Information Assurance and Security PDF
Document Details
Uploaded by ObtainableMaxwell6714
Lagha Elementary School - Extension
Tags
Summary
This document covers information assurance and security concepts, specifically focusing on all-optical networks (AON) and potential attacks. It details network features, possible attacks against networks, and robustness concepts.
Full Transcript
Information Assurance and Security MODULE 8 All-Optical Networks (AON) - are also known as fiber to the x (FTTx), which can refer to fiber to the site, fiber to the building, and fiber to the home. All-Optical Network Features: 1. Full-service areas and unified optical cable networks are the foun...
Information Assurance and Security MODULE 8 All-Optical Networks (AON) - are also known as fiber to the x (FTTx), which can refer to fiber to the site, fiber to the building, and fiber to the home. All-Optical Network Features: 1. Full-service areas and unified optical cable networks are the foundation of all-optical networks, and therefore need to coordinate 2B, 2C, and 2H services. 2. The unified transport network (UTN) features high bandwidth, low latency, and multiple services. This network can be used for premium private lines, Data Center Interconnect (DCI), IP links, and mobile network fronthaul. 3. The IP integrated transport network has Flex-E and IPv6 Segment Routing (SRv6) features and is the foundation for network slicing. This network can be used for IP RAN private lines, broadband transport, and mobile backhaul. 4. Passive Optical Network (PON) enables full-service access. Comb PON and Flex PON are widely recognized in the industry and can be used for PON VPN, Internet private lines, regional networking, and smart homes. They are widely used in video surveillance and industrial control, and in public areas and buildings (such as harbors, campuses, hotels, airports, commercial buildings, as well as train and bus stations). 5. Software-defined networking (SDN) supports intelligent, on-demand selection of bandwidth, clouds, value-added applications, and after-sales services, and utilizes the underlay mode to leverage differentiated competitive advantages of operators' network control. Possible Attacks on a network can be broadly categorized into five areas: 1. Traffic Analysis Attack. The ciphertext length usually reveals the plaintext length from which an attacker can get valuable information. An attacker can tap into fibers and obtain this information. Eavesdropping. This occurs when an attacker covertly listens in on traffic to get sensitive information. 2. Data Delay. An attacker intercepts the data sent by the user for later use. 3. Spoofing. This attack is defined as the acquisition of privileges, capabilities, trust, and anonymity by pretending to be a more privileged or trusted process/user. This attack includes masquerading and Trojan horse attacks. 4. Service Denial. This attack deprives a user or an organization of the services of a resource that they would normally expect to have. A denial of service (DoS) attack can also destroy programs and files in a computer system. 5. Quality of Service (QoS) Degradation. An attacker overpowers legitimate signals to degrade or deny services. All-Optical Network Attack Types: 1. Service Disruption Attacks This type of attack includes service denial attacks and QoS degradation attacks. Physically, this type of attack can be carried out using the following three methods: Fiber Attacks. Fibers ideally propagate information on different wavelengths with only frequency-dependent delay and attenuation. Optical Amplifier Attacks. Optical amplifiers are critical and necessary components for AONs. 2. Tapping Attacks This type of attack includes both eavesdropping attacks and traffic analysis attacks. Cross-Talk Attack Monitoring and Localization in All-Optical Networks Crosstalk Attack happens at a wavelength switch and only affects the normal connections on the same wavelength. Monitoring Methods To detect attack signals, a sophisticated optical monitoring technique is required. Power Detection a wide band may be used to record an increase or decrease in power with respect to the expected value. Optical Spectral Analyzers (OSAs) display the spectrum of an optical signal. Bit Error Rate Testers (BERTs) operate by comparing a received pattern with the pattern that was known to have been sent. Pilot Tones signals that travel along the same links and nodes as the communication payload, but are distinguishable from the communication payload. Optical time domain refractometries (OTDRs) special application of pilot tones. Rather than analyzing a pilot tone at the point where the communication signal is received, the pilot tone’s echo is analyzed. MODULE 9 Robustness is the ability of a system to withstand external perturbations arising in its environment. 1. Evaluation Goals Clearly speaking the goals for an evaluation greatly simplifies the overall evaluation steps. The goals of a study are typically set by the person or company ordering the study. 2. Target System the entity under test. As robustness relates to input and environmental stresses, the target system definition is a key issue. POSIX interface (an API to OS services) is used as a benchmark target. The OS layer is part of two important interfaces (Qian, et al.,2008): OS-Application. The OS Application interface (also known as API) provides services s1, s2,..., ss to be used by applications. OS-Driver Interfaces. The OS-Driver interface contains the services the OS provides for drivers to use. 3. Error Model and Workload Selection A robust system functions correctly in the presence of external agitations and stresses. Error Type relates to the implementation of the error model, such as flipping bits in CPU registers, corrupting system call parameters, or providing random input to system utilities. Error Location related to the type of error, but refers to the location where the error is injected and not where the fault appears. Error Timing The timing dimension can be further split into two subdimensions: time of injection and duration. Workload Selection Another key attribute of the selected target system is the system workload, that is, what the system is executing during the test. The Art of Workload Selection 1. Services Exercised Example: Timesharing Systems Networks Magnetic Tape Backup System 2. Level of Detail 3. Representativeness 4. Timeliness 5. Other Considerations in Workload Selection Services Exercised SUT = System Under Test CUS = Component Under Study 6. Robustness Metrics In order to quantify the robustness of a target system, metrics of robustness are needed. The most commonly used metrics are failure modes and error propagation. MODULE 10 Intrusion Detection System (IDS) are hardware or software systems that automatically identify and respond to attacks on computer systems. Intrusion Response Systems (IRS) apply suitable countermeasures to ensure security in a computing environment. Types of Intrusion During these times majority of networks are basically unsecured, which creates opportunities for cybercriminals to access secure data. Firewalls mainly secure the front access points of a network connected node from a number of threats and attacks. Cryptography allows for secure communication, whereas access control is deployed for authentication purposes. Common Solutions to Intrusions Presently firewalls, access control, and cryptography are the main defensive mechanisms deployed against intrusions. Traditional firewalls cannot detect internal attacks such as flooding attacks, user-to-root attacks, and port scanning because they only sniff out network packets at the network boundaries.
