Network Security ?
Security means that protection of your data, information and other resources from unauthorized access.
Three Fundamentals of security
–Confidentiality
•Authorized users get entry•Inspection of information, printing of information and knowledge of resource existence
–Availability
•Legitimate(legal/authorized) user be able to access resources and service should be provided at anytime–Integrity
•Changed in adequate way•Modification done by authorized people
Attack Process
•Three stages called MOM
•Method
–Ability, information, tools (means which method/tools/procedures you are using to access)•Opportunity
–Time and Access(means have you opportunities to access)•Motive
(means what is your purpose? what you want?)–Testing system reliability
–Competition between attackers or testing their own skills
–Breaking into well secured systems like law enforcement, government agencies
–To gain popularity, financial gain, information gain
–Just for fun
–No motive at all
OSI (open systems interconnection) security architecture?
The OSI security architecture basically consists on:
•Security Attack:
Any action that compromises the security of information.•Security Mechanism:
A mechanism that is designed to detect, prevent, or recover from a security attack.Security Service:
A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
Security Attacks
There are main two types of security attacks.•Passive Attack
•Passive attacks are in the nature of eavesdropping on, or monitoring of transmissions.The
goal of the opponent is to obtain information that is being transmitted.
–attempts to learn or make use of information from the system but does notgoal of the opponent is to obtain information that is being transmitted.
affect system resources.Passive attacks are divided into two categories.
1. Release of message contents
2.Traffic Analysis
•Active Attack
–attempts to alter system resources or affect their operation–Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories.
1. Masquerade
3. Modification of message contents
4. Denial of services(DOS)
Security Services
–Confidentiality (protect data from unauthorized disclosure)–Authentication (who created or sent the data)
–Data Integrity (has not been altered)
–Non-repudiation (the order is final) Non repudiation prevents either sender or receiver from denying a transmitted message. Thus, when a message is sent the receiver can prove that the alleged sender in fact sent the message. Similarly, when a message is received, the sender can prove that the alleged receiver in fact received the message.
–Access control (prevent misuse of resources)
–Availability (property of a system or a system resource being accessible and usable upon demand by an authorized system entity)
– Denial of Service Attacks
Methods of Defense
There are several methods of Defense•Encryption
•Software Controls (access limitations in a data base, in operating system protect each user from other users)
•Hardware Controls (smart-card)
•Policies (frequent changes of passwords)
•Physical Controls
