C h a p t e r 1 : I n t r o d u c t i o n

 Client:
 Is an entity that consists of an operating system and a collection of
programs to perform a set of function.
________________________________
 Server:
 provides one or more services that may range from minimal server-
based computing (such as for database server or image-processing
server).
 A server is a passive machine; it only responds to inquiries or
requests from clients.
________________________________
 Classes of Security Risks:
 can be divided into three categories:
i. Breaching secret data,
ii. Unauthorized logons,
iii. Unauthorized denial of service.
________________________________
 Security Concepts: (‫حاول تفهمهم بس‬..)
 The Basic concepts ..
1. Identification..(‫)انت مين‬
 Users are identified to a computer or an application through a user
identifier or user-id.

2. Authentication..(‫)بتأكد من هويتك‬
 used to verify the identity of user. This verification requires the
exchange of shared secrets between the user and the application.

3. Authorization.. (‫)بوفرلك الحياتك وبس‬

 process of giving access rights to each user ID.

4. Access Control..(‫)بتأكد إن الحياتك دي بس اللي هتاخدها‬

 Process of enforcing access rights for network resources.

5. Confidentiality..(‫ )بأمن على البيانات إن حد ملوش الحيات إنه يشوفها‬:

 Process used to protect secret information from unauthorized
disclosure.

6. Data Integrity..(‫ )بتأكد إن الداتا تم نقلها بالم‬:

 allows the detection of unauthorized modification of data.
7. Non-repudiation..( ‫بتأكد من هوية الشخص اللي عمل عملية الرسال او‬
‫ )الستقبال اللي تمت‬:
 Is the capability to provide proof of the origin of data or proof of the
delivery of data.
 Is required for handing commercial transactions over the Internet.

8. Denial of Service.. :
 attack is one in which the attacker takes over or consumes a
resource so that no one else can use it.
_____________________________________
C h a p t e r 2 : L o g o n a n d A u t h e n t i c a t i o n
 Logon Process:
 The user logon process begins with the user entering an
identification (ID), followed by verify the identity of the user.
 First, the user selects the desired application to log on. The
application ask the user to enter an identifier (ID); the user enters
the ID.the application ask the user to enter the password,the user
sends the password to the application.
 Now the application compares the password it received from the
user to the one retrieved from its ID-password database. If the two
matches, the user is logged on to the application; otherwise the
application informs the user that the password or the ID is invalid.
________________________________
 Authentication : ##
 Is the process of verifying something, Such as a user's identity, a
network address, or the integrity of a data string.
 In computer networks, users can be authenticated based on one or
more of the following:
i. Something the user knows..
 Users are given a secret to memorize, such as a password. The
password should be known only to the user and the system.
ii. Something the user has..
 User may be given item such as keys, badges or other devices. These
devices, in turn, help the system to authenticate the users.
iii. Something the user is..
 The user is given a token card that shares a secret key with the
system.
 This key is called the shared secret key. The card displays a number
that changes over time, these secrets should be shared only between
the user and the system.
________________________________

 There are two types of characteristics for user authentication…

I. The first are the physiological characteristics which include
fingerprints, hand_prints and retinal patterns.
II. The second are the behavioral characteristics such as vocal patterns,
signature, and keystroke typing patterns.
 Password Guessing:
 Individual passwords can be guessed as analyzed the ease password.
 the potential words to match the passwords by using the following
steps:
1. List user's name, initials, account name, and other relevant personal
information as a possible password. In all, a tried up to 130 different
passwords for each user.
2. List words from various dictionaries including men's and women's
names and their permutations; places; names of famous people;
cartoons and cartoon characters; titles, characters, and locations
from films and science fiction stories; sports names and terms; etc.
________________________________
 Password Controls: (‫ )سطر واحد على القل لكل واحدة‬##

1. Limited Attempts: (‫)كل نظام ليه عدد محدد لتاجيل الدخول‬

 Many systems restrict the number of unsuccessful attempts to log
on ,this limit is set at 3 or 6. When the limit is reached, the system
locks out and denies any more logon attempts.

