2. Basic Concepts Of Security
• Information security has become a continuing concern in all areas of
an Information system. Security is neither a product nor a software; it
is a discipline that needs to be taken into consideration in any
organizational decision. It is indeed true that there is no such thing as
a completely secure system. But it is also correct that by increasing
the security measures that protect your assets, you are making your
system a much more difficult target for intruders, which, in turn,
reduces the chances of becoming a victim when the right security
technologies are in place.
3. Network Security
• Network security is the practice of preventing and protecting against
unauthorized intrusion into corporate networks.
• Network security is the process of taking physical and software
preventative measures to protect the underlying networking
infrastructure from unauthorized access, misuse, malfunction,
modification, destruction, or improper disclosure, thereby creating a
secure platform for computers, users, and programs to perform their
permitted critical functions within a secure environment.
4. Network security consists of:
• Protection: You should configure your systems and networks as
correctly as possible
• Detection: You must be able to identify when the configuration has
changed or when some network traffic indicates a problem
• Reaction: After identifying problems quickly, you must respond to
them and return to a safe state as rapidly as possible
5. Network security methods
• Access control: You should be able to block unauthorized users and devices
from accessing your network. Users that are permitted network access
should only be able to work with the limited set of resources for which
they've been authorized.
• Anti-malware: Viruses, worms, and trojans by definition attempt to spread
across a network, and can lurk dormant on infected machines for days or
weeks. Your security effort should do its best to prevent initial infection
and also root out malware that does make its way onto your network.
• Application security: Insecure applications are often the vectors by which
attackers get access to your network. You need to employ hardware,
software, and security processes to lock those apps down.
• Behavioral analytics: You should know what normal network behavior
looks like so that you can spot anomalies or breaches as they happen.
6. Network security methods(cont.)
• Data loss prevention: Human beings are inevitably the weakest security link. You need to
implement technologies and processes to ensure that staffers don't deliberately or inadvertently
send sensitive data outside the network.
• Email security: Phishing is one of the most common ways attackers gain access to a network.
Email security tools can block both incoming attacks and outbound messages with sensitive data.
• Firewalls: Perhaps the granddaddy of the network security world, they follow the rules you define
to permit or deny traffic at the border between your network and the internet, establishing a
barrier between your trusted zone and the wild west outside. They don't preclude the need for a
defense-in-depth strategy, but they're still a must-have.
• Intrusion detection and prevention: These systems scan network traffic to identify and block
attacks, often by correlating network activity signatures with databases of known attack
techniques.
• Mobile device and wireless security: Wireless devices have all the potential security flaws of any
other networked gadget — but also can connect to just about any wireless network anywhere,
requiring extra scrutiny.
7. Network security methods(cont.)
• Network segmentation: Software-defined segmentation puts network
traffic into different classifications and makes enforcing security policies
easier.
• Security information and event management (SIEM): These products aim
to automatically pull together information from a variety of network tools
to provide data you need to identify and respond to threats.
• VPN: A tool (typically based on IPsec or SSL) that authenticates the
communication between a device and a secure network, creating a secure,
encrypted "tunnel" across the open internet.
• Web security: You need to be able to control internal staff's web use in
order to block web-based threats from using browsers as a vector to infect
your network.
9. Confidentiality
• When information is read or copied by someone not authorized to do
so, then it will be “loss of confidentiality”. For sensitive information,
confidentiality is a very important criterion. Bank account statements,
personal information, credit card numbers, trade secrets, government
documents are some examples of sensitive information. This goal of
the CIA triad emphasizes the need for information protection. For
example, confidentiality is maintained for a computer file, if
authorized users are able to view it, while unauthorized persons are
blocked from seeing it.
10. Integrity
• Information can be corrupted or manipulated if it’s available on an insecure
network and is referred to as “loss of integrity.” This means that unauthorized
changes are made to information, whether by human error or intentional
tampering. Integrity is particularly important for critical safety and financial data
used for activities such as electronic funds transfers, air traffic control, and
financial accounting. For example, banks are more concerned about the integrity
of financial records, with confidentiality having only second priority. Some bank
account holders or depositors leave ATM receipts unchecked and hanging around
after withdrawing cash. This shows that confidentiality does not have the highest
priority. In the CIA triad, integrity is maintained when the information remains
unchanged during storage, transmission, and usage not involving modification to
the information.
•
11. Availability
• Information can be erased or become inaccessible, resulting in “loss
of availability.” This means that people who are authorized to get
information are restricted from accessing. Availability is often the
most important attribute in service-oriented businesses that depend
on information. Denying access to information has become a very
common attack nowadays. Almost every week you can find news
about high profile websites being taken down by Denial of Service
attacks. The CIA triad goal of availability is the situation where
information is available when and where it is rightly needed.
