UNIT - I

What is Security
1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.

etc.

Network Security Introduction

What does network security mean: 1. No one can sniff (to capture data across the network) the information under communication from A to B 2. can spoof As Id & can exchange in As name 3. can plant malicious code on the machine 4. can disable As machine 5. can use As machine to attack some where else. So, network security is keeping communication private
3

Examples of security violation: let sender =A & receiver=B

1. Unauthorized user C copy the massage from A to B.

2. Unauthorized user C modify the message from A to B.

3. Unauthorized user C may construct its own message for B.

4. Unauthorized user C may delay the message for a long time. 5. A denies that he has sent the message to B.0
4

Why do we need security?

Protect vital information while still allowing access to those who need it
Trade secrets, medical records, etc.

Provide authentication and access control for resource. Guarantee availability of resources...

Who is vulnerable?
Financial institutions and banks Internet service providers Pharmaceutical companies Government and defense agencies Contractors to various government agencies Multinational corporations ANYONE ON THE NETWORK
6

Why Internet Security is Complex? Security involving communications and network is not simple. For developing particular security mechanism or algorithm one must always consider potential countermeasures. Having designed various security mechanism , it is necessary to decide where to use them. Security mechanism usually involve more than a particular algorithm or protocol.
7

Security Needs
To arrange a secure environment for organization manager has to consider three aspects of information security: Security attack Security Mechanism Security services

Security attack
Any action that compromise the security of information owned by company.

Threats to Network security:

Hackers Break password Network sniffing Social engineering (social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. Concept which makes social engg. possible is users are the weak link in security) Misuse vulnerabilities

Virus
Worm
10

General category of attacks

11

Security Attacks Any attack that compromises the security of Info owned by the organization security attack. General categories of attacks are: -Interception = attack on confidentiality passive attack(An unauthorized party gain access to the an asset ) -Interruption = attack on availability(an asset of the system os destroyed or become unavailable or unusable) -Modification = attack on integrity ( an unauthorized party not only gain access but also modify the asset) -Fabrication = attack on authenticity (An unauthorized party inserts counterfeit objects into the system.)
12

Types of Attacks

a) Passive attacks = is eavesdropping or monitoring the transmission to

-obtain message contents -monitor traffic flow b) Active attacks
Interception

-masquerade of some entity as other entity

-relay previous message -modify message in transit -denial of service
13

Passive attack
The goal of opponent is to obtain information that is being transmitted. Two types of passive attacks:
Release of message content
Trying to learn content of transmission

Traffic analysis
Trying to extract information from data being transferred These attacks are difficult to detect because they do not involve any altercation of data but success of these attacks can be easily prevent.
14

C Internet

Read contents of message from A to B

(a) Release of message contents

observe pattern of messages from A to B

Internet
(b) Traffic analysis

15

Active attacks
It involves some modification of data stream or the creation of data stream and can be divided in 4 categories: -Masquerade: when one entity pretends to be different entity. - Replay: involves the passive capture of data and its subsequent retransmission to produce an unauthorized effect. - Modification of message: some portion of legitimate message is altered. - Denial of service: prevents normal use of 16 services.

C Internet

Message from C appears to be from A

B
(a) Masquerade=IP Spoofing

C capture message from A to B; later replay message to B

Internet (b) Replay

17

C modifies message from A to B B (c) Modification of messages

Internet

C disrupts service provided by A B (d) Denial of service

18

Internet

Security Mechanism
A mechanism that is designed to detect, prevent or recover from a security attack.

19

There is no single mechanism that will provide all the services that we have just studied but still through following ways we can provide security services: -encipherment -digital signature -Traffic padding -Routing control

-Event detection
-Security audit trails -Security recovery
20

Security Services
A service that encounter the srcurity of the data processing systems and the information transfer of an organization. The services are intended to counter security attacks and they make use of one or more security mechanism to provide service.

21

Attacks, Services & Mechanism

Security services are to encounter security attacks. (data in transit) -Confidentiality (data at rest) -access control

-Integrity
-Authentication -Non-repudiation

-identification (is valid user?)

-authorization (is user valid to access the resource?) -auditing -availability
22

-Authentication: message is from the source that

it claims to be from -Integrity: message received is not modified/deleted -Confidentiality :(for passive attacks i.e. Interception) -Availability: access rights of the entity trying to access a resource should be verified (to acquire CPU/disk for Interruption) -Nonrepudiation: when message is O1 O2 O3 sent, receiver can prove that message N N S1 Y is sent by supposed sender. -Access control: Y Y S2 N Typically maps an entity onto access N N rights over objects S3 N
23

24

using above model :

-design a suitable algorithm for the security transformation -generate the secret information (keys) used by the algorithm -develop methods to distribute and share the secret information -specify a protocol enabling the sender / receiver to use the transformation and secret information for a security service
The security model does not rely on the secrecy of the encryption/decryption algorithm. The algorithm is assumed to be known to the adversary. The security depends on the secrecy of the key.
25

Kerckhoffs Principle:

Internet Security Model

Gatekeeper function are ; password based login, logic to detect virus, worm.
Internal security controls are to monitor events & analyze stored info i.e. Access matrix

26