1 / 28

CPE 5002 Network security

CPE 5002 Network security. Look at the surroundings before you leap. Lecturers. Prof B Srinivasan – 990 32333, C4.47 srini@monash.edu.au Mr Pravin Shetty – 990 31945, B3.35 parvin.shetty@csse.monash.edu.au Guest Lecturers – Dr Le and Mr C Wilson. Topics.

herb
Download Presentation

CPE 5002 Network security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CPE 5002 Network security

  2. Look at the surroundings before you leap

  3. Lecturers • Prof B Srinivasan – 990 32333, C4.47 srini@monash.edu.au • Mr Pravin Shetty – 990 31945, B3.35 parvin.shetty@csse.monash.edu.au • Guest Lecturers – Dr Le and Mr C Wilson

  4. Topics • Basic principles (Access Control /Authentication/Models of threat & Practical Countermeasures). • Security issues over LANS & WANS[Earlier Models & Current Solutions]. • Public key encryptions/ PKI/Digital signatures/Kerberos • Unix security [Internet=TCP/IP Security—VPNs/Firewalls. • Intrusion detection systems. • Security in E-Commerce and banking, Including WWW, EDI , EFT,ATM.

  5. Rules of the game (1) • 11 weeks of lectures • Assignment – written and a presentation of 15-20 mts • Weightage: 40% • Presentation: during weeks 12 and 13 • Examination: • Week 14, • Weightage: 60% • Assignment presentation topics are included in the examination assessment.

  6. Rules of the game (2) • References: • Computer Security—Dieter Gollman • Network and Internetwork Security---William Stallings. • Open Systems Networking—David M Piscitello/ A Lyman Chapin. • No Formal Tutorial for this subject.

  7. Where to look for notes materials? • http://beast.csse.monash.edu.au/cpe5002Username: cpe5002 Password: srini

  8. Today’s lecture is • Domain of network security • Taxonomy of security attacks • Aims or services of security • Model of internetwork security • Methods of defence

  9. Security • Human nature • physical, financial, mental,…, data and information security

  10. Information Security • 1. Shift from the physical security to the protection of data and to thwart hackers (by means of automated software tools) – calledcomputer security

  11. Network Security • 2. With the widespread use of distributed systems and the use of networks and communications require protection of data during transmission – callednetwork security

  12. Internetwork security • The term Network Security may be misleading, because virtually all business, govt, and academic organisations interconnect their data processing equipment with a collection of interconnected networks – probably we should call it as internetwork security

  13. Aspects of information security • Security attack – any action that compromises the security of information. • Security mechanism – to detect, prevent, or recover from a security attack. • Security service – service that enhances and counters security attacks.

  14. Security mechanisms • No single mechanism that can provide the services mentioned in the previous slide. However one particular aspect that underlines most (if not all) of the security mechanism is the cryptographic techniques. • Encryption or encryption-like transformation of information are the most common means of providing security.

  15. Why Internetwork Security? • Internetwork security is not simple as it might first appear. • In developing a particular security measure one has to consider potential countermeasures. • Because of the countermeasures the problem itself becomes complex. • Once you have designed the security measure, it is necessary to decide where to use them. • Security mechanisms usually involve more than a particular algorithm or protocol.

  16. Security Attacks - Taxonomy • Interruption – attack on availability • Interception – attack on confidentiality • Modification – attack on integrity • Fabrication – attack on authenticity Property that is compromised

  17. Interruption • also known as denial of services. • Information resources (hardware, software and data) are deliberately made unavailable, lost or unusable, usually through malicious destruction. • e.g: cutting a communication line, disabling a file management system, etc.

  18. Interception • also known as un-authorised access. • Difficult to trace as no traces of intrusion might be left. • E.g: illegal eavesdropping or wiretapping or sniffing, illegal copying.

  19. Modification • also known as tampering a resource. • Resources can be data, programs, hardware devices, etc.

  20. Fabrication • also known as counterfeiting. • Allows to by pass the authenticity checks. • e.g: insertion of spurious messages in a network, adding a record to a file, counterfeit bank notes, fake cheques,…

  21. Information Source Information Destination Normal Information Source Information Destination Information Source Information Destination Interruption Interception Information Source Information Destination Information Source Information Destination Modification Fabrication Security Attacks - Taxonomy

  22. Attacks – Passive types • Passive (interception) – eavesdropping on, monitoring of, transmissions. • The goal is to obtain information that is being transmitted. • Types here are: release of message contents and traffic analysis.

  23. Attacks – Active types • Involve modification of the data stream or creation of a false stream and can be subdivided into – masquerade, replay, modification of messages and denial of service.

  24. Active Passive Interception (confidentiality) Interruption (availability) Modification (integrity) Fabrication (integrity) Release of Message contents Traffic analysis Attacks

  25. Security services • Confidentiality • Authentication • Integrity • Nonrepudiation • Access control • Availability

  26. Model for internetwork security Trusted Third party Principal Principal Message Message Gate Keeper Information channel Secret information Secret information Opponent

  27. Methods of defence (1) • Modern cryptology • Encryption, authentication code, digital signature,etc. • Software controls • Standard development tools (design, code, test, maintain,etc) • Operating systems controls • Internal program controls (e.g: access controls to data in a database) • Fire walls

  28. Methods of defence (2) • Hardware controls • Security devices, smart cards, … • Physical controls • Lock, guards, backup of data and software, thick walls, …. • Security polices and procedures • User education • Law

More Related