Professional Documents
Culture Documents
CNS Chapter 1
CNS Chapter 1
Institute of Technology
Department of Electrical and Computer Eng.
Computer Engineering Stream
(2020)
LECTURE 1:
COMPUTER NETWORK SECURITY OVERVIEW
2
COMPUTER SECURITY CONCEPTS
DEFINITIONS
• Computer Security - generic name for the collection of
tools designed to protect data and to thwart hackers
• Network Security - measures to protect data during their
transmission
• Internet Security - measures to protect data during their
transmission over a collection of interconnected
networks
• Network and Internet Security
– consists of measures to deter, prevent, detect, and
correct security violations that involve the
transmission & storage of information
3
COMPUTER SECURITY CONCEPTS
4
COMPUTER SECURITY CONCEPTS
COMPUTER SECURITY
NIST: National Institute of Standards and Technology
7
COMPUTER SECURITY CONCEPTS
• Basic Security Objectives (Pillars) - CIA
• Confidentiality: This term covers two related concepts:
Data confidentiality: Assures that private or confidential
information or resource is not made available or disclosed to
unauthorized individuals.
o The assurance that only authorized parties can access data.
In network communication, it means only sender and
intended receiver should “understand” message contents
Ensuring that no one can read the message except the
intended receiver.
Privacy: Assures that individuals control or influence what
information related to them may be collected and stored and
by whom and to whom that information may be disclosed.
8
COMPUTER SECURITY CONCEPTS
• Basic Security Objectives (Pillars) - CIA
• Integrity: This term covers two related concepts
Data integrity: Assures that information and programs
are changed only in a specified and authorized manner.
o the assurance that only authorized parties can modify
data.
In network communication, sender and receiver want to ensure
that the message is not altered (in transit or afterwards) without
detection
System integrity: Assures that a system performs its
intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of
the system
9
COMPUTER SECURITY CONCEPTS
• Availability: Assures that systems work promptly and
service is not denied to authorized users
• Authenticity: Some say it is a missing component of
objectives in CIA.
It is the property of being genuine and being able to be verified
and trusted; confidence in the validity of a transmission, a
message, or message originator; or sender and receiver want to
confirm the identity of each other
10
COMPUTER SECURITY CONCEPTS
• A security policy is a statement of what is, and what is
not, allowed by users of a system
• A security mechanism is a method, tool, or
procedure for enforcing a security policy.
11
COMPUTER SECURITY CONCEPTS
• Given a security policy’s specification of “secure” and
“nonsecure” actions, security mechanisms can prevent
(defend) the attack, detect the attack, or recover from the
attack
Prevention/Defence: take measures to prevent the damage; it
means that an attack will fail; e.g., passwords to prevent
unauthorized users or Intrusion Prevention Systems (IPSs)
Detection: if an attack cannot be prevented; when, how and
who of the attack have to be identified; e.g., when a user
enters a password three times; Intrusion Detection Systems
(IDSs)
Reaction/Recovery: take measures to recover from the
damage; e.g., restore deleted files from backup; sometimes
retaliation (attacking the attacker’s system or taking legal
actions to hold the attacker accountable)
12
KEY SECURITY CONCEPTS (Summary)
1. Confidentiality: Preserving authorized restrictions on information
access and disclosure.
14
LEVELS OF IMPACT
• Low
– A limited adverse effect means that, for
example, the loss might:
i. cause a degradation in mission capability to an
extent and duration that the organization is able
to perform its primary functions, but the
effectiveness of the functions is noticeably
reduced;
ii. result in minor damage to organizational assets;
iii. result in minor financial loss; or
iv. result in minor harm to individuals.
15
LEVELS OF IMPACT
• Moderate
– A serious adverse effect means that, for example,
the loss might:
i. cause a significant degradation in mission capability
to an extent and duration that the organization is
able to perform its primary functions, but the
effectiveness of the functions is significantly
reduced;
ii. result in significant damage to organizational assets;
iii. result in significant financial loss; or
iv. result in significant harm to individuals.
