University of Gondar

Institute of Technology
Department of Electrical and Computer Eng.
Computer Engineering Stream
(2020)

LECTURE 1:
COMPUTER NETWORK SECURITY OVERVIEW

Compiled by: Tigabu Y.

1
 COMPUTER SECURITY CONCEPTS
Background
• Information Security requirements have changed in
recent times
• traditionally provided by physical and administrative
mechanisms
• computer use requires automated tools to protect files
and other stored information
• use of networks and communications links requires
measures to protect data during transmission

2
 COMPUTER SECURITY CONCEPTS
DEFINITIONS
• Computer Security - generic name for the collection of
tools designed to protect data and to thwart hackers
• Network Security - measures to protect data during their
transmission
• Internet Security - measures to protect data during their
transmission over a collection of interconnected
networks
• Network and Internet Security
– consists of measures to deter, prevent, detect, and
correct security violations that involve the
transmission & storage of information
3
 COMPUTER SECURITY CONCEPTS

• The most secure computers are those not connected to

the Internet and shielded from any interference”

4
 COMPUTER SECURITY CONCEPTS
COMPUTER SECURITY
NIST: National Institute of Standards and Technology

• The NIST Computer Security Handbook defines the term

Computer Security as:
“The protection afforded to an automated information
system in order to attain the applicable objectives of
preserving the integrity, availability and confidentiality
of information system resources” includes hardware,
software, firmware, information/data, and
telecommunications.
This definition introduces three key objectives that are at
the heart of computer security: CIA
5
 THE CIA TRIAD

Computer Security is often associated with three core

areas, summarized with the CIA acronym.
6
 COMPUTER SECURITY CONCEPTS
• Basic Security Objectives (Pillars) - CIA

7
 COMPUTER SECURITY CONCEPTS
• Basic Security Objectives (Pillars) - CIA
• Confidentiality: This term covers two related concepts:
 Data confidentiality: Assures that private or confidential
information or resource is not made available or disclosed to
unauthorized individuals.
o The assurance that only authorized parties can access data.
 In network communication, it means only sender and
intended receiver should “understand” message contents
 Ensuring that no one can read the message except the
intended receiver.
 Privacy: Assures that individuals control or influence what
information related to them may be collected and stored and
by whom and to whom that information may be disclosed.
8
 COMPUTER SECURITY CONCEPTS
• Basic Security Objectives (Pillars) - CIA
• Integrity: This term covers two related concepts
 Data integrity: Assures that information and programs
are changed only in a specified and authorized manner.
o the assurance that only authorized parties can modify
data.
 In network communication, sender and receiver want to ensure
that the message is not altered (in transit or afterwards) without
detection
 System integrity: Assures that a system performs its
intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of
the system
9
 COMPUTER SECURITY CONCEPTS
• Availability: Assures that systems work promptly and
service is not denied to authorized users
• Authenticity: Some say it is a missing component of
objectives in CIA.
 It is the property of being genuine and being able to be verified
and trusted; confidence in the validity of a transmission, a
message, or message originator; or sender and receiver want to
confirm the identity of each other

10
 COMPUTER SECURITY CONCEPTS
• A security policy is a statement of what is, and what is
not, allowed by users of a system
• A security mechanism is a method, tool, or
procedure for enforcing a security policy.

11
 COMPUTER SECURITY CONCEPTS
• Given a security policy’s specification of “secure” and
“nonsecure” actions, security mechanisms can prevent
(defend) the attack, detect the attack, or recover from the
attack
 Prevention/Defence: take measures to prevent the damage; it
means that an attack will fail; e.g., passwords to prevent
unauthorized users or Intrusion Prevention Systems (IPSs)
 Detection: if an attack cannot be prevented; when, how and
who of the attack have to be identified; e.g., when a user
enters a password three times; Intrusion Detection Systems
(IDSs)
 Reaction/Recovery: take measures to recover from the
damage; e.g., restore deleted files from backup; sometimes
retaliation (attacking the attacker’s system or taking legal
actions to hold the attacker accountable)
12
 KEY SECURITY CONCEPTS (Summary)
1. Confidentiality: Preserving authorized restrictions on information
access and disclosure.

2. Integrity: Guarding against improper information modification or

destruction.

3. Availability: Ensuring timely and reliable access to and use of

information.

4. Authenticity: The property of being genuine and being able to be

verified and trusted; confidence in the validity of a transmission, a
message, or message originator.

