SlideShare a Scribd company logo
1 of 50
Data and Network Security




                            1
What is Computer Security?
• The protection afforded to an automated information system in order to
  attain the applicable objectives of preserving the integrity, availability and
  confidentiality    of    information     system      resources      (includes
  hardware, software, firmware, information/data, and telecommunications)
  is called Computer Security.




                                                                            2
What is Computer Security?
• For some Computer Security is controlling access to
  hardware, software and data of a computerized system.
• A large measure of computer security is simply keeping the
  computer system's information secure.
• In broader terms, computer security can be thought of as the
  protection of the computer and its resources against accidental or
  intentional disclosure of confidential data, unlawful modification of
  data or programs, the destruction of data, software or hardware.
• Computer security also includes the denial of use of one’s computer
  facilities for criminal activities including computer related fraud and
  blackmail.
• Finally, computer security involves the elimination of weaknesses or
  vulnerabilities that might be exploited to cause loss or harm.




                                                                        3
The Need for Computer Security
• Why the need for Computer Security?
  – The value of computer assets and services
• What is the new IT environment?
  – Networks and distributed applications/services
  – Electronic Commerce (E-commerce, E-business)




                                                     4
The Value of Computer Assets and
                Services
• Most companies use electronic information extensively to support their
  daily business processes.
• Data is stored on customers, products, contracts, financial
  results, accounting etc.
• If this electronic information were to become available to competitors
  or to become corrupted, false or disappear, what would happen? What
  would the consequences be? Could the business still function?




                                                                       5
Network Security Issues
• “The network is the computer”
•   Proliferation of networks has increased security risks much more.
•   Sharing of resources increases complexity of system.
•   Unknown perimeter (linked networks), unknown path.
•   Many points of attack.
•   Computer security has to find answers to network security problems.
•   Hence today the field is called Computer and Network Security.




                                                                      6
Computer Security Requirements
•   Secrecy
•   Integrity
•   Availability
•   Authenticity
•   Non-repudiation
•   Access control




                                     7
Secrecy (Confidentiality)
• Secrecy requires that the information in a computer system only be
  accessible for reading by authorized parties.
• This type of access includes:
   – Printing
   – Displaying
   – Other forms of disclosure, including simply revealing the existing
      of an object




                                                                      8
Integrity
• Integrity requires that the computer system asset can be modified
  only by authorized parties.
• Modification includes:
   – Writing
   – Changing
   – Changing status
   – Deleting and
   – Creating




                                                                  9
More About Integrity
• Integrity: In lay usage, information has integrity when it is
  timely, accurate, complete, and consistent. However, computers are
  unable to provide or protect all of these qualities. Therefore, in the
  computer security field, integrity is often discussed more narrowly as
  having two data integrity and system integrity.
• “Data integrity is a requirement that information and programs are
  changed only in a specified and authorized manner.”
• System integrity is a requirement that a system “performs its intended
  function in an unimpaired manner, free from deliberate or inadvertent
  unauthorized manipulation of the system.”
• The definition of integrity has been, and continues to be, the subject of
  much debate among computer security experts.



                                                                       10
Availability
• Availability requires that computer system assets are available to
  authorized parties.
• Availability is a requirement intended to assure that systems work
  promptly and service is not denied to authorized users.




                                                                  11
Authenticity
• Authenticity means that parties in a information services can
  ascertain the identity of parties trying to access information services.
• Also means that the origin of the message is certain.
• Therefore two types:
   – Principal Authentication
   – Message Authentication




                                                                        12
Non-repudiation
• Originator of communications can’t deny it later.
• Without non-repudiation you could place an order for 1 million
  dollars of equipment online and then simply deny it later.
• Or you could send an email inviting a friend to the dinner and then
  disclaim it later.
• Non-repudiation associates the identity of the originator with the
  transaction in a non-deniable way.




