SlideShare une entreprise Scribd logo

Network Security 1st Lecture

Télécharger en tant que PPT, PDF
babak danyal
babak danyal

This document provides information about a network security course, including the instructor's contact details, course schedule, grading policy, reference materials, expectations, and course contents. The course will cover topics such as cryptography, network security applications, system security, and intrusion detection. Students will learn about network security principles, cryptography, authentication and encryption techniques, and security practices and applications.

Technologie
1  sur  48
Network Security Tariq Ahmed Dr. A. Q. Khan Institute of Information Technology and Computer sciences(KICSIT) mrbokhari2000@yahoo.com  
• Instructor: - Tariq Ahmed • Tel: 051 9285342 • Email: mrbokhari2000@yahoo.com Course Staff
• Lectures - Wednesday: 4:00 - 7:00 p.m. • Assignments - • Quizes - • Midterm exam - • Final exam -   Course Schedule
• Assignments 10% – Late assignments are not accepted • Quizes 10% • Midterm exam 20% • Final exam 60% Grading Policy
Academic Honesty • Your work in this class must be your own • If students are found to have collaborated excessively or to have cheated (e.g. by copying or sharing answers during an examination), all involved will at a minimum receive grades of 0 for the first infraction • Further infractions will result in failure in the course.
Course Material Reference books – No single textbook covers the whole course! • Lot of research papers! – Many will be made available • RFCs and Internet drafts – Related to Network security protocols • Web resources – Tutorials, white papers, reports, etc.
Course Information • Pre-requisites – Computer Networks course • You are assumed to have good knowledge of TCP/IP protocol suite – Operating Systems – Basic understanding of programming languages
Course Contents • Introduction to network security • I. CRYPTOGRAPHY – Symmetric Encryption and Message Confidentiality – Public-Key Cryptography and Message Authentication • II. NETWORK SECURITY APPLICATIONS – Authentication Applications (Kerberos, X.509) – Electronic Mail Security (PGP, S/MIME) – IP Security (IPSec, AH, ESP, IKE) – Web Security (SSL, TLS, SET) – Network Management Security (SNMP)
Course Contents • III. SYSTEM SECURITY – Intruders and intrusion detection – Malicious Software (viruses) – Firewalls and trusted systems – Operating System Security
Textbooks • One of the following three books is required for this course: • William Stallings, Network Security Essentials • William Stallings, Cryptography and Network Security: Principles and Practice
Textbooks • Ed Skoudis, Counter Hack: A Step by Step Guide to Computer Attacks and Defenses
Expectations What do you want (or expect) to learn from this class ?
Expectations • This class IS about … – Network security principles and concepts – Cryptography, its use, principles and major algorithms – Message authentication and encryption techniques – Security of network “system” – Operating system security – Security practices and applications
Expectations • This class IS NOT about … – Survey of existing protocol standards – Survey of loopholes in current protocols – How to hack the network of KICSIT! – Tools and tips to breach Internet security – How you can become a good hacker …
Expectations We will learn Why and How networks are made secure
Outline • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs
Background • Information Security requirements have changed in recent times • Traditionally provided by physical and administrative mechanisms • Computer use requires automated tools to protect files and other stored information • Use of networks and communications links requires measures to protect data during transmission
Definitions • Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers • Network Security - measures to protect data during their transmission • Internet Security - measures to protect data during their transmission over a collection of interconnected networks
Aim of this Course • Our focus is on internet security • Consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information • Requirements seem straightforward, but the mechanisms used to meet them can be quite complex …
Services, Mechanisms, Attacks • Need systematic way to define requirements • Consider three aspects of information security: – security attack – security mechanism – security service • Consider in reverse order
