SlideShare une entreprise Scribd logo

Network security chapter 1

O
osama elfar

my slides presented in the faculty of science - portsaid university

Technologie
1  sur  20
Télécharger pour lire hors ligne
cryptography and network security Chapter : 1 Prepared by: Osama Elfar Supervisored by: Dr-Noha Ezzat Portsaid university Faculty of science Math, I.T & computer science dpet
Learning Objectives After studying this chapter, you should be able to: -Describe the key security requirements of confidentiality, integrity, and availability. -Discuss the types of security threats and attacks that must be dealt with and give examples of the types of threats and attacks that apply to different categories of computer and network assets. -Summarize the functional requirements for computer security. -Describe the X.800 security architecture for OSI.
Cryptographic algorithms and protocols can be grouped into four main areas: • Symmetric encryption: Used to conceal the contents of blocks or streams of data of any size, including messages, files, encryption keys, and passwords. • Asymmetric encryption: Used to conceal small blocks of data, such as encryp- tion keys and hash function values, which are used in digital signatures. • Data integrity algorithms: Used to protect blocks of data, such as messages, from alteration. • Authentication protocols: These are schemes based on the use of crypto- graphic algorithms designed to authenticate the identity of entities. Computer security concepts
Computer security concepts
• Confidentiality: This term covers two related concepts: Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. • Integrity: This term covers two related concepts: Data integrity: Assures that information and programs are changed only in a specified and authorized manner. System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. • Availability: Assures that systems work promptly and service is not denied to authorized users. CIA triad Computer security concepts
Computer security concepts But we have to add : • Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source. • Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudia- tion, deterrence, fault isolation, intrusion detection and prevention, and after- action recovery and legal action. Because truly secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.
Levers of attack impact on organizations Computer security concepts
The Challenges of Computer Security: First. Is it really a challenge ?? LulzSec Sony, News International, CIA, FBI, Scotland Yard, and several noteworthy accounts Adrian Lamo Yahoo!, Microsoft, Google, and The New York Times,many US government sectors Mathew Bevan and Richard Pryce US military computers and used it as a means to infiltrate the foreign systems Kevin Mitnick Nokia, Motorola and Pentagon Albert Gonzalez 170 million credit cards and ATM numbers. Computer security concepts
The Challenges of Computer Security: 1- Security is not as simple as it might first appear to the novice. But the mechanisms used to meet those requirements can be quite complex, and understanding them may involve rather subtle reasoning. 2- In many cases, successful attacks are designed by looking at the problem in a completely different way, therefore exploiting an unexpected weakness in the mechanism. 3-Because of point 2, the procedures used to provide particular services are often counterintuitive 4-Having designed various security mechanisms, it is necessary to decide where to use them. 5-Security mechanisms typically involve more than a particular algorithm or protocol. They also require that participants be in possession of some secret information (e.g., an encryption key), which raises questions about the creation, distribution, and protection of that secret information. 6-the attacker has is that he or she need only find a single weakness, while the designer must find and eliminate all weaknesses to achieve perfect security. 7-There is a natural tendency on the part of users and system managers 8- Security requires regular, even constant, monitoring 9- Security is still too often an afterthought to be incorporated into a system after the design is complete 10- Many users and even security administrators view strong security as an impedimeant to efficient and user- friendly operation of an information system or use of information. Computer security concepts
The OSI Security Architecture The OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined briefly as : • Security attack: Any action that compromises the security of information owned by an organization. • Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. • Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service. X.800, Security Architecture for OSI
Threats and Attacks (RFC 4949) Threat: A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. Attack: An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. Security attacks
Active vs passive attacks: Active attacks (Figure 1.1b) involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service. Security attacks
Active vs passive attacks: Passive attacks (Figure 1.1) are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis. Security attacks
Security services RFC 4949 ‘s definition : a processing or communication service that is provided by a system to give a specific kind of protection to system resources
AUTHENTICATION The assurance that the communicating entity is the one that it claims to be. Peer Entity Authentication - Data-Origin Authentication ACCESS CONTROL The prevention of unauthorized use of a resource DATA CONFIDENTIALITY The protection of data from unauthorized disclosure. Connection Confidentiality - Connection Confidentiality - Selective-Field Confidentiality - Traffic- Flow Confidentiality DATA INTEGRITY: The assurance that data receConnection Integrity with Recoveryived are exactly as sent by an authorized entity Connection Integrity with Recovery - Connection Integrity without Recovery - Selective-Field Connection Integrity - Connectionless Integrity - Selective-Field Connectionless Integrity NONREPUDIATION: Provides protection against denial by one of the entities involved in a communication Nonrepudiation, Origin - Nonrepudiation, Destination Security services
security mechanisms SPECIFIC SECURITY MECHANISMS May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services. - Encipherment:The use of mathematical algorithms to transform data into a form that is not readily intelligible. Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery . -Access Control: A variety of mechanisms that enforce access rights to resources. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. -Data Integrity:A variety of mechanisms used to assure the integrity of a data unit or stream of data units. -Authentication Exchange:A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. -Routing Control:Enables selection of particular physically secure routes for certain data and allows routing changes, Notarization: The use of a trusted third party to assure certain properties of a data exchange.
PERVASIVE SECURITY MECHANISMS Mechanisms that are not specific to any particular OSI security service or protocol layer Trusted Functionality:That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). Security Label:The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Event Detection: Detection of security-relevant events. Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. Security Recovery: Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions. security mechanisms
A model for Network security
Network security chapter 1

