SlideShare a Scribd company logo

Lecture1 Introduction

R
rajakhurram

Network Security Course (ET1318, ET2437) at Blekinge Institute of Technology, Karlskrona, Sweden

EducationTechnology
1 of 39
Network Security Raja M. Khurram Shahzad
Course Overview • ~16 lectures = 2x45 minutes • Two laborations in Karlskrona (telekom-labbet)  One simple firewall laboration (iptables)  One VPN-laboration • Assignment/s • Course homepage It’s Learning (http://www.bth.se/lms/) • Roll call  Done online through the submission of the assignment, more information on this later on • Course literature  Stallings, W. Network Security Essentials. Applications and Standards. 4/E, Prentice Hall. 2
Security • Security is not a new concept • Quotes from “The Art of War”: • “The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.” • “Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win.” - The Art of War, Sun Tzu (late-sixth century BC) 3
History • ENIGMA:  The most sophisticated encoding machine of its time.  Used during World War II by the Germans.  Intercepting and decoding German transmissions would prove to be a turning point in the war 4
History cont. • U – 2:  US, spy plane  High altitude reconnaissance flights over the Soviet Union.  U-2 was brought down by the Soviet Union.  This incident set in motion a pattern of mistrust that culminated in the Cuban Missile Crisis. No one can predict if the Cold War might have ended sooner had the U-2 incident not occurred! 5
What is SECURITY ??? 1. Measures taken to guard against espionage or sabotage, crime or attack 2. The protection of data against unauthorized access • ” The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts” Computer Recreations: Of Worms, Viruses and Core War" by A. K. Dewdney in Scientific American • The Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3 defines security as "a form of protection where a separation is created between the assets and the threat". • In simple words : Security is the degree of protection against danger, damage, loss, and criminal activity. 6
Security Violations User A transmits a file F having sensitive information to user B. File F is SENSITIVE F A -------> B C CAPTURES F • Unauthorized User C capture copy during transmission F contains data about authorizations A sends message m to B: ”Update file F with names in message m” A(m) m B(F) C INTERCEPTS m and adds name of C A(m) m C(m) m B(F) 7
Computer & Network Security • Computer Security:  generic name for the collection of tools designed to protect data. • Network Security:  protect data during their transmission • There are no clear boundaries between these two forms of security. 8
Computer Security • NIST Computer Security Handbook defines  The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunication). • Three Key Objectives  Also called C I A Triad Confidentiality  Embody fundamental security objectives for – Data and information – Computing services Integrity Availability 9
Computer Security • Confidentiality : Authorized disclosure of information  Data Confidentiality : Not disclosed to unauthorized persons  Privacy : Who will collect information and to whom it will be disclosed  Example : Student grade information • Integrity: Authorized modification or destruction of information  Data Integrity : Information and Programs are changed in specific and authorized manner  System Integrity : No compromised functionality  Example: Patients information in hospital • Availability: Timely and reliable access to and use information.  Service is not denied to authorized users  Example: Authentication to services for critical systems. 10
Computer Security • Additional concepts • Authenticity  The property of being genuine and being able to be verified and trusted • Accountability  Actions of an entity can be traced uniquely to that entity 11