Security Service • Is something that enhances the security of the data processing systems and the information transfers of an organization • Intended to counter security attacks • Make use of one or more security mechanisms to provide the service • Replicate functions normally associated with physical documents e.g. – have signatures or dates – need protection from disclosure, tampering, or destruction – be notarized or witnessed – be recorded or licensed
Security Mechanism • A mechanism that is designed to detect, prevent, or recover from a security attack • No single mechanism that will support all functions required • However one particular element underlies many of the security mechanisms in use: cryptographic techniques • Hence our focus is on this area
Security Attack • Any action that compromises the security of information owned by an organization • Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems • Have a wide range of attacks • Can focus on generic types of attacks – Note: often threat & attack mean same
Security Attacks
Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity
Security Goals
Summary: Attacks, Services and Mechanisms • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms
OSI Security Architecture • ITU-T X.800 Security Architecture for OSI • Defines a systematic way of defining and providing security requirements • For us it provides a useful, if abstract, overview of concepts we will study
Security Services • X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers • RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources
Security Services (X.800) • X.800 defines security services in 5 major categories – Authentication - assurance that the communicating entity is the one claimed – Access Control - prevention of the unauthorized use of a resource – Data Confidentiality –protection of data from unauthorized disclosure – Data Integrity - assurance that data received is as sent by an authorized entity – Non-Repudiation - protection against denial by one of the parties in a communication
Security Services • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files
Security Mechanisms (X.800) • Specific security mechanisms: – Encipherment: Converting data into form that is not readable – Digital signatures: To check authenticity and integrity of data – Access controls: Enforcing access rights to resources – Data integrity – Authentication exchange – Traffic padding: Insertion of bits to frustrate traffic analysis – Routing control: Selection of secure routes – Notarization: Use of trusted third party for data exchange
Security Mechanisms (X.800) • Pervasive security mechanisms: – trusted functionality: percieved to be correct with respect to some criteria – security labels: – event detection: detection of security relevant events – security audit trails: – security recovery:
Classify Security Attacks as • Passive attacks - eavesdropping on, or monitoring of, transmissions to: – obtain message contents, or – monitor traffic flows • Active attacks – modification of data stream to: – masquerade of one entity as some other – replay previous messages – modify messages in transit – denial of service
Passive Attacks: Release of Message Contents
Passive Attacks: Traffic Analysis
Active Attacks: Masquerade
Active Attacks: Replay
Active Attacks: Modification of Messages
Active Attacks: Denial of Service
Model for Network Security
Model for Network Security • Using this model requires us to: – design a suitable algorithm for the security transformation – generate the secret information (keys) used by the algorithm – develop methods to distribute and share the secret information – specify a protocol enabling the principals to use the transformation and secret information for a security service
Model for Network Access Security
Model for Network Access Security • Using this model requires us to: – select appropriate gatekeeper functions to identify users – implement security controls to ensure only authorised users access designated information or resources • Trusted computer systems can be used to implement this model
Methods of Defense • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smartcard) • Policies (frequent changes of passwords) • Physical Controls
Internet standards and RFCs • The Internet society – Internet Architecture Board (IAB) – Internet Engineering Task Force (IETF) – Internet Engineering Steering Group (IESG)
Summary • Have considered: – computer, network, internet security def’s – security services, mechanisms, attacks – X.800 standard – models for network (access) security

