2. Why Security?
The Internet was initially designed for
connectivity.
Fundamental aspects of information must be
protected.
We can’t keep ourselves isolated from the
Internet.
4. Type Of Security
Computer Security
generic name for the collection of tools designed
to protect data and to thwart hackers
Network Security
measures to protect the data during the
transmission.
Internet Security
measure to protect the data during the
transmission over a collection of interconnected
networks.
8. IP
IP is a network layer protocol.
This is a layer that allows the hosts to actually
“talk ” to each other.
IP has a number of very important features which
make it an extremely robust and flexible protocol.
9. Attacks on IP
Attacks exploits the fact that IP does not perform
a robust mechanism for authentication, which is
proving that the packet came from where it claims
it did.
This means that the host authentication must be
provided by higher layers.
Eg: IP Spoofing, IP Session hijacking.
10. TCP Attacks
Exploits TCP 3-way handshake.
Attacker sends a series of SYN packets without
replying with the ACK packet.
Finite queue size for incomplete connections.
13. Common Type of Attacks
Ping sweeps and port scans – reconnaissance.
Sniffing – capture packet as they travel through
the network.
Man in the Middle Attack – intercept messages
that are intended for a valid device.
Spoofing – set up a fake device and trick others
to send messages to it.
Hijacking – take control of a session.
Denial of Service (DoS) and Distributed DoS
(DDoS).
14. Trusted Network
Standard defensive-oriented technologies.
- Firewall – first line of defense.
- Intrusion Detection.
Built trust on the top of the TCP/IP infrastructure.
- Strong Authentication.
- Two factor authentication.
- something you have + something you
know.
- Public key Infrastructure.(PKI)
15. Firewall
A choke point of control and monitoring.
Interconnects networks with differing trust.
Imposes restrictions on network services.
only authorized traffic is allowed.
Auditing and controlling access.
can implement alarms for abnormal behavior.
Itself immune to penetration.
Provides perimeter defence.
16. Intrusion Detection System
An intrusion detection system (IDS) is a device
or software application that monitors network or
system activities for malicious activities or policy
violations and produces reports to a management
station. Some systems may attempt to stop an
intrusion attempt but this is neither required nor
expected of a monitoring system.
Host IDS.
Network IDS.
17. Access Control
Access Control – ability to permit or deny the use
of an object by a subject.
It provides 3 essential services (known as AAA):
- Authentication.(who can login)
- Authorization.(what authorized user can do)
- Accountability.(identifies what a user did)
18. Cryptography
Has evolved into a complex science in the field of
information security.
Encryption – process of transforming plaintext to
ciphertext using a cryptographic key.
Symmetric key cryptography.
- DES, 3DES, AES, etc.
Asymmetric key cryptography.
- RSA, Diffie-Hellman, etc.
20. Public key Infrastructure
Combines public key cryptography and digital
signatures to ensure confidentiality, integrity,
authentication, non-repudiation and access
control.
Digital Certificate – basic element of PKI; secure
credential that identifies the owner.
Basic Components:- Certificate Authority.
- Registry Authority.
- Repository.
- Archives.
22. IPSec
Provides Layer 3 Security.
Tunnel or Transport mode.
- Tunnel mode(entire IP packet is encrypted)
- Transport mode (IPSec header is inserted into
the packet)
Combine different components:
- Security associations, Authentication headers
(AH), Encapsulating security payload (ESP),
Internet Key Exchange (IKE).
23. Security Management
Loss Prevention.
Loss prevention focuses on what your critical assets
are and how you are going to protect them.
Security risk management.
Management of security risks applies the principles of
risk management to the management of security
threats.
Risk options.
Risk avoidance.
Risk reduction.
Risk spreading.
Risk transfer.
Risk acceptance.
24. Whois Database
Public network Management Database.
Tracks network Resources.
- IP addresses, ASN, reverse routing.
Records administrative info.
- Contacts(person/role), authorization(maintainer)
All members must register their resources in the
Whois database.
Must keep records up to date at all times.