5. Non-Repudiation: is a way to guarantee that the sender of a

message cannot later deny having sent the message and that the
recipient cannot deny having received the message.
13
LEVELS OF IMPACT

Low Moderate High

The loss could be
The loss could be The loss could be
expected to have
expected to have expected to have
a severe or
a limited adverse a serious adverse
catastrophic
effect on effect on
adverse effect on
organizational organizational
organizational
operations, operations,
operations,
organizational organizational
organizational
assets, or assets, or
assets, or
individuals individuals
individuals

14
 LEVELS OF IMPACT

• Low
– A limited adverse effect means that, for
example, the loss might:
i. cause a degradation in mission capability to an
extent and duration that the organization is able
to perform its primary functions, but the
effectiveness of the functions is noticeably
reduced;
ii. result in minor damage to organizational assets;
iii. result in minor financial loss; or
iv. result in minor harm to individuals.
15
 LEVELS OF IMPACT
• Moderate
– A serious adverse effect means that, for example,
the loss might:
i. cause a significant degradation in mission capability
to an extent and duration that the organization is
able to perform its primary functions, but the
effectiveness of the functions is significantly
reduced;
ii. result in significant damage to organizational assets;
iii. result in significant financial loss; or
iv. result in significant harm to individuals.
16
1.1.4 LEVELS OF IMPACT
• High
– A severe or catastrophic adverse effect means
that, for example, the loss might:
i. cause a severe degradation in mission
capability to an extent and duration that the
organization is not able to perform one or more
of its primary functions;
ii. result in major damage to organizational assets;
iii. result in major financial loss; or
iv. result in major harm to individuals.

17
 COMPUTER SECURITY CHALLENGES
• Computer security is not simple
• Potential attacks on the security
features must be considered
• It’s necessary to decide where
to use the various security
mechanism
• Procedures used to provide
particular services are often
counter-intutitive.
• Requires constant monitoring
• is to often an afterthought
• Multiple algorithms or
protocols may be involved
• Security is essentially a
battle of wits between a
perpetrator and the designer.
• Little benefit from security
investment is perceived until
a security failure occurs.
• Strong security is often
viewed as an impediment to
efficient and user-friendly
operation
18
 ITU
• The International Telecommunication Union (ITU) is a
United Nations specialized agency for information and
communication technologies (ICTs). In general terms, the
Union focuses on three main areas of activity:
– radiocommunications (allocation of global radio spectrum
and satellite orbits), through the ITU Radiocommunication
Sector (ITU-R); 
– standardisation (development of technical standards for
the interconnection of networks and technologies),
through the 
ITU Telecommunication Standardization Sector (ITU-T); and
– development (working, among others,  on improving access
to ICTs to underserved communities worldwide), through
the ITU Telecommunication Development Sector (ITU-D).
19
 ITU
• The ITU Telecommunication Standardization Sector
(ITU-T) is one of the three sectors (divisions or units)
of the International Telecommunication Union (ITU);
it coordinates standards for telecommunications.
– development of technical standards for the
interconnection of networks and technologies.
– The ITU-T mission is to ensure the efficient and timely
production of standards covering all fields of
telecommunications on a worldwide basis, as well as
defining tariff and accounting principles for international
telecommunication services.

20
 THE OSI SECURITY ARCHITECTURE
• To assess effectively the security needs of an
organization and to evaluate and choose various
security products and policies, the manager
responsible for security needs some systematic
way of defining the requirements for security and
characterizing the approaches to satisfying those
requirements.
– ITU-T Recommendation X.800, Security Architecture
for OSI, defines such a systematic way of defining the
requirements for security and characterizing the
approaches to satisfying those requirements.
21
 THE OSI SECURITY ARCHITECTURE
• The Open System Interconnect (OSI) security
architecture was designated by the ITU-T (International
Telecommunication Union Telecommunication).
– The ITU-T decided that their standard "X 800 would be the ISO
security
• The OSI Security Architecture is a framework that
provides a systematic way of defining the requirements
for security and characterizing the approaches to
satisfying those requirements.
• The OSI security architecture focuses on:
– Security mechanism
– Security service
– Security attack
22
 THE OSI SECURITY ARCHITECTURE
• Focuses
– Security attack
• Any action that compromises the security of information owned
by an organization.
– Security mechanism
• A process (or a device incorporating such a process) that is designed to
detect, prevent, or recover from a security attack. E.g., encryption
algorithm, digital signatures, and authentication protocols
– Security service
• A processing or communication service that enhances the security of
the data processing systems and the information transfers of an
organization intended to counter security attacks, and they make use
of one or more security mechanisms to provide the service. E.g.,
authentication, access control, data confidentiality, data integrity,
nonrepudiation, and availability
23
 SECURITY TERMINOLOGY
1. Adversary (threat agent) - An entity that attacks, or is
a threat to, a system.

