1 / 21

Network Security

Network Security. Ola Flygt Växjö University http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Outline. Attacks, services and mechanisms Security attacks Security services Methods of Defence Models for Internetwork Security Internet standards and RFCs. Security.

alfreda-reynolds
Télécharger la présentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Ola Flygt Växjö University http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49

  2. Outline • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defence • Models for Internetwork Security • Internet standards and RFCs

  3. Security • “When we know our surroundings and have tools to protect ourselves, we can feel more secure.” • “It makes me feel secure to be around my dog. He will always warn me if something is wrong.” • “Knowing someone is looking out for me is what security means to me.” • “If we did not have security, our world would be a very bad place.” (“What Security Means To Me” essays at www.panasonic.com/security.)

  4. Information Security

  5. The Security Landscape • IT realm • Physical realm • Airport • Food security, etc. • Political realm • International etc. • Monetary realm • Financial, etc.

  6. The IT Security Landscape • Computing security • Data security • Application security • Information security • Network security

  7. Attacks, Services and Mechanisms • Security Attack:Any action that compromises the security of information. • Security Service:A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.

  8. Security Attacks

  9. Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity

  10. Security Goals Confidentiality Integrity Availability

  11. Threats and Attacks • Threat: A potential for violation of security, which exists when there is a circumstance, capability,action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. • Attack: An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.

  12. Security Services (X.800) • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (you can not deny sending or receiving some information) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) • Denial of Service Attacks • Virus that deletes files

  13. Security Service vs Attack

  14. Security Mechanisms (X.800) • Encipherment • Digital Signature • Access Control • Authentication Exchange • Traffic Padding And more…..

  15. Service vs Mechanisms

  16. Methods of Defence • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smartcard) • Policies (frequent changes of passwords) • Physical Controls

  17. Internet standards and RFCs • The Internet society • Internet Architecture Board (IAB) • Internet Engineering Task Force (IETF) • Internet Engineering Steering Group (IESG)

  18. Internet RFC Publication Process

More Related