                                                                   13
Access Control
• Unauthorized users are kept out of the system.
• Unauthorized users are kept out of places on the system/disk.
• Typically makes use of Directories or Access Control Lists (ACLs) or
  Access Control Matrix
• Objects: Resources that need to be protected
• Subjects: Entities that need access to resources
• Rights: Permissions
• Each entry is a triple <subject, object, rights>




                                                                    14
Type of Attacks/Threats in
                  Computer Systems
• A threat is a danger which could affect the security
  (confidentiality, integrity, availability) of assets, leading to a potential
  loss or damage.
•   Interruption
•   Interception
•   Modification
•   Fabrication




                                                                                 15
Type of Attacks in Computer
          Systems




                              16
Normal Flow of Information




                             17
Interruption
• An asset of the system is destroyed or becomes unavailable or
  unusable. This is an attack on the availability.
• Examples include destruction of a piece of hardware, such as a hard
  disk, the cutting of a communication link, or the disabling of the file
  management system.
• DOS - Denial of Service Attacks have become very well known.




                                                                       18
Interruption




               19
Interception
• Information disclosure/information leakage
• An unauthorized party gains access to an asset.
• This is an attack on confidentiality.
• The unauthorized party could be a person, a program, or a
  computer.
• Examples include:
   – wiretapping to capture data in a network
   – the illicit copying of files or programs




                                                              20
Interception




               21
Modification
•   Modification is integrity violation.
•   An unauthorized party not only gains access to but tampers with an asset.
•   This is an attack on the integrity.
•   Examples include changing values in a data file, altering a program so that
    it performs differently, and modifying the content of a message being
    transmitted in a network.




                                                                             22
Modification




               23
Fabrication
• An unauthorized party inserts counterfeit objects into the system.
  This is an attack on the authenticity.
• Examples include the insertion of spurious messages in a network or
  the addition of records to a file.




                                                                   24
Fabrication




              25
Classification of Attacks
• Computer Security attacks can be classified into two broad
  categories:
   – Passive Attacks can only observe communications or data.
   – Active Attacks can actively modify communications or data.
      Often difficult to perform, but very powerful. Examples include
       • Mail forgery/modification
       • TCP/IP spoofing/session hijacking




                                                                        26
Passive Attacks and Active Attacks




                                     27
Passive Attacks and
Active Attacks




                      28
Passive Attacks
• Eavesdropping on or monitoring of transmission.
• The goal of the opponent is to obtain information that is being
  transmitted.
• Two types:
   – Release-of-message contents
   – Traffic Analysis




                                                               29
Release-of-message Contents
• Opponent finds out the contents or the actual messages being
  transmitted.
• How to protect?
   – Encryption
   – Steganography




                                                            30
Traffic Analysis
• More subtle than release-of-message contents.
• Messages may be kept secret by masking or encryption but …
• The opponent figures out information being carried by the
  messages based on the frequency and timings of the message.
• How to protect?
   – Data/Message Padding
   – Filler Sequences




                                                                31
Passive Attacks Problems
• Difficult to detect because there is no modification of data.
• Protection approach should be based on prevention rather than
  detection.




                                                                  32
Active Attacks
• Active attacks involve some sort of modification of the data stream
  or the creation of a false stream.
• Four sub-categories:
   – Masquerade
   – Replay
   – Modification of Messages
   – Denial of service




                                                                        33
Masquerade
• An entity pretends to be another.
• For the purpose of doing some other form of attack.
• Example a system claims its IP address to be what it is not, IP
  spoofing.
• How to protect?
   – Principal/Entity Authentication




                                                                    34
Replay
• First passive capture of data and then its retransmission to produce
  an unauthorized effect.
• Could be disastrous in case of critical messages such as
  authentication sequences, even if the password were encrypted.
• How to protect?
   – Time stamps
   – Sequence Numbers




                                                                    35
Modification of Messages
• Some portion of a legitimate message is altered or messages are
  delayed or reordered to produce an unauthorized effect.
• How to protect?
   – Message Authentication Codes
   – Chaining




                                                               36
Denial of Service - DOS
• Prevents the normal use or management of communication facilities.
• Such attacks have become very common on the Internet especially
  against web servers.
• On the Internet remotely located hackers can crash the TCP/IP
  software by exploiting known vulnerabilities in various
  implementations.
• One has to constantly look out for software updates and security
  patches to protect against these attacks.




