13
Prepared by Dr. Samia Chelloug E-mail: [email protected] Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Prepared by Dr. Samia Chelloug E-mail: [email protected] Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

Embed Size (px)

Citation preview

Page 1: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

Prepared by Dr. Samia Chelloug

E-mail: [email protected]

Princess Nora Bint Abdulrahman UniversityCollege of computer and information

sciencesNetworks department

Networks Security (NET 536)Networks Security (NET 536)

Page 2: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

ContentContent

1. Basics of computer and network security.2. Impact of network security architecture on

network security.3. Basics of network design.4. Firewalls and virtual private networks.5. Internet and wireless network security.6. Impact of operating systems models on

network security.7. How to secure an application?

Page 3: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

TextbooksTextbooks

1. Bahrouz A.Forouzan, ‘Data Commnications and Networking’, Fourth Edition, 2007.

2. William Stallings, ‘Cryptography and Network Security: Principles and practice’, Fifth edition, 2011.

3. Eric Cole, Ronald L.Kruz, James W.Conley, ‘Network Security Fundamentales’, Wiley 2007.

Page 4: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

Basics of computer and network securityBasics of computer and network security

• Computer security: involves implementing measures to secure a single computer (protecting the ressources stored on that computer).

• Network security: involves protecting all the ressources on a network. We must consider not only the computers on the network but other network devices and data transmitted across the network.

Page 5: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

Basics of computer and network securityBasics of computer and network security

Security attack: any action that comprises the security of information owned by an organization.

Page 6: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

Basics of computer and network securityBasics of computer and network security

Passive attackPassive attack Active attackActive attack

•Attempts to learn or make use of information from the system but does not affect system ressources.•The goal is to obtain information that is being transmitted.•Telephone converstaion, electronic e-mail message…•This type of attack is difficult to detect (it does not involve any alteration in data).

•Attempts to learn or make use of information from the system but does not affect system ressources.•The goal is to obtain information that is being transmitted.•Telephone converstaion, electronic e-mail message…•This type of attack is difficult to detect (it does not involve any alteration in data).

•Attempts to involve some modification of the data stream or the creation of a false stream.•Based on scanning (using a search -google or any traditional method).

•Attempts to involve some modification of the data stream or the creation of a false stream.•Based on scanning (using a search -google or any traditional method).

Page 7: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

• Why is computer and network security important?

1. Protect company assests (hardware and software).

2. Gain competive advantage: developping and maintaing effective security measures can provide an organization with a competive advantage over its competion.

Basics of computer and network securityBasics of computer and network security

Your computer

E-com

merce-server

Unauthorized access

Data

Intercept

Page 8: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

• Why is computer and network security important?

3. Keep your job: to secure one’s position within an organization and to ensure futur career, it is important to put into place measures that protect organizational assests.

Basics of computer and network securityBasics of computer and network security

Page 9: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

• Network security: can provide one of the five services: confidentiality, integrity, authentification, nonrepudation.

1. Confidentiality: the transmitted message must make sense to only the intended receiver. To the others, the message must be garbage. When a costumer communicates with her bank, she expects that her communication is totaly confidential.

Basics of computer and network securityBasics of computer and network security

Page 10: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

2. Integrity: the data must arrive to the receiver exactly as they were sent.

A request for transferring 100$ should not be changed to a request for 1000$.

3. Authentification: the receiver needs to be sure of the sender’s identity.

4.Nonrepudation : a sender must not be able to deny sending a message that he or she , in fact, did send.

Basics of computer and network securityBasics of computer and network security

Page 11: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

• Security trinity: Network security is based on: prevention, detection, and

response.

• Security trinity should be the foundation for all security policies.

Basics of computer and network securityBasics of computer and network security

Security

Det

ectio

n

Response

Prevention

Page 12: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

Basics of computer and network securityBasics of computer and network security

-Prevention: in developping network security schemes, any organization should emphasize preventive measures over detection and response. It is more efficient and much more cost effective to prevent a security attack than to detect or repond to one.

-Detection: once the preventive measures fail, procedures need to be put in place to detect immediatly to detect the araised attack.

-Response: we need to develop a plan that identifies the appropriate response to a security atatck (who is responsable to execute some actions, what is the appropriate action ?)

Page 13: Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Princess Nora Bint Abdulrahman University College of computer and information sciences Networks

• Challenges of computer and network security:1. Security is not simple as it might first appear to the

novice: we need to consider potential attacks . Security mechanisms typically involve more than a paticular algorithm.

2. Having designed various security mechanisms, it is necessary to decide where to use them (physical and logical sense). What points in a network are certain secured mechanisms needed? What layer or layers of our architecture should mechanisms be placed?

Basics of computer and network securityBasics of computer and network security