Recommandé

CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
Web security
Web securityWeb security
Web security
Subhash Basistha
 
Security models
Security models Security models
Security models
LJ PROJECTS
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 Presentation
Amy McMullin
 
Web security
Web securityWeb security
Web security
Muhammad Usman
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...
Edureka!
 

Recommandé

CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
Web security
Web securityWeb security
Web security
Subhash Basistha
 
Security models
Security models Security models
Security models
LJ PROJECTS
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 Presentation
Amy McMullin
 
Web security
Web securityWeb security
Web security
Muhammad Usman
 
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...
Edureka!
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
Abou Bakr Ashraf
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
Zaheer720515
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
SECURITY SERVICES
SECURITY SERVICESSECURITY SERVICES
SECURITY SERVICES
SHUBHA CHATURVEDI
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
vimal kumar
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
vasanthimuniasamy
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
Broken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptxBroken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptx
Manahari Darshika Pemarathna
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
DrBasemMohamedElomda
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
 
Cryptography
CryptographyCryptography
Cryptography
Suhepi Saputri
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
srivijaymanickam
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
university of education,Lahore
 

Contenu connexe

Tendances

Tendances (20)

Network attacks
Network attacksNetwork attacks
Network attacks
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Web security
Web securityWeb security
Web security
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
SECURITY SERVICES
SECURITY SERVICESSECURITY SERVICES
SECURITY SERVICES
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Network security
Network securityNetwork security
Network security
 
Cia security model
Cia security modelCia security model
Cia security model
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Broken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptxBroken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptx
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
 
Cryptography
CryptographyCryptography
Cryptography
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 

En vedette

02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network security
Joe McCarthy
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard)
Sina Manavi
 

En vedette (17)

Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network security
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption Standard
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Security
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Network Attacks
Network AttacksNetwork Attacks
Network Attacks
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard)
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)
 
Network security
Network securityNetwork security
Network security
 

Similaire à Network Security 1st Lecture

dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
AparnaSunil24
 

Similaire à Network Security 1st Lecture (20)

dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
Ch01
Ch01Ch01
Ch01
 
Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptx
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.ppt
 
computer architecture.ppt
computer architecture.pptcomputer architecture.ppt
computer architecture.ppt
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.ppt
 
CNS Unit-I_final.ppt
CNS Unit-I_final.pptCNS Unit-I_final.ppt
CNS Unit-I_final.ppt
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
 
network security for ece cse it students
network security for ece cse it studentsnetwork security for ece cse it students
network security for ece cse it students
 
Security Model
Security ModelSecurity Model
Security Model
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
Security chapter6
Security chapter6Security chapter6
Security chapter6
 
NETWORK SECURITY
NETWORK SECURITY NETWORK SECURITY
NETWORK SECURITY
 
CyberSecurity101.pdf
CyberSecurity101.pdfCyberSecurity101.pdf
CyberSecurity101.pdf
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
 
Security fundamentals
Security fundamentalsSecurity fundamentals
Security fundamentals
 

Plus de babak danyal

Lecture1 Intro To Signa
Lecture1 Intro To SignaLecture1 Intro To Signa
Lecture1 Intro To Signa
babak danyal
 
Problems at independence
Problems at independenceProblems at independence
Problems at independence
babak danyal
 

Plus de babak danyal (20)

applist
applistapplist
applist
 
Easy Steps to implement UDP Server and Client Sockets
Easy Steps to implement UDP Server and Client SocketsEasy Steps to implement UDP Server and Client Sockets
Easy Steps to implement UDP Server and Client Sockets
 
Java IO Package and Streams
Java IO Package and StreamsJava IO Package and Streams
Java IO Package and Streams
 
Swing and Graphical User Interface in Java
Swing and Graphical User Interface in JavaSwing and Graphical User Interface in Java
Swing and Graphical User Interface in Java
 
Tcp sockets
Tcp socketsTcp sockets
Tcp sockets
 
block ciphers and the des
block ciphers and the desblock ciphers and the des
block ciphers and the des
 
key distribution in network security
key distribution in network securitykey distribution in network security
key distribution in network security
 
Lecture10 Signal and Systems
Lecture10 Signal and SystemsLecture10 Signal and Systems
Lecture10 Signal and Systems
 
Lecture8 Signal and Systems
Lecture8 Signal and SystemsLecture8 Signal and Systems
Lecture8 Signal and Systems
 
Lecture7 Signal and Systems
Lecture7 Signal and SystemsLecture7 Signal and Systems
Lecture7 Signal and Systems
 
Lecture6 Signal and Systems
Lecture6 Signal and SystemsLecture6 Signal and Systems
Lecture6 Signal and Systems
 
Lecture5 Signal and Systems
Lecture5 Signal and SystemsLecture5 Signal and Systems
Lecture5 Signal and Systems
 