Impact of breach of Security LOW MODERATE HIGH Effect Limited Serious Serious or catastrophic Functional Ability Minor degradation Significant Severe (Primary functions degradation Damage to Assets Minor Significant Major Financial Loss Minor Significant Major Harm to Individual Minor Significant Severe (Loss of life or life- threatining injuries) 12
Secure Networks • Because no absolute definition of secure network exists:  Networks cannot be classified simply as secure or not secure. • Each organization defines the level of access that is permitted or denied, Security Policy  Security policy does not specify how to achieve protection.  The policy must apply to information stored in computers as well as to information traversing a network. 13
Security's impact on overall functionality Security Functionality Ease of use 14
THE OSI Security Architecture • Security Attack: Any action that compromises the security of information. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. Source Dest Normal Flow 15
Security Attacks  Security Attack: Any action that compromises the security of information  Interruption: This is an attack on availability Source Destination Darth  Interception: This is an attack on confidentiality Source Destination Darth 16
Security Attacks  Modification: This is an attack on integrity Source Dest Darth  Fabrication: This is an attack on authenticity Source Dest Darth 17
Security Services • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure)  Denial of Service Attacks  Virus that deletes files 18
Passive & Active Attacks • Passive Attacks: Difficult to detect, No alteration of data, focus on prevention 1. Release of message contents 2. Traffic analysis • Active Attacks: Modification of stream / data or its false creation, difficult to prevent, focus is on detection and recovery 1. Masquerade (impersonation) 2. Replay 3. Modification of message 4. Denial of service 19
Passive Attacks 20
Active Attacks I 21
Active Attacks II 22
Shane Stephens definition of Hackers • Group A: People who attempt to gain illegal access to machines on the internet for the ”fun” of it, but with no malicious intent. • Group B: People who attempt to gain illegal access to machines on the internet WITH malicious intent. • Group C: People who are adept at writing C/C++ code very quickly to do a specific thing (or similar) • Group D: Everybody else (esp. mainstream media). 23
Shane Stephens definition of Hackers (cont) • Group A call themselves "Hackers". Group A call Group B "Crackers". • Group B usually call themselves 31337 H4x0r5 • Group C call themselves "Hackers". Group C also call Group A "Hackers". • Many people in Group A are also in Group C. • Group D hasn't got any clue, and calls them all the same thing - "hackers". • The following naming scheme is appropriate:  Group A: Hacker  Group B: Cracker  Group C: Hacker (as well. Use context.)  Group D: Morons 24
Inside Security • What hacker´s don´t want you to KNOW • Firewalls are just the beginning:  critical component of an effective defence system, but they are significantly limited in terms of the types of attacks the can detect and repel. • Not all the bad guys are “out there”:  roughly half of all attacks are engineered by insiders who can potentially do more damage than hackers coming in from the outside. • Humans are the weakest link:  well-intentioned but uninformed employees are easily exploited by hackers who know which strings to pull • Passwords are not secure:  the most common form of user authentication is a “secret” password. This happens to be one of the most vulnerable for a verity of reasons. 25
Inside Security • They can see you but you can´t see them:  eavesdropping on network transmissions can reveal more than enough information to a hacker looking to gain higher levels of access. • Defaults are dangerous  a vendor´s choice of defaults for their product might meet their needs perfectly well but might spell disaster for you. • Yesterday´s strong crypto is today´s weak crypto:  just because you´ve encrypted a message is no guarantee that only authorized personnel will be able to read it. 26 FREDRIK ERLANDSSON
