DCIT 418

System and Network Security

Module 1: Introduction to network security

Lecturer: Dr E.D. Ansong, Dept of Computer Sc.

Contact Information: edansong@ug.edu.gh
 Learning Objectives

By the end of this module, you should be able to:

• be able to explain security principles,
• be able to explain how various security mechanisms work,
and correlate these security mechanisms with security
principles,
• be able to compare various security mechanisms, and
articulate their advantages and limitations.
ED Ansong Dept of Computer Sc. Slide 2
 Learning Objectives

• be able to evaluate risks faced by computer systems,

• be able to detect common vulnerabilities in software,
• be able to design and implement basic security
mechanisms to protect computer systems,
• be able to describe and generalize various software
vulnerabilities.
• be able to analyze and evaluate software systems for
its security properties.
Introduction to Network & System Security

• Network and System security is the discipline concerned

with protecting computer networks, systems, and data
from unauthorized access, misuse, or disruption. It plays
a pivotal role in ensuring the confidentiality, integrity, and
availability of digital assets in both organizational and
personal contexts.
Introduction to Network & Internet Security

• Network security is of paramount importance due to the

escalating threats posed by cybercriminals and
malicious actors. Inadequate security measures can
lead to severe consequences, including data breaches,
financial losses, and reputational damage. Thus,
understanding and implementing effective network
security measures are imperative for mitigating risks and
maintaining trust in digital environments.
 Security Standards

Security standard is a series of documented processes

that define how to implement, manage, and
monitor various security controls. Various organizations
have been involved in the development or promotion of
these standards. The most important of these
organizations are as follows:
 Security Standards

Ghana Cybersecurity Acts The Cybersecurity Act No. 1038

of 202 (the Cybersecurity Act') regulates cybersecurity
activities in Ghana. It promotes the development of
cybersecurity and related matters. The Cybersecurity Act has
implications for data controllers insofar as cybersecurity-related
matters require regulatory compliance.
 Security Standards

Data Protection Act is to protect individuals' privacy and

personal data by regulating the processing of personal
information, to outline the process to obtain, hold, use, or
disclose personal information, defining the rights of data
subjects, prohibited conducts of processing, third country
processing of data relating to data subjects covered by the
Data Protection Act, third country data subject processing in
Ghana, and related matters.
 Security Standards

National Institute of Standards and Technology (NIST):

NIST is a U.S. federal agency that deals with
measurement science, standards, and technology related
to U.S. government use and to the promotion of U.S.
private-sector innovation. Despite its national scope, NIST
Federal Information Processing Standards (FIPS) and
Special Publications (SP) have a worldwide impact.
 Security Standards

Internet Society (ISOC): ISOC is a professional

membership society with worldwide organizational and
individual membership. It provides leadership in
addressing issues that confront the future of the Internet
and is the organization home for the groups responsible for
Internet infrastructure standards, including the Internet
Engineering Task Force (IETF) and the Internet
Architecture Board (IAB
 Security Standards

ITU-T: The International Telecommunication Union

(ITU) is an international organization within the United
Nations System in which governments and the private
sector coordinate global telecom networks and services.
ITU-T’s mission is the production of standards covering all
fields of telecommunications. ITU-T standards are referred
to as Recommendations.
 Security Standards

ISO: The International Organization for

Standardization (ISO)1 is a worldwide federation of
national standards bodies from more than 140 countries,
one from each country. ISO is a nongovernmental
organization that promotes the development of
standardization and related activities with a view to
facilitating the international exchange of goods and
services and to developing cooperation in the spheres of
intellectual, scientific, technological, and economic activity.
Threats to Network and System Security
Various threats jeopardize the integrity and
security of computer networks and internet
communications:
• Malware: Sophisticated software designed
to infiltrate, damage, or steal sensitive
information from systems.
• Phishing: Deceptive tactics used to trick
individuals into divulging confidential
information through fraudulent emails or
Threats to Network and System Security

Denial of Service (DoS) and Distributed Denial of

Service (DDoS) attacks: Coordinated efforts to
overwhelm network resources, rendering them
inaccessible to legitimate users.
Insider Threats: Breaches or malicious activities
perpetrated by individuals with authorized access to
network resources
 Principles of Network Security