16
1.1.4 LEVELS OF IMPACT
• High
– A severe or catastrophic adverse effect means
that, for example, the loss might:
i. cause a severe degradation in mission
capability to an extent and duration that the
organization is not able to perform one or more
of its primary functions;
ii. result in major damage to organizational assets;
iii. result in major financial loss; or
iv. result in major harm to individuals.
17
COMPUTER SECURITY CHALLENGES
• Computer security is not simple • Multiple algorithms or
• Potential attacks on the security protocols may be involved
features must be considered • Security is essentially a
• It’s necessary to decide where battle of wits between a
to use the various security perpetrator and the designer.
mechanism • Little benefit from security
• Procedures used to provide investment is perceived until
particular services are often a security failure occurs.
counter-intutitive. • Strong security is often
• Requires constant monitoring viewed as an impediment to
• is to often an afterthought efficient and user-friendly
operation
18
ITU
• The International Telecommunication Union (ITU) is a
United Nations specialized agency for information and
communication technologies (ICTs). In general terms, the
Union focuses on three main areas of activity:
– radiocommunications (allocation of global radio spectrum
and satellite orbits), through the ITU Radiocommunication
Sector (ITU-R);
– standardisation (development of technical standards for
the interconnection of networks and technologies),
through the
ITU Telecommunication Standardization Sector (ITU-T); and
– development (working, among others, on improving access
to ICTs to underserved communities worldwide), through
the ITU Telecommunication Development Sector (ITU-D).
19
ITU
• The ITU Telecommunication Standardization Sector
(ITU-T) is one of the three sectors (divisions or units)
of the International Telecommunication Union (ITU);
it coordinates standards for telecommunications.
– development of technical standards for the
interconnection of networks and technologies.
– The ITU-T mission is to ensure the efficient and timely
production of standards covering all fields of
telecommunications on a worldwide basis, as well as
defining tariff and accounting principles for international
telecommunication services.
20
THE OSI SECURITY ARCHITECTURE
• To assess effectively the security needs of an
organization and to evaluate and choose various
security products and policies, the manager
responsible for security needs some systematic
way of defining the requirements for security and
characterizing the approaches to satisfying those
requirements.
– ITU-T Recommendation X.800, Security Architecture
for OSI, defines such a systematic way of defining the
requirements for security and characterizing the
approaches to satisfying those requirements.
21
THE OSI SECURITY ARCHITECTURE
• The Open System Interconnect (OSI) security
architecture was designated by the ITU-T (International
Telecommunication Union Telecommunication).
– The ITU-T decided that their standard "X 800 would be the ISO
security
• The OSI Security Architecture is a framework that
provides a systematic way of defining the requirements
for security and characterizing the approaches to
satisfying those requirements.
• The OSI security architecture focuses on:
– Security mechanism
– Security service
– Security attack
22
THE OSI SECURITY ARCHITECTURE
• Focuses
– Security attack
• Any action that compromises the security of information owned
by an organization.
– Security mechanism
• A process (or a device incorporating such a process) that is designed to
detect, prevent, or recover from a security attack. E.g., encryption
algorithm, digital signatures, and authentication protocols
– Security service
• A processing or communication service that enhances the security of
the data processing systems and the information transfers of an
organization intended to counter security attacks, and they make use
of one or more security mechanisms to provide the service. E.g.,
authentication, access control, data confidentiality, data integrity,
nonrepudiation, and availability
23
SECURITY TERMINOLOGY
1. Adversary (threat agent) - An entity that attacks, or is
a threat to, a system.
25
ASSETS, VULNERABILITY, THREATS AND ATTACKS
Hardware
Software
Data
26
VULNERABILITY
• A vulnerability is a weakness in the security system (for example, in
procedures, design, or implementation), that might be exploited to
cause loss or harm.
• Software Vulnerabilities
– Software can be replaced, changed, or destroyed maliciously, or
it can be modified, deleted, or misplaced accidentally. Whether
intentional or not, these attacks exploit the software's
vulnerabilities.