Inside Security • “It takes a thief to catch a thief”:  if you want to repel hackers attacks, it helps to think as They do. You can learn the tricks of the hacker trade from the same source that they do – the Internet • They future of hacking is bright:  Hackers are not going away any time soon. Their numbers seem to be growing. Emerging trends in the IT arena point to a brighter day when computers will do even more for us than they do now. These same changes may also usher in a host of new vulnerabilities for the next generation of hackers to exploit. 27 FREDRIK ERLANDSSON
The Golden Age of Hacking • There are so many possible systems to break into, most of them with weak security. • Companies have insufficient information to track these attackers  even if attackers are detected the chances of getting caught are slim • Ironically, companies were afraid of Y2K problem and spent a lot of money trying fixing it. But in most cases it seemed like the problem was overestimated, hyped by the media. Now there is a REAL PROBLEM but companies do not want to invest the money. • Lack of Awareness is the main reasons why so many companies are vulnerable. • It’s also a good time to be a security professional 28 FREDRIK ERLANDSSON
Methods of Defense • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smart-card) • Policies (frequent changes of passwords) • Physical Controls 29
Security Services • Authentication:  peer-entity Security Service:  data-origin A service that enhances • Access Control the security of data • Data Confidentiality: processing systems and  connection, information transfers. A  Connectionless security service makes  selective-field  traffic-flow use of one or more • Data Integrity security mechanisms.  connection [recovery, no-recovery, selective-field]  connectionless [no-recovery,selective-field] • NonRepudiation  Origin  Destination 30
Authentication • The assurance that communicating entity is the one that it claims to be • Data Origin: Provides that source of recieved data as claimed (m not protected) A(m) m B B(m,A)  AUTHENTIC(A)? • Peer Entity: Provide confidence in identities of entities connected A c B S(A,B)  AUTHENTIC(A,B)? S(c,masquerador,replay)  SECURE(c)? * m : message * c : connection 31
Access Control • The prevention of unauthorized use of a resource • Access REQUEST: A(m) m {Host / System} Host MATCHES m to A: {Host / System}(m,A) m’ A A GRANTED read/write access: c A(m’)  {Host / System} * m’ : modified message or authentication message 32
Confidentiality • The protection of data from unauthorized disclosure. • CONNECTION: cK A  B (e.g. TCP) (*K : Key) • CONNECTIONLESS: A mK B • SELECTIVE-FIELD: cK|c’ A  B • TRAFFIC-FLOW: A {} B 33
Integrity • The assurance that data recieved are exactly as sent by an authorized entity. • CONNECTION-RECOVERY: c modification/destruction A m B(m)  recover  m • CONNECTION-NO RECOVERY: c modification/destruction A m B(m)  detect  !! • SELECTIVE FIELD: c modification/destruction A m|m’ B(m)  detect(m)  !! 34
Non-Repudiation • Provides protection against denial by one of the entities involved in communication • SENDER VERIFICATION: A m,[A] B(m,[A])  mA • RECEIVER VERIFICATION: A m B B [m],[B] A([m],[B])  mB 35
Security Mechanism • Encipherment – unintelligible • Digital Signature – data tag to ensure  a) Source b) Integrity c) anti-forgery Security • Access Control Mechanism: • Data Integrity A mechanism • Authentication that is • Traffic Padding – prevent traffic analysis designed to • Routing Control – adapt upon partial failure detect, • Notarization – trusted third party prevent, or • Trusted Functionality recover from • Security Label a security • Event Detection attack. • Audit Trail • Recovery 36
Model for Network Security 37
Network Access Security Model • Gatekeeper: password-based login, screening logic • Internal controls: monitor activity, analyse stored info 38
The End 39

