babak danyal, profile picture
Uploaded bybabak danyal
PPT, PDF17,800 views

Network Security 1st Lecture

This document provides information about a network security course, including the instructor's contact details, course schedule, grading policy, reference materials, expectations, and course contents. The course will cover topics such as cryptography, network security applications, system security, and intrusion detection. Students will learn about network security principles, cryptography, authentication and encryption techniques, and security practices and applications.

Embed presentation

Downloaded 644 times
Network Security Tariq Ahmed Dr. A. Q. Khan Institute of Information Technology and Computer sciences(KICSIT) mrbokhari2000@yahoo.com  
• Instructor: - Tariq Ahmed • Tel: 051 9285342 • Email: mrbokhari2000@yahoo.com Course Staff
• Lectures - Wednesday: 4:00 - 7:00 p.m. • Assignments - • Quizes - • Midterm exam - • Final exam -   Course Schedule
• Assignments 10% – Late assignments are not accepted • Quizes 10% • Midterm exam 20% • Final exam 60% Grading Policy
Academic Honesty • Your work in this class must be your own • If students are found to have collaborated excessively or to have cheated (e.g. by copying or sharing answers during an examination), all involved will at a minimum receive grades of 0 for the first infraction • Further infractions will result in failure in the course.
Course Material Reference books – No single textbook covers the whole course! • Lot of research papers! – Many will be made available • RFCs and Internet drafts – Related to Network security protocols • Web resources – Tutorials, white papers, reports, etc.
Course Information • Pre-requisites – Computer Networks course • You are assumed to have good knowledge of TCP/IP protocol suite – Operating Systems – Basic understanding of programming languages
Course Contents • Introduction to network security • I. CRYPTOGRAPHY – Symmetric Encryption and Message Confidentiality – Public-Key Cryptography and Message Authentication • II. NETWORK SECURITY APPLICATIONS – Authentication Applications (Kerberos, X.509) – Electronic Mail Security (PGP, S/MIME) – IP Security (IPSec, AH, ESP, IKE) – Web Security (SSL, TLS, SET) – Network Management Security (SNMP)
Course Contents • III. SYSTEM SECURITY – Intruders and intrusion detection – Malicious Software (viruses) – Firewalls and trusted systems – Operating System Security
Textbooks • One of the following three books is required for this course: • William Stallings, Network Security Essentials • William Stallings, Cryptography and Network Security: Principles and Practice
Textbooks • Ed Skoudis, Counter Hack: A Step by Step Guide to Computer Attacks and Defenses
Expectations What do you want (or expect) to learn from this class ?
Expectations • This class IS about … – Network security principles and concepts – Cryptography, its use, principles and major algorithms – Message authentication and encryption techniques – Security of network “system” – Operating system security – Security practices and applications
Expectations • This class IS NOT about … – Survey of existing protocol standards – Survey of loopholes in current protocols – How to hack the network of KICSIT! – Tools and tips to breach Internet security – How you can become a good hacker …
Expectations We will learn Why and How networks are made secure
Outline • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs
Background • Information Security requirements have changed in recent times • Traditionally provided by physical and administrative mechanisms • Computer use requires automated tools to protect files and other stored information • Use of networks and communications links requires measures to protect data during transmission
Definitions • Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers • Network Security - measures to protect data during their transmission • Internet Security - measures to protect data during their transmission over a collection of interconnected networks
Aim of this Course • Our focus is on internet security • Consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information • Requirements seem straightforward, but the mechanisms used to meet them can be quite complex …
Services, Mechanisms, Attacks • Need systematic way to define requirements • Consider three aspects of information security: – security attack – security mechanism – security service • Consider in reverse order
Security Service • Is something that enhances the security of the data processing systems and the information transfers of an organization • Intended to counter security attacks • Make use of one or more security mechanisms to provide the service • Replicate functions normally associated with physical documents e.g. – have signatures or dates – need protection from disclosure, tampering, or destruction – be notarized or witnessed – be recorded or licensed
Security Mechanism • A mechanism that is designed to detect, prevent, or recover from a security attack • No single mechanism that will support all functions required • However one particular element underlies many of the security mechanisms in use: cryptographic techniques • Hence our focus is on this area
Security Attack • Any action that compromises the security of information owned by an organization • Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems • Have a wide range of attacks • Can focus on generic types of attacks – Note: often threat & attack mean same
Security Attacks
Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity
Security Goals
Summary: Attacks, Services and Mechanisms • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms
OSI Security Architecture • ITU-T X.800 Security Architecture for OSI • Defines a systematic way of defining and providing security requirements • For us it provides a useful, if abstract, overview of concepts we will study
Security Services • X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers • RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources
Security Services (X.800) • X.800 defines security services in 5 major categories – Authentication - assurance that the communicating entity is the one claimed – Access Control - prevention of the unauthorized use of a resource – Data Confidentiality –protection of data from unauthorized disclosure – Data Integrity - assurance that data received is as sent by an authorized entity – Non-Repudiation - protection against denial by one of the parties in a communication
Security Services • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files
Security Mechanisms (X.800) • Specific security mechanisms: – Encipherment: Converting data into form that is not readable – Digital signatures: To check authenticity and integrity of data – Access controls: Enforcing access rights to resources – Data integrity – Authentication exchange – Traffic padding: Insertion of bits to frustrate traffic analysis – Routing control: Selection of secure routes – Notarization: Use of trusted third party for data exchange
Security Mechanisms (X.800) • Pervasive security mechanisms: – trusted functionality: percieved to be correct with respect to some criteria – security labels: – event detection: detection of security relevant events – security audit trails: – security recovery:
Classify Security Attacks as • Passive attacks - eavesdropping on, or monitoring of, transmissions to: – obtain message contents, or – monitor traffic flows • Active attacks – modification of data stream to: – masquerade of one entity as some other – replay previous messages – modify messages in transit – denial of service
Passive Attacks: Release of Message Contents
Passive Attacks: Traffic Analysis
Active Attacks: Masquerade
Active Attacks: Replay
Active Attacks: Modification of Messages
Active Attacks: Denial of Service
Model for Network Security
Model for Network Security • Using this model requires us to: – design a suitable algorithm for the security transformation – generate the secret information (keys) used by the algorithm – develop methods to distribute and share the secret information – specify a protocol enabling the principals to use the transformation and secret information for a security service
Model for Network Access Security
Model for Network Access Security • Using this model requires us to: – select appropriate gatekeeper functions to identify users – implement security controls to ensure only authorised users access designated information or resources • Trusted computer systems can be used to implement this model
Methods of Defense • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smartcard) • Policies (frequent changes of passwords) • Physical Controls
Internet standards and RFCs • The Internet society – Internet Architecture Board (IAB) – Internet Engineering Task Force (IETF) – Internet Engineering Steering Group (IESG)
Summary • Have considered: – computer, network, internet security def’s – security services, mechanisms, attacks – X.800 standard – models for network (access) security