Recommandé

Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101rahat ali
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.pptImXaib
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 

Recommandé

Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101rahat ali
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.pptImXaib
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYJyothishmathi Institute of Technology and Science Karimnagar
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Cryptography
CryptographyCryptography
CryptographySuhepi Saputri
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4Kabul Education University
 
Network Security & Cryptography
Network Security & CryptographyNetwork Security & Cryptography
Network Security & CryptographyDr. Himanshu Gupta
 
Information security
Information security Information security
Information security razendar79
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 
Protection models
Protection modelsProtection models
Protection modelsG Prachi
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityshraddha mane
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityShafaan Khaliq Bhatti
 
ch01-4.ppt
ch01-4.pptch01-4.ppt
ch01-4.pptfaizalkhan673954
 
Nw sec
Nw secNw sec
Nw secshivz3
 

Contenu connexe

Tendances

Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
Network Security & Cryptography
Network Security & CryptographyNetwork Security & Cryptography
Network Security & CryptographyDr. Himanshu Gupta
 
Information security
Information security Information security
Information security razendar79
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 
Protection models
Protection modelsProtection models
Protection modelsG Prachi
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityshraddha mane
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityShafaan Khaliq Bhatti
 

Tendances (20)

Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Cryptography
CryptographyCryptography
Cryptography
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
 
Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4
 
Network Security & Cryptography
Network Security & CryptographyNetwork Security & Cryptography
Network Security & Cryptography
 
Information security
Information security Information security
Information security
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
 
Protection models
Protection modelsProtection models
Protection models
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
 

Similaire à Network security chapter 1

Nw sec
Nw secNw sec
Nw secshivz3
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityAparnaSunil24
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptxRavikumarVadana
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Cryptography and Network Security_Chapter 1.ppt
Cryptography and Network Security_Chapter 1.pptCryptography and Network Security_Chapter 1.ppt
Cryptography and Network Security_Chapter 1.pptshanthishyam
 
osi-security-architectureppt.pptx
osi-security-architectureppt.pptxosi-security-architectureppt.pptx
osi-security-architectureppt.pptxkumarkaushal17
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1Temesgen Berhanu
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfVishwanathMahalle
 
I MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxI MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxArumugam90
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...NISHASOMSCS113
 
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.ppttahirnaquash2
 

Similaire à Network security chapter 1 (20)

ch01-4.ppt
ch01-4.pptch01-4.ppt
ch01-4.ppt
 
Nw sec
Nw secNw sec
Nw sec
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
 
CH01.ppt
CH01.pptCH01.ppt
CH01.ppt
 
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdf
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptx
 
Ch01
Ch01Ch01
Ch01
 
cns unit 1.pptx
cns unit 1.pptxcns unit 1.pptx
cns unit 1.pptx
 
Ch01
Ch01Ch01
Ch01
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
 
Cryptography and Network Security_Chapter 1.ppt
Cryptography and Network Security_Chapter 1.pptCryptography and Network Security_Chapter 1.ppt
Cryptography and Network Security_Chapter 1.ppt
 
osi-security-architectureppt.pptx
osi-security-architectureppt.pptxosi-security-architectureppt.pptx
osi-security-architectureppt.pptx
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
I MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptxI MSc CS CNS Day 1.pptx
I MSc CS CNS Day 1.pptx
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
 
Unit 1.ppt
Unit 1.pptUnit 1.ppt
Unit 1.ppt
 
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.pptIntro-2013.ppt
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
 