Recommended

Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Software Evolution
Software EvolutionSoftware Evolution
Software EvolutionMuhammad Asim
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
certified-ethical-hacker-cehv12_course_content.pdf
certified-ethical-hacker-cehv12_course_content.pdfcertified-ethical-hacker-cehv12_course_content.pdf
certified-ethical-hacker-cehv12_course_content.pdfinfosec train
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux PresentaionDev Gandhi
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 

Recommended

Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Software Evolution
Software EvolutionSoftware Evolution
Software EvolutionMuhammad Asim
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
certified-ethical-hacker-cehv12_course_content.pdf
certified-ethical-hacker-cehv12_course_content.pdfcertified-ethical-hacker-cehv12_course_content.pdf
certified-ethical-hacker-cehv12_course_content.pdfinfosec train
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
kali linux Presentaion
kali linux Presentaion kali linux Presentaion
kali linux PresentaionDev Gandhi
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Dynamic Systems Development Method (DSDM) - Agile
Dynamic Systems Development Method (DSDM) - AgileDynamic Systems Development Method (DSDM) - Agile
Dynamic Systems Development Method (DSDM) - AgileMaruf Abdullah (Rion)
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)david rom
 
Seguridad en redes (Nivel Basico)
Seguridad en redes (Nivel Basico)Seguridad en redes (Nivel Basico)
Seguridad en redes (Nivel Basico)Wimar Alexánder
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Controlidingolay
 
Cybersecurity Roadmap for Beginners
Cybersecurity Roadmap for BeginnersCybersecurity Roadmap for Beginners
Cybersecurity Roadmap for BeginnersSanjeev Kumar Jaiswal
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityMaganathin Veeraragaloo
 
System security
System securitySystem security
System securityinvertis university
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRamchandraRegmi
 
Platform as a Service (PaaS)
Platform as a Service (PaaS)Platform as a Service (PaaS)
Platform as a Service (PaaS)Halil Burak Cetinkaya
 
Cyber security
Cyber securityCyber security
Cyber securityAman Pradhan
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber securityShri ramswaroop college of engineering and management
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
System security
System securitySystem security
System securitysommerville-videos
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Message digest & digital signature
Message digest & digital signatureMessage digest & digital signature
Message digest & digital signatureDinesh Kodam
 
Jb ia
Jb iaJb ia
Jb iaDeepal Samaraweera
 

More Related Content

What's hot

Dynamic Systems Development Method (DSDM) - Agile
Dynamic Systems Development Method (DSDM) - AgileDynamic Systems Development Method (DSDM) - Agile
Dynamic Systems Development Method (DSDM) - AgileMaruf Abdullah (Rion)
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)david rom
 
Seguridad en redes (Nivel Basico)
Seguridad en redes (Nivel Basico)Seguridad en redes (Nivel Basico)
Seguridad en redes (Nivel Basico)Wimar Alexánder
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Controlidingolay
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityMaganathin Veeraragaloo
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 

What's hot (20)

Dynamic Systems Development Method (DSDM) - Agile
Dynamic Systems Development Method (DSDM) - AgileDynamic Systems Development Method (DSDM) - Agile
Dynamic Systems Development Method (DSDM) - Agile
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)
 
Seguridad en redes (Nivel Basico)
Seguridad en redes (Nivel Basico)Seguridad en redes (Nivel Basico)
Seguridad en redes (Nivel Basico)
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
 
Cybersecurity Roadmap for Beginners
Cybersecurity Roadmap for BeginnersCybersecurity Roadmap for Beginners
Cybersecurity Roadmap for Beginners
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network Security
 
System security
System securitySystem security
System security
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
 
System hacking
System hackingSystem hacking
System hacking
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Platform as a Service (PaaS)
Platform as a Service (PaaS)Platform as a Service (PaaS)
Platform as a Service (PaaS)
 
Cyber security
Cyber securityCyber security
Cyber security
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber security
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
System security
System securitySystem security
System security
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 

Viewers also liked

Message digest & digital signature
Message digest & digital signatureMessage digest & digital signature
Message digest & digital signatureDinesh Kodam
 
A Comparative Study between RSA and MD5 algorithms
A Comparative Study between RSA and MD5 algorithms A Comparative Study between RSA and MD5 algorithms
A Comparative Study between RSA and MD5 algorithms Er Piyush Gupta IN ⊞⌘
 
A Comparative Analysis between SHA and MD5 algorithms
A Comparative Analysis between SHA and MD5 algorithms A Comparative Analysis between SHA and MD5 algorithms
A Comparative Analysis between SHA and MD5 algorithms Er Piyush Gupta IN ⊞⌘
 
Hashing Algorithm: MD5
Hashing Algorithm: MD5Hashing Algorithm: MD5
Hashing Algorithm: MD5ijsrd.com
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithmBob Landstrom
 
Security and ethical challenges
Security and ethical challengesSecurity and ethical challenges
Security and ethical challengesVishakha Joshi
 
Message Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmMessage Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmAjay Karri
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithmSiva Rushi
 

Viewers also liked (17)

Message digest & digital signature
Message digest & digital signatureMessage digest & digital signature
Message digest & digital signature
 
