2. What is a network?
A network consists of two or more
devices that are linked in order to share
resources or allow communications.
Can you think of various forms of a
network?
2
6. What is Security?
Security is the act of protecting a
person, property or organization from
an attack.
6
• Examples of attack on a person?
• Examples of attack on a property?
• Examples of attack on a organization?
7. Why do we need Information
Security
7
INTERNET
email
School Nurse
Name: ALICE JACK
Address: 1 BALL STR
Phone Number: 888-9191
DOB: 01/21/1993
SSN: 999-111-2323
Credit Card No:. 9988 5321
Medical Records, Test scores
bad guy
listens to the
communication
sensitive data
8. Information Security
Issues
Can you think of ways a bad guy can
use the data he obtains to cause
harm or attack?
Answer: Security Attacks
Can you think of what you can do to
prevent a bad guy from having
access to your private data or
information?
Answer: Security Services 8
15. 15
Classify Security Attacks
passive attacks - eavesdropping on, or
monitoring of, transmissions to:
obtain message contents, or
monitor traffic flows
active attacks – modification of data stream to:
masquerade of one entity as some other
replay previous messages
modify messages in transit
denial of service
20. 20
Security Services
Confidentiality – protection from
passive attacks
Authentication – you are who you say
you are
Integrity – received as sent, no
modifications, insertions, shuffling or
replays
21. 21
Security Services
Nonrepudiation – can’t deny a
message was sent or received
Access Control – ability to limit and
control access to host systems and
apps
Availability – attacks affecting loss or
reduction on availability
23. 23
Cryptography
Cryptography -- from the Greek for “secret
writing” -- is the mathematical “scrambling”
of data so that only someone with the
necessary key can “unscramble” it.
Cryptography allows secure transmission of
private information over insecure channels
(for example packet-switched networks).
Cryptography also allows secure storage of
sensitive data on any computer.
24. Cryptography
The process of converting a message into a secret
code called CIPHER TEXT, and changing the
encoded message back to regular text called PLAIN
TEXT.
(1) Encryption
The conversion of the original message into a
secret code or CIPHER TEXT using a key.
(2) Decryption
The conversion of the encoded message or PLAIN
TEXT back to the original message using the same
key.
24
Cryptography
25. Its All About
Keys !!!
25
My name
is
Alice Jack.
Encryption
Plain text
Wi xkwo sc kvsmo tkmuWi xkwo sc kvsmo tkmu
key
My name
is
Alice Jack.
Decryption
cypher text
Wi xkwo sc kvsmo tkmuWi xkwo sc kvsmo tkmu
key
26. Cryptography Wheel
You are meeting your
friend for lunch at a
restaurant. Which one?
– it’s a secret!
26
X
A B
C
D
ZY
P
G
M
E
R
Q
O
S
F
N
J
I
H
K
W
V
U
T
L
CIPHERTEXT PLAINTEXT
ENCRYPTION
Key = 4
X
A
B
C
D
ZY
P
G
M
E
R
Q
O
S
F
N
J
I
H
K
W
V
U
T
L
Golden Corral
27. Cryptography Wheel
Golden Corral
27
X
A B
C
D
ZY
P
G
M
E
R
Q
O
S
F
N
J
I
H
K
W
V
U
T
L
CIPHERTEXT PLAINTEXT
ENCRYPTION
Key = 4
X
A
B
C
D
Z
Y
P
G
M
E
R
Q
O
S
F
N
J
I
H
K
W
V
U
T
L
Jroghq Fruudo
DECRYPTION
Golden Corral
29. 29
The language of cryptography
symmetric key crypto: sender, receiver
keys identical
public-key crypto: encryption key
public, decryption key secret
(private)
plaintext plaintextciphertext
K
A
encryption
algorithm
decryption
algorithm
K
B
33. 33
RSA Encryption Algorithm
For example. make p = 7and q = 13
We then calculate N = 7∗13 = 91 and (p−1)(q−1)
= 72
We next select ke relatively prime to 72 and< 72,
yielding 5
Finally,we calculate kd such that ke*kd mod 72 =
1, yielding 29
We how have our keys
Public key, ke, N = 5, 91
Private key, kd , N = 29, 91
Encrypting the message 69 with the public key
results in the cyphertext 62
Cyphertext can be decoded with the private key
Public key can be distributed in cleartext to
anyone who wants to communicate with holder
35. 35
What is a Firewall?
a choke point of control and
monitoring
interconnects networks with differing
trust
imposes restrictions on network
services
only authorized traffic is allowed
auditing and controlling access
can implement alarms for abnormal
behavior
Computers sharing the internet or sharing a printer?
This is a wireless network
Can you think of other types of Communication networks?
Think about how people communicated before the advent of the internet or cell phone?
Attack on a person:
Physical attacks are efforts to injury or even kill a person. Other types personal attacks can also be attempts to injure or hurt someone emotionally or financially. Sometimes there is even an attack to destroy a person&apos;s reputation.
Attack on a property? Someone may try to damage or destroy property, such as a building. Theft is also considered a property attack.
Attack on organization
Groups or individuals may wish to damage, undermine or destroy an organization, such as a company or even a government. Attacks may involve sabotage, creating unrest among the people, damaging property or even killing leaders. Terrorists try to destroy a government or society through damaging property or randomly killing or injuring people.
Can you think of sensitive types of data that an attacker or bad guy may like to see? Bank accounts etc
E.g. Email passwords, bank account information, locking your door with a key, locking your car with a key too, etc.Don’t write your passwords anywhere, lock sensitive data in a safe,
Reasons for attacks: Revenge, money, political, thrills, avoid getting caught.
Talk about car keys, padlock keys, house keys, password keys….. What happens if the bad guy gets your keys?