NETWORK SECURITY

AND CRYPTOGRAPHY
 NEED OF NETWORK SECURITY
• Growing computer use implies a need for automated tools for
protecting files and other information.
• The use of networks and communications facilities for carrying data
between users and computers is also growing.
• Network security measures are needed to protect data during
transmission.
ASPECTS OF SECURITY

• Attack
• Mechanism
• Service
 SECURITY ATTACK
• Classify security attack as,
Passive - Attempt to learn or make use of information from the system
but does not affect system resources
Monitor transmission to obtain message contents or traffic
analysis
Eavesdropping
Difficult to detect because there is no alteration of data
Active - Attempt to alter system resources or affect their Operation
Modification of messages in transit
Denial of service
 SECURITY ATTACK

• INTERRUPTION – This is an attack on availability.

• INTERCEPTION – This is an attack on confidentiality
• MODIFICATION – This is an attack on integrity
• FABRICATION – This is an attack on authenticity
SECURITY ATTACK
INFORMATION SECURITY CONCERNS
• DDoS
• Worm Attacks (e.g. code red)
• Exploitation of software bugs (e.g. buffer overflow)
• Monitoring and capture of network traffic
• Masquerade of authorized users
 CONTRIBUTING FACTORS
• Lack of awareness of threats and risks of information systems
• Wide-open network policies
• Many Internet sites allow wide-open Internet access
• Vast majority of network traffic is unencrypted
• Lack of security in TCP/IP
• Complexity of security management and administration
• Exploitation of software bugs: e.g. Send mail bugs
• Cracker skills keep improving

8
 SECURITY OBJECTIVES
Confidentiality (Secrecy):
Prevent/Detect/Deter improper disclosure of information

Availability:
Integrity: Prevent/Detect/Deter
Prevent/Detect/Deter improper improper denial of access to
modification of information services provided by the
system
9
SECURITY MECHANISMS
Layered
Protection
Intrusion Prevention Intrusion
(Encryption, Authentication, Intrusion
Detection Tolerance
etc.): Not Enough

Weakest Point

Security Failure

Access Control 10
 SECURITY SERVICES
• Confidentiality: protection of any information from being exposed to
unintended entities.
• Information content
• Parties involved
• Where they are, how they communicate, how often, etc.
• Authentication: assurance that an entity of concern or the origin of a
communication is authentic - it’s what it claims to be or from
• Integrity: assurance that the information has not been tampered with

11
 SECURITY SERVICES
• Non-repudiation: offer of evidence that a party is indeed the sender or a receiver
of certain information
• Access control: facilities to determine and enforce who is allowed access to what
resources, hosts, software, network connections
• Security management: facilities for coordinating users’ service requirements and
mechanism implementations throughout the enterprise network and across the
internet
– Trust model
– Trust communication protocol
– Trust management infrastructure

12
 THE INTERNET

OSI of ISO
Internet Stack
Application
Presentation
Upper Layers
Session
Transport Transport
Network Internet
Data Link Data Link
Physical Physical
13
Layered Store-and-forward
User A User B
Application

Transport

Network

Link

14
VIRUS, WORMS, AND TROJAN HORSES
• Trojan horse: instructions hidden inside an otherwise
useful program that do bad things
• Virus: a set of instructions that, when executed,
inserts copies of itself into other programs.
• Worm: a program that replicates itself by installing
copies of itself on other machines across a network.
• Trapdoor: an undocumented entry point, which can
be exploited as a security flaw
• Zombie: malicious instructions installed on a system
that can be remotely triggered to carry out some attack
with les traceability because the attack comes from
another victim.

15
THANK YOU