You are on page 1of 33

Network Security Philosphy & Introduction

Dr. Enis Karaarslan Mula University Computer Engineering Department

5/10/13

Dr. Enis Karaarslan

SECURITY PHILOSPHY

Computer & Network Security has similarities with the security in normal life.

There is no such thing as %100 Security

Security at the gates only, is not enough

A chain is only as strong as its weakest link

As there is no %100 security So give up? A possible solution: Use more than one chain

MULTI LAYER SECURITY

Keep in mind that When Security measures increase, Usability decrease

False Sense of Security

A false sense of security is worse than a true sense of insecurity.

Solution: Never think your system is secure.

No Template Which Suits All


There is no templates which suits all. There is a different solution for different organizations
Different needs Different assets

To win a war, one must know the way Sun Tzu The Art of War

Security is a process, not a product. Bruce Schneier

MONITOR

The system should be monitored for intrusions And immediate action should be taken at attacks

Warn The Attacker

Network Awareness

Know your enemy (?) Know yourself,


know your assets know what to protect

Know your systems more than the attacker

FUNDAMENTALS

Information System and Security


ATTACK SECURITY MEASURES

ATTACKER

VULNERABILITY

INFORMATION SYSTEM

USERS

Vulnerable Systems

The systems are vulnerable


Mainly because of bad coding Must be patched (but can not be done rapidly as they should) False sense of security

A vulnerability timeline

The Attacker/Intruder
The attacker can be called as: Lamer, intruder, attacker (wrongly used as hacker also) Also secret organizations? Also companies (serious antivirus/defence economy)

Hacker /Lamer /Attacker

Hacker is used as attacker/lamer, in the meaning: The intruder, who gets in your system and intends to use for his/her own aims.
5/10/13 Ar. Gr. Enis Karaaslan 24

The Attacker

The attackers strength is Dedication Will not stop until he/she gets in Can use the computer for days long sleepless Knows the vulnerabilities of systems

5/10/13

Ar. Gr. Enis Karaaslan

26

Network Security Assets

Network Security Overall Network Awareness Firewall, Intrusion Detection Systems etc More Host (Computer/Server/NW Device) Security
Physical Security

OS and Application Security User Management Encryption

Firewall

Firewall Basics

Rule based access control between networks. Software/hardware based Architecture


Static Packet Filtering Dynamic Packet Filtering (Statefull inspection) Application Level Protection

Logging and alert capabilities

5/10/13

Ar. Gr. Enis Karaaslan

29

Encryption

Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. (Encryption x Decryption)

5/10/13

Ar. Gr. Enis Karaaslan

30

Encryption

Two different methods (according to key use) Conventional Two keys are the same Asymetric (Public Key Encryption) Key pair (public, private)

5/10/13

Ar. Gr. Enis Karaaslan

31

Encryption

To decyrpt an encrypted data How much time? How much Processing (Computing power)? The science which deals with encryption is Cryptology

5/10/13

Ar. Gr. Enis Karaaslan

32

END OF THE SESSION


Dr. Enis Karaaslan enis.karaarslan@mu.edu.tr

5/10/13

Ar. Gr. Enis Karaaslan

33