Al-Madina Higher institute for

engineering and technology

Network Security
(COMM 520)
Fourth Level

DR. AHMED ZAKARIA

ELECTRONICS AND COMMUNICATIONS
ENGINEERING DEPT.

DR AHMED ZAKARIA 1
Course Timeline
Week 1 Introduction to computer and network security
Week 2 Methods of defense

Week 3 secure encryption systems

(Symmetric and Asymmetric encryption)
Week 4
Week 5 encryption algorithms
AES
Week 6 RSA

Week 7 Introduction to Security protocols

Week 8 Mid-Term Exams

Week 9 key distribution, authentication, and digital signature schemes

Week 10 Software security ,viruses and similar programs

Week 11 Database security

Week 12 Design of secure operating system

Week 13 IP security and the IPSec protocol.

Week 14 firewalls, web security, and electronic mail security

Week 15 Revision and Open Discussion DR AHMED ZAKARIA 2

Methods of defense
Security process
◦ we cannot just rely on a single type of security to provide protection to an
organization’s information.
◦ Likewise, we cannot rely on a single product to provide all of the necessary security
for our computer and network system.
◦ The reality of the situation is that no one product will provide total security for an
organization.

DR AHMED ZAKARIA 3
Methods of defense
Anti-Virus Software
◦ Anti-virus software is a necessary part of a good security program.
◦ it can reduce an organization’s exposure to malicious programs.
◦ It will not protect an organization from an intruder who misuse a legitimate program
to gain access to a system.
◦ Anti-virus software will not protect an organization from a legitimate user who
attempts to gain access to files that he should not have access to.

DR AHMED ZAKARIA 4
Methods of defense
Access Controls
◦ Each and every computer system within an organization should have the capability to
restrict access to files based on the ID of the user attempting the access.
◦ File access controls will not prevent someone from using a system vulnerability to gain
access to the system as an administrator and thus see files on the system.
◦ To the access control system, such an attack will look like a legitimate administrator
attempting to access files to which the account is allowed access.

DR AHMED ZAKARIA 5
Methods of defense
Firewalls
◦ Firewalls are access control devices for the network and can assist in protecting an
organization’s internal network from external attacks.
◦ firewalls are border security products, meaning that they exist on the border between
the internal network and the external network.

◦ Firewalls will also not protect an organization

from an internal user since that internal user is
already on the internal network.

DR AHMED ZAKARIA 6
Methods of defense
Smart Cards
◦ Authenticating an individual can be accomplished by using any combination of
something you know, something you have, or something you are.
◦ Passwords (something you know) have been used to prove the identify of an individual
to a computer system.
◦ Passwords can be guessed or the person may write it down and the password becomes
known to others.
◦ Smart cards can be used for authentication (they are something you have) and thus can
reduce the risk of someone guessing a password.
◦ if a smart card is stolen and if it is the sole form of authentication, the thief could
masquerade as a legitimate user of the network or computer system.
◦ An attack against a vulnerable system will not be prevented with smart cards as a smart
card system relies on the user actually using the correct entry path into the system.

DR AHMED ZAKARIA 7
Methods of defense
Biometrics
◦ Biometrics are yet another authentication mechanism (something you are) and thus
they too can reduce the risk of someone guessing a password.
◦ As with other strong authentication methods, for biometrics to be effective, access to a
system must be attempted through a correct entry path.

Intrusion detection system (IDs)

◦ Intrusion detection could just identify when someone was doing something wrong and
stop them
◦ In fact, some of the intrusion detection systems were marketed with the ability to stop
attacks before they were successful.

DR AHMED ZAKARIA 8
Types of Attacks
There are four primary categories of attacks:
◦ Interruption
◦ Modification
◦ Interception
◦ Fabrication

DR AHMED ZAKARIA 9
Types of Attacks
Interruption attack
◦ In an interruption attack, a network service is
made degraded or unavailable for legitimate
use.
◦ They are the attacks against the availability
◦ Unusable
◦ Destroyed
◦ denial of service (DoS)

DR AHMED ZAKARIA 10
Types of Attacks
Interruption attacks Example
◦ Overloading a server host so that it cannot
respond.
◦ Cutting a communication line.
◦ Redirecting requests to invalid destinations.
◦ Blocking access to a service by overloading
an intermediate network or network device.

DR AHMED ZAKARIA 11
Types of Attacks
Modification attack
◦ unauthorized changing of data or tempering
with services, such as alteration of data,
modification of messages, etc.

