Transcript Understanding Network Security

PRESENTATIONS IN NETWORK SECURITY
Understanding Network Security:
the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE
Saad Haj Bakry, PhD, CEng, FIEE
1
Understanding Network Security: the ISO Principles
Objectives / Contents




Information & Data.
Networks.
Security.
Security Policy Issues.
Saad Haj Bakry, PhD, CEng, FIEE
2
Understanding Network Security: the ISO Principles
Information / Data (1)
ISO Information Processing Vocabulary
Term
Definition
The representation of facts, concepts
and instructions in a formalized manner
suitable for communication,
interpretation, or processing.
Information The meaning that is currently assigned to
data by means of conventions applied to
that data.
Data
Saad Haj Bakry, PhD, CEng, FIEE
3
Understanding Network Security: the ISO Principles
Information / Data (2)
ISO Information Processing Vocabulary
Term
Definition
Data Quality The correctness, timeliness,
accuracy, completeness,
relevance, and accessibility
that make data appropriate for
use.
Saad Haj Bakry, PhD, CEng, FIEE
4
Understanding Network Security: the ISO Principles
Information / Data (3)
ISO Information Processing Vocabulary
Term
Definition
Data Integrity
The data quality that exists as
long as accidental or malicious
destruction, alteration, or
loss of data does not occur
Data Corruption
The violation of data integrity.
/ Contamination
Saad Haj Bakry, PhD, CEng, FIEE
5
Understanding Network Security: the ISO Principles
Networks (1)
ISO Information Processing Vocabulary
Term
Definition
Functional
Unit
The entity of hardware, or
software, or both capable of
accomplishing a specific purpose.
Data Source The functional unit that originates
data for transmission.
Data Source The functional unit that accepts
transmitted data.
Saad Haj Bakry, PhD, CEng, FIEE
6
Understanding Network Security: the ISO Principles
Networks (2)
ISO Information Processing Vocabulary
Term
DTE:
Data Terminal
Equipment
Definition
The part of a data station that
serves as a data source, data
sink, or both .
In a data station, the equipment that
provides the signal conversion
Data Circuit
and coding between the DTE and
Terminating
(Communication) the (communication) line.
Equipment
DCE:
Saad Haj Bakry, PhD, CEng, FIEE
7
Understanding Network Security: the ISO Principles
Networks (3)
ISO Information Processing Vocabulary
Term
Definition
Node
In a data network, a point where one
or more functional units interconnects
channels or data circuits.
Data
An arrangement of data circuits and
Network switching facilities for establishing
connections between DTEs
Saad Haj Bakry, PhD, CEng, FIEE
8
Understanding Network Security: the ISO Principles
Network (4): Structure
H
U
Users
H
U
N
DTE
U
DCE
N
H
Nodes
H
COMMUNICATIONS
SUBNETWORK:
Nodes
N
U
DCE
H
U
SUBNETWORK
ACCESS / SERVICES
Saad Haj Bakry, PhD, CEng, FIEE
N
Data Network
U
DTE
H
U
Host / DTE
9
Understanding Network Security: the ISO Principles
Networks (5)
ISO Information Processing Vocabulary
Term
Definition
Data
The conveying of data from one
Transmission place for reception elsewhere by
telecommunication means.
Data
Transmission A means of one way transmission
Channel
Saad Haj Bakry, PhD, CEng, FIEE
10
Understanding Network Security: the ISO Principles
Networks (6)
ISO Information Processing Vocabulary
Term
Definition
Transfer of information between
Data
Communications functional units by means of data
Protocol
Saad Haj Bakry, PhD, CEng, FIEE
transmission according to a
protocol.
A set of semantic and syntactic
rules that determines the behaviour
of functional units in achieving
communications
11
Understanding Network Security: the ISO Principles
Networks (7): ISO-OSI Protocols
PEER LEVELS
APPLICATION
APPLICATION
PRESENTATION
PRESENTATION
SESSION
SESSION
TRANSPORT`
COMMUNICATION SUBNETWORK
NETWORK
NETWORK
DATA LINK
DATA LINK
NETWORK
DATA LINK
PHYSICAL
PHYSICAL
PHYSICAL
COMMUNICATION
MEDIUM
Saad Haj Bakry, PhD, CEng, FIEE
TRANSPORT`
COMMUNICATION
MEDIUM
12
Understanding Network Security: the ISO Principles
Networks (8)
Internet Vocabulary
Term
Definition
Internet
A global network of computer networks
based on TCP/IP protocols. It has the
World Wide Web as its foundation
A private (company) network based on
Internet technologies, featuring the
same client-server architecture.
Intranet
Extranet
Saad Haj Bakry, PhD, CEng, FIEE
An Intranet extended to users outside
the company (partners, providers, customers)
13
Understanding Network Security: the ISO Principles
Network (9)
The Internet Level
Potential World Wide Business Activities
The Extranet Level
Partners / Suppliers / Customers “Business Activities”
The Intranet Level
Intra-organization Activities
Security
Saad Haj Bakry, PhD, CEng, FIEE
14
Understanding Network Security: the ISO Principles
Network (10): Internet Protocols
User Interface: E-mail / http / ftp /…
Application
TCP / UDP
Transmission Control
Protocol
ICMP
IP
ARP
Internet Control
Message Protocol
Address Resolution
Protocol
User Datagram Protocol
Internet Protocol:
Addressing / Routing /
Congestion Control
Data Link
Point-to-Point Control: LAN / WAN
Physical
Communication Interface: T-R / Links
Saad Haj Bakry, PhD, CEng, FIEE
15
Understanding Network Security: the ISO Principles
Security (1)
ISO Information Processing Vocabulary
Term
Definition
Security
The condition of being secure
or the condition of being
protected from or exposed
danger.
The state or quality of being
private.
Privacy
Saad Haj Bakry, PhD, CEng, FIEE
16
Understanding Network Security: the ISO Principles
Security (2)
ISO Information Processing Vocabulary
Computer System Security
The technological and the administrative
safeguards established and applied to data
processing to protect hardware, software,
and data from accidental or malicious
destruction or disclosure.
Saad Haj Bakry, PhD, CEng, FIEE
17
Understanding Network Security: the ISO Principles
Security (3): Analysis of Definition
Issue
Description
Object
Hardware / Software / Data
(to be protected)
Challenges
Accidental / Malicious
(source)
Effect
Destruction / Disclosure
(protection from)
Means
Technological / Administrative
(of protection)
Saad Haj Bakry, PhD, CEng, FIEE
18
Understanding Network Security: the ISO Principles
Security (4)
ISO Information Processing Vocabulary
Privacy Protection
The implementation of appropriate administrative,
technical, and physical safeguards to ensure the
security and confidentiality of data records, and
to protect both security and confidentiality against
any threat or hazard that could result in substantial
harm, embarrassment, inconvenience or
unfairness to any individual about whom such
information is maintained.
Saad Haj Bakry, PhD, CEng, FIEE
19
Understanding Network Security: the ISO Principles
Security (5): Analysis of Definition
Issue
Description
Object
Information / Data: Records
(to be protected)
(associated with individuals, or organizations: privacy)
Challenge
Security / Privacy
(to object)
Effect
(protection from)
Means
Threat & hazard that could result in
harm, embarrassment, inconvenience,
or unfairness
Physical / Administrative / Technical
(of protection)
Saad Haj Bakry, PhD, CEng, FIEE
20
Understanding Network Security: the ISO Principles
Security (6)
ISO Information Processing Vocabulary
Term
Definition
Cryptography A discipline involving
principles, means, and
methods for changing data so
that it is not readable.
Cryptanalysis An attack on one of the
principles, means, or methods
(to recover readability)
Saad Haj Bakry, PhD, CEng, FIEE
21
Understanding Network Security: the ISO Principles
Security (7)
ISO Information Processing Vocabulary
Term
Definition
Encryption / The process of changing data
Enciphering (plain text) so that it becomes
unreadable (cipher text).
Decryption / The process of transforming
Deciphering cipher text back into plain text.
Saad Haj Bakry, PhD, CEng, FIEE
22
Understanding Network Security: the ISO Principles
Policy (1): Security Levels
ISO Security Perimeters / Levels
Around the Perimeter of trust:
Network
 Trusted users (no hackers)
 Trusted system (reliability / testing)
Around the  Passport rules
Process
 Vaccination for processes
programs & applications
Layered
On each layer (ISO layered protocols):
Perimeters  Peer entity (same level) services
Saad Haj Bakry, PhD, CEng, FIEE
23
Understanding Network Security: the ISO Principles
Policy (2): Information Security Goals
ISO-OSI Special Interest Group on Security
Information Security Goals
Protection of data against:
 undetected loss and repetition
 unauthorized modification
 unauthorized disclosure
Data is Sequenced
Sealed
Private
Ensuring correct identity of
 sender &
 receiver
Signed by Sender
Stamped by Receiver
Saad Haj Bakry, PhD, CEng, FIEE
24
Understanding Network Security: the ISO Principles
Policy (3): Goals Information Flow
Intranet-Extranet-Internet Flow / Flooding
Security of Information Flow
Protection from undesired data
streams entering the Intranet
(Private / National Networks)
Firewalls
Protection of private data streams
from leaking out of the Intranet
Protection from denial of service :
Anti-Virus
Flooding “undesired generation of data”.
Saad Haj Bakry, PhD, CEng, FIEE
25
Understanding Network Security: the ISO Principles
Remarks / Understanding