More Related Content

PPTX
Key management
bySujata Regoti
 
PPTX
Email security
byBaliram Yadav
 
PPT
Intruders
bytechn
 
PPTX
Security & protection in operating system
byAbou Bakr Ashraf
 
PPT
CONVENTIONAL ENCRYPTION
bySHUBHA CHATURVEDI
 
PPTX
Hash Function
byssuserdfb2da
 
PDF
2. public key cryptography and RSA
byDr.Florence Dayana
 
PPT
Chapter 01
bynathanurag
 
Key management
bySujata Regoti
 
Email security
byBaliram Yadav
 
Intruders
bytechn
 
Security & protection in operating system
byAbou Bakr Ashraf
 
CONVENTIONAL ENCRYPTION
bySHUBHA CHATURVEDI
 
Hash Function
byssuserdfb2da
 
2. public key cryptography and RSA
byDr.Florence Dayana
 
Chapter 01
bynathanurag
 

What's hot

PPTX
Hash Function
bySiddharth Srivastava
 
PPTX
Public Key Cryptography
byGopal Sakarkar
 
PDF
Inter Process Communication
byAnil Kumar Pugalia
 
PPTX
Security Mechanisms
bypriya_trehan
 
PPTX
Principles of public key cryptography and its Uses
byMohsin Ali
 
PDF
Electronic mail security
byDr.Florence Dayana
 
PPT
Eap intro
byAditya Mehta
 
PPTX
MD5
byrokham khawaja
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
PPTX
El Gamal Cryptosystem
byAdri Jovin
 
