C capture copy during transmission F contains data about authorizations A sends message m to B: ”Update file F with names in message m” A(m) m B(F) C INTERCEPTS m and adds name of C A(m) m C(m) m B(F) 7
  • 8. Computer & Network Security • Computer Security:  generic name for the collection of tools designed to protect data. • Network Security:  protect data during their transmission • There are no clear boundaries between these two forms of security. 8
  • 9. Computer Security • NIST Computer Security Handbook defines  The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunication). • Three Key Objectives  Also called C I A Triad Confidentiality  Embody fundamental security objectives for – Data and information – Computing services Integrity Availability 9
  • 10. Computer Security • Confidentiality : Authorized disclosure of information  Data Confidentiality : Not disclosed to unauthorized persons  Privacy : Who will collect information and to whom it will be disclosed  Example : Student grade information • Integrity: Authorized modification or destruction of information  Data Integrity : Information and Programs are changed in specific and authorized manner  System Integrity : No compromised functionality  Example: Patients information in hospital • Availability: Timely and reliable access to and use information.  Service is not denied to authorized users  Example: Authentication to services for critical systems. 10
  • 11. Computer Security • Additional concepts • Authenticity  The property of being genuine and being able to be verified and trusted • Accountability  Actions of an entity can be traced uniquely to that entity 11
  • 12. Impact of breach of Security LOW MODERATE HIGH Effect Limited Serious Serious or catastrophic Functional Ability Minor degradation Significant Severe (Primary functions degradation Damage to Assets Minor Significant Major Financial Loss Minor Significant Major Harm to Individual Minor Significant Severe (Loss of life or life- threatining injuries) 12
  • 13. Secure Networks • Because no absolute definition of secure network exists:  Networks cannot be classified simply as secure or not secure. • Each organization defines the level of access that is permitted or denied, Security Policy  Security policy does not specify how to achieve protection.  The policy must apply to information stored in computers as well as to information traversing a network. 13
  • 14. Security's impact on overall functionality Security Functionality Ease of use 14
  • 15. THE OSI Security Architecture • Security Attack: Any action that compromises the security of information. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. Source Dest Normal Flow 15
  • 16. Security Attacks  Security Attack: Any action that compromises the security of information  Interruption: This is an attack on availability Source Destination Darth  Interception: This is an attack on confidentiality Source Destination Darth 16
  • 17. Security Attacks  Modification: This is an attack on integrity Source Dest Darth  Fabrication: This is an attack on authenticity Source Dest Darth 17
  • 18. Security Services • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure)  Denial of Service Attacks  Virus that deletes files 18
  • 19. Passive & Active Attacks • Passive Attacks: Difficult to detect, No alteration of data, focus on prevention 1. Release of message contents 2. Traffic analysis • Active Attacks: Modification of stream / data or its false creation, difficult to prevent, focus is on detection and recovery 1. Masquerade (impersonation) 2. Replay 3. Modification of message 4. Denial of service 19
  • 23. Shane Stephens definition of Hackers • Group A: People who attempt to gain illegal access to machines on the internet for the ”fun” of it, but with no malicious intent. • Group B: People who attempt to gain illegal access to machines on the internet WITH malicious intent. • Group C: People who are adept at writing C/C++ code very quickly to do a specific thing (or similar) • Group D: Everybody else (esp. mainstream media). 23
  • 24. Shane Stephens definition of Hackers (cont) • Group A call themselves "Hackers". Group A call Group B "Crackers". • Group B usually call themselves 31337 H4x0r5 • Group C call themselves "Hackers". Group C also call Group A "Hackers". • Many people in Group A are also in Group C. • Group D hasn't got any clue, and calls them all the same thing - "hackers". • The following naming scheme is appropriate:  Group A: Hacker  Group B: Cracker  Group C: Hacker (as well. Use context.)  Group D: Morons 24