Jb ia
Jb iaJb ia
Jb ia
 
A Comparative Study between RSA and MD5 algorithms
A Comparative Study between RSA and MD5 algorithms A Comparative Study between RSA and MD5 algorithms
A Comparative Study between RSA and MD5 algorithms
 
Modified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password EncryptionModified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password Encryption
 
A Comparative Analysis between SHA and MD5 algorithms
A Comparative Analysis between SHA and MD5 algorithms A Comparative Analysis between SHA and MD5 algorithms
A Comparative Analysis between SHA and MD5 algorithms
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 
Hashing Algorithm: MD5
Hashing Algorithm: MD5Hashing Algorithm: MD5
Hashing Algorithm: MD5
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithm
 
Security and ethical challenges
Security and ethical challengesSecurity and ethical challenges
Security and ethical challenges
 
Md5
Md5Md5
Md5
 
Message Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmMessage Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 Algorithm
 
Hashing
HashingHashing
Hashing
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
ISO 14000
ISO 14000ISO 14000
ISO 14000
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithm
 

Similar to Lecture1 Introduction

Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptshahadd2021
 
Describing the challenges of securing information
Describing the challenges of securing informationDescribing the challenges of securing information
Describing the challenges of securing informationNicholas Davis
 
Describing The Challenges Of Securing Information
Describing The Challenges Of Securing InformationDescribing The Challenges Of Securing Information
Describing The Challenges Of Securing InformationNicholas Davis
 
It Security Awareness Overview
It Security Awareness OverviewIt Security Awareness Overview
It Security Awareness OverviewNicholas Davis
 
It security awareness overview
It security awareness overviewIt security awareness overview
It security awareness overviewNicholas Davis
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPiBits
 
02-overview.pptx
02-overview.pptx02-overview.pptx
02-overview.pptxEmanAzam
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfVishwanathMahalle
 
Introduction to Computer Security
Introduction to Computer SecurityIntroduction to Computer Security
Introduction to Computer SecurityKamal Acharya
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
Introduction to Computer Security.ppt
Introduction to Computer Security.pptIntroduction to Computer Security.ppt
Introduction to Computer Security.pptKojaSb
 

Similar to Lecture1 Introduction (20)

Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
 
Describing the challenges of securing information
Describing the challenges of securing informationDescribing the challenges of securing information
Describing the challenges of securing information
 
Describing The Challenges Of Securing Information
Describing The Challenges Of Securing InformationDescribing The Challenges Of Securing Information
Describing The Challenges Of Securing Information
 
It Security Awareness Overview
It Security Awareness OverviewIt Security Awareness Overview
It Security Awareness Overview
 
It security awareness overview
It security awareness overviewIt security awareness overview
It security awareness overview
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
 
02-overview.pptx
02-overview.pptx02-overview.pptx
02-overview.pptx
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
Introduction to Computer Security
Introduction to Computer SecurityIntroduction to Computer Security
Introduction to Computer Security
 
CNS Unit-1.pptx
CNS Unit-1.pptxCNS Unit-1.pptx
CNS Unit-1.pptx
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Introduction to Computer Security.ppt
Introduction to Computer Security.pptIntroduction to Computer Security.ppt
Introduction to Computer Security.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1 (1).ppt
hel1 (1).ppthel1 (1).ppt
hel1 (1).ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 

More from rajakhurram

Malicious software
Malicious softwareMalicious software
Malicious softwarerajakhurram
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious softwarerajakhurram
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
Lecture 11 wifi security
Lecture 11 wifi securityLecture 11 wifi security
Lecture 11 wifi securityrajakhurram
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication rajakhurram
 
Lecture 7 certificates
Lecture 7 certificatesLecture 7 certificates
Lecture 7 certificatesrajakhurram
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web securityrajakhurram
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
Lecture 3b public key_encryption
Lecture 3b public key_encryptionLecture 3b public key_encryption
Lecture 3b public key_encryptionrajakhurram
 
