Professional Documents
Culture Documents
Network Security
Outline
• Attacks, services and mechanisms
• Security attacks
• Security services
• Methods of Defense
• A model for Internetwork Security
• Internet standards and RFCs
Attacks, Services and
Mechanisms
• Security Attack:
Any action that compromises the security of
information.
• Security Mechanism:
A mechanism that is designed to detect, prevent,
or recover from a security attack.
• Security Service:
A service that enhances the security of data
processing systems and information transfers.
A security service makes use of one or more
security mechanisms.
Security Attacks
Henric Johnson 4
Security Attacks
Interruption:
•This is an attack on availability.
•An asset of the system is destroyed.
•Destruction of hard disk, cutting of
commination line.
•Interception:
•This is an attack on confidentiality
•An unauthorized party gains access to an
asset
•Unauthorized copying of files or program.
• Modification:
• Fabrication:
• This is an attack on authenticity
• An unauthorized party inserts counterfeit
object into the system.
Passive Attacks
•Passive attacks are in the nature of eavesdropping on,
or monitoring of, transmissions.
•The goal of the opponent is to obtain information that
is being transmitted.
•Two types of passive attacks are
•Release of message contents and Traffic analysis.
The release of message contents
It involves :
(1)capturing the sensitive information that is sent via
emails or
(2)Tapping the conversation over the phone
Traffic analysis
•Here an intruder observes the frequency and the
length of the message being exchanged between the
communicating nodes.
•A passive attacker uses this information for guessing
the nature of the communication that was taking place.
Active Attacks
•Active attacks involve some modification of the data
stream or the creation of a false stream
•It can be sub divided into four categories:
•Masquerade
•Replay
•Modification of messages and
•Denial of service.
•A masquerade takes place when one entity pretends
to be a different entity
•Here an unauthorized entity tries to gain more
privileges than it is authorized for.
• Masquerade is done by stolen IDs and passwards
• Replay involves the passive capture of a data unit
and its subsequent retransmission to produce an
unauthorized effect
• Modification of messages
Means that some portion of a legitimate message
is altered, or that messages are delayed or
reordered, to produce an unauthorized effect
Confidentiality
Integrity Avaliability
Security Services
• Confidentiality (privacy)
• Availability (permanence, non-erasure)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Authentication (who created or sent the data)
Confidentiality (privacy)
Henric Johnson