• be able to explain security principles, • be able to explain how various security mechanisms work, and correlate these security mechanisms with security principles, • be able to compare various security mechanisms, and articulate their advantages and limitations. ED Ansong Dept of Computer Sc. Slide 2 Learning Objectives
• be able to evaluate risks faced by computer systems,
• be able to detect common vulnerabilities in software, • be able to design and implement basic security mechanisms to protect computer systems, • be able to describe and generalize various software vulnerabilities. • be able to analyze and evaluate software systems for its security properties. Introduction to Network & System Security
• Network and System security is the discipline concerned
with protecting computer networks, systems, and data from unauthorized access, misuse, or disruption. It plays a pivotal role in ensuring the confidentiality, integrity, and availability of digital assets in both organizational and personal contexts. Introduction to Network & Internet Security
• Network security is of paramount importance due to the
escalating threats posed by cybercriminals and malicious actors. Inadequate security measures can lead to severe consequences, including data breaches, financial losses, and reputational damage. Thus, understanding and implementing effective network security measures are imperative for mitigating risks and maintaining trust in digital environments. Security Standards
Security standard is a series of documented processes
that define how to implement, manage, and monitor various security controls. Various organizations have been involved in the development or promotion of these standards. The most important of these organizations are as follows: Security Standards
Ghana Cybersecurity Acts The Cybersecurity Act No. 1038
of 202 (the Cybersecurity Act') regulates cybersecurity activities in Ghana. It promotes the development of cybersecurity and related matters. The Cybersecurity Act has implications for data controllers insofar as cybersecurity-related matters require regulatory compliance. Security Standards
Data Protection Act is to protect individuals' privacy and
personal data by regulating the processing of personal information, to outline the process to obtain, hold, use, or disclose personal information, defining the rights of data subjects, prohibited conducts of processing, third country processing of data relating to data subjects covered by the Data Protection Act, third country data subject processing in Ghana, and related matters. Security Standards
National Institute of Standards and Technology (NIST):
NIST is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government use and to the promotion of U.S. private-sector innovation. Despite its national scope, NIST Federal Information Processing Standards (FIPS) and Special Publications (SP) have a worldwide impact. Security Standards
Internet Society (ISOC): ISOC is a professional
membership society with worldwide organizational and individual membership. It provides leadership in addressing issues that confront the future of the Internet and is the organization home for the groups responsible for Internet infrastructure standards, including the Internet Engineering Task Force (IETF) and the Internet Architecture Board (IAB Security Standards
ITU-T: The International Telecommunication Union
(ITU) is an international organization within the United Nations System in which governments and the private sector coordinate global telecom networks and services. ITU-T’s mission is the production of standards covering all fields of telecommunications. ITU-T standards are referred to as Recommendations. Security Standards
ISO: The International Organization for
Standardization (ISO)1 is a worldwide federation of national standards bodies from more than 140 countries, one from each country. ISO is a nongovernmental organization that promotes the development of standardization and related activities with a view to facilitating the international exchange of goods and services and to developing cooperation in the spheres of intellectual, scientific, technological, and economic activity. Threats to Network and System Security Various threats jeopardize the integrity and security of computer networks and internet communications: • Malware: Sophisticated software designed to infiltrate, damage, or steal sensitive information from systems. • Phishing: Deceptive tactics used to trick individuals into divulging confidential information through fraudulent emails or Threats to Network and System Security
Denial of Service (DoS) and Distributed Denial of
Service (DDoS) attacks: Coordinated efforts to overwhelm network resources, rendering them inaccessible to legitimate users. Insider Threats: Breaches or malicious activities perpetrated by individuals with authorized access to network resources Principles of Network Security
The foundational principles of network security are:
Confidentiality: Ensuring that sensitive information is only accessible to authorized individuals or systems. Integrity: Maintaining the accuracy, consistency, and trustworthiness of data throughout its lifecycle. Availability: Ensuring that services and resources are accessible and usable when needed, without compromise. CIA TRIAD CIA TRIAD Cont’d
Although the use of the CIA triad to define security
objectives is well established, some in the security
field feel that additional concepts are needed to
present a complete picture. Two of the most
commonly mentioned are as follows:
CIA TRIAD Cont’d • Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source. Cont’d • Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention. Because truly secure systems aren’t yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes Defense in Depth The Defense in Depth strategy employs layered security mechanisms to provide comprehensive protection against diverse threats. By implementing multiple layers of defense, organizations can mitigate risks and minimize the impact of potential security breaches. Cryptography in Network Security
Cryptography is a fundamental tool in network
security, facilitating secure communication and data protection through encryption and decryption processes. Key concepts include: • Symmetric Encryption: Utilizing a single shared key for both encryption and decryption. Cryptography in Network Security
• Asymmetric Encryption: Employing a pair of
