Mehrdad Nourani

1
Network Security

• Mehrdad Nourani

2
Session 02

• Network Security Essentials

3

• Security Issues Past Present

4
Security in Early Days

• In the early days of data processing, the
  security of information was provided primarily by
  physical and administrative means
• Computer buildings, floors, rooms were guarded
  and alarmed to prevent outsides from intruding
  and disrupting operations.
• The focus was on physical break-ins, the theft of
  computer equipment, and the physical theft or
  destruction of disk packs, tape reels, punch
  cards, or other media.
• Insiders were kept at bay and access was limited
  to a small set of computer professionals.

5
Information Security

• The requirements of information security within
  organizations have undergone two major changes
• The introduction of shared systems such as
  time-shared and/or systems that can be accessed
  over the public telephone or data network.
• The introduction of distributed systems and the
  use of networks and communications facilities for
  carrying data between terminal user and computer
  and between computer and computer.

6
Computer vs. Network Security

• Computer security is the generic term for a
  collection of tools designed to protect data and
  to thwart hackers.
• Network security is the security measures that
  are needed to protect data during their
  transmission.
• In most systems, the boundaries between computer
  security and network security are blurred since
  most, if not all, of todays systems are
  distributed in nature.
• Networking is a core part of todays environment.

7
Examples of Security Violations

• User A transmits a sensitive file to user B User
  C intercepts the file and captures a part or all
  of it.
• An employee is fired without warning. The
  personnel manager sends a message to invalidate
  the employees account. The employee intercepts
  the message and then retrieves some sensitive
  information.
• A message is sent from a customer to a
  stockbroker with instructions for a transaction
  the investment loses value and the customer
  denies sending the message.

8
Different Aspects of Security

• Security attack Any action that compromises the
  security of information owned by an organization.
• Security mechanism A mechanism that is designed
  to detect, prevent, or recover from a security
  attack.
• Security service A service that enhances the
  security of the data processing systems and the
  information transfers of an organization.
• A system designed to counter security attacks.

9

• Information Integrity and Cheating

10
Information Integrity Functions
11
Reasons for Cheating (1)

• 1. Gain unauthorized access to information.
• 2. Impersonate another user to shift
  responsibility or else to use the others license
  for the purpose of
• a. Originating fraudulent information
• b. Modifying legitimate information
• c. Using fraudulent identity to gain unauthorized
  access
• d. Fraudulently authorizing transactions or
  endorsing them
• 3. Disavow responsibility or liability for
  information the cheater did originate
• 4. Claim to have received from some other user
  information that the cheater created (i.e.,
  fraudulent attribution of responsibility or
  liability).

12
Reasons for Cheating (2)

• 5. Claim to have sent to a receiver (at a
  specified time) information that was not sent (or
  was sent at a different time)
• 6. Either disavow receipt of information that was
  in fact received, or claim a false time of
  receipt.
• 7. Enlarge cheaters legitimate license (for
  access, origination, distribution, etc.)
• 8. Modify (without authority to do so) the
  license of others (fraudulently enroll others,
  restrict, or enlarge existing licenses, etc.)

13
Reasons for Cheating (3)

• 9. Conceal the presence of some information (a
  covert communication) in other information (the
  overt communication)
• 10. Insert self into a communication link between
  other users as an active (undetected) relay
  point.
• 11. Learn who accesses which information
  (sources, files, etc.) and when the accesses are
  made even if the information itself remains
  concealed (e.g., a generalization of traffic
  analysis from communications channels to
  databases, software, etc.)

14
Reasons for Cheating (4)

• 12. Impeach an information integrity protocol by
  revealing information the cheater is supposed to
  (by terms of the protocol) keep secret
• 13. Pervert the function software, typically by
  adding a covert function
• 14. Cause others to violate a protocol by means
  of introducing incorrect information
• 15. Undermine confidence in a protocol by causing
  apparent failures in the system
• 16. Prevent communication among other users, in
  particular, surreptitious interference to cause
  authentic communication to be rejected as
  unauthentic

15

• Goal of Network Security

16
Internet Security

• Our focus is on Internet Security
• It consists of measures to deter, prevent,
  detect, and correct security violations that
  involve the transmission of information
• We need systematic way to define requirements
• Consider three aspects of information security
• security attack
• security mechanism
• security service

17

• Security Attacks

18
Security Attack

• Any action that compromises the security of
  information owned by an organization
• Information security is about how to prevent
  attacks, or failing that, to detect attacks on
  information-based systems
• Should include a wide range of attacks
• Can focus of generic types of attacks
• Note often threat attack mean same

19
Categories of Security Attacks

• Interruption
• Attack on availability
• Interception
• Attack on confidentiality
• Modification
• Attack on integrity
• Fabrication
• Attack on authenticity

20
Normal Flow

• Normal Flow is the flow of information from an
  information source, such as a file, or a region
  of main memory, to a destination, such as another
  file or user.

21
Interruption

• An asset of the system is destroyed or becomes
  unavailable or unusable.
• This is an attack on availability.
• Examples The destruction of hardware, the
  cutting of a communication line, or the disabling
  of the file management system.

22
Interception

• An unauthorized party gains access to an asset.
• This is an attack on confidentiality.
• The unauthorized party could be a person, a
  program, or a computer.
• Examples Wiretapping to capture data in a
  network and the unauthorized copying of files or
  programs.

