CPE 5002 Network security

Download Report

Transcript CPE 5002 Network security

CPE 5002 Network security
Look at the surroundings before
you leap
Lecturers
Prof B Srinivasan – 990 32333, C4.47
[email protected]
 Mr Pravin Shetty – 990 31945, B3.35
[email protected]
 Guest Lecturers – Dr Le and Mr C Wilson

3
CPE5002 Network Security/

Srini
Topics






Basic principles (Access Control
/Authentication/Models of threat & Practical
Countermeasures).
Security issues over LANS & WANS[Earlier Models &
Current Solutions].
Public key encryptions/ PKI/Digital
signatures/Kerberos
Unix security [Internet=TCP/IP Security—
VPNs/Firewalls.
Intrusion detection systems.
Security in E-Commerce and banking, Including
WWW, EDI , EFT,ATM.
4
CPE5002 Network Security/

Srini
Rules of the game (1)

11 weeks of lectures
 Assignment – written and a presentation of 1520 mts
– Weightage: 40%
– Presentation: during weeks 12 and 13

5
Examination:
– Week 14,
– Weightage: 60%
– Assignment presentation topics are included in the
examination assessment.
CPE5002 Network Security/

Srini
Rules of the game (2)

References:
Computer Security—Dieter Gollman
– Network and Internetwork Security---William
Stallings.
– Open Systems Networking—David M
Piscitello/ A Lyman Chapin.
–

No Formal Tutorial for this subject.
6
CPE5002 Network Security/

Srini
Where to look for notes materials?

http://beast.csse.monash.edu.au/cpe5002
Username: cpe5002
Password: srini
7
CPE5002 Network Security/

Srini
Today’s lecture is
Domain of network security
 Taxonomy of security attacks
 Aims or services of security
 Model of internetwork security
 Methods of defence

8
CPE5002 Network Security/

Srini
Security

Human nature
– physical, financial, mental,…, data and
information security
9
CPE5002 Network Security/

Srini
Information Security

1. Shift from the physical security to the
protection of data and to thwart hackers
(by means of automated software tools) –
called
computer security
10
CPE5002 Network Security/

Srini
Network Security

2. With the widespread use of distributed
systems and the use of networks and
communications require protection of data
during transmission – called
network security
11
CPE5002 Network Security/

Srini
Internetwork security

The term Network Security may be
misleading, because virtually all business,
govt, and academic organisations
interconnect their data processing
equipment with a collection of
interconnected networks – probably we
should call it as
internetwork security
12
CPE5002 Network Security/

Srini
Aspects of information security
Security attack – any action that
compromises the security of information.
 Security mechanism – to detect, prevent,
or recover from a security attack.
 Security service – service that enhances
and counters security attacks.

13
CPE5002 Network Security/

Srini
Security mechanisms
No single mechanism that can provide the
services mentioned in the previous slide.
However one particular aspect that
underlines most (if not all) of the security
mechanism is the cryptographic
techniques.
 Encryption or encryption-like
transformation of information are the most
common means of providing security.

14
CPE5002 Network Security/

Srini
Why Internetwork Security?





Internetwork security is not simple as it might
first appear.
In developing a particular security measure one
has to consider potential countermeasures.
Because of the countermeasures the problem
itself becomes complex.
Once you have designed the security measure,
it is necessary to decide where to use them.
Security mechanisms usually involve more than
a particular algorithm or protocol.
15
CPE5002 Network Security/

Srini
Security Attacks - Taxonomy
Interruption – attack on availability
 Interception – attack on confidentiality
 Modification – attack on integrity
 Fabrication – attack on authenticity

Property
that is
compromised
16
CPE5002 Network Security/

Srini
Interruption
also known as denial of services.
 Information resources (hardware,
software and data) are deliberately made
unavailable, lost or unusable, usually
through malicious destruction.
 e.g: cutting a communication line,
disabling a file management system, etc.

17
CPE5002 Network Security/

Srini
Interception
also known as un-authorised access.
 Difficult to trace as no traces of intrusion
might be left.
 E.g: illegal eavesdropping or wiretapping
or sniffing, illegal copying.

18
CPE5002 Network Security/

Srini
Modification
also known as tampering a resource.
 Resources can be data, programs,
hardware devices, etc.

19
CPE5002 Network Security/

Srini
Fabrication
also known as counterfeiting.
 Allows to by pass the authenticity checks.
 e.g: insertion of spurious messages in a
network, adding a record to a file,
counterfeit bank notes, fake cheques,…

20
CPE5002 Network Security/

Srini
Security Attacks - Taxonomy
Information
Source
Information
Destination
Normal
Information
Source
Information
Destination
Interruption
Information
Source
21
Information
Destination
Modification
Information
Source
Information
Destination
Interception
Information
Source
Information
Destination
Fabrication
CPE5002 Network Security/

Srini
Attacks – Passive types
Passive (interception) – eavesdropping
on, monitoring of, transmissions.
 The goal is to obtain information that is
being transmitted.
 Types here are: release of message
contents and traffic analysis.

22
CPE5002 Network Security/

Srini
Attacks – Active types

Involve modification of the data stream or
creation of a false stream and can be
subdivided into – masquerade, replay,
modification of messages and denial of
service.
23
CPE5002 Network Security/

Srini
Attacks
Active
Passive
Interception
(confidentiality)
Release of
Message
contents
Interruption
(availability)
Modification
(integrity)
Fabrication
(integrity)
Traffic
analysis
24
CPE5002 Network Security/

Srini
Security services
Confidentiality
 Authentication
 Integrity
 Nonrepudiation
 Access control
 Availability

25
CPE5002 Network Security/

Srini
Model for internetwork security
Trusted
Third party
Principal
Principal
Message
Message
Information channel
Gate
Keeper
Secret
information
Secret
information
Opponent
26
CPE5002 Network Security/

Srini
Methods of defence (1)

Modern cryptology
– Encryption, authentication code, digital
signature,etc.

27
Software controls
– Standard development tools (design, code,
test, maintain,etc)
– Operating systems controls
– Internal program controls (e.g: access
controls to data in a database)
– Fire walls
CPE5002 Network Security/

Srini
Methods of defence (2)

Hardware controls
– Security devices, smart cards, …

Physical controls
– Lock, guards, backup of data and software,
thick walls, ….
Security polices and procedures
 User education
 Law

28
CPE5002 Network Security/

Srini