Embed Size (px)
Citation preview
Network Security
A Welcome Lecture !
Hassen Sallay, Ph.D
Network Security
Instructor Hassen Sallay, Ph.D.
Office: 1137, Email: [email protected]
Text Book Network Security: Private Communications in a Public World, 2nd
edition, 2002, C. Kaufman, R. Perlman, and M. Speciner, Prentice-Hall.
(Amazon link)
Supplementary texts: Applied Cryptography, 2nd edition, 1996, B .
Schneirer, John Wiley & Sons. Online
Topics: theoretical, practical, technological
Course web page http://amansystem.com/?c=people/sallay/NS
Did You Know?
By the end of 2008, 17 million programmers worldwide
writing 6,000 lines of code per year (each)=102 billion
Consider just 1 security defect for every 10,000 lines of
code => (potentially) new undiscovered vulnerabilities
10.200.000 per year, 850,000 per month, 28,000 per
day
By the end of this presentation (1hour): 10 million
newly written lines of code, 2,739new websites,
10,000 new undiscovered vulnerabilities
Multiple experts report 9 out of 10 websites have
vulnerabilities and potentially allowing hackers
unauthorized access
3
Did You Know?
~1 website defacement every second
A new infected Web page is discovered every: 14 seconds
In 2007 the FBI's Internet Crime Complaint Center:
220,000 Online fraud complains
US consumers losing more than $239 million
Up from $198 million in 2006
Most cyber-fraud is not reported
SECURITY is a NECESSITY not an OPTION
4
In this course, we will consider how different
mechanisms can be used to achieve goals in the
face of threats, and what some of the challenges
are in the NETWORK environment.
Security fields
Computer Security deals with the prevention and
detection of unauthorized actions by users of a computer
system
Network Security deals with How to communicate
securely over an insecure channel?
Information Security is more general. It deals with
information independent of computer systems.
6
Security Goals (CIA)
Confidentiality: No unauthorized access to Information
Integrity: No unauthorized modification of information
Availability: No unauthorized impairment of
functionality
Authentication: Who is Who?
Authorization: (access control) What can you do?
Accountability or Non repudiation: One can establish
responsibility for actions.
Privacy: User data is only used in certain ways.
7
Examples
Confidentiality/Privacy
Example: Email is not a Letter but rather a post card
Threat: it can be read by everyone
Mechanism: encryption and access control
Data Integrity
Example: Email (records etc.)
Threat: Unallowed modification/falsification
Mechanism: Digital Signature and/or access control
Availability
Example: Communication with a server
Threat: Denial of service
Mechanism: FW, VS, secure OS, backup
8
Security Threats
Interception: Unauthorized party gains access to data or
services (Confidentiality)
Interruption: Service or data becomes unavailable or
unusable (Integrity and Availability)
Modification: Unauthorized tampering of data or services
(Integrity)
Fabrication: Generation of additional data or activities
(Integrity)
Masquerading: Theft of identity (Authentication)
9
Security Mechanisms
Cryptography & Steganography
Digital signature
Access control techniques
Network Security protocols
Intrusion Detection Systems
Firewalls
Backup
Replication
Secure OS
10
