NS - 04 Information Assurance - 4

You might also like

Download as pdf or txt
Download as pdf or txt
You are on page 1of 39

NETWORK

SECURITY
04 INFORMATION ASSURANCE

Contents
4.1 Network Architecture 4.2 OSI and TCP IP !ode" 4.# Securit$ Po"icies% Ser&ices ' !echanis(s

04 INFORMATION ASSURANCE

4.1 Network Architecture


) To *e a*"e to i(+"e(ent securit$ in a co((unications network% it is necessar$ to understand how the network o+erates. ) The ter( computer network is (ost"$ used to descri*e se&era" autono(ous co(+uters and ser&ers interconnected in a co(+"e, structure -Tanen*au(% 1./10.
04 INFORMATION ASSURANCE 3

4.1 Network Architecture


) Co(+uter networks are or1ani2ed in a series o3 "a$ers or "e&e"s. ) The +ur+ose o3 each "a$er is to o33er certain ser&ices to hi1her "a$ers and to shie"d the( 3ro( the detai"s o3 ser&ice i(+"e(entation.

04 INFORMATION ASSURANCE

4.2 OSI and TCP IP !ode"


4.2.1 OSI 7 Layers Reference Model )The OSI di&ides co((unications into se&en "a$ers% each +ro&idin1 a s+eci3ic set o3 ser&ices 3ro( a "ower "e&e". )The ISO IEC 44./5#6 1..47*asic re3erence (ode".

04 INFORMATION ASSURANCE

4.2 OSI and TCP IP !ode"


) Each "a$er can *e de&e"o+ed inde+endent"$ and is constrained on"$ *$ the ser&ices it +ro&ides to the n + 1 "a$er and *$ the ser&ices +ro&ided *$ the n - 1 "a$er.

04 INFORMATION ASSURANCE

4.2 OSI and TCP IP !ode"

04 INFORMATION ASSURANCE

4.2 OSI and TCP IP !ode"


Application
8 The a++"ication "a$er is where users +rocess the in3or(ation and deter(ine which +ro1ra(s the$ wi"" run and which +rotoco"s the$ wi"" use. 8 Si(+"e (ai" trans3er +rotoco" -s(t+0% h$+erte,t trans3er +rotoco" -htt+0% 3i"e trans3er +rotoco" -3t+0% te"net% and tri&ia" trans3er +rotoco" -T9TP0 are so(e e,a(+"es o3 the +rotoco"s workin1 at the a++"ication "a$er.
04 INFORMATION ASSURANCE 8

4.2 OSI and TCP IP !ode"


Presentation
8 The 3unction o3 the +resentation "a$er is to +ro&ide the users with certain use3u"% *ut not a"wa$s essentia"% trans3or(ation ser&ices o3 the users: data. 8 These ser&ices inc"ude con&ersion *etween character codes -/5*it ASCII% &irtua" ter(ina" +rotoco"s0% cr$+to1ra+hic trans3or(ations% te,t co(+ression% ter(ina" hand"in1% 3i"e trans3er% and (ani+u"ation o3 3i"es.
04 INFORMATION ASSURANCE 9

4.2 OSI and TCP IP !ode"


Session
8 The session "a$er is the user:s inter3ace with the network. 8 The user (ust ne1otiate with this "a$er to esta*"ish a connection with another (achine. 8 A connection *etween users -or *etween two +resentation "a$ers0 is ca""ed a session. 8 The network 3i"e s$ste( -N9S0% structured ;uer$ "an1ua1e -S<=0% and re(ote +rocedure ca"" -RPC0 are so(e e,a(+"es.
04 INFORMATION ASSURANCE 10

4.2 OSI and TCP IP !ode"


Transport
8 The trans+ort "a$er:s task is to +ro&ide re"ia*"e and e33icient end5to5end trans+ort ser&ice *etween users: +rocesses. 8 Co""ecti&e"$% "a$ers 1 throu1h 4 +ro&ide a trans+ort ser&ice% shie"din1 the hi1her "a$ers 3ro( the technica" detai"s o3 how co((unication is achie&ed.

