1 / 32

Network Security Introduction

Network Security Introduction. William Stallings. Index. Definitions. information security Security of your information or data computer security Protect data in local time-shared computers network security protect data during their transmission. THE OSI Security Architecture.

yadid
Télécharger la présentation

Network Security Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network SecurityIntroduction William Stallings Network Security

  2. Index Network Security

  3. Definitions • information security • Security of your information or data • computer security • Protect data in local time-shared computers • network security • protect data during their transmission Network Security

  4. THE OSI Security Architecture • ITU-T2 Recommendation X.800, Security Architecture for OSI • Security attack: • Any action compromises security of information owned by an organization. • Security mechanism: • A mechanism that is designed to detect, prevent, or recover from a security attack. . • Security service: • A service that enhances the security of the data processing systems and the information transfers of an organization. • they make use of one or more security mechanisms Network Security

  5. THE OSI Security Architecture • Vulnerability نقطه ضعف امنیتی • Threat تهدید امنیتی • Attack حمله Network Security

  6. Security Attacks • passive attacks • attempts to learn or make use of information from the system but does not affect system resources. • active attacks • attempts to alter system resources or affect their operation Network Security

  7. Security AttacksPassive Attacks • release of message contents • Listening to telephone conversation, sniffing file transferring • Traffic analysis • Traffics are encrypted , but guess content of message based on identity of peers , frequency of messages or length of messages • Passive attacks are very difficult to detect • However, it is feasible to prevent the success of these attacks, usually by means of encryption Network Security

  8. Security AttacksPassive Attacks Network Security

  9. Security AttacksPassive Attacks Network Security

  10. Security AttacksActive Attacks • Masquerade • one entity pretends to be a different entity to escalate privileges • Replay • passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect • Modification of messages • some portion of a Legitimate message is altered • messages are delayed or reordered, to produce an unauthorized effect • denial of service • prevents or inhibits the normal use of a service in specific target or communications facilities usually through overloading • Active attacks are very difficult to Prevent • However, it is feasible to Detect the success of these attacks, usually by means of Monitoring Network Security

  11. Security AttacksActive Attacks Network Security

  12. Security AttacksActive Attacks Network Security

  13. Security AttacksActive Attacks Network Security

  14. Security AttacksActive Attacks Network Security

  15. Security Services • Authentication • Peer entity authentication • Data origin authentication • Access Control • Data Confidentiality • Data Integrity • Non repudiation • Availability Service Network Security

  16. Security ServicesAuthentication • Peer entity authentication: • Authenticate identity of a peer entity • at the establishment of a connection • at times during the data transfer • Applicable in connection-oriented services • Prevent masquerade and unauthorized replay • Data origin authentication: • Authenticate the source of a data unit • Applicable in connection-less services like email • does not provide protection against duplication or modification of data units Network Security

  17. Security ServicesAccess Control • control the access to host systems and applications via communications links • Access is based on Authentication Network Security

  18. Security Services Data Confidentiality • protection of transmitted data from passive attacks • Protection of service messages • protection of traffic flow from analysis • Attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic Network Security

  19. Security Services Data Confidentiality Network Security

  20. Security Services Data Integrity • connection-oriented integrity service: • assures that messages are received as sent, with no duplication, insertion, modification, reordering, or replays • addresses both message stream modification and denial of service • a connectionless integrity service: • provides protection against message modification only Network Security

  21. Security Services Data Integrity Network Security

  22. Security Services Nonrepudiation • prevents either sender or receiver from denying a transmitted message. • receiver can prove that alleged sender sent the message (source Nonrepudation) • sender can prove that alleged receiver received the message (destination Nonrepudation) Network Security

  23. Security Services Availability Service • system is available if it provides services according to the system design whenever users request them • addresses the security concerns raised by denial-of-service attacks Network Security

  24. Attacks and Security Services Network Security

  25. Security MechanismIncorporated in protocol layer Network Security

  26. Security Mechanismnot specific to any protocol layer Network Security

  27. Security Mechanism and Services Network Security

  28. Security Models • Network Security Model (Part2 of the Book) • Confidentiality, Authentication, Data Integrity, Nonrepudation, Avavilability Services • Network Access Security Model (Part3 of the Book) • Access Control Service • Information access threats • Service threats Network Security

  29. Network Security Model Encrypted and signed message is transfered Network Security

  30. Network Security Model 1. security-related algorithm (encryption, Authentication and integrity) 2. secret information used with the algorithm 3. methods for distribution of secret information 4. protocol to be used by the two principals (parties) , makes use of the security algorithm and the secret information to achieve a particular security service Network Security

  31. Network Access Security Model Network Security

  32. Network Access Security Model • Gatekeeper Function • password-based login and Resource Access • detect and reject worms, viruses, and other similar attacks. • Internal controls • monitor activity and analyze stored information in an attempt to detect the presence of unwanted intruders Network Security

More Related