2. Security Policy - A set of rules and practices that specify

how a system or an organization provides security services to
protect sensitive and critical system resources.

3. Threat - A potential for violation of security, which

exists when there is a circumstance, capability, action, or
event that could breach security and cause harm.

4. Attack -An assault on system security that derives

from an intelligent threat; a deliberate attempt to evade
security services and violate security policy of a system.
24
 SECURITY TERMINOLOGY

5. Countermeasure - An action, device, procedure, or technique that

reduces a threat, a vulnerability, or an attack by eliminating or
preventing it, by minimizing the harm it can cause.

6. Risk - An expectation of loss expressed that a particular threat will

exploit a particular vulnerability with a particular harmful result.

7. Vulnerability - Flaw or weakness in a system's design,

implementation, or operation and management that could be
exploited to violate the system's security policy.

25
ASSETS, VULNERABILITY, THREATS AND ATTACKS

ASSETS OF A COMPUTER SYSTEM

Hardware

Software

Data

Communication facilities and

networks

26
 VULNERABILITY
• A vulnerability is a weakness in the security system (for example, in
procedures, design, or implementation), that might be exploited to
cause loss or harm.

• System resource vulnerabilities may

– Be corrupted
– Become leaky
– Become unavailable

• Corrupted: Does the wrong thing or gives wrong answers. (Loss of

Integrity)

• Leaky: Someone who should not have access to the information

will avail. (Loss of Confidentiality)

• Unavailable: Otherwise very slow. e.g. using the system / network

impossible. (Loss of availability) 27
 TYPES OF VULNERABILITIES
• Hardware Vulnerabilities
– adding devices, changing them, removing them, intercepting the
traffic to them, or flooding them with traffic until they can no
longer function. (many other ways to harm the hardware).

• Software Vulnerabilities
– Software can be replaced, changed, or destroyed maliciously, or
it can be modified, deleted, or misplaced accidentally. Whether
intentional or not, these attacks exploit the software's
vulnerabilities.
• Data Vulnerabilities
– data have a definite value, even though that value is often
difficult to measure.

28
 THREATS
• A threat to a computing system is a set of circumstances that
has the potential to cause loss or harm.
• We can view any threat as being one of four kinds:
interception, interruption, modification, and fabrication.

29
 THREATS

• A Normal Flow

30
 THREATS

• Interruption: This is an attack on availability

– Approach: Destruction of hardware, physical damages to
communication links, Disrupting traffic (introduction to
noise), erase of a program or a file, DoS attacks

31
 THREATS

• Interception: This is an attack on Confidentiality

– Approach: Eavesdropping over a communication line, Link
monitoring, packet capturing, system compromisation.

32
 THREATS

• Modification: This is an attack on integrity

• Approach: Corrupting transmitted data or tampering
with it before it reaches its destination. E.g.
Changing a record in database

33
 THREATS

• Fabrication: This is an attack on authenticity

• Approach: Faking data as if it were created by a
legitimate and authentic party. E.g. Adding a new
record to a database, insertion of new network
packet.

34
 SUMMARY on THREATS
An interception means that some unauthorized
party has gained access to an asset.

In an interruption, an asset of the system becomes

lost, unavailable, or unusable.

If an unauthorized party not only accesses but

tampers with an asset, the threat is a modification.