2. Password Aging: (‫)كل باسورد ليه مدة معينة علشان يتغير‬

 Implies that each password has a fixed lifetime, after which the
password must be changed.
 most system also allows users to change a password any time during
this interval.

3. Minimum Length: (‫)لزم يكون الباس ليه طول معين علشا ن ميتخمنش باهولة‬
 short passwords are easier to guess than long ones, many systems
require that the passwords must be of a minimum length.

4. User Lockouts :
 This feature allows the system administrator to lock out an ID that
has not used for a certain amount of time or that has not changed
the password within the specified time limit.

5. Root Password protection :

 The administrator has more access rights than a typical user, the root
password is a common target of attack by hackers.
6. One-Time Passwords Using Token Cards :
 Is based on generating passwords that can be used only once. After
use, the onetime password becomes invalid.
 One-Way Authentication :
 Consider the simple case in which a user wishes to log on to a host
application.
 let us assume that only the user needs to be authenticated to the
application. Therefore, the host application is not to be
authenticated to the user. Then the authentication procedure simply
involves the user sending his ID and the password to the application.
 The application verifies the password for the received ID. There by
authenticating the user.
____________________________________

 #######
symmetric key encryption scheme uses the same key for encryption
and decryption.
asymmetric key encryption and is the basis of the public key schemes.
private key known only to the user
public key known to every one

C h a p t e r 3 : W o r k s t a t i o n S e c u r i t y
 Audit Trail:
 The process of automatic recording and saving of several significant
system events.
________________________________
 Intrusion Detection:
 Is the process of detecting and identifying unauthorized or unusual
activities on the system. By using the audit records.
________________________________
 Profiles:
 The behavior of a subject (or a group of subjects) on an object (or a
group of objects),include the description of normal behavior of
subjects with respect to the objects.
________________________________
 Anomaly Records:
 Is created when the audit records show some abnormal behavior
compared to that in the profiles.
 Background:
 The scientifically correct definition for a computer virus is self-
reproducing automation. Viruses have the capability to control of the
computer.
________________________________

A. Viruses  Is self-reproducing automation ,is not an

independent program.
 Makes one or more copies of itself, and when
these copies are executed, more copies are
made, and infinity.
B. Bacteria  These programs do not directly attack any
software, they consume resources simply by
replicating themselves.
C. Worms  Is an independent program that can replicate
itself and spreads to different sites over a
network.
D. Trapdoors  Are used during software development by
programmers to test, monitor, debug, and
sometimes even fix programs.
 Are an undocumented entry point into
software that circumvents the normal system
protection.
E. Logic Bombs  A software logic bomb or a time bomb is a part
of software that is set to inflict damage when a
certain set of conditions exist.
F. Trojan  a large hollow horse made of wood in which
Horses the Greeks hid their soldiers and left it at the
gates of Troy.

___________________________________________________________
 Ch4
Distributed Security Services
 Encryption:
 Is the process of transforming data into an unintelligible form in
another a way the original data can be obtained only by using the
decryption process and the encryption key.
 The original data is called plain_text and the encrypted data is called
cipher data.

 Transposition:
 A given text can be transposed in several ways.

 Substitution:
 A given text can also be encrypted by substituting each letter with
another letter.

 Data integrity:
 Is protection of information from modification by unauthorized users.
 Data integrity is not the same as data confidentiality.

