1. C E : 3 4 8 : I N F O R M A T I O N N E T W O R K S E C U R I T Y
I N T R O D U C T I O N O F N E T W O R K S E C U R I T Y
Chandubhai S. Patel Institute of Technology
P R E P A R E D B Y :
S N E H A P A D H I A R
A S S I S T A N T P R O F E S S O R
2. Chandubhai S. Patel Institute of Technology (CSPIT), CHARUSAT
In daily life we use information for various purposes and use network for communication and exchange
information between different parties.
In many cases these information are sensitive so we need to take care that only authorized party can get
that information.
For maintaining such privacy we require some mechanism or physical device which ensures that it is safe.
Such mechanism or physical devices are known as security system.
3. • Computer Security:
The protection afforded to an automated information system in order
to attain the applicable objectives of preserving the integrity,
availability, and confidentiality of information system resources.
or
Generic name for the collection of tools designed to protect data and
to thrwart hackers.
4. • Data Security:
Data security is the science and study of methods of protecting data
from unauthorized disclosure and modification.
5.
6. • Confidentiality is probably the most common aspect of information
security. We need to protect our confidential information. An organization
needs to guard against those malicious actions that endanger the
confidentiality of its information.
• Integrity Information needs to be changed constantly. Integrity means that
changes need to be done only by authorized entities and through authorized
mechanisms.
• Availability The information created and stored by an organization needs to
be available to authorized entities. Information needs to be constantly
changed, which means it must be accessible to authorized entities.
7. Confidentiality: It covers two concepts
• Data Confidentiality: Assures that private or confidential information is not made available or disclosed
to unauthorized individuals.
• Privacy: Assures that individuals control or influence what information related to them may be
collected and stored and by whom and to whom that information may be disclosed.
Availability: Assures that systems work promptly and service is not denied to
authorize user.
8. Integrity: It covers two concepts
• Data Integrity: Assures that information and programs are changed
only in a specified and authorize manner.
• System Integrity: Assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system.
9. • Authentication
Authentication is the process of determining whether someone or
something is, in fact, who or what it is declared to be.
• Access control
It is the ability to limit and control the access to host systems and
applications via communication links.
This servicse controls who can have access to a resource.
10. Nonrepudiation
• Nonrepudiation prevents either sender or receiver from denying a
transmitted message.
• When a message is sent, the receiver can prove that the alleged
sender in fact sent the message
• When a message is received, the sender can prove that the alleged
receiver in fact received the message.
11. • Threat:
• A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security
and cause harm. That is, a threat is a possible danger that might exploit
vulnerability.
13. Passive Attack
• Release of message contents:
o The release of message
contents is easily understood.
A telephone conversation, an
electronic mail message, and
a transferred file may contain
sensitive or confidential
information.
14. o TRAFFIC ANALYSIS
o Suppose that we had a way of
masking the contents of
messages or other information.
o Even if they captured the
message, could not extract the
information from the message.
o The common technique for
masking contents is encryption.
o If we had encryption
protection in place, an
opponent might still be able
to observe the pattern of
these messages.
15. Active Attack
• Attacker tries to alter transmitted data.
• Masquerade: A masquerade takes place when one entity pretends to
be a different entity (Figure a). A masquerade attack usually includes
one of the other forms of active attack.
16. Replay: Replay involves the passive capture of a data unit and
its subsequent retransmission to produce an unauthorized effect.
17. • Modification of messages:
o Modification of messages simply means that some portion of a legitimate
message is altered, or that messages are delayed or reordered, to produce
an unauthorized effect (Figure c).
o For example, a message meaning "Allow John Smith to read confidential
file accounts" is modified to mean "Allow Fred Brown to read confidential
file accounts."
18. • Denial of service:
o The denial of service prevents or inhibits the normal use or management
of communications facilities.
o
This attack may have a specific target; for example, an entity may suppress all
messages directed to a particular destination (e.g., the security audit service).
o Another form of service denial is the disruption of an entire network,
either by disabling the network or by overloading it with messages so as to
degrade performance.
19.
20. Security services
• A security service is a processing or communicating service that can
prevent or detect the above- mentioned attacks. Various security services
are:
• Authentication: the recipient should be able to identify the sender, and
verify that the sender, who claims to be the sender, actually did send the
message.
• Data Confidentiality: An attacker should not be able to read the
transmitted data or extract data in case of encrypted data. In short,
confidentiality is the protection of transmitted data from passive attacks.
• Data Integrity: Make sure that the message received was exactly the
message the sender sent.
• Nonrepudiation: The sender should not be able to deny sending the should
not be able to deny receiving the message.
22. specific security mechanisms
• May be incorporated into the appropriate protocol layer in order to
provide some of the OSI security services.
• Encipherment
The use of mathematical algorithms to transform data into a form that
is not readily intelligible.
• Digital Signature
Data appended to, or a cryptographic transformation of , a data unit
that allows a recipient of the data unit to prove the source and integrity
of the data unit and protect against forgery.
23. • Access control
A variety of mechanisms that enforce access rights to resources.
• Data Integrity
A variety of mechanisms used to ensure the integrity of a data unit or stream
of data units.
• Authentication exchange
A mechanism indented to ensure the identity of an entity by means of
information exchange.
24. • Traffic Padding
The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts.
• Notarization
The use of a trusted third party to assure certain Properties of a data
exchange.
25. pervasive security mechanisms
• Trusted functionality
That which is perceived to be correct with respect to some criteria.
• Event detection
Detection of security relevant events.
• Security label
The marking bound to resource that names or designates the security
attributes of that resource.
• Security recovery
Deals with requests from mechanisms, such as event handling and
management functions, and takes recovery actions.
26. TECHNIQUES
Cryptography
Cryptography, a word with Greek origins, means “secret writing.”
However, we use the term to refer to the science and art of transforming
messages to make them secure and immune to attacks.
27. • Steganography
The word steganography, with origin in Greek, means “covered
writing,” in contrast with cryptography, which means “secret writing.”