                                                                  37
Problems with Active Attacks
• Easy to detect but difficult to prevent.
• Efforts are directed to quickly recover from disruption or delays.
• Good thing is that detection will have a deterrent effect.




                                                                       38
How Threats Affect Computer
             Systems
   Interruption                  Interception
(Denial of Service)                 (Theft)
                      HARDWARE



   Interruption                  Interception
    (Deletion)                      (Theft)
                      SOFTWARE
  Modification
(Malicious Code)



   Interruption                    Interception
      (Loss)                     (Eavesdropping)
                        DATA
  Modification                     Fabrication     39
A Model for Network Security




                               40
Security Protocols
• A protocol is a series of steps, involving two or more
  parties, designed to accomplish a task.
   – Every one involved in a protocol must know the protocol and all
     of the steps to follow in advance.
   – Everyone involved in the protocols must agree to follow it.
   – The protocol must be unambiguous; each step must be well
     defined and there must be no chance of misunderstanding.
   – The protocol must be complete; there must be a specified action
     for every possible situation.
   – It should not be possible to do more or learn more than what is
     specified in the protocol.




                                                                  41
Security
                          Application       Email - S/MIME      Application




    Protocol
                          Presentation                         Presentation




     Layers
                            Session              SSL              Session



The further down you      Transport                             Transport

go, the more
transparent it is           Network             IPSec             Network


The further up you         Datalink          PPP - ECP           Datalink
go, the easier it is to
deploy                      Physical                              Physical




                              Encrypting                      Encrypting
                                           PHYSICAL NETWORK
                                 NIC                             NIC




                                                                             42
Security Services Provided by
           Security Protocols
• Access control: Protects against unauthorized use.
• Authentication: Provides assurance of someone's identity.
• Confidentiality: Protects against disclosure to unauthorized
  identities.
• Integrity: Protects from unauthorized data alteration.
• Non-repudiation: Protects against originator of communications
  later denying it.




                                                              43
Security Mechanisms
• Three basic building blocks are used:
   – Encryption is used to provide confidentiality, can provide
     authentication and integrity protection.
   – Digital signatures are used to provide authentication, integrity
     protection, and non-repudiation.
   – Checksums/hash algorithms are used to provide integrity
     protection, can provide authentication.
• One or more security mechanisms are combined to provide a
  security service/protocol.




                                                                   44
Services, Mechanisms, Algorithms
• A typical security protocol provides one or more security services
  (authentication, secrecy, integrity, etc.)
• Services are built from mechanisms.
• Mechanisms are implemented using algorithms.




                                                 Services
                        SSL                      (Security Protocols)


  Signatures       Encryption         Hashing    Mechanisms



DSA      RSA      RSA         DES   SHA1   MD5   Algorithms
                                                                        45
Services, Mechanisms, Algorithms
                           Security Protocols (Services)
            Standards-based Security Protocols                Proprietary Security Protocols


            SSL                           IPSec               PrivateWire      Big Brother


                                    Mechanisms

        Encryption                      Signature              Hashing        Key Exchange


                                     Algorithms

Symmetric         Asymmetric   Asymmetric         Symmetric
                                                                MD-5              Diffie-
  DES                RSA          DSA                           SHA-1            Hellman
                                                  DESMAC
  AES                ECC          RSA
                                                                                         46
Encryption and Security
• Encryption is a key enabling technology to implement computer
  security.
• But Encryption is to security like bricks are to buildings.
• In the next module we will study encryption in detail.




                                                             47
Computer security is based on eight
         major elements:
1.   Computer security should support the mission of the organization.
2.   Computer security is an integral element of sound management.
3.   Computer security should be cost-effective.
4.   Computer security responsibilities and accountability should be made
     explicit.
5.   System owners have computer security responsibilities outside their
     own organizations.
6.   Computer security requires a comprehensive and integrated approach.
7.   Computer security should be periodically reassessed.
8.   Computer security is constrained by societal factors.