Finally, an unauthorized party might create a

fabrication of counterfeit objects on a computing
system.
35
 ATTACKS

The three goals of security, confidentiality, integrity, and availability can

be threatened by security attacks.
 Threats and Attacks
• A computer security threat is a potential violation of security; it is
any person, act, or object that poses a danger to computer
security/privacy
• The violation need not actually occur for there to be a threat
• The fact that the violation might occur means that those actions
that could cause it to occur must be guarded against (or prepared
for)
• Those actions are called attacks
• Those who execute such actions, or cause them to be executed,
are called attackers
• The computer world is full of threats; viruses, worms, crackers,
etc.
• And so is the real world; thieves, pick-pockets, burglars,
murderers, drunk drivers, …
• Note: the terms threat and attack are commonly used to mean
more or less the same thing 37
Vulnerabilities, Threats and Attacks
• categories of vulnerabilities
• corrupted (loss of integrity)
• leaky (loss of confidentiality)
• unavailable or very slow (loss of availability)
• threats
• capable of exploiting vulnerabilities
• represent potential security harm to an asset
• attacks (threats carried out)
• passive – does not affect system resources
• active – attempt to alter system resources or affect their
operation
• insider – initiated by an entity inside the security
parameter
• outsider – initiated from outside the perimeter
38
CLASSIFICATION OF ATTACKS BASED ON THE ORIGIN

• Inside attack: Initiated by an entity inside the security perimeter

(“Insider”).

• Outside attack: Initiated from outside the perimeter, by an

unauthorized or illegitimate user of the system ("outsider").

1.2.4.2 TYPES OF ATTACKS:

• Active attack: Attempts to alter system resources or affect their

operation.

• Passive attack: attempts to learn or make use of information from

the system but does not affect system resources

39
 PASSIVE AND ACTIVE ATTACKS - DIFFERENCES
Passive Attack Active Attack
Attempts to learn or make use of Attempts to alter system resources or
information from the system but does affect their operation.
not affect system resources.
Eavesdropping on, or monitoring of, Involve some modification of the data
transmissions. stream or the creation of a false stream.

Goal of attacker is to obtain information Goal of attacker is to damage any

that is being transmitted system.

Two types: Four categories:

1. Release of message contents 1. Replay
2. Masquerade
(Snooping) 3. Modification of messages
2. Traffic analysis 4. Denial of service

40
Types of Security Attacks
 Types of Attacks
• Types of attacks: One way of categorizing attacks is
as passive and active
– Passive Attacks
• A passive attack attempts to learn or make use of
information from the system but does not affect system
resources
• There are two types of passive attacks: release of
message contents (or sniffing) and traffic analysis
• Release of message contents: A telephone conversation,
an electronic mail message, and a transferred file may
contain sensitive or confidential information; we would
like to prevent an opponent from learning the contents
of these transmissions
• It is also called interception: An attack on confidentiality
42
 Types of Attacks
• Release of message contents (Snooping)
– refers to unauthorized access to or interception of
data.

43
 Types of Attacks

• Friends and Enemies: Alice, Bob, Trudy

– Well-known in the network security world
– Alice and Bob (lovers!) want to communicate “securely”
– Darth (the intruder) may intercept, delete, or add messages

44
 Types of Attacks
• Alice and Bob could be
– two routers that want to exchange router tables
securely
– a client and a server that want to establish a secure
transport connection
– two e-mail applications or persons that want to
exchange secure e-mail
– a person transferring his credit card number
securely to a web server
– a person interacting with his/her bank online
– etc.
45
 Types of Attacks
• Traffic analysis: Traffic analysis refers to obtaining some
other type of information by monitoring online traffic.
– to determine the location and identity of communicating
hosts and to observe the frequency and length of messages
being exchanged (even if the message is encrypted). This
information might be useful in guessing the nature of the
communication that was taking place

46
 Types of Attacks
• It is usually difficult to detect passive attacks because
they do not involve any alteration of the data
• Snooping
– Snooping is a passive attack; it is unauthorized interception of
information, e.g., passive wiretapping (not necessarily physical
wiring)
– It is a form of disclosure

47
 Types of Attacks
• It is usually difficult to detect passive attacks because
they do not involve any alteration of the data
• Snooping
– Snooping is a passive attack; it is unauthorized interception of
information, e.g., passive wiretapping (not necessarily physical
wiring)
– It is a form of disclosure

48
 Types of Attacks
• Active Attacks
– An active attack attempts to alter system resources or
affect their operation
• The transmitted data is fully controlled by the
intruder
• The attacker can modify, delete or view any data
– This is quite possible in TCP/IP since the frames and
packets are not protected in terms of authenticity
and integrity (more later in Chapter 5 - Network
Security Concepts and Mechanisms)

49
 Types of Attacks
• Categories of Active Attacks
1. Spoofing or Masquerading: also called fabrication: An attack
on authenticity
2. Modification or Alteration: An attack on integrity
3. Delay: Could be classified as an attack on availability
4. Denial of Service (DOS) or degrading of service or
Interruption: An attack on availability

50
 Categories of Active Attacks

Modification means that the attacker intercepts the message

and changes it.