23
Modification

• An authorized party not only gains access to but
  tampers with an asset.
• This is an attack on integrity.
• Examples Changing values in a data file,
  altering a program so that it performs
  differently, or modifying the content of messages
  being transmitted in a network.

24
Fabrication

• An authorized party inserts counterfeit objects
  into the system.
• This is an attack on authenticity.
• Examples The insertion of spurious (fake)
  messages in a network or the addition of records
  to a file.

25
Passive Attacks

• Passive attacks eavesdrop or monitor the
  transmission.
• Goal To obtain transmitted information
• Two types of passive attacks
• 1. Release of contents A telephone conversation,
  an electronic mail message, or confidential
  information.
• 2. Traffic analysis Using the location and
  identities of hosts and the frequency and length
  of messages to determine the type of
  communication taking place.
• Passive attacks are difficult to detect since
  they do not involve any alteration of data.
• The emphasis is on prevention rather than
  detection.

26
Active Attacks

• Active attacks may modify of the data stream or
  create a false stream.
• Four Types of active attacks
• 1. Masquerade takes place when one entity
  pretends to be a different entity. This form
  usually includes one of the other forms of active
  attack.
• 2. Replay involves the passive capture of a data
  unit and its subsequent retransmission to produce
  an unauthorized effect.
• 3. Modification occurs when an unauthorized
  party gains access to and tampers with an asset.
  This is an attack on integrity.
• 4. Denial of service prevents or inhibits the
  normal use or management of communications
  facilities.

27

• Security Mechanisms

28
Method and Procedure

• A mechanism that is designed to detect, prevent,
  or recover from a security attack
• No single mechanism that will support all
  functions required
• However, one particular element underlies many of
  the security mechanisms in use cryptographic
  techniques
• Hence, we will cover this area

29
Mechanisms Explain Details

• specific security mechanisms
• digital signatures, access controls, data
  integrity, authentication exchange, traffic
  padding, routing control, notarization
• pervasive security mechanisms
• trusted functionality, security labels, event
  detection, security audit trails, security
  recovery

30

• Security Services

31
Importance of Security Service

• Is something that enhances the security of the
  data processing systems and the information
  transfers of an organization
• Intended to counter security attacks
• Makes use of one or more security mechanisms to
  provide the service
• Replicates functions normally associated with
  physical documents
• E.g. have signatures, dates need protection from
  disclosure, tampering, or destruction be
  notarized or witnessed be recorded or licensed

32
Security Services

• Confidentiality is the protection of transmitted
  data from passive attacks.
• Authentication is concerned with assuring that a
  communication is authentic.
• Integrity assures that messages are received as
  sent.
• A connection-oriented integrity service should
  assure that there are no duplicates, insertions,
  deletions, modifications, reordering, or replays.
• A connectionless integrity service deals only
  with an individual message.

33
Security Services (cont.)

• Non-Repudiation prevents either the sender or
  receiver from denying a transmitted message.
• Access Control is the ability to limit and
  control the access to host systems and
  applications via communications links.
• Availability is the ability to prevent the loss
  or a reduction in availability of elements of a
  distributed system.

34
Network Security Model
35
Requirement of the Security Model

• Design a suitable algorithm for the security
  transformation
• Generate the secret information (keys) used by
  the algorithm
• Develop methods to distribute and share the
  secret information
• Specify a protocol enabling the principals to use
  the transformation and secret information for a
  security service

36
Operation of the Model

• A message is presented to be transferred from one
  party to another across some sort of internet.
• The two parties (principals) in the transaction
  must cooperate for the exchange to take place.
• A logical information channel is established by
  defining a route through the internet from source
  to destination using a communications protocol
  such as TCP/IP.

37
Components of the Model

• Security is an issue when it is necessary to
  protect the transmission from an opponent.
• All techniques for providing security have two
  components
• 1. A security-related transformation on the
  information to be sent
• 2. Some secret information share by the two
  principles and hopefully unknown to opponent.
• Additionally, in some cases a trusted third party
  may be used for distributing the secret
  information or arbitrating disputes between the
  two parties over authenticity.

38
Network Access Security Model
39
Requirement of the Security Model

• Select appropriate gatekeeper functions to
  identify users
• Implement security controls to ensure only
  authorised users access designated information or
  resources
• Trusted computer systems can be used to implement
  this model

40
Internet Standards

• Internet Society is responsible for the
  development and publication of standards for use
  over the Internet.
• Internet Society is a professional membership
  organization.
• Internet Society is involved in Internet
  development and standardization.
• Internet Society is the coordinating committee
  for Internet design, engineering, and management.

41
Organizations to Review Standards

• Internet Society consists of three organizations
• 1. Internet Architecture Board (IAB) which is
  responsible for defining the overall architecture
  of the Internet.
• 2. Internet Engineering Task Force (IETF) which
  is the protocol development arm of the Internet.
• 3. Internet Engineering Steering Group (ISEG)
  which is responsible for technical management of
  OETF activities and the Internet standard process.

42
Request For Comments (RFC)

• RFCs are the Internet Standards
• RFC is developed and published by the Internet
  Engineering Task Force (IETF)
• Approved by the Internet Engineering Steering
  Group (IESEG).
• To become a standard, the RFC must
• Be stable and well-understood
• Be technically competent
• Have multiple, independent, and interoperable
  implementations with substantial operational
  experience.
• Enjoy significant public support
• Be recognizably useful in some or all parts of
  the Internet