                                                                      48
Typical Security Solutions and
                Technologies
•   Physical security              •   User authentication
•   Encryption                     •   Passwords and passphrases
•   Access control                 •   Challenge-response systems
•   Automatic call back            •   Token or smart cards
•   Node authentication
                                   •   Exchange of secret protocol
•   Differentiated access rights
                                   •   Personal characteristics -
•   Antivirus software
                                       Biometrics
•   Public Key Infrastructure
•   Firewalls




                                                                     49
THANK YOU!




             50

More Related Content

What's hot (20)

Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
 
Network security model.pptx
Network security model.pptxNetwork security model.pptx
Network security model.pptx
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
Server vs client
Server vs clientServer vs client
Server vs client
 
Security and Viruses
Security and VirusesSecurity and Viruses
Security and Viruses
 
Email security
Email securityEmail security
Email security
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service Models
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
TCP/IP Network ppt
TCP/IP Network pptTCP/IP Network ppt
TCP/IP Network ppt
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
System security
System securitySystem security
System security
 
cryptography
cryptographycryptography
cryptography
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
S/MIME
S/MIMES/MIME
S/MIME
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
 
Information and network security 13 playfair cipher
Information and network security 13 playfair cipherInformation and network security 13 playfair cipher
Information and network security 13 playfair cipher
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
 
Tools and methods used in cyber crime
Tools and methods used in cyber crimeTools and methods used in cyber crime
Tools and methods used in cyber crime
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 

Viewers also liked

Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecturebabak danyal
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threadssrivijaymanickam
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Network Security & Cryptography
Network Security & CryptographyNetwork Security & Cryptography
Network Security & CryptographyDr. Himanshu Gupta
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Wireless sensor network security issues
Wireless sensor network security issuesWireless sensor network security issues
Wireless sensor network security issuesMaha Saad
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Project Management
Project ManagementProject Management
Project ManagementAtif Rehmat
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network securityJoe McCarthy
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Infomration & network security
Infomration & network securityInfomration & network security
Infomration & network securityRajkumar Pawar
 

Viewers also liked (20)

Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
 
Network Security
Network SecurityNetwork Security
Network Security
 
Network security
Network securityNetwork security
Network security
 
Network Security & Cryptography
Network Security & CryptographyNetwork Security & Cryptography
Network Security & Cryptography
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Wireless sensor network security issues
Wireless sensor network security issuesWireless sensor network security issues
Wireless sensor network security issues
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Network security
Network security Network security
Network security
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Project Management
Project ManagementProject Management
Project Management
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network security
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Chapter 01
Chapter 01Chapter 01
Chapter 01
 
Network security
Network securityNetwork security
Network security
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security Issues
 
Infomration & network security
Infomration & network securityInfomration & network security
Infomration & network security
 
Security
SecuritySecurity
Security
 

Similar to Data Network Security

Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Application of security computer
Application of security computerApplication of security computer
Application of security computeribrahimzubairu2003
 
attack vectors by chimwemwe.pptx
attack vectors  by chimwemwe.pptxattack vectors  by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptshahadd2021
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.rizwanshafique4321
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdfdeepakbharathi16
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityShafaan Khaliq Bhatti
 

Similar to Data Network Security (20)

Ch1 cse
Ch1 cseCh1 cse
Ch1 cse
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Network Security
Network SecurityNetwork Security
Network Security
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptx
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Application of security computer
Application of security computerApplication of security computer
Application of security computer
 
Network security Topic 2 overview continued
Network security Topic 2 overview continuedNetwork security Topic 2 overview continued
Network security Topic 2 overview continued
 
attack vectors by chimwemwe.pptx
attack vectors  by chimwemwe.pptxattack vectors  by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Isys20261 lecture 02
Isys20261 lecture 02Isys20261 lecture 02
Isys20261 lecture 02
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
 

