Professional Documents
Culture Documents
Text Books
Network Security: Private Communication
in a Public World, Charlie Kaufman,
Pearson Education Inc., 2002
Network Security: A Complete Reference
Roberta Bragg, Mark Rhodes-Ousley,
Keith Strassberg Tata McGraw-Hill
2004.
Cryptography and Network Security/3e
William Stallings, Pearson Ed. 2003.
Syllabus
Syllabus
Network vulnerability assessment and
intrusion detection.
Remediation methods, including backup
and repair strategies.
Business continuity planning and disaster
recovery planning
Legal issues, privacy, cyber war and cyber
terror.
Other Information
Web site:
http://www.ent.mrt.ac.lk/~ekulasek/ns
Email:
ekulasek@ent.mrt.ac.lk
Telephone:
Found at website.
Levels of Security
Information security
Early days, security was provided by physical
access restrictions.
With networking this changed.
Computer security
Restriction to shared resource
Physical security
Network security
Protection of data during transmission.
Infrastructure setup for security. Eg. Bastion
host
Are these definitions enough?
More Classifications
Three Ds of security
Detection: tool based by monitoring
Defense: patching and updating
Deterrence: laws and policy making
Security Attacks
Normal flow of Information
source
destination
Security Attacks
Interception
Security Attacks
Interruption
Security Attacks
Modification
Security Attacks
Fabrication
Attack Types
Passive Attack:
This type of attack does not involve the
parties concerned.
Does not alter the information flowing
between the parties.
Active Attack
This type of attack involves the other parties
concerned.
The information flow is altered.
Passive Attack
This type of attacks are hard to detect since it does
not involve the other party or alter the data.
This kind of attack can be prevented rather than
detected.
Examples are Eavesdropping or monitoring of
traffic.
The objective of the opponent is to obtain the
information that is being transmitted.
Release of message content Opponent getting to
know the contents.
Traffic analysis the link traffic profile and information
gathering is done by the opponent.
Active Attack
This is easier to detect since the
information stream is altered and involves
the other party.
Harder to prevent since no absolute
protection is available with the current
buggy systems.
Involves some modification of the data
stream or creation of a false stream.
Masquerading The entity pretends to be a different
entity. Eg. Use a sniffer on a telnet stream
Replay passive capture of data, alter and then
retransmit.
Security Services
Confidentiality (privacy) is the protection of
transmitted data from passive attacks.
Authentication (who created or sent the data) is
assuring that the communication is authentic.
Integrity (has not been altered) will ensure that the
messages are received with no duplication,
insertion, modification. Reordering or replays.
Connection oriented service addresses DoS and
modifications (duplication, insertion, modification and
reordering problems handled).
Connectionless service - deals with only individual
messages and only assures against modification. This is
because it only deals with individual packets.
Security Mechanisms
Separation
Physical separation
Temporal separation
Logical separation
cryptographic separation
combinations of all above
Relationship Between
Services and Mechanisms
Other Considerations
Network Design Considerations
Designing for acceptable risk.
Use of network models with security (LAN/WAN more
secure?, Dedicated/non-dedicated?, segregation and
isolation)
Host hardening
Firewalls, Packet filtering
Security Highlighted
Kevin Mitnick
FBI arrested Kevin in February 1995
stealing 20,000 credit-card numbers
through the Internet. Valued at over one
million dollars.
broke into the computer of Tsutomu
Shimomura, a computer-security expert.
managed to get access to a set of utility
programs, that would basically give him the
tools necessary to break-in almost anywhere.
may have distributed these tools to other
hackers.
The Downside!!
Kevin served five years in a Federal
correctional institution before being
released in January 2000.
Now charges $15,000 for a one hour
talk !!