Types of modifications.
◦ Change: Change existing information.
◦ Insertion: When an insertion attack is made,
information that did not previously exist is
added.
◦ Deletion : Removal of existing information.

DR AHMED ZAKARIA 12
Types of Attacks
Modification attacks Example
◦ Modifying the contents of messages in the
network.
◦ Changing information stored in data files.
◦ Altering programs so they perform differently.
◦ Reconfiguring system hardware or network
topologies

Mitigate the attack :

◦ intrusion detection systems (IDS)

DR AHMED ZAKARIA 13
Types of Attacks
Interception attack
◦ an unauthorized subject has gained access to
an object, such as stealing data, overhearing
others communication, etc.
◦ Interception attacks are attacks against
network the confidentiality

DR AHMED ZAKARIA 14
Types of Attacks
Interception attack Example
◦ Obtaining copies of messages for later replay.
◦ Packet sniffing and key logging to capture
data from a computer system or network.
◦ copying of files or programs.

Mitigate the attack :

◦ Using Encryption - SSL, VPN, 3DES, BPI+ are deployed to encrypts the flow of
information from source to destination
◦ if someone is able to snoop in on the flow of traffic, all the person will see is
ciphered text.

DR AHMED ZAKARIA 15
Types of Attacks
Fabrication attack
◦ additional data or activities are generated that would normally no exist, such as adding
a password to a system, replaying previously send messages, etc.

Fabrication attack Example

◦ SQL Injection
◦ User / Credential Counterfeiting Information Information
source destination
◦ Email Spoofing

DR AHMED ZAKARIA 16
OSI Security Architecture (ITU-T X.800)
OSI Security
◦ The OSI (Open Systems Interconnection) Security Architecture defines a systematic
approach to providing security at each layer.
◦ ITU : International Telecommunication Union
◦ It defines security services and security mechanisms that can be used at each of the
seven layers of the OSI model to provide security for data transmitted over a
network.
◦ These security services and mechanisms help to ensure the confidentiality, integrity,
and availability of the data.
◦ OSI architecture is internationally acceptable as it lays the flow of providing safety in
an organization.

DR AHMED ZAKARIA 17
OSI Security Architecture
◦ OSI Security Architecture focuses on these concepts:

DR AHMED ZAKARIA 18
OSI Security Architecture (ITU-T X.800)
Security attack:
◦ Any action that compromises the security of information owned by an organization.
◦ It is in terms of passive attacks and active attacks
Passive attack:
◦ A passive attack attempts to learn or make use
of information from the system but does not
affect system resources.
◦ A passive attacks are in the nature of
eavesdropping on, or monitoring of,
transmissions.
◦ The goal of the opponent is to obtain
information that is being transmitted.
◦ Two types of passive attacks are the release of
message contents and traffic analysis.

DR AHMED ZAKARIA 19
OSI Security Architecture (ITU-T X.800)
Passive attack:
◦ The release of message: A telephone conversation, an electronic mail message, and
a transferred file may contain sensitive or confidential information.
◦ The traffic analysis: Suppose that we had a way of masking the contents of
messages.
◦ The common technique for masking contents is encryption.
◦ If we had encryption protection in place, an opponent might still be able to observe
the pattern of these messages.
◦ The opponent could determine the location and identity of communicating hosts
and could observe the frequency and length of messages being exchanged.
◦ This information might be useful in guessing the nature of the communication that
was taking place.

DR AHMED ZAKARIA 20
OSI Security Architecture (ITU-T X.800)
Passive attack:
◦ Passive attacks are very difficult to detect, because they do not involve any alteration
of the data.
◦ Typically, the message traffic is sent and received in an apparently normal fashion
◦ the sender nor receiver is aware that a third party has read the messages or
observed the traffic pattern.

Mitigate the attack :

◦ it is feasible to prevent the success of these attacks, usually by means of encryption.

DR AHMED ZAKARIA 21
OSI Security Architecture (ITU-T X.800)
Active attacks:
◦ Active attacks involve some modification of the data stream or the creation of a false
stream and can be subdivided into four categories: masquerade, replay, modification
of messages, and denial of service.
◦ Active attacks present the opposite characteristics of passive attacks.

DR AHMED ZAKARIA 22
OSI Security Architecture (ITU-T X.800)

DR AHMED ZAKARIA 23
Thank You
DR AHMED ZAKARIA 24