Recently uploaded

How to Manage Engineering to Order in Odoo 17
How to Manage Engineering to Order in Odoo 17How to Manage Engineering to Order in Odoo 17
How to Manage Engineering to Order in Odoo 17Celine George
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
CONCEPT OF MUTATION AND ITS CLASSIFICATION .pptx
CONCEPT OF MUTATION AND ITS CLASSIFICATION .pptxCONCEPT OF MUTATION AND ITS CLASSIFICATION .pptx
CONCEPT OF MUTATION AND ITS CLASSIFICATION .pptxAnupkumar Sharma
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxMichelleTuguinay1
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
PRINCIPLE & APPLICATIONS OF IMMUNO BLOTTING TECHNIQUES.pptx
PRINCIPLE & APPLICATIONS OF IMMUNO BLOTTING TECHNIQUES.pptxPRINCIPLE & APPLICATIONS OF IMMUNO BLOTTING TECHNIQUES.pptx
PRINCIPLE & APPLICATIONS OF IMMUNO BLOTTING TECHNIQUES.pptxAnupkumar Sharma
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operationalssuser3e220a
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataBabyAnnMotar
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 

Recently uploaded (20)

How to Manage Engineering to Order in Odoo 17
How to Manage Engineering to Order in Odoo 17How to Manage Engineering to Order in Odoo 17
How to Manage Engineering to Order in Odoo 17
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
CONCEPT OF MUTATION AND ITS CLASSIFICATION .pptx
CONCEPT OF MUTATION AND ITS CLASSIFICATION .pptxCONCEPT OF MUTATION AND ITS CLASSIFICATION .pptx
CONCEPT OF MUTATION AND ITS CLASSIFICATION .pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
PRINCIPLE & APPLICATIONS OF IMMUNO BLOTTING TECHNIQUES.pptx
PRINCIPLE & APPLICATIONS OF IMMUNO BLOTTING TECHNIQUES.pptxPRINCIPLE & APPLICATIONS OF IMMUNO BLOTTING TECHNIQUES.pptx
PRINCIPLE & APPLICATIONS OF IMMUNO BLOTTING TECHNIQUES.pptx
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operational
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped data
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 

