Embed Size (px)
Citation preview
2
Welcome Back
Organization of the Course
3
Two lectures weekly
Evaluation is based on: • Midterm and Final Exams
• In class quizzes
• Assignments , Tutorials
• Project
Organization of the Course (Cont.)
4
Textbooks
• William Stallings, “Cryptography and Network
Security,” Fourth Edition
• Behrouz A. Forouzan, “Cryptography and Network
Security,” 2008 Edition
• Charles P. Pfleeger and Shari L. Pfleeger,
“Security in Computing,” third addition
Course Contents
5
Introduction to Cryptography Authentication Functions Symmetric Key-Exchange Protocols Asymmetric Key-Distribution and Cryptography Network Layer Security Transport Layer Security Introduction to wireless network security
Exams
6
Do not worry about the exam as long as :
• You are attending
• Done with your project
• Done with your presentation
• Assignments are delivered
Why should I attend ?
7
• We will have group activities in class.
• Some materials will be taught from outside our textbook(s).
• Some materials will be skipped or left for you to read
Projects
8
• There will be a term project
• Only 4 persons per project
• You can select your own project after my approval
• Suggested Projects
TA
?????
Things need to be with you in class
10
• For the group activities
Table of Contents
11
Introduction Security Goals Attacks Services and Mechanisms Security mechanisms Techniques
Introduction
12
The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.
—The Art of War, Sun Tzu
The Role of Security
13
Security is like adding brakes to cars. The Security is like adding brakes to cars. The purpose of brakes is not to stop you; it is to purpose of brakes is not to stop you; it is to enable you to go faster. Brakes help avoid enable you to go faster. Brakes help avoid accidents caused by mechanical failures in accidents caused by mechanical failures in other cars, rude drivers, and road hazards.other cars, rude drivers, and road hazards.
Better security is an enabler for greater freedom Better security is an enabler for greater freedom and confidence in the Cyber world.and confidence in the Cyber world.
Why Security?
14
Play
Play
What is the Internet?
15
Three layers
All have vulnerabilities
16
The Transit Layer
17
The Application Layer
18
Spectrum of Risk
1.Messaging
2. Storing Information
3. Transactional systems
4. Technology Integration
5. Fully Integrated information based
Business
Deg
ree
of
Dat
a D
igit
izat
ion
Business has been aggregating data and risk at an unprecedented rate…
We have developed the myth that technology can be an effective fortress – we can have security
20
Traditional focus on: Better Firewalls Boundary Intrusion Detection Critical Offsite Capacity Compliance Certification
False myths: IT staff = security staff Compliance failure is the main source of risk Being compliant = being safe
But this concept of security is false – the Internet is fundamentally open
21
Facts: We don’t know what’s on our own nets What’s on our nets is bad, and existing
practices aren’t finding everything Threat is in the “interior” Threat is faster than the response “Boundaries” are irrelevant We don’t know what is on our partner’s
nets nor on the points of intersection Compromises occur despite defenses Depending on the motivation behind
any particular threat, it can be a nuisance, costly or mission threatening
Global Internet
The critical capability it do develop real time response and resiliency
22
Why is computer and network security important?
23
To protect company assets• The assets are comprised of the "information"
that is housed on a company's computers and networks. Information is a vital organizational asset.
To gain a competitive advantage• Security can mean the difference between
wide acceptance of a service and customer response.
Why is computer and network security important?
24
To comply with regulatory requirements• Ensuring the continuing operation of the organization.
• Many organizations are subject to governmental regulation, which often stipulates requirements for the safety and security of an organization.
To keep your job• Security should be part of every network or systems
administrator's job. Failure to perform adequately can result in termination.
Historical Aspects of Security
25
In old days , to be secure,• Information maintained physically on a secure place
• Few authorized persons have access to it (confidentiality)
• Protected from unauthorized change (integrity)
• Available to authorized entity when is needed (availability)
Nowadays, • Information are stored on computers
• Confidentiality are achieved few authorized persons can access the files.
• Integrity is achieved few are allowed to make change
• Availability is achieved at least one person has access to the files all the time
Current aspects of security
26
Achieving Confidentiality , Integrity, availability is a challenge:
• Distributed information
• Could be captured while it is transmitted
• Could be altered
• Could be blocked
Security TrinityBasis for Computer and Network Security
27
Prevention, Detection, and Response,
What is a Computer Security?
28
Different answers
• It is the password that I use to enter the system or required set of rules (lock the computer before you leave) – End User
• It is the proper combination of firewall technologies with encryption systems and access controls – Administrator
• Keeping the bad guys out of my computer– Manager
28
What is a computer security?
29
A computer is secure if you can depend on it and its software to behave as you expect– Simson and Gene in “Practical Unix and Internet Security “ book
Which definition is correct ?
• All of them. However,
• We need to keep all of these prospectives in mind
CIA Triad
30
Security Goals• Confidentiality,
• Integrity , and
• Availability
31
CIA Triad
Security