Lecture4 Signal and Systems
Lecture4 Signal and SystemsLecture4 Signal and Systems
Lecture4 Signal and Systems
 
Lecture3 Signal and Systems
Lecture3 Signal and SystemsLecture3 Signal and Systems
Lecture3 Signal and Systems
 
Lecture2 Signal and Systems
Lecture2 Signal and SystemsLecture2 Signal and Systems
Lecture2 Signal and Systems
 
Lecture1 Intro To Signa
Lecture1 Intro To SignaLecture1 Intro To Signa
Lecture1 Intro To Signa
 
Lecture9 Signal and Systems
Lecture9 Signal and SystemsLecture9 Signal and Systems
Lecture9 Signal and Systems
 
Lecture9
Lecture9Lecture9
Lecture9
 
Cns 13f-lec03- Classical Encryption Techniques
Cns 13f-lec03- Classical Encryption TechniquesCns 13f-lec03- Classical Encryption Techniques
Cns 13f-lec03- Classical Encryption Techniques
 
Problems at independence
Problems at independenceProblems at independence
Problems at independence
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Dernier (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Network Security 1st Lecture

  • 1. Network Security Tariq Ahmed Dr. A. Q. Khan Institute of Information Technology and Computer sciences(KICSIT) mrbokhari2000@yahoo.com  
  • 2. • Instructor: - Tariq Ahmed • Tel: 051 9285342 • Email: mrbokhari2000@yahoo.com Course Staff
  • 3. • Lectures - Wednesday: 4:00 - 7:00 p.m. • Assignments - • Quizes - • Midterm exam - • Final exam -   Course Schedule
  • 4. • Assignments 10% – Late assignments are not accepted • Quizes 10% • Midterm exam 20% • Final exam 60% Grading Policy
  • 5. Academic Honesty • Your work in this class must be your own • If students are found to have collaborated excessively or to have cheated (e.g. by copying or sharing answers during an examination), all involved will at a minimum receive grades of 0 for the first infraction • Further infractions will result in failure in the course.
  • 6. Course Material Reference books – No single textbook covers the whole course! • Lot of research papers! – Many will be made available • RFCs and Internet drafts – Related to Network security protocols • Web resources – Tutorials, white papers, reports, etc.
  • 7. Course Information • Pre-requisites – Computer Networks course • You are assumed to have good knowledge of TCP/IP protocol suite – Operating Systems – Basic understanding of programming languages
  • 8. Course Contents • Introduction to network security • I. CRYPTOGRAPHY – Symmetric Encryption and Message Confidentiality – Public-Key Cryptography and Message Authentication • II. NETWORK SECURITY APPLICATIONS – Authentication Applications (Kerberos, X.509) – Electronic Mail Security (PGP, S/MIME) – IP Security (IPSec, AH, ESP, IKE) – Web Security (SSL, TLS, SET) – Network Management Security (SNMP)
  • 9. Course Contents • III. SYSTEM SECURITY – Intruders and intrusion detection – Malicious Software (viruses) – Firewalls and trusted systems – Operating System Security
  • 10. Textbooks • One of the following three books is required for this course: • William Stallings, Network Security Essentials • William Stallings, Cryptography and Network Security: Principles and Practice
  • 11. Textbooks • Ed Skoudis, Counter Hack: A Step by Step Guide to Computer Attacks and Defenses
  • 12. Expectations What do you want (or expect) to learn from this class ?
  • 13. Expectations • This class IS about … – Network security principles and concepts – Cryptography, its use, principles and major algorithms – Message authentication and encryption techniques – Security of network “system” – Operating system security – Security practices and applications
  • 14. Expectations • This class IS NOT about … – Survey of existing protocol standards – Survey of loopholes in current protocols – How to hack the network of KICSIT! – Tools and tips to breach Internet security – How you can become a good hacker …
  • 15. Expectations We will learn Why and How networks are made secure
  • 16. Outline • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs
  • 17. Background • Information Security requirements have changed in recent times • Traditionally provided by physical and administrative mechanisms • Computer use requires automated tools to protect files and other stored information • Use of networks and communications links requires measures to protect data during transmission
  • 18. Definitions • Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers • Network Security - measures to protect data during their transmission • Internet Security - measures to protect data during their transmission over a collection of interconnected networks
  • 19. Aim of this Course • Our focus is on internet security • Consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information • Requirements seem straightforward, but the mechanisms used to meet them can be quite complex …