Masquerading or spoofing happens when the attacker

impersonates somebody else.

Replaying means the attacker obtains a copy

of a message sent by a user and later tries to replay it.

Repudiation means that sender of the message might later

deny that she has sent the message; the receiver of the message
might later deny that he has received the message.
 Categories of Active Attacks … Cont’d

Denial of service (DoS) is a very common attack. It may slow down or

totally interrupt the service of a system.
 Active Attacks (4 types)

• Takes place when one • Some portion of a

Masquerad entity pretends to be Modificatio legitimate message is
e a different entity n of altered, or messages
• Usually includes one messages are delayed or
of the other forms of reordered to produce
active attack an unauthorized effect

• Involves the passive • Prevents or inhibits

capture of a data unit the normal use or
and its subsequent Denial of
Replay service
management of
retransmission to communications
produce an facilities
unauthorized effect
Active Attacks
Active Attacks
 COUNTERMEASURES
• Countermeasures is any means used to deal with
security attacks
• Goal is to minimize risk given constraints
• May result in new vulnerabilities
• Countermeasure can be devised to
– Prevent a particular type of attack
– Detect the attacker and the type of attack
– Recover from the effects of the attack

56
 COUNTERMEASURES
Security Concepts and Relationships

57
 Services and Mechanisms

ITU-T provides some security services and some

mechanisms to implement those services. Security
services and mechanisms are closely related because a
mechanism or combination of mechanisms are used to
provide a service.
 Security Services
• Security service
•Defined by X.800 as:
• A service provided by a protocol layer of
communicating open systems and that ensures
adequate security of the systems or of data transfers

• Defined by RFC 4949 as:

• A processing or communication service provided by
a system to give a specific kind of protection to system
resources;  security services implement security
policies and are implemented by security
mechanisms.
 X.800 Service Categories
X.800 divides these services into five categories and fourteen
specific services

• Authentication
• Access control
• Data confidentiality
• Data integrity
• Nonrepudiation
X.800 Service Categories
Security
Services
(X.800)
Security
Services
(X.800)
 Authentication
• Concerned with assuring that is autentic.
– In the case of a single message, assures the recipient
that the message is from the source that it claims to
be from.
– In the case of ongoing interaction, the service assures
that the entities are authentic(that is, that each is
the entity that it claims to be) and that the
connection is not interfered with in such a way that a
third party can masquerade as one of the two
legitimate parties
Two specific authentication services are defined in X.800:
• Peer entity authentication
• Data origin authentication

Two entities are considered peers if they implement the same protocol in
different systems (e.g., two TCP modules in two communicating systems).
 Access Control
• The ability to limit and control the access to host systems and
applications via communications links
• To achieve this, each entity trying to gain access must first be
identified, or authenticated, so that access rights can be tailored to
the individual
 Data Confidentiality
• The protection of transmitted data from passive attacks
– Broadest service protects all user data transmitted
between two users over a period of time
– Narrower forms of service include the protection of
a single message or even specific fields within a
message
• The protection of traffic flow from analysis
– This requires that an attacker not be able to observe
the source and destination, frequency, length, or
other characteristics of the traffic on a
communications facility
Data Integrity
Can apply to a stream of messages, a single
message, or selected fields within a message

Connection-oriented integrity service deals with a

stream of messages and assures that messages are
received as sent with no duplication, insertion,
modification, reordering, or replays

A connectionless integrity service deals with

individual messages without regard to any larger
context and generally provides protection against
message modification only
 Nonrepudiation
• Prevents either sender or receiver from denying a transmitted
message
• When a message is sent, the receiver can prove that the alleged
sender in fact sent the message
• When a message is received, the sender can prove that the alleged
receiver in fact received the message
 Availability service
• Availability
• The property of a system or a system resource being
accessible and usable upon demand by an authorized
system entity, according to performance specifications for
the system(i.e., a system is available if it provides services
according to the system design whenever users request
them).
• Availability service
– One that protects a system to ensure its availability.
– Addresses the security concerns raised by denial-of-service attacks
– Depends on proper management and control of system resources
 Security Mechanisms (X.800)

• Specific security mechanisms: incorporated into the

appropriate protocol layer in order to provide some of
the OSI security services
• Encipherment
• digital signatures
• access controls
• data integrity
• authentication exchange
• traffic padding
• routing control
• notarization
Security Mechanisms (X.800)
 Security
Mechanisms
(X.800)
 Security
Mechanisms
(X.800)
Relationship Between Security Services and Mechanisms
Relationship Between Security Services and Mechanisms
Techniques

Mechanisms discussed already are only theoretical

recipes to implement security. The actual
implementation of security goals needs some
techniques. Two techniques are prevalent today:
cryptography and steganography.
 Cryptography

Cryptography, a word with Greek origins, means “secret

writing.” However, we use the term to refer to the science and
art of transforming messages to make them secure and immune
to attacks.
 Steganography
The word steganography, with origin in Greek, means “covered writing,” in
contrast with cryptography, which means “secret writing.”