PDF
Email security presentation
bySubhradeepMaji
 
PPTX
Trusted systems
byahmad abdelhafeez
 
PDF
Network security - OSI Security Architecture
byBharathiKrishna6
 
PPT
Symmetric Key Algorithm
bySHUBHA CHATURVEDI
 
PPTX
Operating system security
byRamesh Ogania
 
PPTX
Network attacks
byManjushree Mashal
 
PDF
SYMMETRIC CRYPTOGRAPHY
bySantosh Naidu
 
PPTX
Transposition cipher techniques
bySHUBHA CHATURVEDI
 
PDF
Authentication techniques
byIGZ Software house
 
PDF
Classical encryption techniques
byDr.Florence Dayana
 
Hash Function
bySiddharth Srivastava
 
Public Key Cryptography
byGopal Sakarkar
 
Inter Process Communication
byAnil Kumar Pugalia
 
Security Mechanisms
bypriya_trehan
 
Principles of public key cryptography and its Uses
byMohsin Ali
 
Electronic mail security
byDr.Florence Dayana
 
Eap intro
byAditya Mehta
 
MD5
byrokham khawaja
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
El Gamal Cryptosystem
byAdri Jovin
 
Email security presentation
bySubhradeepMaji
 
Trusted systems
byahmad abdelhafeez
 
Network security - OSI Security Architecture
byBharathiKrishna6
 
Symmetric Key Algorithm
bySHUBHA CHATURVEDI
 
Operating system security
byRamesh Ogania
 
Network attacks
byManjushree Mashal
 
SYMMETRIC CRYPTOGRAPHY
bySantosh Naidu
 
Transposition cipher techniques
bySHUBHA CHATURVEDI
 
Authentication techniques
byIGZ Software house
 
Classical encryption techniques
byDr.Florence Dayana
 

Viewers also liked

PPT
Types of attacks and threads
bysrivijaymanickam
 
PPT
Classical Encryption Techniques
byuniversity of education,Lahore
 
PPTX
02 introduction to network security
byJoe McCarthy
 
PPTX
OSI Security Architecture
byuniversity of education,Lahore
 
PPT
Chapter 3: Block Ciphers and the Data Encryption Standard
byShafaan Khaliq Bhatti
 
PPT
Classical Encryption Techniques in Network Security
bybabak danyal
 
PPT
block ciphers
byAsad Ali
 
PPTX
Computer security threats & prevention
byPriSim
 
PPTX
Different types of attacks in internet
byRohan Bharadwaj
 
PPT
Network Attacks
bySecurityTube.Net
 
PDF
Network Security & Attacks
byNetwax Lab
 
PDF
Computer Security Threats
byQuick Heal Technologies Ltd.
 
PDF
Computer Security
byFrederik Questier
 
PPTX
Aes (advance encryption standard)
bySina Manavi
 
PDF
AES-Advanced Encryption Standard
byPrince Rachit
 
PPTX
Data Encryption Standard (DES)
byHaris Ahmed
 
PPT
Network security
byGichelle Amon
 
Types of attacks and threads
bysrivijaymanickam
 
Classical Encryption Techniques
byuniversity of education,Lahore
 
02 introduction to network security
byJoe McCarthy
 
OSI Security Architecture
byuniversity of education,Lahore
 
Chapter 3: Block Ciphers and the Data Encryption Standard
byShafaan Khaliq Bhatti
 
Classical Encryption Techniques in Network Security
bybabak danyal
 
block ciphers
byAsad Ali
 
Computer security threats & prevention
byPriSim
 
Different types of attacks in internet
byRohan Bharadwaj
 
Network Attacks
bySecurityTube.Net
 
Network Security & Attacks
byNetwax Lab
 
Computer Security Threats
byQuick Heal Technologies Ltd.
 
Computer Security
byFrederik Questier
 
Aes (advance encryption standard)
bySina Manavi
 
AES-Advanced Encryption Standard
byPrince Rachit
 
Data Encryption Standard (DES)
byHaris Ahmed
 
Network security
byGichelle Amon
 

Similar to Network Security 1st Lecture

PPT
Chapter 1.ppt
byTamer Nadeem
 
PPT
computer architecture.ppt
byPandiya Rajan
 
PPT
ch01.ppt
byssuser4198c4
 
PPTX
chapter 1 INTROoooooooooooooooooooo.pptx
bymailshivaiah
 
PPT
ch01 cryptography1cryptography1cryptography1
bykavyams22
 
PPT
Ch01
byJoe Christensen
 
PPT
Network and Information Security unit 1.ppt
byVivekananda Gn
 
PPT
Network Security , Security Basics.pptx
byabhishekdarade26
 
PPT
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
bytahirnaquash2
 
PPT
Ch01
byssusere796b3
 
PPT
engineering cryptography 21ECE73 Module-3 (2).pptx
byshaziasulthana2
 
PPT
1 network securityIntroduction - MSC.ppt
bybilqesahmed608
 
PPTX
LEC_1_Computer security concepts_First semester.pptx
bywafaaljack25
 
PDF
Chapter 1 Introduction of Cryptography and Network security
byDr. Kapil Gupta
 
