Chapter 2: Understanding

Network Security
Guide to Computer Network Security
 What Is Network Security?

Security is a continuous process of protecting an

object from attack. That object may be a person,
an organization such as a business, or property
such as a computer system or a file.
In a distributed computer system such as a
network, the protection covers physical and non-
physical resources that make up the network
including communication channels and connectors
like modems, bridges, switches, and servers, as
well as the files stored on those servers. In each
one of these cases, therefore, security means
preventing unauthorized access, use, alteration,
and theft or physical damage to these resources.
Kizza - Guide to Computer Network Securi 2
ty
Physical Security
– A facility is physically secure if it is
surrounded by a barrier like a fence, has
secure areas both inside and outside,
and can resist penetration by intruders.
Physical security can be guaranteed if
the following four mechanisms are in
place:
deterrence,
prevention,
detection,
response

Kizza - Guide to Computer Network Securi 3

ty
Pseudosecurity is a theoretical state of
security, commonly known “security
through obscurity” (STO). STO is a false
hope of security. With security through
obscurity, many believe that any resource
on the system can be secure so long as
nobody outside the core implementation
group is allowed to find out anything about
its internal mechanisms. This security is
often referred to as “bunk mentality”
security.

Kizza - Guide to Computer Network Securi 4

ty
 Computer Security
This is a study focusing on creating a
secure environment for the use of
computers.
The field consists of three areas of
interest:
– the study of computer ethics,
– the development of both software and
hardware protocols,
– The development of best practices.
It is a complex field of study involving
detailed mathematical designs of
cryptographic protocols.
Kizza - Guide to Computer Network Securi 5
ty
 Network Security
The study of the security of computer
networks.
It is still a branch of computer science
but a lot broader that computer security.
It involves creating an environment in
which a computer network, including all
its resources, which are many, all the
data in it both a in storage and in transit,
and all its users are secure. Because it
is wider than computer security, this is a
more complex field of study than
computer security involving more
detailed mathematical
Kizza - Guide to Computer Network Securi 6
ty
 Information Security
Information security is even a bigger field of study
inncludig computer and computer network security.
Is a study of detailed mathematical designs of
cryptographic, communication, transport, exchange
protocols and best practices,of the state of both data
and information in motion.
It includes a variety of disciplines including
computer science, business management,
information studies, and engineering.
It involves the creation of a state in which
information and data are secure. In this model,
information or data is either in motion through
Kizza - Guide to Computer Network Securi
ty
7
Securing the Computer Network

Securing a computer network is

protecting the netwo from both internal
and external unauthorized access.
These resources, physical or not, are
objects which are the hardware resources
in the system and the intangible object like
information and data both in transition and
static in storage.
Kizza - Guide to Computer Network Securi 8
ty
 What are we Protecting?
Hardware
– Protecting hardware resources include protecting:
End user objects that include the user interface hardware
components like all client system input components
including a keyboard, the mouse, touch screen, light pens,
and others.
Network objects like firewalls, hubs, switches, routers and
gateways which are vulnerable to hackers;
Network communication channels to prevent eavesdroppers
from intercepting network communications.
Software
– Protecting software resources includes protecting
hardware-based software, operating systems, server
protocols, browsers, application software, and intellectual
property stored on network storage disks and databases.
client software like investment portfolios, financial data,
real estate records, images or pictures, and other personal
files commonly stored on home and business computers.

Kizza - Guide to Computer Network Securi 9

ty
 Security Services
Security services include the following:
– Access control – to require that access to
information resources is controlled
– Authentication – a process whereby the system
gathers and builds up information about the
user to assure that the user is genuine.
– Confidentiality – prevention of unauthorized
disclosure of information
– Integrity – prevention of unauthorized
modification of information
– Nonrepudiation – to require that neither the
sender nor the receiver of a message can deny
the transmission.