Lecture3a symmetric encryption
Lecture3a symmetric encryptionLecture3a symmetric encryption
Lecture3a symmetric encryptionrajakhurram
 
Lecture2 network attack
Lecture2 network attackLecture2 network attack
Lecture2 network attackrajakhurram
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 

More from rajakhurram (14)

Malicious software
Malicious softwareMalicious software
Malicious software
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
Lecture 11 wifi security
Lecture 11 wifi securityLecture 11 wifi security
Lecture 11 wifi security
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
 
Lecture 7 certificates
Lecture 7 certificatesLecture 7 certificates
Lecture 7 certificates
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewalls
 
Lecture 3b public key_encryption
Lecture 3b public key_encryptionLecture 3b public key_encryption
Lecture 3b public key_encryption
 
Lecture3a symmetric encryption
Lecture3a symmetric encryptionLecture3a symmetric encryption
Lecture3a symmetric encryption
 
Lecture2 network attack
Lecture2 network attackLecture2 network attack
Lecture2 network attack
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail security
 

Recently uploaded

Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 

Recently uploaded (20)

Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 

Lecture1 Introduction

  • 1. Network Security Raja M. Khurram Shahzad
  • 2. Course Overview • ~16 lectures = 2x45 minutes • Two laborations in Karlskrona (telekom-labbet)  One simple firewall laboration (iptables)  One VPN-laboration • Assignment/s • Course homepage It’s Learning (http://www.bth.se/lms/) • Roll call  Done online through the submission of the assignment, more information on this later on • Course literature  Stallings, W. Network Security Essentials. Applications and Standards. 4/E, Prentice Hall. 2
  • 3. Security • Security is not a new concept • Quotes from “The Art of War”: • “The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.” • “Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win.” - The Art of War, Sun Tzu (late-sixth century BC) 3
  • 4. History • ENIGMA:  The most sophisticated encoding machine of its time.  Used during World War II by the Germans.  Intercepting and decoding German transmissions would prove to be a turning point in the war 4
  • 5. History cont. • U – 2:  US, spy plane  High altitude reconnaissance flights over the Soviet Union.  U-2 was brought down by the Soviet Union.  This incident set in motion a pattern of mistrust that culminated in the Cuban Missile Crisis. No one can predict if the Cold War might have ended sooner had the U-2 incident not occurred! 5
  • 6. What is SECURITY ??? 1. Measures taken to guard against espionage or sabotage, crime or attack 2. The protection of data against unauthorized access • ” The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts” Computer Recreations: Of Worms, Viruses and Core War" by A. K. Dewdney in Scientific American • The Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3 defines security as "a form of protection where a separation is created between the assets and the threat". • In simple words : Security is the degree of protection against danger, damage, loss, and criminal activity. 6
  • 7. Security Violations User A transmits a file F having sensitive information to user B. File F is SENSITIVE F A -------> B C CAPTURES F • Unauthorized User C capture copy during transmission F contains data about authorizations A sends message m to B: ”Update file F with names in message m” A(m) m B(F) C INTERCEPTS m and adds name of C A(m) m C(m) m B(F) 7
  • 8. Computer & Network Security • Computer Security:  generic name for the collection of tools designed to protect data. • Network Security:  protect data during their transmission • There are no clear boundaries between these two forms of security. 8
  • 9. Computer Security • NIST Computer Security Handbook defines  The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunication). • Three Key Objectives  Also called C I A Triad Confidentiality  Embody fundamental security objectives for – Data and information – Computing services Integrity Availability 9