• Data Vulnerabilities
– data have a definite value, even though that value is often
difficult to measure.
28
THREATS
• A threat to a computing system is a set of circumstances that
has the potential to cause loss or harm.
• We can view any threat as being one of four kinds:
interception, interruption, modification, and fabrication.
29
THREATS
• A Normal Flow
30
THREATS
31
THREATS
32
THREATS
33
THREATS
34
SUMMARY on THREATS
An interception means that some unauthorized
party has gained access to an asset.
39
PASSIVE AND ACTIVE ATTACKS - DIFFERENCES
Passive Attack Active Attack
Attempts to learn or make use of Attempts to alter system resources or
information from the system but does affect their operation.
not affect system resources.
Eavesdropping on, or monitoring of, Involve some modification of the data
transmissions. stream or the creation of a false stream.
40
Types of Security Attacks
Types of Attacks
• Types of attacks: One way of categorizing attacks is
as passive and active
– Passive Attacks
• A passive attack attempts to learn or make use of
information from the system but does not affect system
resources
• There are two types of passive attacks: release of
message contents (or sniffing) and traffic analysis
• Release of message contents: A telephone conversation,
an electronic mail message, and a transferred file may
contain sensitive or confidential information; we would
like to prevent an opponent from learning the contents
of these transmissions
• It is also called interception: An attack on confidentiality
42
Types of Attacks
• Release of message contents (Snooping)
– refers to unauthorized access to or interception of
data.
43
Types of Attacks
44
Types of Attacks
• Alice and Bob could be
– two routers that want to exchange router tables
securely
– a client and a server that want to establish a secure
transport connection
– two e-mail applications or persons that want to
exchange secure e-mail
– a person transferring his credit card number
securely to a web server
– a person interacting with his/her bank online
– etc.
45
Types of Attacks
• Traffic analysis: Traffic analysis refers to obtaining some
other type of information by monitoring online traffic.
– to determine the location and identity of communicating
hosts and to observe the frequency and length of messages
being exchanged (even if the message is encrypted). This
information might be useful in guessing the nature of the
communication that was taking place
46
Types of Attacks
• It is usually difficult to detect passive attacks because
they do not involve any alteration of the data
• Snooping
– Snooping is a passive attack; it is unauthorized interception of
information, e.g., passive wiretapping (not necessarily physical
wiring)
– It is a form of disclosure
47
Types of Attacks
• It is usually difficult to detect passive attacks because
they do not involve any alteration of the data
• Snooping
– Snooping is a passive attack; it is unauthorized interception of
information, e.g., passive wiretapping (not necessarily physical
wiring)
– It is a form of disclosure
48
Types of Attacks
• Active Attacks
– An active attack attempts to alter system resources or
affect their operation
• The transmitted data is fully controlled by the
intruder
• The attacker can modify, delete or view any data
– This is quite possible in TCP/IP since the frames and
packets are not protected in terms of authenticity
and integrity (more later in Chapter 5 - Network
Security Concepts and Mechanisms)
49
Types of Attacks
• Categories of Active Attacks
1. Spoofing or Masquerading: also called fabrication: An attack
on authenticity
2. Modification or Alteration: An attack on integrity
3. Delay: Could be classified as an attack on availability
4. Denial of Service (DOS) or degrading of service or
Interruption: An attack on availability
50
Categories of Active Attacks
56
COUNTERMEASURES
Security Concepts and Relationships
57
Services and Mechanisms
• Authentication
• Access control
• Data confidentiality
• Data integrity
• Nonrepudiation
X.800 Service Categories
Security
Services
(X.800)
Security
Services
(X.800)
Authentication
• Concerned with assuring that is autentic.
– In the case of a single message, assures the recipient
that the message is from the source that it claims to
be from.
– In the case of ongoing interaction, the service assures
that the entities are authentic(that is, that each is
the entity that it claims to be) and that the
connection is not interfered with in such a way that a
third party can masquerade as one of the two
legitimate parties
Two specific authentication services are defined in X.800:
• Peer entity authentication
• Data origin authentication
Two entities are considered peers if they implement the same protocol in
different systems (e.g., two TCP modules in two communicating systems).