04 INFORMATION ASSURANCE

11

4.2 OSI and TCP IP !ode"


Network
8 The "owest three "a$ers -#% 2% and 10 are concerned with the end5to5end trans(ission% 3ra(in1% and routin1 o3 +ackets *etween (achines. 8 A network "a$er% so(eti(es ca""ed the co((unication su*net "a$er% contro"s the e,chan1e o3 data *etween the user and the network% as we"" as the o+eration o3 the su*net.
04 INFORMATION ASSURANCE 12

4.2 OSI and TCP IP !ode"


8 The network "a$er 1rou+s the *inar$ di1its% inc"udin1 data and contro" e"e(ents% into +ackets o3 in3or(ation co(+osed o3 header% data% and trai"er% which are trans(itted as a who"e. 8 Internet +rotoco" -IP0% Internet contro" (essa1e +rotoco" IC!P0% routin1 in3or(ation +rotoco" -RIP0% o+en shortest +ath 3irst -OSP90% and *order 1atewa$ +rotoco" ->?P0 are so(e e,a(+"es o3 the +rotoco"s workin1 at the network "a$er.
04 INFORMATION ASSURANCE 13

4.2 OSI and TCP IP !ode"


Data Link
8 When the +ackets 3ro( "a$er # arri&e at "a$er 2% a 3ra(e header and trai"er are attached 3or trans(ission. 8 The data "ink "a$er *reaks u+ the data 3ro( the network "a$er into data 3ra(es and trans(its the 3ra(es se;uentia""$.

04 INFORMATION ASSURANCE

14

4.2 OSI and TCP IP !ode"


8 Ad&anced data co((unication contro" -A@CCP0% "a$er 2 3orwardin1 -=290% "a$er 2 tunne"in1 +rotoco" -=2TP0% and hi1h5"e&e" data contro" -A@=C0% as$nchronous trans3er (ode -AT!0 are so(e e,a(+"es o3 the +rotoco"s. 8 A"" these +rotoco"s a""ow data 3ra(es to contain an ar*itrar$ nu(*er o3 *its and are re3erred to as *it5oriented +rotoco"s.

04 INFORMATION ASSURANCE

15

4.2 OSI and TCP IP !ode"


P !sical
8 The +h$sica" "a$er -"a$er 10 con&erts *its into e"ectrica" si1na"s% and it is in&o"&ed with the trans(ission and rece+tion o3 the raw *its o&er a co((unication s$ste(. 8 Inte1rated ser&ices di1ita" network -IS@N0% Ethernet +h$sica" "a$er% and SONET S@A are so(e e,a(+"es.
04 INFORMATION ASSURANCE 16

4.2 OSI and TCP IP !ode"


8 The (ain task o3 the +h$sica" "a$er is to (ake sure that when a B *it is sent% the other +h$sica" "a$er wi"" recei&e a B *it and not a 1. 8 !ost o3 the ti(e% the +h$sica" "a$er is connected to *rid1es% routers% switches% 1atewa$s% or (ode(s.

04 INFORMATION ASSURANCE

17

4.2 OSI and TCP IP !ode"


4.2.2 TCP/IP Model )TCP IP% is a"so (ode"ed in "a$ers. )The TCP IP +rotoco" stack consists o3 3our "a$ers6 a++"ications "a$er% trans+ort "a$er% network "a$er% and data "a$er.

04 INFORMATION ASSURANCE

18

4.2 OSI and TCP IP !ode"

04 INFORMATION ASSURANCE

19

4.2 OSI and TCP IP !ode"


Application
8 A++"ications co((unicate with each other o&er the network *$ usin1 the data co((unication ser&ices o3 the trans+ort "a$er. 8 ATTP% 3i"e trans3er +rotoco" -9TP0% S!TP% and SN!P te"net are so(e e,a(+"es o3 the +rotoco"s workin1 at the a++"ication "a$er. 8 The data 3or(atted at the a++"ication "a$er are ca""ed (essa1es.
04 INFORMATION ASSURANCE 20

4.2 OSI and TCP IP !ode"


Transport
8 The trans+ort "a$er +ro&ides end5to5end data trans3er *$ de"i&erin1 data 3ro( an a++"ication to its re(ote +eer. 8 Two (ain +rotoco"s work at the trans+ort "a$er6 the trans(ission contro" +rotoco" -TCP0 and the user data1ra( +rotoco" -C@P0.
) TCP is re3erred to as a connection5oriented +rotoco" *ecause handshakin1 takes +"ace *e3ore an$ data is sent.
04 INFORMATION ASSURANCE 21

4.2 OSI and TCP IP !ode"


) C@P i(+"e(ents connection"ess sessions &ia D*est e33ortE de"i&er$ (echanis(s.

Network
8 The network "a$er is a"so ca""ed the Internet layer or the Internetwork layer. 8 The trans+ort "a$er needs to deter(ine the routes *etween end+oints to trans3er the end5 to5end data% and the network "a$er +ro&ides the network routin1 ser&ices or IP addresses.
04 INFORMATION ASSURANCE 22

4.2 OSI and TCP IP !ode"


8 The +rotoco" used to +ro&ide these ser&ices o&er the Internet is the Internet +rotoco" -IP0. 8 IC!P% I?!P% ARP% and RARP are so(e e,a(+"es o3 the +rotoco"s workin1 at the network "a$er.

