What is OSI (open systems interconnection) security architecture?
The OSI security architecture basically consists on:
•Security Attack: Any action that compromises the security of information.
•Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
Security Attacks
There are main two types of security attacks.
•Passive Attack
•Passive attacks are in the nature of
eavesdropping on, or monitoring of, transmissions.
The goal of the opponent is to obtain information that is being transmitted
–attempts to learn or make use of information from the system but does not affect system
resources.Passive attacks are divided into two categories.
1. Release of message contents
2.Traffic Analysis
The goal of the opponent is to obtain information that is being transmitted
–attempts to learn or make use of information from the system but does not affect system
resources.Passive attacks are divided into two categories.
1. Release of message contents
2.Traffic Analysis
•Active Attack
–attempts
to alter system resources or affect their operation–Active attacks involve some modification of the data stream or the creation of a
false stream and can be subdivided into four categories.
1. Masquerade
2. Reply
3. Modification of message contents
4. Denial of services(DOS)
Security Services
Confidentiality (protect data from unauthorized disclosure)
–Authentication (who created or sent the data)
–Data Integrity (has not been altered
–Non-repudiation (the order is final) Non repudiation prevents either sender or
receiver from denying a transmitted message. Thus, when a message is sent, the
receiver can prove that the alleged sender in fact sent the message. Similarly, when
a message is received, the sender can prove that the alleged receiver in fact received
the message.
–Access control (prevent misuse of resources)
–Availability (property of a system or a system resource being accessible and usable
upon demand by an authorized system entity)• Denial of Service Attacks
Methods of Defense
There are several methods of Defense
•Encryption
•Software Controls (access limitations in a data base, in operating system protect each user from other users)
•Software Controls (access limitations in a data base, in operating system protect each user from other users)
•Hardware
Controls (smart-card)
•Policies (frequent changes of passwords)
•Physical Controls
•Policies (frequent changes of passwords)
•Physical Controls