Data implies that confidential data is not disclosed to an

confidentiality unauthorized user.
Data integrity implies that no unauthorized user can modify the
data.
______________________________________

 One-Way Hash Functions:

 used for a long time in the computer industry.
 has many names: message digest, check sum, contraction function,
data integrity check
 The purpose of function is to provide the means for the receiver to
detect if the message has been modified by unauthorized means.
 Requirements of one-way hash functions: ( ‫ديه مش من ضمن الصفحات‬
‫)اللى قال عليها بس احتياطيا نكون عرفنها لما تخلصوا الحاجات اللى علينا الول والنبى‬
1- The one-way hash function H can be applied to a data block M of
arbitrary size.
2- The resulting message digest, d, is of fixed size, the message digest
size is usually 128 bits or 160 bits.
3- The one-way hash function H is easy to implement in both hardware
and software.
4- Given the message digest d, it is very hard to find the original message
M.
5- Given the message M, it is very hard to find a data block N such that H
(N) = H (M).
6- It is very hard to find any two data blocks x and y such that:
H (x) = H (y).
 P36:

 Digital Signature:
 provides proof of authenticity and origination of data. Digital
signature is different from encryption.

________________________________________
‫)‪ (Very Important #######‬‬

‫)هى هى الرسمة اللى فوق بس هتجيلك بالشكل ده وانت هتكتب مكان الرقام( ‪‬‬
 CH5
Access Control
 Subjects:
 Is capable of accessing an object.
 Examples of a subject include an individual user, a user group, a
terminal, a host, or an application.

 Access Rights:
 define the ways in which a subject can access the object. Access
rights are specified for each pair of subjects and objects.

 Objects:
 An object is an entity to which access can be controlled.
 Examples of objects can be as detailed as the individual data fields
or as aggregate as groups of programs, records, files, or entire
databases.

 Access control:
 enforces the access rights when a subject requests to access an
object.
 has also been defined as comprising the mechanisms that enforce on
subject requests for access to objects as specified in the security
policy.

 Access Control:

1. Access Control List..

 ACL for a given object defines the access rights for each subject.

2. A Capability List..
 CL for a subject specifies the rights to access each object.

___________________________________________________________
 CH7
Internet Firewalls
 Firewalls :
 protect private networks from intrusion, and other attacks from the
Internet, an adequate barrier is required.
 should intercept all the traffic between a given private network and
the Internet.
 provides controlled access between a private network and the
Internet. It intercepts each message between the private network
and the Internet.
 determines whether a data packet or a connection request should be
permitted to pass through the firewall or be discarded.

 There are three areas of risks..

Information Someone can steal or
destroy the information that is
stored on the private network.

Resources Someone can damage or

misuse the computer systems
on the private network.

Reputation Someone can damage the

reputation of a business by
demonstrating vulnerabilities in
its network security.
 A secure operating system:
 can protect the firewall code and files from attacks by intruders.
Often, the firewall code is the only application permitted to execute
on a given host system.

 The filter:
 executes a set of rules that have been defined by the firewall
administrator at configuration time.

 Gateway:
 intercepts the traffic and authenticates users at the TCP/IP
application level.

 The application gateway function:

is often provided by implementing a proxy server.
 The proxy server:
 authenticates the user. After authentication, the user logs on the
remote server on the Internet.
 all the Internet communications to the private network are received
by the proxy servers, analyzed, and forwarded appropriately.
 operates at the application level, a separate proxy server may be
required for each type of application.

 The SOCKS server:

 provides gateway support through the firewall.
 require modifications to the client software, but no change is
required to the user procedures.

 The domain name service:

 isolates the name service of the private network from that of the
Internet.

 The mail handling capability:

 ensures that any E-mail exchange between the private network and
the Internet is processed through the firewall.

 Risks:
 Not Addressed By Firewalls There are several types of security
exposures to private networks that a firewall cannot address.
 We list some such exposures . . .
1. Insider's Intrusion:
 The firewall cannot protect the resources from attack by an internal
user of the private network.
2. Direct Internet Traffic:
 A firewall is beneficial only if all the Internet traffic is handled
through the firewall.
 The firewall cannot protect the resources of the private network
from the traffic that takes place directly with the Internet
3. Virus Protection:
 Typically, a firewall cannot protect a private network from external
viruses.

_________________________________________________