Unit-1.pptx
Unit-1.pptxUnit-1.pptx
Unit-1.pptx
 

Dernier

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 

Dernier (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

Network security chapter 1

  • 1. cryptography and network security Chapter : 1 Prepared by: Osama Elfar Supervisored by: Dr-Noha Ezzat Portsaid university Faculty of science Math, I.T & computer science dpet
  • 2. Learning Objectives After studying this chapter, you should be able to: -Describe the key security requirements of confidentiality, integrity, and availability. -Discuss the types of security threats and attacks that must be dealt with and give examples of the types of threats and attacks that apply to different categories of computer and network assets. -Summarize the functional requirements for computer security. -Describe the X.800 security architecture for OSI.
  • 3. Cryptographic algorithms and protocols can be grouped into four main areas: • Symmetric encryption: Used to conceal the contents of blocks or streams of data of any size, including messages, files, encryption keys, and passwords. • Asymmetric encryption: Used to conceal small blocks of data, such as encryp- tion keys and hash function values, which are used in digital signatures. • Data integrity algorithms: Used to protect blocks of data, such as messages, from alteration. • Authentication protocols: These are schemes based on the use of crypto- graphic algorithms designed to authenticate the identity of entities. Computer security concepts
  • 5. • Confidentiality: This term covers two related concepts: Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. • Integrity: This term covers two related concepts: Data integrity: Assures that information and programs are changed only in a specified and authorized manner. System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. • Availability: Assures that systems work promptly and service is not denied to authorized users. CIA triad Computer security concepts
  • 6. Computer security concepts But we have to add : • Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source. • Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudia- tion, deterrence, fault isolation, intrusion detection and prevention, and after- action recovery and legal action. Because truly secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.
  • 7. Levers of attack impact on organizations Computer security concepts
  • 8. The Challenges of Computer Security: First. Is it really a challenge ?? LulzSec Sony, News International, CIA, FBI, Scotland Yard, and several noteworthy accounts Adrian Lamo Yahoo!, Microsoft, Google, and The New York Times,many US government sectors Mathew Bevan and Richard Pryce US military computers and used it as a means to infiltrate the foreign systems Kevin Mitnick Nokia, Motorola and Pentagon Albert Gonzalez 170 million credit cards and ATM numbers. Computer security concepts
  • 9. The Challenges of Computer Security: 1- Security is not as simple as it might first appear to the novice. But the mechanisms used to meet those requirements can be quite complex, and understanding them may involve rather subtle reasoning. 2- In many cases, successful attacks are designed by looking at the problem in a completely different way, therefore exploiting an unexpected weakness in the mechanism. 3-Because of point 2, the procedures used to provide particular services are often counterintuitive 4-Having designed various security mechanisms, it is necessary to decide where to use them. 5-Security mechanisms typically involve more than a particular algorithm or protocol. They also require that participants be in possession of some secret information (e.g., an encryption key), which raises questions about the creation, distribution, and protection of that secret information. 6-the attacker has is that he or she need only find a single weakness, while the designer must find and eliminate all weaknesses to achieve perfect security. 7-There is a natural tendency on the part of users and system managers 8- Security requires regular, even constant, monitoring 9- Security is still too often an afterthought to be incorporated into a system after the design is complete 10- Many users and even security administrators view strong security as an impedimeant to efficient and user- friendly operation of an information system or use of information. Computer security concepts
  • 10. The OSI Security Architecture The OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined briefly as : • Security attack: Any action that compromises the security of information owned by an organization. • Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. • Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service. X.800, Security Architecture for OSI
  • 11. Threats and Attacks (RFC 4949) Threat: A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. Attack: An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. Security attacks
  • 12. Active vs passive attacks: Active attacks (Figure 1.1b) involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service. Security attacks
  • 13. Active vs passive attacks: Passive attacks (Figure 1.1) are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis. Security attacks
  • 14. Security services RFC 4949 ‘s definition : a processing or communication service that is provided by a system to give a specific kind of protection to system resources
  • 15. AUTHENTICATION The assurance that the communicating entity is the one that it claims to be. Peer Entity Authentication - Data-Origin Authentication ACCESS CONTROL The prevention of unauthorized use of a resource DATA CONFIDENTIALITY The protection of data from unauthorized disclosure. Connection Confidentiality - Connection Confidentiality - Selective-Field Confidentiality - Traffic- Flow Confidentiality DATA INTEGRITY: The assurance that data receConnection Integrity with Recoveryived are exactly as sent by an authorized entity Connection Integrity with Recovery - Connection Integrity without Recovery - Selective-Field Connection Integrity - Connectionless Integrity - Selective-Field Connectionless Integrity NONREPUDIATION: Provides protection against denial by one of the entities involved in a communication Nonrepudiation, Origin - Nonrepudiation, Destination Security services
  • 16. security mechanisms SPECIFIC SECURITY MECHANISMS May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services. - Encipherment:The use of mathematical algorithms to transform data into a form that is not readily intelligible. Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery . -Access Control: A variety of mechanisms that enforce access rights to resources. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. -Data Integrity:A variety of mechanisms used to assure the integrity of a data unit or stream of data units. -Authentication Exchange:A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. -Routing Control:Enables selection of particular physically secure routes for certain data and allows routing changes, Notarization: The use of a trusted third party to assure certain properties of a data exchange.
  • 17. PERVASIVE SECURITY MECHANISMS Mechanisms that are not specific to any particular OSI security service or protocol layer Trusted Functionality:That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). Security Label:The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Event Detection: Detection of security-relevant events. Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. Security Recovery: Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions. security mechanisms
  • 18.
  • 19. A model for Network security