The document discusses various topics related to network security including definitions of network security, common security goals of confidentiality, authentication, integrity and availability, common security threats from attackers, examples of systems and organizations that require network security protections, descriptions of firewalls and their purpose in restricting access between networks, and examples of security attacks like dictionary attacks, denial of service attacks, and evolving cyber threats.

2.  

3.  Dictionary.com says:
o Freedom from risk or danger; safety.
o Freedom from doubt, anxiety, or fear; confidence.
o Something that gives or assures safety, as:
• A group or department of private guards: Call building
security if a visitor acts suspicious.
• Measures adopted by a government to prevent espionage,
sabotage, or attack.
• Measures adopted, as by a business or homeowner, to
prevent a crime such as burglary or assault: Security was lax
at the firm's smaller plant.
 …etc.

4. Network security consists of the provisions and
policies adopted by a network administrator to
prevent and monitor unauthorized access,
misuse, modification, or denial of a computer
network and network-accessible resources.
Network security involves the authorization of
access to data in a network, which is controlled
by the network administrator.

5.  Confidentiality: only sender, intended receiver
should “understand” message contents
o sender encrypts message
o receiver decrypts message
 Authentication: sender, receiver want to confirm
identity of each other
 Message integrity: sender, receiver want to
ensure message not altered (in transit, or
afterwards) without detection
 Access and availability: services must be
accessible and available to users

6.  well-known in network security world
 Bob, Alice (lovers!) want to communicate “securely”
 Trudy (intruder) may intercept, delete, add messages

7. … well, real-life Bobs and Alices!
web browser/server for electronic transactions
(e.g., on-line purchases)
on-line banking client/server
DNS servers
routers exchanging routing table updates
other examples?

8. They can do a lot of things
 eavesdrop: intercept messages
 actively insert messages into connection
 impersonation: can fake (spoof) source address
in packet (or any field in packet)
 hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in
place
 denial of service: prevent service from being
used by others (e.g., by overloading resources)

9. Confidentiality
o Information about system or its users cannot be
learned by an attacker
Integrity
o The system continues to operate properly, only
reaching states that would occur if there were no
attacker
Availability
o Actions by an attacker do not prevent users from
having access to use of the system

10. Data
o Information we keep on computers (product
design, financial records, personnel data)
o Lost time, lost sales, lost confidence
Resources
o Unauthorized use of computer time & space
Reputation
o Misrepresentation, forgery, negative publicity

11. Financial institutions and banks
Internet service providers
Pharmaceutical companies
Government and defence agencies
Contractors to various government agencies
Multinational corporations
ANYONE ON THE NETWORK

12. Definition - hardware &/or software
components that restrict access between a
restricted network & the Internet or between
networks
Logically - a separator, restricted, analyser
Rarely a single object
o Restricts people to entering at a controlled point
o Prevents attackers from getting close to other
defences (host controls)
o Restricts people to leaving at a controlled point

13. Focus security decisions - single point to
leverage control
Enforce security policy - minimize exceptions
Log Internet activity - analysis
Limit exposure - separate sensitive areas of
one network from another or outside world

14. Can’t protect against
o malicious insiders
o connections that don’t go through it
o new threats
o viruses
o scans for source & destination addresses & port
numbers, not details of data

15. The Internet
De-Militarized
Zone
Private Network
Border Router/Firewall
Commercial Network
Private Network
WLAN

16. The Internet
De-Militarized
Zone
Private Network
Border Router/
Firewall
Router/Firewall
WLAN

17. The Internet
De-Militarized
Zone
Private Network
Border Router: Packet Filter
Bastion Hosts
Proxy server firewall
WLAN

18. Authentication (entity, data origin)
Access control (prevent unauthorized access)
Confidentiality (disclosure, encryption)
Data integrity (value of data item)
Non-repudiation (falsely denying a transaction)

19. Used to monitor for “suspicious activity” on a
network
Can protect against known software exploits,
like buffer overflows

20. We can run a dictionary attack on the
passwords
o The passwords in /etc/passwd are encrypted with
the crypt(3) function (one-way hash)
o Can take a dictionary of words, crypt() them all,
and compare with the hashed passwords
This is why your passwords should be
meaningless random junk!
o For example, “sdfo839f” is a good password

21. Purpose: Make a network service unusable,
usually by overloading the server or network
Many different kinds of DoS attacks
o SYN flooding
o SMURF
o Distributed attacks

22. Profile:
o Male
o Between 14 and 34 years of age
o Computer addicted
o No permanent girlfriend

23.  Malware, worms, and Trojan horses
o spread by email, instant messaging, malicious or infected websites
 Botnets and zombies
o improving their encryption capabilities, more difficult to detect
 Scareware – fake/rogue security software
 Attacks on client-side software
o browsers, media players, PDF readers, etc.
 Ransom attacks
o malware encrypts hard drives, or DDOS attack
 Social network attacks
o Users’ trust in online friends makes these networks a prime target.
 Cloud Computing - growing use will make this a prime target for attack.
 Web Applications - developed with inadequate security controls
 Budget cuts - problem for security personnel and a boon to cyber criminals.

24.  