Network Security Philosphy & Introduction

Dr. Enis Karaarslan Muğla University Computer Engineering Department

5/10/13

Dr. Enis Karaarslan

1

SECURITY PHILOSPHY

Computer & Network Security has similarities with the security in normal life.

There is no such thing as %100 Security

Security at the gates only, is not enough

A chain is only as strong as its weakest link

As there is no %100 security … So give up? A possible solution: Use more than one chain

MULTI LAYER SECURITY

  

Keep in mind that When Security measures increase, Usability decrease

False Sense of Security

A “false sense of security” is worse than “a true sense of insecurity”.

Solution: Never think your system is secure.

No Template Which Suits All
 

There is no templates which suits all. There is a different solution for different organizations
• Different needs • Different assets

To win a war, one must know the way Sun Tzu The Art of War

Security is a process, not a product. Bruce Schneier

MONITOR

The system should be monitored for intrusions And immediate action should be taken at attacks

Warn The Attacker

Network Awareness
 

Know your enemy (?) Know yourself,
• know your assets • know what to protect

Know your systems more than the attacker

FUNDAMENTALS

Information System and Security
ATTACK SECURITY MEASURES

ATTACKER

VULNERABILITY

INFORMATION SYSTEM

USERS

Vulnerable Systems

The systems are vulnerable
• Mainly because of bad coding • Must be patched (but can not be done rapidly as they should) • False sense of security

A vulnerability timeline …

The Attacker/Intruder
The attacker can be called as: Lamer, intruder, attacker … (wrongly used as hacker also)  Also secret organizations?  Also companies (serious antivirus/defence economy)

Hacker /Lamer /Attacker …

Hacker is used as attacker/lamer, in the meaning: The intruder, who gets in your system and intends to use for his/her own aims.
5/10/13 Ar. Gör. Enis Karaaslan 24

The Attacker

The attackers strength is Dedication • Will not stop until he/she gets in • Can use the computer for days long sleepless • Knows the vulnerabilities of systems

5/10/13

Ar. Gör. Enis Karaaslan

26

Network Security Assets

Network Security Overall • Network Awareness • Firewall, Intrusion Detection Systems … etc • More … Host (Computer/Server/NW Device) Security
• Physical Security

• OS and Application Security • User Management Encryption

Firewall

Firewall Basics
  

Rule based access control between networks. Software/hardware based Architecture
• Static Packet Filtering • Dynamic Packet Filtering (Statefull inspection) • Application Level Protection

Logging and alert capabilities

5/10/13

Ar. Gör. Enis Karaaslan

29

Encryption

Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. (Encryption x Decryption)

5/10/13

Ar. Gör. Enis Karaaslan

30

Encryption

Two different methods (according to key use) • Conventional– Two keys are the same • Asymetric – (Public Key Encryption) – Key pair (public, private)

5/10/13

Ar. Gör. Enis Karaaslan

31

Encryption

To decyrpt an encrypted data • How much time? • How much Processing (Computing power)? The science which deals with encryption is Cryptology

5/10/13

Ar. Gör. Enis Karaaslan

32

END OF THE SESSION
Dr. Enis Karaaslan enis.karaarslan@mu.edu.tr

5/10/13

Ar. Gör. Enis Karaaslan

33

Sign up to vote on this title
UsefulNot useful