IT412 Lecture 2 PDF

Faculty of Computer 1 and Information Sciences Information Technology Department Network Security Protocols Net 412D Lecture #2: Foundations of Network Security Slides Contents What network security is? Goals of network security. Network Security architecture. Network security policies. Secure network components. Computer Security vs Network Security Computer Security: involves implementing measures to secure a single computer (protecting the ressources stored on that computer). Network security: involves protecting all the ressources on a network. We must consider not only the computers on the network but other network devices and data transmitted across the network. Security architecture Security architecture provides a systematic framework for defining security attacks, mechanisms, and services. 1. Security attack: is any action that compromises the security of information owned by an organization. Security architecture 2. Security Mechanism: A process that is designed to detect , prevent, or recover from a security attack. 3. Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to encounter security attacks, and they make use of one or more security mechanisms to provide the service. Network Security Services Network security: can provide one of the five services: 1. Confidentiality 2. integrity, 3. authentification, 4. Non-repudiation 5. availability. Network Security Services 1. Confidentiality: - The function of "Confidentiality" is in protecting precious business data (in storage or in motion) from unauthorized persons. - Confidentiality part of Network Security makes sure that the data is available OLNY to intended and authorized persons (so it makes sure that the data is received by the intended receiver). - Ex. When a costumer communicates with her bank, she expects that her communication is totaly confidential. Network Security Services 2. Integrity: Integrity aims at maintaining and assuring the accuracy and consistency of data. the data must arrive to the receiver exactly as they were sent by the sender. for example: A request for transferring 100$ should not be changed to a request for 1000$. 3. Authentification: the receiver needs to be sure of the sender’s identity. Network Security Services 4.Nonrepudiation : a sender must not be able to deny sending a message that he or she , in fact, did send. 5. Availability: The function of "Availability" in Network Security is to make sure that the Data, Network Resources or Network Services are continuously available to the legitimate users, whenever they are required. Network security policies Network security consists of the policies adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network services and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Network security policies Network security policies (NSP), is a general document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment. The document itself is usually several pages long and written by a committee. A security policy goes far beyond the simple idea of "keep the bad guys out". Network security policies It's a very complex document, meant to govern data access, web-browsing habits, use of passwords and encryption, email attachments and more. It specifies these rules for individuals or groups of individuals throughout the company. Security policy should keep the malicious users out and also exert control over potential risky users within your organization. The first step in creating a policy is to understand what information and services are available (and to which users), what the potential is for damage and whether any protection is already in place to prevent misuse. Network security policies In addition, the security policy should dictate a hierarchy of access permissions; that is, grant users access only to what is necessary for the completion of their work. The policies could be expressed as a set of instructions that could be understood by special purpose network hardware dedicated for securing the network. Secure network components All of the networks share many common components. As we describe in the definition that network is basically sharing of information via network components. So network component play a major role in designing and maintaining network. Some most essential network components listed here. Why computer and network Security is important? 1. Protect company assets (hardware and software). 2. Gain competitive advantage: developping and maintaining effective security measures can provide an organization with a competitive advantage over its competion. 3. Keep your job: to secure one’s position within an organization and to ensure futur career, it is important to put into place measures that protect organizational assets. Security Trinity Network security is based on: detection, prevention, and response. Security Response Security trinity should be the foundation for all security policies. Security Trinity -Prevention: in developping network security schemes, any organization should emphasize preventive measures over detection and response. It is more efficient and much more cost effective to prevent a security attack than to detect or repond to one. Detection: once the preventive measures fail, procedures need to be put in place to detect immediatly the araised attack. Detection systems must continuously capture, analyze, and report on the daily happenings in and around the network. -Response: we need to develop a plan that identifies the appropriate response to a security attack (who is responsable to execute some actions, what is the appropriate action ?) Challenges of computer and network Security 1. Security is not simple as it might first appear to the novice: we need to consider potential attacks. Security mechanisms typically involve more than a paticular algorithm. 2. Having designed various security mechanisms, it is necessary to decide where to use them (physical and logical sense). What points in a network are certain secured mechanisms needed? What layer or layers of our architecture should mechanisms be placed? Book Chapter/ References or Other materials: 1. ‘Cryptography and Network Security: Principles and practice’, William Stallings Seventh edition, 2017. 2. ’ Guide to Computer Network Security’, Joseph Migga Rizza, ISBN-1 3: 978-03872-0473-4, Springer Publisher , 2017. THANK YOU

IT412 Lecture 2 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue