Computer and Network Security Rabie A. Ramadan. Organization of the Course (Cont.) 2 Textbooks...

Computer and Network Security

Rabie A. Ramadan

Organization of the Course (Cont.)

2

Textbooks

• William Stallings, “Cryptography and Network

Security,” Fourth Edition

• Behrouz A. Forouzan, “Cryptography and Network

Security,” 2008 Edition

• Charles P. Pfleeger and Shari L. Pfleeger,

“Security in Computing,” third addition

Course Contents

3

Introduction to Cryptography Authentication Functions Symmetric Key-Exchange Protocols Asymmetric Key-Distribution and Cryptography Network Layer Security Transport Layer Security Introduction to wireless network security

Exams

4

Do not worry about the exam as long as :

• You are attending

• Done with your project

• Done with your presentation

• Assignments are delivered

Projects or Term Papers

5

• There will be a term project

• Only 2 persons per project

• You can select your own project after my approval

• Project report must follow IEEE format

• Deadline of the projects proposal is two weeks from today

• Suggested Projects and Term Papers

Table of Contents

6

Introduction Security Goals Attacks Services and Mechanisms Security mechanisms Techniques

Introduction

7

The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.

—The Art of War, Sun Tzu

Introduction

8

In old days , to be secure,• Information maintained physically on a secure place

• Few authorized persons have access to it (confidentiality)

• Protected from unauthorized change (integrity)

• Available to authorized entity when is needed (availability)

Nowadays, • Information are stored on computers

• Confidentiality are achieved few authorized persons can access the files.

• Integrity is achieved few are allowed to make change

• Availability is achieved at least one person has access to the files all the time

Introduction

9

Achieving Confidentiality , Integrity, availability is a challenge:

• Distributed information

• Could be captured while it is transmitted

• Could be altered

• Could be blocked

Security Goals

10

Confidentiality• Ensures that computer-related assets are accessed only by

authorized parties.

• Sometimes called secrecy or privacy.

Integrity• Assets can be modified only by authorized parties or only in

authorized ways.

Availability • assets are accessible to authorized parties at appropriate times.

• The opposite is denial of service.

Security Goals

11

Strong protection is based on Goals relations

Goals are Applied to

12

Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers

Network Security - measures to protect data during their transmission

Internet Security - measures to protect data during their transmission over a collection of interconnected networks

Our Aim of this Part

13

Our main concern is: • Network and Internet Security

• Protecting the information while it is transmitted

Will touch the computer security• Presentations

• Assignments

• Projects

Threats , vulnerability, and Attacks

14

Crossing the water to the right is a Threat to the man.

• Ex. (Computer) software failures

Crossing the water through the wall crack is a Vulnerability.

• Ex. (Computer) Open ports

Somebody or another system destroyed the wall is an Attack

• Ex. (Computer) sending an overwhelming set of messages to another system to block it.

Attacks

15

Passive Attacks • Attempts to learn or make use of information from the system

but does not affect system resources.

• Eavesdropping or monitoring of transmissions

Active Attacks • Attempts to alter system resources or affect their operation.

Passive Attacks

16

Release of message contents / snooping

Passive Attacks (Cont.)

17

Traffic Analysis/ spoofing

Passive Attacks are hard to be detected

Active Attacks

18

Masquerade• One entity pretends to be a different entity

Active Attacks (Cont.)

19

Replay Attack • Passive capture of a data unit and its subsequent retransmission

to produce an unauthorized effect.

Active Attacks (Cont.)

20

Modification Attack • Some portion of a legitimate message is altered, or that messages

are reordered, to produce an unauthorized effect

Active Attacks (Cont.)

21

Denial of Service• Prevents or inhibits the normal use or management of

communications facilities

Group Activities

22

Which of the following attacks is a threat to which of the security goals?

Attacks Security Goals Modification Confidentiality

Masquerading Integrity

Traffic Analysis Availability

Denial of service

Replaying

Snooping

Answer

23

Security Attacks

Snooping

Traffic Analysis

Modification

Masquerading

Replaying

Denial of Service

Confidentiality Integrity Availability