Data Network Security

  • 1. Data and Network Security 1
  • 2. What is Computer Security? • The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) is called Computer Security. 2
  • 3. What is Computer Security? • For some Computer Security is controlling access to hardware, software and data of a computerized system. • A large measure of computer security is simply keeping the computer system's information secure. • In broader terms, computer security can be thought of as the protection of the computer and its resources against accidental or intentional disclosure of confidential data, unlawful modification of data or programs, the destruction of data, software or hardware. • Computer security also includes the denial of use of one’s computer facilities for criminal activities including computer related fraud and blackmail. • Finally, computer security involves the elimination of weaknesses or vulnerabilities that might be exploited to cause loss or harm. 3
  • 4. The Need for Computer Security • Why the need for Computer Security? – The value of computer assets and services • What is the new IT environment? – Networks and distributed applications/services – Electronic Commerce (E-commerce, E-business) 4
  • 5. The Value of Computer Assets and Services • Most companies use electronic information extensively to support their daily business processes. • Data is stored on customers, products, contracts, financial results, accounting etc. • If this electronic information were to become available to competitors or to become corrupted, false or disappear, what would happen? What would the consequences be? Could the business still function? 5
  • 6. Network Security Issues • “The network is the computer” • Proliferation of networks has increased security risks much more. • Sharing of resources increases complexity of system. • Unknown perimeter (linked networks), unknown path. • Many points of attack. • Computer security has to find answers to network security problems. • Hence today the field is called Computer and Network Security. 6
  • 7. Computer Security Requirements • Secrecy • Integrity • Availability • Authenticity • Non-repudiation • Access control 7
  • 8. Secrecy (Confidentiality) • Secrecy requires that the information in a computer system only be accessible for reading by authorized parties. • This type of access includes: – Printing – Displaying – Other forms of disclosure, including simply revealing the existing of an object 8
  • 9. Integrity • Integrity requires that the computer system asset can be modified only by authorized parties. • Modification includes: – Writing – Changing – Changing status – Deleting and – Creating 9
  • 10. More About Integrity • Integrity: In lay usage, information has integrity when it is timely, accurate, complete, and consistent. However, computers are unable to provide or protect all of these qualities. Therefore, in the computer security field, integrity is often discussed more narrowly as having two data integrity and system integrity. • “Data integrity is a requirement that information and programs are changed only in a specified and authorized manner.” • System integrity is a requirement that a system “performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.” • The definition of integrity has been, and continues to be, the subject of much debate among computer security experts. 10
  • 11. Availability • Availability requires that computer system assets are available to authorized parties. • Availability is a requirement intended to assure that systems work promptly and service is not denied to authorized users. 11
  • 12. Authenticity • Authenticity means that parties in a information services can ascertain the identity of parties trying to access information services. • Also means that the origin of the message is certain. • Therefore two types: – Principal Authentication – Message Authentication 12
  • 13. Non-repudiation • Originator of communications can’t deny it later. • Without non-repudiation you could place an order for 1 million dollars of equipment online and then simply deny it later. • Or you could send an email inviting a friend to the dinner and then disclaim it later. • Non-repudiation associates the identity of the originator with the transaction in a non-deniable way. 13
  • 14. Access Control • Unauthorized users are kept out of the system. • Unauthorized users are kept out of places on the system/disk. • Typically makes use of Directories or Access Control Lists (ACLs) or Access Control Matrix • Objects: Resources that need to be protected • Subjects: Entities that need access to resources • Rights: Permissions • Each entry is a triple <subject, object, rights> 14
  • 15. Type of Attacks/Threats in Computer Systems • A threat is a danger which could affect the security (confidentiality, integrity, availability) of assets, leading to a potential loss or damage. • Interruption • Interception • Modification • Fabrication 15
  • 16. Type of Attacks in Computer Systems 16
  • 17. Normal Flow of Information 17
  • 18. Interruption • An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on the availability. • Examples include destruction of a piece of hardware, such as a hard disk, the cutting of a communication link, or the disabling of the file management system. • DOS - Denial of Service Attacks have become very well known. 18
  • 20. Interception • Information disclosure/information leakage • An unauthorized party gains access to an asset. • This is an attack on confidentiality. • The unauthorized party could be a person, a program, or a computer. • Examples include: – wiretapping to capture data in a network – the illicit copying of files or programs 20
  • 22. Modification • Modification is integrity violation. • An unauthorized party not only gains access to but tampers with an asset. • This is an attack on the integrity. • Examples include changing values in a data file, altering a program so that it performs differently, and modifying the content of a message being transmitted in a network. 22
  • 24. Fabrication • An unauthorized party inserts counterfeit objects into the system. This is an attack on the authenticity. • Examples include the insertion of spurious messages in a network or the addition of records to a file. 24
  • 26. Classification of Attacks • Computer Security attacks can be classified into two broad categories: – Passive Attacks can only observe communications or data. – Active Attacks can actively modify communications or data. Often difficult to perform, but very powerful. Examples include • Mail forgery/modification • TCP/IP spoofing/session hijacking 26