Example: covering data with text

 A MODEL FOR NETWORK SECURITY
• In the figure, A message is to be transferred from one party
to another across some sort of Internet service.
• A logical information channel is established by defining a
route through the Internet from source to destination and by
the cooperative use of communication protocols (e.g., TCP/IP)
by the two principals.

79
 A MODEL FOR NETWORK SECURITY
• Security aspects come into play when it is necessary or
desirable to protect the information transmission from an
opponent who may present a threat to confidentiality,
authenticity, and so on.
• All of the techniques for providing security have two
components:
1. A security-related transformation on the information to be sent. Examples
include the encryption of the message, which scrambles the message so
that it is unreadable by the opponent, and the addition of a code based on
the contents of the message, which can be used to verify the identity of
the sender.
2. Some secret information shared by the two principals and, it is hoped,
unknown to the opponent. An example is an encryption key used in
conjunction with the transformation to scramble the message before
transmission and unscramble it on reception.

80
 A MODEL FOR NETWORK SECURITY
• A trusted third party may be needed to achieve
secure transmission.
– a third party may be responsible for distributing the
secret information to the two principals while keeping
it from any opponent. Or
– a third party may be needed to arbitrate disputes
between the two principals concerning the
authenticity of a message transmission.

81
 A MODEL FOR NETWORK SECURITY
• This general model shows that there are four basic
tasks in designing a particular security service:
1. Design an algorithm for performing the security-related
transformation. The algorithm should be such that an
opponent cannot defeat its purpose.
2. Generate the secret information to be used with the
algorithm.
3. Develop methods for the distribution and sharing of
the secret information.
4. Specify a protocol to be used by the two principals that
makes use of the security algorithm and the secret
information to achieve a particular security service.
82
 A MODEL FOR NETWORK SECURITY
• Types of security mechanisms and services fit into
the model shown in previous figure (Model for
Network Security).
• A general model of the other security-related
situations of interest that do not neatly fit the
previous model, is illustrated here.
– These model reflects a concern for protecting an information
system from unwanted access.

83
 A MODEL FOR NETWORK SECURITY

• The hacker can be someone who, with no

malign intent, simply gets satisfaction from
breaking and entering a computer system.
• The intruder can be a disgruntled employee
who wishes to do damage or a criminal who
seeks to exploit computer assets for financial
gain (e.g., obtaining credit card numbers or
performing illegal money transfers).

84
A MODEL FOR NETWORK SECURITY
• Another type of unwanted access is the placement in
a computer system of logic that exploits
vulnerabilities in the system and that can affect
application programs as well as utility programs, such
as editors and compilers.
• Programs can present two kinds of threats:
1. Information access threats: Intercept or modify
data on behalf of users who should not have
access to that data.
2. Service threats: Exploit service flaws in computers
to inhibit use by legitimate users.

85
A MODEL FOR NETWORK SECURITY
• Viruses and worms are two examples of
software attacks. Such attacks can be
introduced into a system by means of a disk
that contains the unwanted logic concealed in
otherwise useful software.
• They also can be inserted into a system across
a network; this latter mechanism is of more
concern in network security.

86
A MODEL FOR NETWORK SECURITY
• The security mechanisms needed to cope with
unwanted access fall into two broad categories
(see Figure Network Security Access Model).
– The first category might be termed a gatekeeper
function. It includes password-based login
procedures that are designed to deny access to all
but authorized users and screening logic that is
designed to detect and reject worms, viruses, and
other similar attacks.

87
A MODEL FOR NETWORK SECURITY
• Two broad categories… cont’d
– Once either an unwanted user or unwanted
software gains access, the second line of defense
consists of a variety of internal controls that
monitor activity and analyze stored information in
an attempt to detect the presence of unwanted
intruders.

88
Exercises

89