Scribd
Upload
44 views26 pages

CH 12

Chapter 12 discusses system security, focusing on intrusion detection, malicious programs, firewalls, VPNs, and trusted systems. It outlines various types of intrusion detection methods, the nature of computer viruses, and the principles and types of firewalls. Additionally, it explains the concept of virtual private networks and trusted systems for enhancing security and data access control.

Uploaded by

teddy haile
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
44 views26 pages

CH 12

Chapter 12 discusses system security, focusing on intrusion detection, malicious programs, firewalls, VPNs, and trusted systems. It outlines various types of intrusion detection methods, the nature of computer viruses, and the principles and types of firewalls. Additionally, it explains the concept of virtual private networks and trusted systems for enhancing security and data access control.

Uploaded by

teddy haile
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

Chapter 12

System security

1
Intrusion Detection
• Intruder refers hackers or crackers.
• The intruder can be identified and ejected from the
system.
• An effective intrusion detection can prevent
intrusions.
• Intrusion detection enables the collection of
information about intrusion techniques that can be
used to strengthen the intrusion prevention facility.

2
Intrusion Detection
• Statistical anomaly detection
– Treshold detection
– Profile based
• Rule based detection
– Anomaly detection
– Penetration identidication

3
Viruses and ”Malicious Programs”
• Computer “Viruses” and related programs have the ability to
replicate themselves on an ever increasing number of computers.
They originally spread by people sharing floppy disks. Now they
spread primarily over the Internet (a “Worm”).

• Other “Malicious Programs” may be installed by hand on a single


machine. They may also be built into widely distributed
commercial software packages. These are very hard to detect
before the payload activates (Trojan Horses, Trap Doors, and Logic
Bombs).

4
CONT...
• Trojan Horse - instructions in an otherwise good program that
cause bad things to happen (sending your data or password
to an attacker over the net).
• Logic Bomb - malicious code that activates on an event (e.g.,
date).
• Trap Door (or Back Door) - undocumented entry point written
into code for debugging that can allow unwanted users.

5
Firewalls
 Firewall – Hardware and/or software that guards a
private network by analyzing the information leaving and
entering the network
 Used to provide perimeter defence

6
Firewall Design Principles

• Information systems undergo a


steady evolution (from small LAN`s
to Internet connectivity)
• Strong security features for all
workstations and servers not
established

7
Firewall Design
Principles(cont..)

• The firewall is inserted between the


premises network and the Internet
• Aims:
– Establish a controlled link
– Protect the network from Internet-based
attacks
– Provide a single choke point

8
Firewall Characteristics
– All traffic from inside to outside must
pass through the firewall (physically
blocking all access to the local network
except via the firewall)
– Only authorized traffic (defined by the
local security police) will be allowed to
pass

– The firewall itself is safe to penetration


(use of trusted system with a secure
operating system)
9
Types of Firewalls

• common types of Firewalls:


– Packet-filtering routers
– Application-level gateways
– Circuit-level gateways

10
Types of Firewalls

• Packet-filtering Router

11
Packet filtering router

12
Types of Firewalls

2.Application-level Gateway

13
Types of Firewalls

• Application-level Gateway
– Also called proxy server
– Acts as a relay of application-level traffic

14
Types of Firewalls

3. Circuit-level Gateway

15
Types of Firewalls

• Circuit-level Gateway
– Stand-alone system or
– Specialized function performed by an
Application-level Gateway
– Sets up two TCP connections
– The gateway typically relays TCP
segments from one connection to the
other without examining the contents

16
Types of Firewalls

• Circuit-level Gateway
– The security function consists of
determining which connections will be
allowed
– Typically use is a situation in which the
system administrator trusts the internal
users

17
Virtual Private Networks (VPNs)

• Private and secure network connection


between systems; uses data communication
capability of unsecured and public network
• Securely extends organization’s internal
network connections to remote locations
beyond trusted network

18
VPNs
• In a virtual private network (VPN), "virtual" implies
that there is no physical network infrastructure
dedicated to the private network.
• Instead, a single physical network infrastructure is
shared among various logical networks
• In VPNs, various networking technologies(like
cryptography, Ipsec etc ) are applied toward the goal
of providing private communications within the
public Internet infrastructure

19
Why VPNs?
• Separate private networking solutions
are expensive and cannot be updated
quickly to adapt to changes in business
requirements.

• The Internet is inexpensive but does


not by itself ensure privacy.

20
VPN Technologies

 Tunneling – using encapsulation


 Authentication
 Access Control
 Data Security
21
Trusted Systems

• One way to enhance the ability of a


system to defend against intruders
and malicious programs is to
implement trusted system
technology

22
Data Access Control

• Through the user access control


procedure (log on), a user can be
identified to the system
• Associated with each user, there can
be a profile that specifies permissible
operations and file accesses
• The operation system can enforce
rules based on the user profile

23
Trusted Systems
• Trusted Systems
– Protection of data and resources on the
basis of levels of security (e.g. military)
– Users can be granted clearances to
access certain categories of data

24
The Concept of Trusted Systems

• Multilevel security
– Definition of multiple categories or levels of
data
• A multilevel secure system must enforce:
– No read up: A subject can only read an object
of less or equal security level (Simple Security
Property)
– No write down: A subject can only write into an
object of greater or equal security level (*-
Property)

25
THE END!!!

THANK YOU!!!

WISH YOU ALL THE BEST !!!

26

You might also like