Network Security Concepts - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Network Security Concepts

Description:

Provides protection against unauthorised use of resource, including: ... Protection against unauthorised disclosure of information. Four types: ... – PowerPoint PPT presentation

Number of Views:449
Avg rating:3.0/5.0
Slides: 28
Provided by: christophe84
Category:

less

Transcript and Presenter's Notes

Title: Network Security Concepts


1
Network Security Concepts
2
Outline
  • The subject is divided into the following
  • Introduction
  • Security threats
  • Security services
  • Security mechanisms

3
7.1 Introduction
  • ISO 7498-2
  • provides standard definitions of security
    terminology,
  • provides standard descriptions for security
    services and mechanisms,
  • defines where in OSI reference model security
    services may be provided,
  • introduces security management concepts.

4
Threats, services and mechanisms
  • A security threat is a possible means by which a
    security policy may be breached (e.g. loss of
    integrity or confidentiality).
  • A security service is a measure which can be put
    in place to address a threat (e.g. provision of
    confidentiality).
  • A security mechanism is a means to provide a
    service (e.g. encryption, digital signature).

5
7.2 Security threats
  • A threat is
  • a person, thing, event or idea which poses some
    danger to an asset (in terms of confidentiality,
    integrity, availability or legitimate use).
  • An attack is a realisation of a threat.
  • Safeguards measures (e.g. controls, procedures)
    to protect against threats.
  • Vulnerabilities weaknesses in safeguards.

6
Fundamental threats
  • Four fundamental threats (matching
    Confidentiality, Integrity, Availability (CIA)
    legitimate use)
  • Information leakage,
  • Integrity violation,
  • Denial of service,
  • Illegitimate use.

7
Primary enabling threats
  • Realisation of any of these threats can lead
    directly to a realisation of a fundamental
    threat
  • Masquerade,
  • Bypassing controls,
  • Authorisation violation,
  • Trojan horse,
  • Trapdoor.

8
7.3 Security services
  • Security services are a special class of
    safeguard applying to the communications
    environment.
  • Other categories include the following
  • Computer security safeguards, e.g. operating
    system and database system security facilities,
  • Physical security, e.g. locks or other physical
    controls, equipment tamper-proofing.

9
Security service classification
  • ISO 7498-2 defines 5 main categories of security
    service
  • Authentication (including entity authentication
    and origin authentication),
  • Access control,
  • Data confidentiality,
  • Data integrity,
  • Non-repudiation.

10
Authentication
  • Entity authentication provides checking of a
    claimed identity at a point in time.
  • Typically used at start of a connection.
  • Addresses masquerade and replay threats.
  • Origin authentication provides verification of
    source of data.
  • Does not protect against replay or delay.

11
Access control
  • Provides protection against unauthorised use of
    resource, including
  • use of a communications resource,
  • reading, writing or deletion of an information
    resource,
  • execution of a processing resource.

12
Data confidentiality
  • Protection against unauthorised disclosure of
    information.
  • Four types
  • Connection confidentiality,
  • Connectionless confidentiality,
  • Selective field confidentiality,
  • Traffic flow confidentiality.

13
Data integrity
  • Provides protection against active threats to the
    validity of data.
  • Five types
  • Connection integrity with recovery,
  • Connection integrity without recovery,
  • Selective field connection integrity,
  • Connectionless integrity,
  • Selective field connectionless integrity.

14
Non-repudiation
  • Protects against a sender of data denying that
    data was sent (non-repudiation of origin).
  • Protects against a receiver of data denying that
    data was received (non-repudiation of delivery).

15
7.4 Security mechanisms
  • Exist to provide and support security services.
  • Can be divided into two classes
  • Specific security mechanisms, used to provide
    specific security services, and
  • Pervasive security mechanisms, not specific to
    particular services.

16
Specific security mechanisms
  • Eight types
  • encipherment,
  • digital signature,
  • access control mechanisms,
  • data integrity mechanisms,
  • authentication exchanges,
  • traffic padding,
  • routing control,
  • notarisation.

17
Encipherment mechanisms
  • Encipherment mechanisms encryption or cipher
    algorithms.
  • Can provide data and traffic flow
    confidentiality.
  • Also the basis of some authentication exchange
    mechanisms.

18
Digital signature mechanisms
  • Consists of two procedures
  • signing procedure (private),
  • verification procedure (public).
  • Can provide non-repudiation, origin
    authentication and data integrity services.
  • Also basis of some authentication exchange
    mechanisms.

19
Access control mechanisms
  • Means for using information associated with a
    client and a server to decide whether client gets
    access to a servers resources.
  • Used to provide access control service.
  • Examples of mechanisms include
  • access control lists,
  • capabilities,
  • security labels.

20
Data integrity mechanisms
  • Provide protection against modification of data.
  • Used to provide data integrity and origin
    authentication services. Also basis of some
    authentication exchange mechanisms.
  • Two types
  • concerned with integrity of single data unit,
  • concerned with a complete data sequence.

21
Authentication exchange mechanisms
  • Provide entity authentication service.
  • Also known as authentication protocols.
  • Consist of the specification of a series of
    cryptographically protected messages exchanged
    between a pair of communicating entities
    (together with rules for processing messages).

22
Traffic padding mechanisms
  • The addition of pretend data to conceal real
    volumes of data traffic.
  • Provides traffic flow confidentiality.
  • Only effective in conjunction with other
    mechanisms (encipherment).

23
Routing control mechanisms
  • Used to prevent sensitive data using insecure
    channels.
  • E.g. route might be chosen to use only physically
    secure network components.
  • Provides a variety of possible security services,
    including confidentiality and integrity.

24
Notarisation mechanisms
  • Integrity, origin and/or destination of data can
    be guaranteed by using a 3rd party trusted
    notary.
  • Notary will typically apply a cryptographic
    transformation to the data.
  • Can provide non-repudiation service.

25
Relationship of services to mechanisms
  • ISO 7498-2 indicates which mechanisms can be used
    to provide which services.
  • Illustrative NOT definitive.
  • Omissions include
  • use of integrity mechanisms to help provide
    authentication services,
  • use of encipherment to help provide
    non-repudiation service (as part of notarisation).

26
Service/mechanism table I
27
Service/mechanism table II
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Network Security Concepts" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!