12. protecting the C-I-A triad
• Authorization, Authentication, and Nonrepudiation processes and methods,
which are some of the main controls aimed at protecting the C-I-A triad
• To make information available or accessible/modifiable to those who need it and
who can be trusted with it (for accessing and modification), organizations
use authentication and authorization. Authentication is proving that a user is the
person he or she claims to be. That proof may involve something the user knows
(such as a password), something the user has (such as a “smartcard”), or
something about the user that proves the person’s identity (such as a fingerprint).
Authorization is the act of determining whether a particular user (or computer
system) has the right to carry out a certain activity, such as reading a file or
running a program.
• Users must be authenticated before carrying out the activity they are authorized
to perform. Security is strong when the means of authentication cannot later be
refuted—the user cannot later deny that he or she performed the activity. This is
known as non-repudiation.
13. THE OSI SECURITY ARCHITECTURE
• The OSI security architecture focuses on security attacks, mechanisms, and
services. These can be defined briefly as
• Security attack: Any action that compromises the security of information
owned by an organization.
• Security mechanism: A process (or a device incorporating such a process)
that is designed to detect, prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances the
security of the data processing systems and the information transfers of an
organization. The services are intended to counter security attacks, and they
make use of one or more security mechanisms to provide the service.
15. • A passive attack attempts to learn or make use of information from
the system but does not affect system resources. An active attack
attempts to alter system resources or affect their operation.
Passive attacks are eavesdropping on, or monitoring of, transmissions.
The goal of the opponent is to obtain information that is being
transmitted.
• Two types of passive attacks are the release of message contents and
traffic analysis.
16. Release of message
Contents
The release of message
contents is easily understood .
A telephone
conversation, an electronic
mail message, and a
transferred file may contain
sensitive or confidential
information. We would like to
prevent an opponent from
learning the contents of these
transmissions.
17. traffic analysis
• A second type of passive attack, traffic analysis, is
subtler .
Suppose that we had a way of masking the
contents of messages or other information traffic
so that opponents, even if they captured the
message, could not extract the information from
the message.
• The common technique for masking contents is
encryption. If we had encryption protection in
place, an opponent still might be able to observe
the pattern of these messages. The opponent
could determine the location and identity of
communicating hosts and could observe the
frequency and length of messages being
exchanged.
This information might be useful in guessing the
nature of the communication
that was taking place.
18. PASSIVE ATTACKS
• Passive attacks are very difficult to detect, because they do not
involve any alteration of the data. Typically, the message traffic is sent
and received in an apparently normal fashion, and neither the sender
nor the receiver is aware that a third party has read the messages or
observed the traffic pattern.
• However, it is feasible to prevent the success of these attacks, usually
by means of encryption. Thus, the emphasis in dealing with passive
attacks is on prevention rather than detection.
19. Active Attacks
• Active attacks involve some modification of the data stream or the
creation of a false stream and can be subdivided into four categories:
• Masquerade
• replay
• modification of messages
• denial of service.
20. Masquerade
• A masquerade takes place when one
entity pretends to be a different
entity. A masquerade attack usually
includes one of the other
forms of active attack. For example,
authentication sequences can be
captured and replayed after a valid
authentication sequence has taken
place, thus enabling an authorized
entity with few privileges to obtain
extra privileges by impersonating an
entity that has those privileges.
21. replay
• Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect
22. Modification of messages
• Modification of messages simply means that some portion of a
legitimate message is altered, or that messages are delayed or
reordered, to produce an unauthorized effect. For example, a
message meaning “Allow John Smith to read confidential file
accounts” is modified to mean “Allow Fred Brown to read confidential
file accounts.”
23. denial of service
• The denial of service prevents or inhibits the normal use or
management of communications facilities. This attack may have a
specific target; for example, an entity may suppress all messages
directed to a particular destination (e.g., the security audit service).
Another form of service denial is the disruption of an entire
network—either by disabling the network or by overloading it with
messages to degrade performance.
24. Active attacks
• Active attacks present the opposite characteristics of passive attacks.
Whereas passive attacks are difficult to detect, measures are available
to prevent their success. On the other hand, it is quite difficult to
prevent active attacks absolutely because of the wide variety of
potential physical, software, and network
vulnerabilities. Instead, the goal is to detect active attacks and to
recover from any disruption or delays caused by them. If the
detection has a deterrent effect, it also may contribute to prevention.