The foundational principles of network security are:

Confidentiality: Ensuring that sensitive information is
only accessible to authorized individuals or systems.
Integrity: Maintaining the accuracy, consistency, and
trustworthiness of data throughout its lifecycle.
Availability: Ensuring that services and resources are
accessible and usable when needed, without
compromise.
CIA TRIAD
 CIA TRIAD Cont’d

Although the use of the CIA triad to define security

objectives is well established, some in the security

field feel that additional concepts are needed to

present a complete picture. Two of the most

commonly mentioned are as follows:

 CIA TRIAD Cont’d
• Authenticity: The property of being genuine and
being able to be verified and trusted; confidence in the
validity of a transmission, a message, or message
originator. This means verifying that users are who
they say they are and that each input arriving at the
system came from a trusted source.
 Cont’d
• Accountability: The security goal that generates the
requirement for actions of an entity to be traced
uniquely to that entity. This supports nonrepudiation,
deterrence, fault isolation, intrusion detection and
prevention. Because truly secure systems aren’t yet
an achievable goal, we must be able to trace a
security breach to a responsible party. Systems must
keep records of their activities to permit later forensic
analysis to trace security breaches or to aid in
transaction disputes
 Defense in Depth
The Defense in Depth strategy employs layered
security mechanisms to provide comprehensive
protection against diverse threats. By implementing
multiple layers of defense, organizations can mitigate
risks and minimize the impact of potential security
breaches.
 Cryptography in Network Security

Cryptography is a fundamental tool in network

security, facilitating secure communication and
data protection through encryption and decryption
processes. Key concepts include:
• Symmetric Encryption: Utilizing a single
shared key for both encryption and decryption.
 Cryptography in Network Security

• Asymmetric Encryption: Employing a pair of

keys (public and private) for encryption and
decryption.
• Digital Signatures: Verifying the authenticity
and integrity of digital messages.
 Secure Network Protocols
Secure protocols are essential for safeguarding data transmission
over networks:
• SSL/TLS (Secure Sockets Layer/Transport Layer Security):
Encrypts data exchanged between web servers and clients,
ensuring confidentiality and integrity.
• IPsec (Internet Protocol Security): Provides secure
communication at the IP layer, enabling VPNs and secure data
transmission.
• SSH (Secure Shell): Facilitates secure remote access and
command execution on network devices.
 Authentication and Authorization
Authentication verifies the identity of users or devices,
while authorization determines their level of access:
• Passwords: Traditional authentication method relying
on secret credentials known only to authorized users.
• Multi-Factor Authentication (MFA): Enhances security
by requiring multiple forms of authentication, such as
passwords, biometrics, or security tokens.
• Access Control Models: Define access permissions
based on roles, attributes, or policies.
 Authentication and Authorization
Peer entity authentication: Provides for the corroboration
of the identity of a peer entity in an association. Two entities
are considered peers if they implement to same protocol in
different systems; for example two TCP modules in two
communicating systems. It attempts to provide confidence
that an entity is not performing either a masquerade or an
unauthorized replay of a previous connection.
 Authentication and Authorization

Data origin authentication: Provides for the corroboration

of the source of a data unit. It does not provide protection
against the duplication or modification of data units. This
type of service supports applications like electronic mail,
where there are no prior interactions between the
communicating entities
 Firewalls and Intrusion Detection Systems (IDS)

Firewalls and IDS are critical components of network defense:

• Firewalls: Monitor and control incoming and outgoing network
traffic based on predefined security rules, protecting against
unauthorized access and malicious activities.
• Intrusion Detection Systems (IDS): Analyze network traffic
for suspicious patterns or anomalies, alerting administrators to
potential security breaches.
 Virtual Private Networks (VPNs)

VPNs enable secure communication over public networks

by creating encrypted tunnels between endpoints:
• Remote Access VPNs: Allow remote users to securely
connect to a private network from external locations.
• Site-to-Site VPNs: Establish secure connections
between geographically dispersed networks or sites.
 Network Access Control (NAC)

NAC ensures that only authorized devices and users can

access network resources:
• Policy Enforcement: Enforce security policies to control
access based on user identity, device type, or
compliance status.
• Endpoint Security: Assess the security posture of
devices seeking network access and enforce remediation
actions as necessary.
 PASSIVE ATTACKS
A passive attack attempts to learn or make use of
information from the system but does not affect system
resources. An active attack attempts to alter system
resources or affect their operation.

