Like in non-Cyber “real” world: Security is used to secure, protect, prevent bad things to happen (or try to).
Function: noun Inflected Form(s): plural -ties Date: 15th century 1 : the quality or state of being secure : as a : freedom from danger : SAFETY b : freedom from fear or anxiety c : freedom from the prospect of being laid off <job security > 2 a : something given, deposited, or pledged to make certain the fulfillment of an obligation b : SURETY 3 : an evidence of debt or of ownership (as a stock certificate or bond) 4 a : something that secures : PROTECTION b (1) : measures taken to guard against espionage or sabotage, crime, attack, or escape (2) : an organization or department whose task is security
Eavesdropping on a Dialog Client PC Bob Server Alice Dialog Attacker (Eve) intercepts and reads messages Hello Hello
Encryption for Confidentiality Client PC Bob Server Alice Attacker (Eve) intercepts but cannot read “ 100100110001” Encrypted Message “ 100100110001” Original Message “ Hello” Decrypted Message “ Hello”
Impersonation and Authentication Server Alice Attacker (Eve) I’m Bob Prove it! (Authenticate Yourself) Client PC Bob
Message Alteration Server Alice Dialog Attacker (Eve) intercepts and alters messages Balance = $1 Balance = $1 Balance = $1,000,000 Balance = $1,000,000 Client PC Bob
Secure Dialog System Client PC Bob Server Alice Secure Dialog Attacker cannot read messages, alter messages, or impersonate Automatically Handles Negation of Security Options Authentication Encryption Integrity
Network Penetration Attacks and Firewalls Attack Packet Internet Attacker Hardened Client PC Internal Corporate Network Internet Firewall Log File Hardened Server Passed Packet Dropped Packet
Scanning (Probing) Attacks Probe Packets to 172.16.99.1, 172.16.99.2, etc. Internet Attacker Corporate Network Host 172.16.99.1 No Host 172.16.99.2 No Reply Reply from 172.16.99.1 Results 172.16.99.1 is reachable 172.16.99.2 is not reachable …
Single-Message Break-In Attack 1. Single Break-In Packet 2. Server Taken Over By Single Message Attacker
Denial-of-Service (DoS) Flooding Attack Message Flood Server Overloaded By Message Flood Attacker
Intrusion Detection System (IDS) 1. Suspicious Packet Internet Attacker Network Administrator Corporate Network 2. Suspicious Packet Passed 3. Log Suspicious Packet 4. Alarm Intrusion Detection System (IDS) Log File Hardened Server
As we have seen in previous slides, security services that must be provided are numerous and diverse.
Similarly to the “real-world” bank, our web servers, our networks can have many vulnerabilities and these vulnerabilities can be located in many layers of the architecture.
We need to practice a “security in-depth” approach.
Security consideration and services must be present in each and every level of components.
Rule: When analyzing the quality of your security infrastructure, always assume that 1 full security layer/functionality will entirely fail.
Are you still secured? What are your areas of vulnerabilities?
How long would it take for you to detect the failure?
Vulnerabilities and security services involve all 7 layers of the OSI model.
Security also is greatly dependant on the OSI’s “Layer 8”.
The balance between the threat to a system and the security services deployed is very Asymmetric: You need to defend each and every aspects to be successful – An attacker often needs to mitigate one aspect to be successful.
Let’s look at an example of an e-Commerce site and try to discuss what can go wrong and where.
Layered Security Architecture Firewall l Internet Router My-store.com E-Commerce Infrastructure Ethernet Mail relay Outside DNS Inside DNS Inside Mail Server ISP DNS Internet Users Intruder, threat,, opponent E-Comm - Web Firewall Database Server Router WAN Links to Remote Offices
To prevent attacks, an enterprise need to build a complete and comprehensive security architecture using tools, methods and techniques that individually target some threats and work in an integrated fashion to provide a complete enterprise framework for secure computing.
One missing “piece” or aspect may endanger the whole infrastructure. Example: if you do not have virus protection, can an intruder bypass your firewalls?
The goal of this class will be to present the aspects that most impact network security within that framework.
Example of these tools and methods are presented in Unit 2.