04 INFORMATION ASSURANCE

23

4.2 OSI and TCP IP !ode"


) @ata
8 The data "a$er is a"so ca""ed the network inter3ace "a$er or the "ink "a$er. 8 The data "a$er is the inter3ace to the actua" network hardware. 8 IEEE /B2.2% F.2G AT!% 9@@I% SNA% PPP% 9ra(e Re"a$% AT!% and IEEE /B2.# are so(e e,a(+"es. 8 The data 3or(atted at the data "a$er are ca""ed 3ra(es.
04 INFORMATION ASSURANCE 24

4.# Sec. Po".% Ser&.% ' !ech.


) Securit$ Po"icies states an or1ani2ation:s intentions and decisions on what and how e"ectronic in3or(ation shou"d *e secured. ) The R9C 2/2/% DInternet Securit$ ?"ossar$E a*out securit$ +o"ic$% securit$ ser&ices% and securit$ (echanis(s.

04 INFORMATION ASSURANCE

25

4.# Sec. Po".% Ser&.% ' !ech.


) Securit$ +o"ic$6
8 -10 A set o3 ru"es and +ractices that s+eci3$ or re1u"ate how a s$ste( or or1ani2ation +ro&ides securit$ ser&ices to +rotect sensiti&e and critica" s$ste( resources. 8 -20 The set o3 ru"es "aid down *$ the securit$ authorit$ 1o&ernin1 the use and +ro&ision o3 securit$ ser&ices and 3aci"ities.
04 INFORMATION ASSURANCE 26

4.# Sec. Po".% Ser&.% ' !ech.


) Securit$ de&ices6
8 A +rocessin1 or co((unication ser&ice that is +ro&ided *$ a s$ste( to 1i&e a s+eci3ic kind o3 +rotection to s$ste( resources.

) Securit$ (echanis(s6
8 A +rocess -or a de&ice incor+oratin1 such a +rocess0 that can *e used in a s$ste( to i(+"e(ent a securit$ ser&ice that is +ro&ided *$ or within the s$ste(.
04 INFORMATION ASSURANCE 27

4.# Sec. Po".% Ser&.% ' !ech.

04 INFORMATION ASSURANCE

28

4.# Sec. Po".% Ser&.% ' !ech.

04 INFORMATION ASSURANCE

29

4.# Sec. Po".% Ser&.% ' !ech.


Con"i#entialit!
8 Con3identia"it$ is the assurance that in3or(ation is not (ade a&ai"a*"e or disc"osed to unauthori2ed indi&idua"s% entities% or +rocesses.

04 INFORMATION ASSURANCE

30

4.# Sec. Po".% Ser&.% ' !ech.

04 INFORMATION ASSURANCE

31

4.# Sec. Po".% Ser&.% ' !ech.


Inte$rit!
8 Inte1rit$ is the assurance that data is not accidenta""$ or de"i*erate"$ (odi3ied in transit *$ re+"ace(ent% insertion% or de"etion.

04 INFORMATION ASSURANCE

32

4.# Sec. Po".% Ser&.% ' !ech.

04 INFORMATION ASSURANCE

33

4.# Sec. Po".% Ser&.% ' !ech.


A%t entication
8 Authentication is the assurance that a (essa1e is co(in1 3ro( the source 3ro( which it c"ai(s to co(e.

04 INFORMATION ASSURANCE

34

4.# Sec. Po".% Ser&.% ' !ech.

04 INFORMATION ASSURANCE

35

4.# Sec. Po".% Ser&.% ' !ech.


) Access Control Authentication
8 Access contro" +ro&ides +rotection a1ainst the unauthori2ed use o3 resources. 8 It inc"udes the +re&ention o3 the use o3 a resource in an unauthori2ed (anner *$ identi3$in1 or &eri3$in1 the e"i1i*i"it$ o3 a station% ori1inator% or indi&idua" to access s+eci3ic cate1ories o3 in3or(ation.
04 INFORMATION ASSURANCE 36

4.# Sec. Po".% Ser&.% ' !ech.

04 INFORMATION ASSURANCE

37

4.# Sec. Po".% Ser&.% ' !ech.


) Nonrepudiation
8 Re+udiation (eans denia" *$ one o3 the entities in&o"&ed in a co((unication o3 ha&in1 +artici+ated in a"" or +art o3 the co((unication.

04 INFORMATION ASSURANCE

38

4.# Sec. Po".% Ser&.% ' !ech.

04 INFORMATION ASSURANCE

39

You might also like