Documente Academic
Documente Profesional
Documente Cultură
Internet Security
Main Menu 1 of 38
Internet Security
Objective
At the end of this chapter, students will be able to
appreciate the cost and value of information stored
on a network, and will also understand the concept
of network security and the various measures/tools
that can be used to enhance network security.
Main Menu 2 of 38
Internet Security
Scope
Price for Data Loss
Introduction to Network Security
Basic Network Security Concepts
Security Policy
Authentication
Non-Repudiation
Integrity
Confidentiality and Access Control
Two Approaches to security
Main Menu 3 of 38
Internet Security
Scope
Tools for different layers
Risk Management
Internet Security Toolkit
Encryption
Some Elementary Security Tips
Conclusion-What should I do
Main Menu 4 of 38
Internet Security
Main Menu 5 of 38
Internet Security
Main Menu 7 of 38
Internet Security
Main Menu 8 of 38
Internet Security
Main Menu 10 of 38
Internet Security
Security Policy
Develop security requirements based on an analysis
of the organization's mission, the information at risk,
the threats to that information and the implications
of any successful attacks.
Appoint a security officer and delineate clearly the
required job responsibilities and skills.
Define appropriate security services and
mechanisms and allocate them to components of the
company's IT systems.
Main Menu 11 of 38
Internet Security
Security Policy
Identify different measures of security appropriate
for each level.
Remember that security is not only technology;
physical security and procedural security are as
important as the technology used.
Identify users who should have access to each level
of security.
Main Menu 12 of 38
Internet Security
Authentication
A primary tool in securing any computer system is
the ability to recognize and verify the identity of
users. This security feature is known as
authentication.
Traditionally, special names and secret passwords
have been used to authenticate users, but as the
anecdote above demonstrates, the password is only
as good as the users' ability to keep it secret and
protect it from being abused by unauthorized users.
There are three generally accepted techniques for
authenticating users to host machines.
Main Menu 13 of 38
Internet Security
Authentication
Authentication by something the user knows.
This is the password/username concept described
above. There are two common approaches to
password authentication, known as PAP and
CHAP .
Authentication by something the user has. In this
technique, the user is given some kind of token,
such as a magnetic stripe card, key, or in
sophisticated cases the user has a smart card
equipped with a computer chip which can generate
an encrypted code back to the computer system.
Main Menu 14 of 38
Internet Security
Authentication
Authentication by physical characteristics. Here,
the mechanism is to recognize some measure of the
individual, which ostensibly cannot be duplicated.
Biometric techniques such as fingerprint ID, palm
print ID, retinal scan, manual and digital signature,
or voice recognition are used to validate the identity
of the potential user.
Main Menu 15 of 38
Internet Security
Non-Repudiation
This security concept protects against the sender or
receiver denying that they sent or received certain
communications .
For example, when a person sends a certified or
registered letter via the United States Postal Service
(USPS), the recipient is supposed to prove his or her
identity to the delivery person, and then confirm
their receipt by signing a form.
The signed form is then returned to the sender,
which proves to the sender that their correspondence
was delivered. Main Menu 16 of 38
Internet Security
Non-Repudiation
This prevents the recipient (for example a debtor)
from claiming that they never received the
correspondence (for example a demand note) and
therefore using that as an excuse for their actions
(not paying the debt).
In computer networks, these kinds of services are
also available, and are becoming increasingly
valuable as commerce on the Internet continues to
gain in popularity.
Main Menu 17 of 38
Internet Security
Non-Repudiation
There are three different types of non-repudiation
services that are applicable in computer network
messaging:
Non-repudiation of Delivery Service,
Non-repudiation of Origin Service, and
Non-repudiation of Submission Service.
Main Menu 18 of 38
Internet Security
Integrity
Integrity refers to the completeness and fidelity of
the message as it passes through the network.
The key here is making sure that the data passes
from the source to the destination without
undetected alteration. Note the use of the word
"undetected" .
We may not be able to thwart someone from
tapping out messages and attempting to modify them
as they move through the network .
Main Menu 19 of 38
Internet Security
Integrity
If the order of transmitted data also is ensured, the
service is termed connection-oriented integrity. The
term anti-replay refers to a minimal form of
connection-oriented integrity designed to detect and
reject duplicated or very old data units.
Main Menu 20 of 38
Internet Security
Main Menu 21 of 38
Internet Security
Approaches to Security
Over time, two distinct approaches have evolved to
applying security countermeasures: network coupled
security and application coupled security .
As the names imply, the first philosophy favors the
use of securing the network infrastructure, while the
second builds security into the applications
themselves.
Network Coupled Security
In a Network coupled scheme, the focus is to make
the network itself a trusted and secure subsystem so
that the applications can assume the data being
transmitted is safe .
Main Menu 22 of 38
Internet Security
Approaches to Security
Application Coupled Security
Proponents of this scheme argue that the application
knows best what kind of security is required for that
application. Therefore, control of the security
aspects should rest in the application layer .
To these proponents, the need to create security
aware applications is not a disadvantage, but rather a
natural and reasonable consequence of the need to
apply security at that level .
Similarly, the potential for interoperability issues is
seen as a flexibility advantage to the proponents of
application- coupled security .
Main Menu 23 of 38
Internet Security
Main Menu 25 of 38
Internet Security
Risk Management
Network security is all about managing risks and
using this risk management analysis to provide
appropriate security at an affordable price.
Assessment of Major Threats to a Network
Risks can be characterized by two criteria: the
Main Menu 28 of 38
Internet Security
Main Menu 29 of 38
Internet Security
Main Menu 30 of 38
Internet Security
Main Menu 31 of 38
Internet Security
Main Menu 32 of 38
Internet Security
Main Menu 33 of 38
Internet Security
Main Menu 34 of 38
Internet Security
Encryption
Encryption is a technique as old as the Romans. It is
simply the scrambling of the transmitted text using a
set of rules (algorithms, which in today's world
means mathematical manipulations) which is known
to the recipient, but hopefully to no one else.
The recipient can then use the same set of rules in
reverse to unscramble the coded text and read the
intended message.
The majority of the data transmitted across the
Internet is not encrypted, it is sent as clear text. This
means that if somebody is able to monitor the raw
data coming in and out of your network, they will be
able to see quite a bit.
Main Menu 35 of 38
Internet Security
Summary
Any security scheme must identify vulnerabilities
and threats, anticipate potential attacks, assess
whether they are likely to succeed or not, assess
what the potential damage might be from successful
attacks .
A primary tool in securing any computer system is
the ability to recognize and verify the identity of
users. This security feature is known as
authentication. This security concept of Non
Repudiation protects against the sender or receiver
denying that they sent or received certain
communications .
Main Menu 37 of 38
Internet Security
Summary
Integrity refers to the completeness and fidelity of
the message as it passes through the network .
Risks can be characterized by two criteria: the
likelihood that a particular attack will be successful,
and the consequences of the results if the attack is
successful.
Main Menu 38 of 38