Embed Size (px)
Citation preview
Prepared by Dr. Samia Chelloug
E-mail: [email protected]
Princess Nora Bint Abdulrahman UniversityCollege of computer and information
sciencesNetworks department
Networks Security (NET 536)Networks Security (NET 536)
ContentContent
1. Basics of computer and network security.2. Impact of network security architecture on
network security.3. Basics of network design.4. Firewalls and virtual private networks.5. Internet and wireless network security.6. Impact of operating systems models on
network security.7. How to secure an application?
TextbooksTextbooks
1. Bahrouz A.Forouzan, ‘Data Commnications and Networking’, Fourth Edition, 2007.
2. William Stallings, ‘Cryptography and Network Security: Principles and practice’, Fifth edition, 2011.
3. Eric Cole, Ronald L.Kruz, James W.Conley, ‘Network Security Fundamentales’, Wiley 2007.
Basics of computer and network securityBasics of computer and network security
• Computer security: involves implementing measures to secure a single computer (protecting the ressources stored on that computer).
• Network security: involves protecting all the ressources on a network. We must consider not only the computers on the network but other network devices and data transmitted across the network.
Basics of computer and network securityBasics of computer and network security
Security attack: any action that comprises the security of information owned by an organization.
Basics of computer and network securityBasics of computer and network security
Passive attackPassive attack Active attackActive attack
•Attempts to learn or make use of information from the system but does not affect system ressources.•The goal is to obtain information that is being transmitted.•Telephone converstaion, electronic e-mail message…•This type of attack is difficult to detect (it does not involve any alteration in data).
•Attempts to learn or make use of information from the system but does not affect system ressources.•The goal is to obtain information that is being transmitted.•Telephone converstaion, electronic e-mail message…•This type of attack is difficult to detect (it does not involve any alteration in data).
•Attempts to involve some modification of the data stream or the creation of a false stream.•Based on scanning (using a search -google or any traditional method).
•Attempts to involve some modification of the data stream or the creation of a false stream.•Based on scanning (using a search -google or any traditional method).
• Why is computer and network security important?
1. Protect company assests (hardware and software).
2. Gain competive advantage: developping and maintaing effective security measures can provide an organization with a competive advantage over its competion.
Basics of computer and network securityBasics of computer and network security
Your computer
E-com
merce-server
Unauthorized access
Data
Intercept
• Why is computer and network security important?
3. Keep your job: to secure one’s position within an organization and to ensure futur career, it is important to put into place measures that protect organizational assests.
Basics of computer and network securityBasics of computer and network security
• Network security: can provide one of the five services: confidentiality, integrity, authentification, nonrepudation.
1. Confidentiality: the transmitted message must make sense to only the intended receiver. To the others, the message must be garbage. When a costumer communicates with her bank, she expects that her communication is totaly confidential.
Basics of computer and network securityBasics of computer and network security
2. Integrity: the data must arrive to the receiver exactly as they were sent.
A request for transferring 100$ should not be changed to a request for 1000$.
3. Authentification: the receiver needs to be sure of the sender’s identity.
4.Nonrepudation : a sender must not be able to deny sending a message that he or she , in fact, did send.
Basics of computer and network securityBasics of computer and network security
• Security trinity: Network security is based on: prevention, detection, and
response.
• Security trinity should be the foundation for all security policies.
Basics of computer and network securityBasics of computer and network security
Security
Det
ectio
n
Response
Prevention
Basics of computer and network securityBasics of computer and network security
-Prevention: in developping network security schemes, any organization should emphasize preventive measures over detection and response. It is more efficient and much more cost effective to prevent a security attack than to detect or repond to one.
-Detection: once the preventive measures fail, procedures need to be put in place to detect immediatly to detect the araised attack.
-Response: we need to develop a plan that identifies the appropriate response to a security atatck (who is responsable to execute some actions, what is the appropriate action ?)
• Challenges of computer and network security:1. Security is not simple as it might first appear to the
novice: we need to consider potential attacks . Security mechanisms typically involve more than a paticular algorithm.
2. Having designed various security mechanisms, it is necessary to decide where to use them (physical and logical sense). What points in a network are certain secured mechanisms needed? What layer or layers of our architecture should mechanisms be placed?
Basics of computer and network securityBasics of computer and network security