Kizza - Guide to Computer Network Securi 10

ty
 Security Standards
Because security solutions come in many different
types and use different technologies, security
standards are used to bring about interoperability
and uniformity among the many system resources
with differing technologies within the system and
between systems. System managers, security
chiefs, and experts choose or prefer standards, if
no de facto standard exists, that are based on
service, industry, size, or mission.
The type of service an organization is offering
determines the types of security standards used.
Like service, the nature of the industry an
organization is in also determines the types of
services offered by the system, which in turn
determines the type of standards to adopt.
Kizza - Guide to Computer Network Securi 11
ty
The size of an organization also determines
what type of standards to adopt. In
relatively small establishments, the ease of
implementation and running of the system
influence the standards to be used
Examples include:
– Homeland National Security Awareness
– Orange Book - the U.S. Department of Defense
Trusted Computer System Evaluation Criteria
(DOD-5200.28-STD) standard known as the
Orange Book.
– British Standard 799 (BS 7799) - outlines a code
of practice for information security management
that further helps determine how to secure
network systems.

Kizza - Guide to Computer Network Securi 12

ty
 Forms of Protection
The Security Policy
– Is a an organization’s security blueprint that
emphasizes a number of security factors
starting with the identification of all critical
operations in the system that must be secured,
those that are needed, but not critical to daily
operations, and those operations that can be
secured. Second it prioritizes the system
resources and the information stored on each.
– It also assigns risk factors to all these
classified resources.
– Some security experts do not consider it
essential while others do. However, it is an
important element in the security environment
of an enterprise.

Kizza - Guide to Computer Network Securi 13

ty
Access Control – allowing access to
information assets to only authorized
users.
– As information becomes more valuable
and more people join the ever growing
Internet, scavenger hunters, hackers,
activists, robbers, and all sorts of people
are flocking onto the Internet and the
security of information of a society
increasingly dependent on computer
networks will become vital. The
importance of this security element,
therefore, cannot be over emphasized.
Kizza - Guide to Computer Network Securi 14
ty
Strong Encryption Algorithms
– The amount of information stored and traversing
the computer systems and networks has been
increasing both in volume and value as networks
expand.
– The security of that information is increasingly
threatened by the quality and security of the
software running on these machines:
a high volume of vulnerabilities in the network
infrastructure
embarrassingly poor protocols.
Hackers are exploiting these software bugs, which are
sometimes easy to fix, eavesdropping and intercepting
communication data with increasing ease.
– The security of information, therefore, rests with
finding strong encryption algorithms that will
swat would beKizza
ty
intruders.
- Guide to Computer Network Securi 15
Authentication Techniques
– The future of e-commerce is riding on
strong encryption and authentication
techniques.
– As more and more people go online to
buy and sell their wares, they need strong
and trustworthy algorithms that will make
such transactions safe.
– If the most recent headliner hacker attack
on credit card databases is any indication,
we are still a long way from safe e-
commerce.
– Strong authentication techniques will go a
long way to ensure safe business
transactions online.
Kizza - Guide to Computer Network Securi
ty
16
 Confidentiality
The confidentiality service protects system
data and information from unauthorized
disclosure.
It involves the use of encryption algorithms to
ensure that no third party like a cryptanalysis
or a man-in-the middle has eavesdropped on
the data.

Kizza - Guide to Computer Network Securi 17

ty
 Integrity
A hash function is used on the input message
to create a code from it that provides the
message’s authenticity.

Kizza - Guide to Computer Network Securi 18

ty
 Non-repudiation
This is a security service that provides proof of
origin and delivery of service and/or
information.
This service, through digital signature and
encryption algorithms, ensures that digital data
may not be repudiated by providing proof of
origin difficult to deny.
A digital signature is a cryptographic
mechanism that is the electronic equivalent of
a written signature to authenticate a piece of
Kizza - Guide to Computer Network Securi
ty
19
 Security Standards
The computer network model also suffers from the standardization
problem. Security protocols, solutions and best practices that can secure
the computer network model come in many different types and use
different technologies resulting in incompartibility of interfaces
System managers, security chiefs, and experts , therefore, need standards.
The type of service an organization is offering determines the types of
security standards used.
Also the mission of the establishment also determines the types of
standards used.

Kizza - Guide to Computer Network Securi 20

ty
 Types of Security Standards
Security Standards Based on Type of Service/Industry
Security Standards Based on Size/Implementation
Security Standards Based on Interests

Kizza - Guide to Computer Network Securi 21

ty
 Best Security Practices
There is a rich repertoire of standards
and best practices on the system and
info-security landscape
This complicates the security
landscape
There a need for security experts to
keep abreast of all changes
This takes security management,
planning, policy development, and the
Kizza - Guide to Computer Network Securi 22
ty

design of procedures.