  • 20. Services, Mechanisms, Attacks • Need systematic way to define requirements • Consider three aspects of information security: – security attack – security mechanism – security service • Consider in reverse order
  • 21. Security Service • Is something that enhances the security of the data processing systems and the information transfers of an organization • Intended to counter security attacks • Make use of one or more security mechanisms to provide the service • Replicate functions normally associated with physical documents e.g. – have signatures or dates – need protection from disclosure, tampering, or destruction – be notarized or witnessed – be recorded or licensed
  • 22. Security Mechanism • A mechanism that is designed to detect, prevent, or recover from a security attack • No single mechanism that will support all functions required • However one particular element underlies many of the security mechanisms in use: cryptographic techniques • Hence our focus is on this area
  • 23. Security Attack • Any action that compromises the security of information owned by an organization • Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems • Have a wide range of attacks • Can focus on generic types of attacks – Note: often threat & attack mean same
  • 25. Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity
  • 27. Summary: Attacks, Services and Mechanisms • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms
  • 28. OSI Security Architecture • ITU-T X.800 Security Architecture for OSI • Defines a systematic way of defining and providing security requirements • For us it provides a useful, if abstract, overview of concepts we will study
  • 29. Security Services • X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers • RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources
  • 30. Security Services (X.800) • X.800 defines security services in 5 major categories – Authentication - assurance that the communicating entity is the one claimed – Access Control - prevention of the unauthorized use of a resource – Data Confidentiality –protection of data from unauthorized disclosure – Data Integrity - assurance that data received is as sent by an authorized entity – Non-Repudiation - protection against denial by one of the parties in a communication
  • 31. Security Services • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files
  • 32. Security Mechanisms (X.800) • Specific security mechanisms: – Encipherment: Converting data into form that is not readable – Digital signatures: To check authenticity and integrity of data – Access controls: Enforcing access rights to resources – Data integrity – Authentication exchange – Traffic padding: Insertion of bits to frustrate traffic analysis – Routing control: Selection of secure routes – Notarization: Use of trusted third party for data exchange
  • 33. Security Mechanisms (X.800) • Pervasive security mechanisms: – trusted functionality: percieved to be correct with respect to some criteria – security labels: – event detection: detection of security relevant events – security audit trails: – security recovery:
  • 34. Classify Security Attacks as • Passive attacks - eavesdropping on, or monitoring of, transmissions to: – obtain message contents, or – monitor traffic flows • Active attacks – modification of data stream to: – masquerade of one entity as some other – replay previous messages – modify messages in transit – denial of service
  • 35. Passive Attacks: Release of Message Contents
  • 41.
  • 42. Model for Network Security
  • 43. Model for Network Security • Using this model requires us to: – design a suitable algorithm for the security transformation – generate the secret information (keys) used by the algorithm – develop methods to distribute and share the secret information – specify a protocol enabling the principals to use the transformation and secret information for a security service
  • 44. Model for Network Access Security
  • 45. Model for Network Access Security • Using this model requires us to: – select appropriate gatekeeper functions to identify users – implement security controls to ensure only authorised users access designated information or resources • Trusted computer systems can be used to implement this model
  • 46. Methods of Defense • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smartcard) • Policies (frequent changes of passwords) • Physical Controls
  • 47. Internet standards and RFCs • The Internet society – Internet Architecture Board (IAB) – Internet Engineering Task Force (IETF) – Internet Engineering Steering Group (IESG)
  • 48. Summary • Have considered: – computer, network, internet security def’s – security services, mechanisms, attacks – X.800 standard – models for network (access) security