  • 25. Inside Security • What hacker´s don´t want you to KNOW • Firewalls are just the beginning:  critical component of an effective defence system, but they are significantly limited in terms of the types of attacks the can detect and repel. • Not all the bad guys are “out there”:  roughly half of all attacks are engineered by insiders who can potentially do more damage than hackers coming in from the outside. • Humans are the weakest link:  well-intentioned but uninformed employees are easily exploited by hackers who know which strings to pull • Passwords are not secure:  the most common form of user authentication is a “secret” password. This happens to be one of the most vulnerable for a verity of reasons. 25
  • 26. Inside Security • They can see you but you can´t see them:  eavesdropping on network transmissions can reveal more than enough information to a hacker looking to gain higher levels of access. • Defaults are dangerous  a vendor´s choice of defaults for their product might meet their needs perfectly well but might spell disaster for you. • Yesterday´s strong crypto is today´s weak crypto:  just because you´ve encrypted a message is no guarantee that only authorized personnel will be able to read it. 26 FREDRIK ERLANDSSON
  • 27. Inside Security • “It takes a thief to catch a thief”:  if you want to repel hackers attacks, it helps to think as They do. You can learn the tricks of the hacker trade from the same source that they do – the Internet • They future of hacking is bright:  Hackers are not going away any time soon. Their numbers seem to be growing. Emerging trends in the IT arena point to a brighter day when computers will do even more for us than they do now. These same changes may also usher in a host of new vulnerabilities for the next generation of hackers to exploit. 27 FREDRIK ERLANDSSON
  • 28. The Golden Age of Hacking • There are so many possible systems to break into, most of them with weak security. • Companies have insufficient information to track these attackers  even if attackers are detected the chances of getting caught are slim • Ironically, companies were afraid of Y2K problem and spent a lot of money trying fixing it. But in most cases it seemed like the problem was overestimated, hyped by the media. Now there is a REAL PROBLEM but companies do not want to invest the money. • Lack of Awareness is the main reasons why so many companies are vulnerable. • It’s also a good time to be a security professional 28 FREDRIK ERLANDSSON
  • 29. Methods of Defense • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smart-card) • Policies (frequent changes of passwords) • Physical Controls 29
  • 30. Security Services • Authentication:  peer-entity Security Service:  data-origin A service that enhances • Access Control the security of data • Data Confidentiality: processing systems and  connection, information transfers. A  Connectionless security service makes  selective-field  traffic-flow use of one or more • Data Integrity security mechanisms.  connection [recovery, no-recovery, selective-field]  connectionless [no-recovery,selective-field] • NonRepudiation  Origin  Destination 30
  • 31. Authentication • The assurance that communicating entity is the one that it claims to be • Data Origin: Provides that source of recieved data as claimed (m not protected) A(m) m B B(m,A)  AUTHENTIC(A)? • Peer Entity: Provide confidence in identities of entities connected A c B S(A,B)  AUTHENTIC(A,B)? S(c,masquerador,replay)  SECURE(c)? * m : message * c : connection 31
  • 32. Access Control • The prevention of unauthorized use of a resource • Access REQUEST: A(m) m {Host / System} Host MATCHES m to A: {Host / System}(m,A) m’ A A GRANTED read/write access: c A(m’)  {Host / System} * m’ : modified message or authentication message 32
  • 33. Confidentiality • The protection of data from unauthorized disclosure. • CONNECTION: cK A  B (e.g. TCP) (*K : Key) • CONNECTIONLESS: A mK B • SELECTIVE-FIELD: cK|c’ A  B • TRAFFIC-FLOW: A {} B 33
  • 34. Integrity • The assurance that data recieved are exactly as sent by an authorized entity. • CONNECTION-RECOVERY: c modification/destruction A m B(m)  recover  m • CONNECTION-NO RECOVERY: c modification/destruction A m B(m)  detect  !! • SELECTIVE FIELD: c modification/destruction A m|m’ B(m)  detect(m)  !! 34
  • 35. Non-Repudiation • Provides protection against denial by one of the entities involved in communication • SENDER VERIFICATION: A m,[A] B(m,[A])  mA • RECEIVER VERIFICATION: A m B B [m],[B] A([m],[B])  mB 35
  • 36. Security Mechanism • Encipherment – unintelligible • Digital Signature – data tag to ensure  a) Source b) Integrity c) anti-forgery Security • Access Control Mechanism: • Data Integrity A mechanism • Authentication that is • Traffic Padding – prevent traffic analysis designed to • Routing Control – adapt upon partial failure detect, • Notarization – trusted third party prevent, or • Trusted Functionality recover from • Security Label a security • Event Detection attack. • Audit Trail • Recovery 36
  • 37. Model for Network Security 37
  • 38. Network Access Security Model • Gatekeeper: password-based login, screening logic • Internal controls: monitor activity, analyse stored info 38
  • 39. The End 39