  • 27. Passive Attacks and Active Attacks 27
  • 29. Passive Attacks • Eavesdropping on or monitoring of transmission. • The goal of the opponent is to obtain information that is being transmitted. • Two types: – Release-of-message contents – Traffic Analysis 29
  • 30. Release-of-message Contents • Opponent finds out the contents or the actual messages being transmitted. • How to protect? – Encryption – Steganography 30
  • 31. Traffic Analysis • More subtle than release-of-message contents. • Messages may be kept secret by masking or encryption but … • The opponent figures out information being carried by the messages based on the frequency and timings of the message. • How to protect? – Data/Message Padding – Filler Sequences 31
  • 32. Passive Attacks Problems • Difficult to detect because there is no modification of data. • Protection approach should be based on prevention rather than detection. 32
  • 33. Active Attacks • Active attacks involve some sort of modification of the data stream or the creation of a false stream. • Four sub-categories: – Masquerade – Replay – Modification of Messages – Denial of service 33
  • 34. Masquerade • An entity pretends to be another. • For the purpose of doing some other form of attack. • Example a system claims its IP address to be what it is not, IP spoofing. • How to protect? – Principal/Entity Authentication 34
  • 35. Replay • First passive capture of data and then its retransmission to produce an unauthorized effect. • Could be disastrous in case of critical messages such as authentication sequences, even if the password were encrypted. • How to protect? – Time stamps – Sequence Numbers 35
  • 36. Modification of Messages • Some portion of a legitimate message is altered or messages are delayed or reordered to produce an unauthorized effect. • How to protect? – Message Authentication Codes – Chaining 36
  • 37. Denial of Service - DOS • Prevents the normal use or management of communication facilities. • Such attacks have become very common on the Internet especially against web servers. • On the Internet remotely located hackers can crash the TCP/IP software by exploiting known vulnerabilities in various implementations. • One has to constantly look out for software updates and security patches to protect against these attacks. 37
  • 38. Problems with Active Attacks • Easy to detect but difficult to prevent. • Efforts are directed to quickly recover from disruption or delays. • Good thing is that detection will have a deterrent effect. 38
  • 39. How Threats Affect Computer Systems Interruption Interception (Denial of Service) (Theft) HARDWARE Interruption Interception (Deletion) (Theft) SOFTWARE Modification (Malicious Code) Interruption Interception (Loss) (Eavesdropping) DATA Modification Fabrication 39
  • 40. A Model for Network Security 40
  • 41. Security Protocols • A protocol is a series of steps, involving two or more parties, designed to accomplish a task. – Every one involved in a protocol must know the protocol and all of the steps to follow in advance. – Everyone involved in the protocols must agree to follow it. – The protocol must be unambiguous; each step must be well defined and there must be no chance of misunderstanding. – The protocol must be complete; there must be a specified action for every possible situation. – It should not be possible to do more or learn more than what is specified in the protocol. 41
  • 42. Security Application Email - S/MIME Application Protocol Presentation Presentation Layers Session SSL Session The further down you Transport Transport go, the more transparent it is Network IPSec Network The further up you Datalink PPP - ECP Datalink go, the easier it is to deploy Physical Physical Encrypting Encrypting PHYSICAL NETWORK NIC NIC 42
  • 43. Security Services Provided by Security Protocols • Access control: Protects against unauthorized use. • Authentication: Provides assurance of someone's identity. • Confidentiality: Protects against disclosure to unauthorized identities. • Integrity: Protects from unauthorized data alteration. • Non-repudiation: Protects against originator of communications later denying it. 43
  • 44. Security Mechanisms • Three basic building blocks are used: – Encryption is used to provide confidentiality, can provide authentication and integrity protection. – Digital signatures are used to provide authentication, integrity protection, and non-repudiation. – Checksums/hash algorithms are used to provide integrity protection, can provide authentication. • One or more security mechanisms are combined to provide a security service/protocol. 44
  • 45. Services, Mechanisms, Algorithms • A typical security protocol provides one or more security services (authentication, secrecy, integrity, etc.) • Services are built from mechanisms. • Mechanisms are implemented using algorithms. Services SSL (Security Protocols) Signatures Encryption Hashing Mechanisms DSA RSA RSA DES SHA1 MD5 Algorithms 45
  • 46. Services, Mechanisms, Algorithms Security Protocols (Services) Standards-based Security Protocols Proprietary Security Protocols SSL IPSec PrivateWire Big Brother Mechanisms Encryption Signature Hashing Key Exchange Algorithms Symmetric Asymmetric Asymmetric Symmetric MD-5 Diffie- DES RSA DSA SHA-1 Hellman DESMAC AES ECC RSA 46
  • 47. Encryption and Security • Encryption is a key enabling technology to implement computer security. • But Encryption is to security like bricks are to buildings. • In the next module we will study encryption in detail. 47
  • 48. Computer security is based on eight major elements: 1. Computer security should support the mission of the organization. 2. Computer security is an integral element of sound management. 3. Computer security should be cost-effective. 4. Computer security responsibilities and accountability should be made explicit. 5. System owners have computer security responsibilities outside their own organizations. 6. Computer security requires a comprehensive and integrated approach. 7. Computer security should be periodically reassessed. 8. Computer security is constrained by societal factors. 48
  • 49. Typical Security Solutions and Technologies • Physical security • User authentication • Encryption • Passwords and passphrases • Access control • Challenge-response systems • Automatic call back • Token or smart cards • Node authentication • Exchange of secret protocol • Differentiated access rights • Personal characteristics - • Antivirus software Biometrics • Public Key Infrastructure • Firewalls 49