Network Security

What is security

• In networks, to protect my information and resources so that no on can

access it other then those to whom I allow.
• For that we define policy know as security policy.
• Security revolves around CIA
 Confidentiality

• Preventing the unauthorized disclosure of sensitive information.

• disclosure could be
– Intentional (Breaking)
– Unintentional (Carelessness)
• Confidentiality VS Privacy
• Privacy:
– Degree to which entity will interact with its environment.
• Privacy is a reason for confidentiality
 Integrity

• Goals of integrity (e.g. email)

– Prevention of the modification of information by unauthorized users.
– Prevention of the unauthorized or unintentional modification of
information by authorized users
 Availability

• a system’s authorized users have timely and uninterrupted

access
 Other Terms

• Vulnerability: An error or weakness in the design,

implementation, or operation of a system
• Attack: A means of exploiting some vulnerability in a system.
• Threat: An adversary that is motivated and capable of
exploiting a vulnerability.
 Attacks, Services and Mechanisms

• Security Attack: Any action that compromises the security of

information.
• Security Mechanism: A mechanism that is designed to detect,
prevent, or recover from a security attack.
• Security Service: A service that enhances the security of data
processing systems and information transfers. A security
service makes use of one or more security mechanisms.
 Security Attacks

• Active attacks ( affects integrity)

– Modifies data
• Passive attacks (Affects confidentiality)
– Don’t harm data
 Active Attacks

• Masquerade
– Pretending to be a different entity
• Replay
• Modification of messages
• Denial of service
• Easy to detect
• Hard to prevent
 Passive Attacks

• Eavesdropping on transmissions
• To obtain information
• Release of message contents
– Outsider learns content of transmission
• Traffic analysis
– By monitoring frequency and length of messages, even encrypted,
nature of communication may be guessed (ID, location)
• Difficult to detect
• Can be prevented
Security Attacks (active and passive, affects CIA)
 Security Attacks

• Interruption: This is an attack on availability

• Interception: This is an attack on confidentiality
• Modification: This is an attack on integrity
• Fabrication: This is an attack on authenticity
 Security Services

• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (cannot deny authenticity of signature)
• Access control (prevent misuse of resources)
• Availability
– Denial of Service Attacks
– Virus that deletes files
Dr. Imran Daud
 Methods of Defence

• Encryption
• Software Controls (access limitations in a data base, in
operating system protect each user from other users)
• Hardware Controls (smartcard)
• Policies (frequent changes of passwords)
• Physical Controls