=0811010010 SECTION=A3 BRANCH=CS


 Network security addresses the vulnerabilities to which your organization is exposed as a consequence of being connected to a network. Network security is a level of guarantee that all the machines in a network are working optimally and the users of these machines only possess the rights that were granted to them. This can include: preventing unauthorized people from acting on the system maliciously preventing users from performing involuntary operations that are capable of harming the system securing data by anticipating failures guaranteeing that services are not interrupted

Threats to network security include
replicate themselves and infect computers when triggered by a specific event

Viruses : Computer programs written by devious programmers and designed to

Trojan horse programs : Delivery vehicles for destructive code, which
appear to be harmless or useful software programs such as games

Vandals : Software applications or applets that cause destruction Attacks : Including reconnaissance attacks (information-gathering activities to
collect data that is later used to compromise networks); access attacks (which exploit network vulnerabilities in order to gain entry to e-mail, databases, or the corporate network); and denial-of-service attacks (which prevent access to part or all of a computer system)

Data interception : Involves eavesdropping on communications or altering
data packets being transmitted

Social engineering : Obtaining confidential network security information
through nontechnical means, such as posing as a technical support person and asking for people's passwords

Security Services


! The process of verifying the identity of a user

This is

! Assurance that the data that arrives is the same as when it was sent.

! Assurance that sensitive information is not visible to an eavesdropper.

usually achieved using encryption

Access Control Non Repudiation

! The process of enforcing access right


Assurance that any transaction that takes place can subsequently be proved to have taken place. Both the sender and the receiver agree that the exchange took place.

Classify Security Attacks
 passive attacks -In this the goal of the attacker is to obtain information that is being transmitted. Two types of passive attacks are release.
 obtain message contents, or  monitor traffic flows  Eavesdropping    

 active attacks – modification of data stream to:
masquerade of one entity as some other replay previous messages modify messages in transit denial of service

Threats Technically Defined
Masquerade: ! An entity claims to be another entity Eavesdropping: ! An entity reads information it is not intended to read Authorization Violation: ! An entity uses a service or resources it is not intended to use Loss or Modification of (transmitted) Information: ! Data is being altered or destroyed Denial of Communication Acts (Repudiation): ! An entity falsely denies its’ participation in a communication act Forgery of Information: ! An entity creates new information in the name of another entity Sabotage: ! Any action that aims to reduce the availability and / or correct functioning of services or systems

Web Security
• Basic Authentication • Secure Socket Layer (SSL)
Basic Authentication A simple user ID and password-based authentication scheme, and provides the following:
– To identify which user is accessing the server – To limit users to accessing specific pages (identified as Universal Resource Locators, URLs

SSL (Secure Socket Layer)
 transport layer security service  originally developed by Netscape  version 3 designed with public input  SSL receive data from Application layer protocol ,then it compress, signed and encrypt the data and pass to reliable transport layer protocol.  uses TCP to provide a reliable end-to-end service  SSL has two layers of protocols

Cryptographic Techniques
 For network security two main applications of cryptographic algorithms are of principal interest:  Encryption of data: transforms plaintext data into ciphertext in order to conceal its’ meaning  Signing of data: computes a check value or digital signature to a given plain- or ciphertext, that can be verified by some or all entities being able to access the signed data  Some cryptographic algorithms can be used for both purposes, some are only secure and / or efficient for one of them.  Principal categories of cryptographic algorithms:  Symmetric cryptography using 1 key for en-/decryption or signing/checking  Asymmetric cryptography using 2 different keys for en-/decryption or signing/checking  Cryptographic hash functions using 0 keys (the “key” is not a separate input but “appended” to or “mixed” with the data).

Symmetric Key Cryptography

•traditional private/secret/single key cryptography uses one key •shared by both sender and receiver • also is symmetric, parties are equal

Asymmetric Key Cryptography

•public-key/two-key/asymmetric cryptography involves the use of two keys:
a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures

•is asymmetric because

those who encrypt messages or verify signatures cannot decrypt messages or create signatures

Internet Firewall

A firewall is a device installed between the internal network of an organization and the rest of the internet • A firewall is to control traffic flow between networks. • Firewall is usually classified as:
– Packet Filters – Application Proxy

Packet Filtering
• Most commonly used firewall technique • Operates at IP level • Checks each IP packet against the filter rules before passing (or not passing) it on to its destination. • Very fast than other firewall techniques • Hard to configure

Non-Secure Network

Packet Filtering Server

Secure Network

Application Proxy
• Application Level Gateway The communication steps are as follows – User connects to proxy server – From proxy server, user connects to destination server Proxy server can provide – Content Screening – Logging – Authentication

Non-Secure Telnetd Telnet Telnetd Network


Secure Network

Porxy Server

 information security is increasingly important  have varying degrees of sensitivity of information

 subjects (people or programs) have varying rights of access to objects (information)  want to consider ways of increasing confidence in systems to enforce these rights  known as multilevel security
 subjects have maximum & current security level  objects have a fixed security level classification

 cf military info classifications: confidential, secret etc

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.