PPT
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
byNISHASOMSCS113
 
PPT
SecurityBasics.ppt a good thing by pakiza
bypakpra733
 
PPTX
osi-security-architectureppt.pptx
bykumarkaushal17
 
PPT
Module-1.ppt cryptography and network security
byAparnaSunil24
 
PPT
Unit 1.ppt
byDHANABALSUBRAMANIAN
 
PPT
ch01.ppt University of Education Lahore D
byMuhammadShan87
 
Chapter 1.ppt
byTamer Nadeem
 
computer architecture.ppt
byPandiya Rajan
 
ch01.ppt
byssuser4198c4
 
chapter 1 INTROoooooooooooooooooooo.pptx
bymailshivaiah
 
ch01 cryptography1cryptography1cryptography1
bykavyams22
 
Ch01
byJoe Christensen
 
Network and Information Security unit 1.ppt
byVivekananda Gn
 
Network Security , Security Basics.pptx
byabhishekdarade26
 
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
bytahirnaquash2
 
Ch01
byssusere796b3
 
engineering cryptography 21ECE73 Module-3 (2).pptx
byshaziasulthana2
 
1 network securityIntroduction - MSC.ppt
bybilqesahmed608
 
LEC_1_Computer security concepts_First semester.pptx
bywafaaljack25
 
Chapter 1 Introduction of Cryptography and Network security
byDr. Kapil Gupta
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
byNISHASOMSCS113
 
SecurityBasics.ppt a good thing by pakiza
bypakpra733
 
osi-security-architectureppt.pptx
bykumarkaushal17
 
Module-1.ppt cryptography and network security
byAparnaSunil24
 
Unit 1.ppt
byDHANABALSUBRAMANIAN
 
ch01.ppt University of Education Lahore D
byMuhammadShan87
 

More from babak danyal

DOCX
applist
bybabak danyal
 
PPT
Easy Steps to implement UDP Server and Client Sockets
bybabak danyal
 
PPT
Java IO Package and Streams
bybabak danyal
 
PPT
Swing and Graphical User Interface in Java
bybabak danyal
 
PPT
Tcp sockets
bybabak danyal
 
PPTX
block ciphers and the des
bybabak danyal
 
PPT
key distribution in network security
bybabak danyal
 
PPT
Lecture10 Signal and Systems
bybabak danyal
 
PPT
Lecture8 Signal and Systems
bybabak danyal
 
PPT
Lecture7 Signal and Systems
bybabak danyal
 
PPT
Lecture6 Signal and Systems
bybabak danyal
 
PPT
Lecture5 Signal and Systems
bybabak danyal
 
PPT
Lecture4 Signal and Systems
bybabak danyal
 
PPT
Lecture3 Signal and Systems
bybabak danyal
 
PPT
Lecture2 Signal and Systems
bybabak danyal
 
PPT
Lecture1 Intro To Signa
bybabak danyal
 
PPT
Lecture9 Signal and Systems
bybabak danyal
 
PPT
Lecture9
bybabak danyal
 
PPT
Cns 13f-lec03- Classical Encryption Techniques
bybabak danyal
 
DOCX
Problems at independence
bybabak danyal
 
applist
bybabak danyal
 
Easy Steps to implement UDP Server and Client Sockets
bybabak danyal
 
Java IO Package and Streams
bybabak danyal
 
Swing and Graphical User Interface in Java
bybabak danyal
 
Tcp sockets
bybabak danyal
 
block ciphers and the des
bybabak danyal
 
key distribution in network security
bybabak danyal
 
Lecture10 Signal and Systems
bybabak danyal
 
Lecture8 Signal and Systems
bybabak danyal
 
Lecture7 Signal and Systems
bybabak danyal
 
Lecture6 Signal and Systems
bybabak danyal
 
Lecture5 Signal and Systems
bybabak danyal
 
Lecture4 Signal and Systems
bybabak danyal
 
Lecture3 Signal and Systems
bybabak danyal
 
Lecture2 Signal and Systems
bybabak danyal
 
Lecture1 Intro To Signa
bybabak danyal
 
Lecture9 Signal and Systems
bybabak danyal
 
Lecture9
bybabak danyal
 
Cns 13f-lec03- Classical Encryption Techniques
bybabak danyal
 
Problems at independence
bybabak danyal
 

Recently uploaded

PDF
December Patch Tuesday
byIvanti
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
December Patch Tuesday
byIvanti
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
The year in review - MarvelClient in 2025
bypanagenda
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
In this document
Powered by AI

Introduction to Network Security course led by Tariq Ahmed; contact info provided.