  • 10. Computer Security • Confidentiality : Authorized disclosure of information  Data Confidentiality : Not disclosed to unauthorized persons  Privacy : Who will collect information and to whom it will be disclosed  Example : Student grade information • Integrity: Authorized modification or destruction of information  Data Integrity : Information and Programs are changed in specific and authorized manner  System Integrity : No compromised functionality  Example: Patients information in hospital • Availability: Timely and reliable access to and use information.  Service is not denied to authorized users  Example: Authentication to services for critical systems. 10
  • 11. Computer Security • Additional concepts • Authenticity  The property of being genuine and being able to be verified and trusted • Accountability  Actions of an entity can be traced uniquely to that entity 11
  • 12. Impact of breach of Security LOW MODERATE HIGH Effect Limited Serious Serious or catastrophic Functional Ability Minor degradation Significant Severe (Primary functions degradation Damage to Assets Minor Significant Major Financial Loss Minor Significant Major Harm to Individual Minor Significant Severe (Loss of life or life- threatining injuries) 12
  • 13. Secure Networks • Because no absolute definition of secure network exists:  Networks cannot be classified simply as secure or not secure. • Each organization defines the level of access that is permitted or denied, Security Policy  Security policy does not specify how to achieve protection.  The policy must apply to information stored in computers as well as to information traversing a network. 13
  • 14. Security's impact on overall functionality Security Functionality Ease of use 14
  • 15. THE OSI Security Architecture • Security Attack: Any action that compromises the security of information. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. Source Dest Normal Flow 15
  • 16. Security Attacks  Security Attack: Any action that compromises the security of information  Interruption: This is an attack on availability Source Destination Darth  Interception: This is an attack on confidentiality Source Destination Darth 16
  • 17. Security Attacks  Modification: This is an attack on integrity Source Dest Darth  Fabrication: This is an attack on authenticity Source Dest Darth 17
  • 18. Security Services • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure)  Denial of Service Attacks  Virus that deletes files 18
  • 19. Passive & Active Attacks • Passive Attacks: Difficult to detect, No alteration of data, focus on prevention 1. Release of message contents 2. Traffic analysis • Active Attacks: Modification of stream / data or its false creation, difficult to prevent, focus is on detection and recovery 1. Masquerade (impersonation) 2. Replay 3. Modification of message 4. Denial of service 19
  • 23. Shane Stephens definition of Hackers • Group A: People who attempt to gain illegal access to machines on the internet for the ”fun” of it, but with no malicious intent. • Group B: People who attempt to gain illegal access to machines on the internet WITH malicious intent. • Group C: People who are adept at writing C/C++ code very quickly to do a specific thing (or similar) • Group D: Everybody else (esp. mainstream media). 23
  • 24. Shane Stephens definition of Hackers (cont) • Group A call themselves "Hackers". Group A call Group B "Crackers". • Group B usually call themselves 31337 H4x0r5 • Group C call themselves "Hackers". Group C also call Group A "Hackers". • Many people in Group A are also in Group C. • Group D hasn't got any clue, and calls them all the same thing - "hackers". • The following naming scheme is appropriate:  Group A: Hacker  Group B: Cracker  Group C: Hacker (as well. Use context.)  Group D: Morons 24
  • 25. Inside Security • What hacker´s don´t want you to KNOW • Firewalls are just the beginning:  critical component of an effective defence system, but they are significantly limited in terms of the types of attacks the can detect and repel. • Not all the bad guys are “out there”:  roughly half of all attacks are engineered by insiders who can potentially do more damage than hackers coming in from the outside. • Humans are the weakest link:  well-intentioned but uninformed employees are easily exploited by hackers who know which strings to pull • Passwords are not secure:  the most common form of user authentication is a “secret” password. This happens to be one of the most vulnerable for a verity of reasons. 25