keys (public and private) for encryption and decryption. • Digital Signatures: Verifying the authenticity and integrity of digital messages. Secure Network Protocols Secure protocols are essential for safeguarding data transmission over networks: • SSL/TLS (Secure Sockets Layer/Transport Layer Security): Encrypts data exchanged between web servers and clients, ensuring confidentiality and integrity. • IPsec (Internet Protocol Security): Provides secure communication at the IP layer, enabling VPNs and secure data transmission. • SSH (Secure Shell): Facilitates secure remote access and command execution on network devices. Authentication and Authorization Authentication verifies the identity of users or devices, while authorization determines their level of access: • Passwords: Traditional authentication method relying on secret credentials known only to authorized users. • Multi-Factor Authentication (MFA): Enhances security by requiring multiple forms of authentication, such as passwords, biometrics, or security tokens. • Access Control Models: Define access permissions based on roles, attributes, or policies. Authentication and Authorization Peer entity authentication: Provides for the corroboration of the identity of a peer entity in an association. Two entities are considered peers if they implement to same protocol in different systems; for example two TCP modules in two communicating systems. It attempts to provide confidence that an entity is not performing either a masquerade or an unauthorized replay of a previous connection. Authentication and Authorization
Data origin authentication: Provides for the corroboration
of the source of a data unit. It does not provide protection against the duplication or modification of data units. This type of service supports applications like electronic mail, where there are no prior interactions between the communicating entities Firewalls and Intrusion Detection Systems (IDS)
Firewalls and IDS are critical components of network defense:
• Firewalls: Monitor and control incoming and outgoing network traffic based on predefined security rules, protecting against unauthorized access and malicious activities. • Intrusion Detection Systems (IDS): Analyze network traffic for suspicious patterns or anomalies, alerting administrators to potential security breaches. Virtual Private Networks (VPNs)
VPNs enable secure communication over public networks
by creating encrypted tunnels between endpoints: • Remote Access VPNs: Allow remote users to securely connect to a private network from external locations. • Site-to-Site VPNs: Establish secure connections between geographically dispersed networks or sites. Network Access Control (NAC)
NAC ensures that only authorized devices and users can
access network resources: • Policy Enforcement: Enforce security policies to control access based on user identity, device type, or compliance status. • Endpoint Security: Assess the security posture of devices seeking network access and enforce remediation actions as necessary. PASSIVE ATTACKS A passive attack attempts to learn or make use of information from the system but does not affect system resources. An active attack attempts to alter system resources or affect their operation.
Passive attacks are in the nature of eavesdropping on, or
monitoring of, transmissions. The goal of the attacker is to obtain information that is being transmitted.
Two types of passive attacks are the release of message
contents and traffic analysis PASSIVE ATTACKS
The release of message contents is easily understood. A
telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions.
A second type of passive attack, traffic analysis, is subtler.
Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, PASSIVE ATTACKS Cont’d even if they captured the message, could not extract the information from the message. The common technique for masking contents is encryption. Passive attacks are very difficult to detect, because they do not involve any alteration of the data. Typically, the message traffic is sent and received in an apparently normal fashion, and neither the sender nor receiver is aware that a third party has read the messages. Thus, the emphasis in dealing with passive attacks is on prevention rather than detection ACTIVE ATTACKS Active attacks involve modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service. Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. ACTIVE ATTACKS On the other hand, it is quite difficult to prevent active attacks absolutely because of the wide variety of potential physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them. If the detection has a deterrent effect, it may also contribute to prevention Categories Of Active Attack • Masquerade takes place when one entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges. Categories Of Active Attack
• Replay involves the passive capture of a data unit and
its subsequent retransmission to produce an unauthorized effect.
• Modification of messages simply means that some
portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. Categories Of Active Attack
• The denial of service prevents or inhibits the normal use
or management of communications facilities. This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination (e.g., the security audit service). Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance. THE OSI SECURITY ARCHITECTURE
The OSI security architecture is useful to managers as a way
of organizing the task of providing security. Furthermore, because this architecture was developed as an international standard, computer and communications vendors have developed security features for their products and services that relate to this structured definition of services and mechanisms THE OSI SECURITY ARCHITECTURE
The OSI security architecture focuses on security attacks,
mechanisms, and services. These can be defined briefly as Security attack: Any action that compromises the security of information owned by an organization.
Security mechanism: A process (or a device incorporating
such a process) that is designed to detect, prevent, or recover from a security attack. THE OSI SECURITY ARCHITECTURE
Security service: A processing or communication service that
enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service Summary
In Module 1, we explore the fundamental principles
and practical applications of network and System security. Understanding the importance of protecting computer networks and internet communications from threats such as malware, phishing, and DoS attacks is critical in today's digital era. Summary
We cover key concepts including the principles of
confidentiality, integrity, and availability, as well as practical implementations like cryptography, secure protocols, authentication, and authorization mechanisms. Additionally, we delve into network security devices, monitoring techniques.