Course schedule features lectures, assignments, quizzes, midterm, and final exam with grading breakdown.

Emphasis on academic honesty and list of reference materials including research papers and web resources.

Knowledge of TCP/IP and OS are prerequisites; covers cryptography, network security applications, and system security.

Essential textbooks for course included works by William Stallings and Ed Skoudis.

Expectations include understanding network security principles, cryptography, and secure system practices.

Overview of topics like attacks, services, mechanisms, and introduction to changes in information security requirements.

Definitions of computer, network, and internet security; emphasis on deterring, detecting, and correcting security violations.

Detailed look into security attacks, services, mechanisms; summarization of essential definitions regarding information security.

Introduction to ITU-T X.800 Security Architecture and its major categories of security services in data transfer.

Various mechanisms and classifications of attacks (active vs passive), focusing on methods of protection.

Specific examples of passive and active attacks, including strategies for prevention and detection.

Frameworks for implementing security measures on networks, incorporating algorithms and user access controls.

Exploration of various defense strategies and overview of internet standards including roles of governing bodies.

A summary of the course content covering definitions of security, services, mechanisms, and foundational standards.

Network Security 1st Lecture

  • 1.
    Network Security Tariq Ahmed Dr.A. Q. Khan Institute of Information Technology and Computer sciences(KICSIT) mrbokhari2000@yahoo.com  
  • 2.
    • Instructor: - TariqAhmed • Tel: 051 9285342 • Email: mrbokhari2000@yahoo.com Course Staff
  • 3.
    • Lectures - Wednesday:4:00 - 7:00 p.m. • Assignments - • Quizes - • Midterm exam - • Final exam -   Course Schedule
  • 4.
    • Assignments 10% –Late assignments are not accepted • Quizes 10% • Midterm exam 20% • Final exam 60% Grading Policy
  • 5.
    Academic Honesty • Yourwork in this class must be your own • If students are found to have collaborated excessively or to have cheated (e.g. by copying or sharing answers during an examination), all involved will at a minimum receive grades of 0 for the first infraction • Further infractions will result in failure in the course.
  • 6.
    Course Material Reference books –No single textbook covers the whole course! • Lot of research papers! – Many will be made available • RFCs and Internet drafts – Related to Network security protocols • Web resources – Tutorials, white papers, reports, etc.
  • 7.
    Course Information • Pre-requisites –Computer Networks course • You are assumed to have good knowledge of TCP/IP protocol suite – Operating Systems – Basic understanding of programming languages
  • 8.
    Course Contents • Introductionto network security • I. CRYPTOGRAPHY – Symmetric Encryption and Message Confidentiality – Public-Key Cryptography and Message Authentication • II. NETWORK SECURITY APPLICATIONS – Authentication Applications (Kerberos, X.509) – Electronic Mail Security (PGP, S/MIME) – IP Security (IPSec, AH, ESP, IKE) – Web Security (SSL, TLS, SET) – Network Management Security (SNMP)
  • 9.
    Course Contents • III.SYSTEM SECURITY – Intruders and intrusion detection – Malicious Software (viruses) – Firewalls and trusted systems – Operating System Security
  • 10.
    Textbooks • One ofthe following three books is required for this course: • William Stallings, Network Security Essentials • William Stallings, Cryptography and Network Security: Principles and Practice
  • 11.
    Textbooks • Ed Skoudis,Counter Hack: A Step by Step Guide to Computer Attacks and Defenses
  • 12.
    Expectations What do youwant (or expect) to learn from this class ?
  • 13.
    Expectations • This classIS about … – Network security principles and concepts – Cryptography, its use, principles and major algorithms – Message authentication and encryption techniques – Security of network “system” – Operating system security – Security practices and applications
  • 14.
    Expectations • This classIS NOT about … – Survey of existing protocol standards – Survey of loopholes in current protocols – How to hack the network of KICSIT! – Tools and tips to breach Internet security – How you can become a good hacker …
  • 15.
    Expectations We will learn Whyand How networks are made secure
  • 16.
    Outline • Attacks, servicesand mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs
  • 17.
    Background • Information Securityrequirements have changed in recent times • Traditionally provided by physical and administrative mechanisms • Computer use requires automated tools to protect files and other stored information • Use of networks and communications links requires measures to protect data during transmission
  • 18.
    Definitions • Computer Security- generic name for the collection of tools designed to protect data and to thwart hackers • Network Security - measures to protect data during their transmission • Internet Security - measures to protect data during their transmission over a collection of interconnected networks