Challenges on: HW / SW / Information

Security / Privacy

ISO Network Security Scope





Technology (Systems)
Administration / Management (Organization)
People (Users / Hackers)
Accidental / Malicious.
Policy Recommendations: ISO / Internet
Saad Haj Bakry, PhD, CEng, FIEE
26
Understanding Network Security: the ISO Principles
References







M.D. Abrams and A.B. Jeng, “Network security protocol reference
model, and the trusted system evaluation criteria”, IEEE Network
Magazine, Vol.1, No.2, pp 34-39, April 1987.
D.K. Branstad, “Considerations for security in the OSI architecture”,
IEEE Network Magazine, Vol.1, No.2, pp 34-39, April 1987.
S.H. Bakry, “Security issues in computer networks”, Middle East
Communications, Vol. 5, No. 12, pp. 13-16, December 1990.
D.Minoli, Telecommunications Technology Handbook, Artech
House(US), 1991.
ISO Dictionary of Computer Science: The Standardized Vocabulary
(23882), ISO, 1997.
F. Botto, Dictionary of e-Business, Wiley (UK), 2000.
H.M. Deitel, P.J. Deitel, K. Steinbuhler, e-Business and e-Commerce
for Managers, Prentice-Hall (USA), 2001
Saad Haj Bakry, PhD, CEng, FIEE
27