  • 26. Inside Security • They can see you but you can´t see them:  eavesdropping on network transmissions can reveal more than enough information to a hacker looking to gain higher levels of access. • Defaults are dangerous  a vendor´s choice of defaults for their product might meet their needs perfectly well but might spell disaster for you. • Yesterday´s strong crypto is today´s weak crypto:  just because you´ve encrypted a message is no guarantee that only authorized personnel will be able to read it. 26 FREDRIK ERLANDSSON
  • 27. Inside Security • “It takes a thief to catch a thief”:  if you want to repel hackers attacks, it helps to think as They do. You can learn the tricks of the hacker trade from the same source that they do – the Internet • They future of hacking is bright:  Hackers are not going away any time soon. Their numbers seem to be growing. Emerging trends in the IT arena point to a brighter day when computers will do even more for us than they do now. These same changes may also usher in a host of new vulnerabilities for the next generation of hackers to exploit. 27 FREDRIK ERLANDSSON
  • 28. The Golden Age of Hacking • There are so many possible systems to break into, most of them with weak security. • Companies have insufficient information to track these attackers  even if attackers are detected the chances of getting caught are slim • Ironically, companies were afraid of Y2K problem and spent a lot of money trying fixing it. But in most cases it seemed like the problem was overestimated, hyped by the media. Now there is a REAL PROBLEM but companies do not want to invest the money. • Lack of Awareness is the main reasons why so many companies are vulnerable. • It’s also a good time to be a security professional 28 FREDRIK ERLANDSSON
  • 29. Methods of Defense • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smart-card) • Policies (frequent changes of passwords) • Physical Controls 29
  • 30. Security Services • Authentication:  peer-entity Security Service:  data-origin A service that enhances • Access Control the security of data • Data Confidentiality: processing systems and  connection, information transfers. A  Connectionless security service makes  selective-field  traffic-flow use of one or more • Data Integrity security mechanisms.  connection [recovery, no-recovery, selective-field]  connectionless [no-recovery,selective-field] • NonRepudiation  Origin  Destination 30
  • 31. Authentication • The assurance that communicating entity is the one that it claims to be • Data Origin: Provides that source of recieved data as claimed (m not protected) A(m) m B B(m,A)  AUTHENTIC(A)? • Peer Entity: Provide confidence in identities of entities connected A c B S(A,B)  AUTHENTIC(A,B)? S(c,masquerador,replay)  SECURE(c)? * m : message * c : connection 31
  • 32. Access Control • The prevention of unauthorized use of a resource • Access REQUEST: A(m) m {Host / System} Host MATCHES m to A: {Host / System}(m,A) m’ A A GRANTED read/write access: c A(m’)  {Host / System} * m’ : modified message or authentication message 32
  • 33. Confidentiality • The protection of data from unauthorized disclosure. • CONNECTION: cK A  B (e.g. TCP) (*K : Key) • CONNECTIONLESS: A mK B • SELECTIVE-FIELD: cK|c’ A  B • TRAFFIC-FLOW: A {} B 33
  • 34. Integrity • The assurance that data recieved are exactly as sent by an authorized entity. • CONNECTION-RECOVERY: c modification/destruction A m B(m)  recover  m • CONNECTION-NO RECOVERY: c modification/destruction A m B(m)  detect  !! • SELECTIVE FIELD: c modification/destruction A m|m’ B(m)  detect(m)  !! 34
  • 35. Non-Repudiation • Provides protection against denial by one of the entities involved in communication • SENDER VERIFICATION: A m,[A] B(m,[A])  mA • RECEIVER VERIFICATION: A m B B [m],[B] A([m],[B])  mB 35
  • 36. Security Mechanism • Encipherment – unintelligible • Digital Signature – data tag to ensure  a) Source b) Integrity c) anti-forgery Security • Access Control Mechanism: • Data Integrity A mechanism • Authentication that is • Traffic Padding – prevent traffic analysis designed to • Routing Control – adapt upon partial failure detect, • Notarization – trusted third party prevent, or • Trusted Functionality recover from • Security Label a security • Event Detection attack. • Audit Trail • Recovery 36
  • 37. Model for Network Security 37
  • 38. Network Access Security Model • Gatekeeper: password-based login, screening logic • Internal controls: monitor activity, analyse stored info 38
  • 39. The End 39