  • 19.
    Aim of thisCourse • Our focus is on internet security • Consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information • Requirements seem straightforward, but the mechanisms used to meet them can be quite complex …
  • 20.
    Services, Mechanisms, Attacks •Need systematic way to define requirements • Consider three aspects of information security: – security attack – security mechanism – security service • Consider in reverse order
  • 21.
    Security Service • Issomething that enhances the security of the data processing systems and the information transfers of an organization • Intended to counter security attacks • Make use of one or more security mechanisms to provide the service • Replicate functions normally associated with physical documents e.g. – have signatures or dates – need protection from disclosure, tampering, or destruction – be notarized or witnessed – be recorded or licensed
  • 22.
    Security Mechanism • Amechanism that is designed to detect, prevent, or recover from a security attack • No single mechanism that will support all functions required • However one particular element underlies many of the security mechanisms in use: cryptographic techniques • Hence our focus is on this area
  • 23.
    Security Attack • Anyaction that compromises the security of information owned by an organization • Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems • Have a wide range of attacks • Can focus on generic types of attacks – Note: often threat & attack mean same
  • 24.
  • 25.
    Security Attacks • Interruption:This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity
  • 26.
  • 27.
    Summary: Attacks, Services andMechanisms • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms
  • 28.
    OSI Security Architecture •ITU-T X.800 Security Architecture for OSI • Defines a systematic way of defining and providing security requirements • For us it provides a useful, if abstract, overview of concepts we will study
  • 29.
    Security Services • X.800defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers • RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources
  • 30.
    Security Services (X.800) •X.800 defines security services in 5 major categories – Authentication - assurance that the communicating entity is the one claimed – Access Control - prevention of the unauthorized use of a resource – Data Confidentiality –protection of data from unauthorized disclosure – Data Integrity - assurance that data received is as sent by an authorized entity – Non-Repudiation - protection against denial by one of the parties in a communication
  • 31.
    Security Services • Confidentiality(privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files
  • 32.
    Security Mechanisms (X.800) • Specificsecurity mechanisms: – Encipherment: Converting data into form that is not readable – Digital signatures: To check authenticity and integrity of data – Access controls: Enforcing access rights to resources – Data integrity – Authentication exchange – Traffic padding: Insertion of bits to frustrate traffic analysis – Routing control: Selection of secure routes – Notarization: Use of trusted third party for data exchange
  • 33.
    Security Mechanisms (X.800) •Pervasive security mechanisms: – trusted functionality: percieved to be correct with respect to some criteria – security labels: – event detection: detection of security relevant events – security audit trails: – security recovery:
  • 34.
    Classify Security Attacksas • Passive attacks - eavesdropping on, or monitoring of, transmissions to: – obtain message contents, or – monitor traffic flows • Active attacks – modification of data stream to: – masquerade of one entity as some other – replay previous messages – modify messages in transit – denial of service
  • 35.
    Passive Attacks: Releaseof Message Contents
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 42.
  • 43.
    Model for NetworkSecurity • Using this model requires us to: – design a suitable algorithm for the security transformation – generate the secret information (keys) used by the algorithm – develop methods to distribute and share the secret information – specify a protocol enabling the principals to use the transformation and secret information for a security service
  • 44.
    Model for NetworkAccess Security
  • 45.
    Model for NetworkAccess Security • Using this model requires us to: – select appropriate gatekeeper functions to identify users – implement security controls to ensure only authorised users access designated information or resources • Trusted computer systems can be used to implement this model
  • 46.
    Methods of Defense •Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smartcard) • Policies (frequent changes of passwords) • Physical Controls
  • 47.
    Internet standards and RFCs •The Internet society – Internet Architecture Board (IAB) – Internet Engineering Task Force (IETF) – Internet Engineering Steering Group (IESG)
  • 48.
    Summary • Have considered: –computer, network, internet security def’s – security services, mechanisms, attacks – X.800 standard – models for network (access) security