Network Security

CRYPTOGRAPHY AND NETWORK SECURITY

PRINCIPLES AND PRACTICE FIFTH EDITION

Lecturer: Guled Yusuf Mihile.

 Objectives:
 Open Systems Interconnection (OSI) security architecture provides asystematic framework for
defining security attacks, mechanisms, and services.

 Describe Security attacks are classified as either passive attacks, which include unauthorized
reading of a message of file and traffic analysis or active attacks, such as modification of messages or
files, and denial of service.

 Identify security mechanism is any process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security attack. Examples of mechanisms are encryption
algorithms, digital signatures, and authentication protocols.

 Security Services include authentication, access control, data confidentiality, data integrity,
nonrepudiation, and availability.
 Network Security
 Network Security is consists of the provisions and policies adopted
by the network administrator to prevent and monitor unauthorized
access, misuse, modification, or denial of the computer network and
network-accessible resources or Network Security: A study to
prevent unauthorized access to data of a network resources
 Computer security
The protection afforded to an computerized information
system in order to attain the applicable objectives of
preserving the integrity, availability, and confidentiality
of information system resources (includes hardware,
software, firmware, information/ data, and
telecommunications).
 Computer security continue..
We use three levels of impact on organizations or individuals should
there be a breach of security (i.e., a loss of confidentiality, integrity, or
availability)
 Low: The loss could be expected to have a limited harmful effect on
organizational operations, organizational assets, or individuals.
 Moderate: The loss could be expected to have a serious harmful effect on
organizational operations, organizational assets, or individuals.
 High: The loss could be expected to have a severe or catastrophic adverse effect
on organizational operations, organizational assets, or individuals.
 The Challenges of Computer Security
 Computer and network security is essentially a battle of wits between a
perpetrator(criminal) who tries to find holes and the designer or administrator
who tries to close them.
 There is a natural tendency on the part of users and system managers to
perceive little benefit from security investment until a security failure occurs.
 Security requires regular, even constant, monitoring, and this is difficult in
today’s short-term, overloaded environment.
 Security is still too often an afterthought to be incorporated into a system
after the design is complete rather than being an integral part of the design
process.
 Many users and even security administrators view strong security as an
impediment to efficient and user-friendly operation of an information system
or use of information.
 Two Main reasons why security has became
more important
 The hacking and attack tools have become more and more
dangerous, where an attack can cause serious financial damage
to a company

 The hacking and attack tools have become easier to use- in

most cases, they are automated, allowing even a novice to use
them.

7
 How to control Network Security

Three Categories that control the

implementation of the security control

 Administrative – policy and procedural controls

 Technical – electronics, hardware, and software controls
 Physical – mechanical controls

8
OSI SECURITY ARCHITECTURE
OSI security Architecture is a framework that provide a systematic way
of defining the requirement for security and characterizing the
approaches to satisfying those requirements. And it focuses on security
attacks, mechanisms, and services.
 Security attack: Any actions that compromises the security of
information owned by an organization (or a person)
 Security mechanism: a mechanism that is designed to detect, prevent,
or recover from a security attack
 Security service: a service that enhances the security of the data
processing systems and the information transfers of an organization.
The services make use of one or more security mechanisms to
provide the service
 Security attacks
 Passive attack: aims to learn or make use of information from
the system but does not affect system resources.
 Active attack: attempts to alter system resources or affect their
operation
Passive Attack
Active attack
 Security Services
Security service is a service which ensures
adequate security of the systems or of data
transfers.
 Authentication
 Access Control
 Nonrepudiation
 Integrity
 Availability
 Confidentiality

13
 Authentication Services
Authentication: service is concerning with assuring that a
communication is authentic(reliable):
 The recipient of the message should be sure that the
message came from the source that it claims to be
 All communicating parties should be sure that the
connection is not interfered with by unauthorized party.
 Example: consider a person, using online banking
service. Both the user and the bank should be assured in
identities of each other

14
 Access control Service
This service controls
 who can have access to a resource;
 under what conditions access can occur;
 what those accessing are allowing to do.
 Example: in online banking a user may be allowed
to see his balance, but not allowed to make any
transactions for some of his accounts
 Nonrepudiation Service

 Protection against denial by one of the entities involved in a

communication of having participated in the communication.
 Nonrepudiation can be related to
 Origin: proof that the message was sent by the specified party

 Destination: proof that the message was received by the specified

party

 Example: Imagine a user of online banking who has made a

transaction, but later denied that. How the bank can protect
itself in a such situation?

16
 Integrity, Availability and
Confidentiality
 Integrity: Validating that information was not changed
(verifying that the information that was received has not been
modified or tampered with)

 Availability: Providing redundancy for security (ensuring

that you have a fallback solution in the event of failure or security
compromise
 Confidentiality means that data stored in a local device cannot
be ready any an authorized user through a network. data during
transmittion cannot read by any unauthorized user.
 Security mechanisms
Security mechanisms are used to implement
security services. They include (X.800):
 Encipherment
 Digital signature
 Access Control mechanisms
 Data Integrity mechanisms
 Authentication Exchange
 Traffic Padding
 Routing Control
 Security mechanisms
Encipherment: The use of mathematical algorithms to transform data
into a form that is not readily intelligible.
Digital Signature: Data appended(attached) to, or a cryptographic
transformation, a data unit that allows a recipient of the data unit
to prove the source and integrity of the data unit and protect
against forgery (e.g., by the recipient).
Access Control: A variety of mechanisms that enforce access rights to
resources.
Data Integrity: A variety of mechanisms used to assure the integrity of
a data unit or stream of data units.
Authentication Exchange: A mechanism intended to ensure the identity
of an entity by means of information exchange.
 Security mechanisms
Traffic Padding(packing): The insertion of bits into gaps in a data
stream to frustrate traffic analysis attempts.
Routing Control: Enables selection of particular physically
secure routes for certain data and allows routing changes,
especially when a breach of security is suspected.