Passive attacks are in the nature of eavesdropping on, or

monitoring of, transmissions. The goal of the attacker is to
obtain information that is being transmitted.

Two types of passive attacks are the release of message

contents and traffic analysis
 PASSIVE ATTACKS

The release of message contents is easily understood. A

telephone conversation, an electronic mail message, and a
transferred file may contain sensitive or confidential
information. We would like to prevent an opponent from
learning the contents of these transmissions.

A second type of passive attack, traffic analysis, is subtler.

Suppose that we had a way of masking the contents of
messages or other information traffic so that opponents,
 PASSIVE ATTACKS Cont’d
even if they captured the message, could not extract the
information from the message. The common technique for
masking contents is encryption. Passive attacks are very
difficult to detect, because they do not involve any
alteration of the data. Typically, the message traffic is sent
and received in an apparently normal fashion, and neither
the sender nor receiver is aware that a third party has read
the messages. Thus, the emphasis in dealing with passive
attacks is on prevention rather than detection
 ACTIVE ATTACKS
Active attacks involve modification of the data stream or the
creation of a false stream and can be subdivided into four
categories: masquerade, replay, modification of messages,
and denial of service. Active attacks present the opposite
characteristics of passive attacks. Whereas passive attacks
are difficult to detect, measures are available to prevent
their success.
 ACTIVE ATTACKS
On the other hand, it is quite difficult to prevent active
attacks absolutely because of the wide variety of potential
physical, software, and network vulnerabilities. Instead, the
goal is to detect active attacks and to recover from any
disruption or delays caused by them. If the detection has a
deterrent effect, it may also contribute to prevention
 Categories Of Active Attack
• Masquerade takes place when one entity pretends to be
a different entity. A masquerade attack usually includes
one of the other forms of active attack. For example,
authentication sequences can be captured and replayed
after a valid authentication sequence has taken place,
thus enabling an authorized entity with few privileges to
obtain extra privileges by impersonating an entity that
has those privileges.
 Categories Of Active Attack

• Replay involves the passive capture of a data unit and

its subsequent retransmission to produce an
unauthorized effect.

• Modification of messages simply means that some

portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an
unauthorized effect.
 Categories Of Active Attack

• The denial of service prevents or inhibits the normal use

or management of communications facilities. This attack
may have a specific target; for example, an entity may
suppress all messages directed to a particular destination
(e.g., the security audit service). Another form of service
denial is the disruption of an entire network, either by
disabling the network or by overloading it with messages so
as to degrade performance.
 THE OSI SECURITY ARCHITECTURE

The OSI security architecture is useful to managers as a way

of organizing the task of providing security. Furthermore,
because this architecture was developed as an international
standard, computer and communications vendors have
developed security features for their products and services
that relate to this structured definition of services and
mechanisms
 THE OSI SECURITY ARCHITECTURE

The OSI security architecture focuses on security attacks,

mechanisms, and services. These can be defined briefly as
Security attack: Any action that compromises the security of
information owned by an organization.

Security mechanism: A process (or a device incorporating

such a process) that is designed to detect, prevent, or recover
from a security attack.
 THE OSI SECURITY ARCHITECTURE

Security service: A processing or communication service that

enhances the security of the data processing systems and the
information transfers of an organization. The services are
intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service
 Summary

In Module 1, we explore the fundamental principles

and practical applications of network and System
security. Understanding the importance of protecting
computer networks and internet communications
from threats such as malware, phishing, and DoS
attacks is critical in today's digital era.
 Summary

We cover key concepts including the principles of

confidentiality, integrity, and availability, as well as
practical implementations like cryptography, secure
protocols, authentication, and authorization
mechanisms. Additionally, we delve into network
security devices, monitoring techniques.