Access Control
• The ability to limit and control the access to host systems and
applications via communications links
• To achieve this, each entity trying to gain access must first be
identified, or authenticated, so that access rights can be tailored to
the individual
Data Confidentiality
• The protection of transmitted data from passive attacks
– Broadest service protects all user data transmitted
between two users over a period of time
– Narrower forms of service include the protection of
a single message or even specific fields within a
message
• The protection of traffic flow from analysis
– This requires that an attacker not be able to observe
the source and destination, frequency, length, or
other characteristics of the traffic on a
communications facility
Data Integrity
Can apply to a stream of messages, a single
message, or selected fields within a message
79
A MODEL FOR NETWORK SECURITY
• Security aspects come into play when it is necessary or
desirable to protect the information transmission from an
opponent who may present a threat to confidentiality,
authenticity, and so on.
• All of the techniques for providing security have two
components:
1. A security-related transformation on the information to be sent. Examples
include the encryption of the message, which scrambles the message so
that it is unreadable by the opponent, and the addition of a code based on
the contents of the message, which can be used to verify the identity of
the sender.
2. Some secret information shared by the two principals and, it is hoped,
unknown to the opponent. An example is an encryption key used in
conjunction with the transformation to scramble the message before
transmission and unscramble it on reception.
80
A MODEL FOR NETWORK SECURITY
• A trusted third party may be needed to achieve
secure transmission.
– a third party may be responsible for distributing the
secret information to the two principals while keeping
it from any opponent. Or
– a third party may be needed to arbitrate disputes
between the two principals concerning the
authenticity of a message transmission.
81
A MODEL FOR NETWORK SECURITY
• This general model shows that there are four basic
tasks in designing a particular security service:
1. Design an algorithm for performing the security-related
transformation. The algorithm should be such that an
opponent cannot defeat its purpose.
2. Generate the secret information to be used with the
algorithm.
3. Develop methods for the distribution and sharing of
the secret information.
4. Specify a protocol to be used by the two principals that
makes use of the security algorithm and the secret
information to achieve a particular security service.
82
A MODEL FOR NETWORK SECURITY
• Types of security mechanisms and services fit into
the model shown in previous figure (Model for
Network Security).
• A general model of the other security-related
situations of interest that do not neatly fit the
previous model, is illustrated here.
– These model reflects a concern for protecting an information
system from unwanted access.
83
A MODEL FOR NETWORK SECURITY
84
A MODEL FOR NETWORK SECURITY
• Another type of unwanted access is the placement in
a computer system of logic that exploits
vulnerabilities in the system and that can affect
application programs as well as utility programs, such
as editors and compilers.
• Programs can present two kinds of threats:
1. Information access threats: Intercept or modify
data on behalf of users who should not have
access to that data.
2. Service threats: Exploit service flaws in computers
to inhibit use by legitimate users.
85
A MODEL FOR NETWORK SECURITY
• Viruses and worms are two examples of
software attacks. Such attacks can be
introduced into a system by means of a disk
that contains the unwanted logic concealed in
otherwise useful software.
• They also can be inserted into a system across
a network; this latter mechanism is of more
concern in network security.
86
A MODEL FOR NETWORK SECURITY
• The security mechanisms needed to cope with
unwanted access fall into two broad categories
(see Figure Network Security Access Model).
– The first category might be termed a gatekeeper
function. It includes password-based login
procedures that are designed to deny access to all
but authorized users and screening logic that is
designed to detect and reject worms, viruses, and
other similar attacks.
87
A MODEL FOR NETWORK SECURITY
• Two broad categories… cont’d
– Once either an unwanted user or unwanted
software gains access, the second line of defense
consists of a variety of internal controls that
monitor activity and analyze stored information in
an attempt to detect the presence of unwanted
intruders.
88
Exercises
89