Académique Documents
Professionnel Documents
Culture Documents
Network Security
VASUDEV DEHALWAR
Syllabus
Introduction to Network security: Network security needs.
Threats to network security,
Kind of computer security. security policies, security
mechanisms,
Attacks,
Security tools and Basic Cryptography,
Transposition/Substitution, Block Cipher Principles,
Introduction to Symmetric crypto primitives, Asymmetric
crypto primitives, Secret Key Cryptography, Data Encryption
Standard (DES), Message Digests,
MD5, Message Authentication and Hash Functions, Hash
And Mac Algorithms, RIPEMD , HMAC,
1
20/08/2018
Syllabus cont.
Principles of Public Key Cryptosystems, Diffie Hellman Key
Exchange
Elliptic Curve Cryptography, Cryptanalysis, SHA-1, RSA,
Selection of public and private keys. Key distribution centres
and certificate authorities,
digital signature standards (DSS), proof of digital signature
algorithm. Kerberos, Real-time Communication Security, IPsec,
Electronic Mail Security. Firewalls and Web Security, Intruders
and Viruses, trusted system, password management.
Cyber crime, zero knowledge proof, malware – privacy, honey
pot, defence programming, web application vulnerability, DHS
, attack , semantic attack, DOS, DDOS, wireless attack.
Book
2
20/08/2018
Definitions
Data is any type of stored digital information.
Security is about the protection of assets.
Prevention: measures taken to protect your
assets from being damaged.
Detection: measures taken to allow you to
detect when an asset has been damaged,
how it was damaged and who damaged it.
Reaction: measures that allow you to
recover your assets.
Customers Competitors
Employees
(remote workers,
mobile workers)
Contractors
Employees
Temporaries
Visitors
6 Sensitive Data SOURCE: FORRESTER RESEARCH
3
20/08/2018
Confidential Customer
Information R&D Customer Data
Company Info SSN, Salaries
Service Customer Name
Marketing Plans
Your Data
Sales Contractors
Patient Financials
Information Upcoming reports
Sent by Customer M&A
Service Rep Doctors Finance
4
20/08/2018
CYBER CRIME
The type of crime in which computers are used both
as tool as well as target are:
FinancialCrimes involving cheating, credit card
frauds, money laundering, etc.
Cyber Pornography involving production and
distribution of pornographic material.
Sale of illegal articles such as narcotics, weapons,
wild life etc.
Online Gambling
CYBER CRIME
IntellectualProperty Crimes such as theft of
computer source code, software piracy,
copyright infringement, trademark violations,
etc.
Harassments such as Cyber Stacking, cyber
defamation, indecent and abusing mails, etc.
Forgery of documents including currency and
any other documents
Deployment of viruses, Trojans and Worms
Cyber Attacks and Cyber Terrorism
5
20/08/2018
Audit Standards
Data Security is subject to several types of
audit standards and verification.
The most common are ISO 17799, ISO 27001-
02, PCI, ITIL, SAS-70, HIPPA, SOX
Security Administrators are responsible for
creating and enforcing a policy that forms to
the standards that apply to their organizations
business.
Security Policy
A security policy is a comprehensive document
that defines a companies’ methods for prevention,
detection, reaction, classification, accountability
of data security practices and enforcement
methods.
It generally follows industry best practices as
defined by ISO 17799,27001-02, PCI, ITIL, SAS-70,
HIPPA , SOX or a mix of them.
6
20/08/2018
Security Policy
The security policy is the key document in
effective security practices.
Once it has been defined it must be
implemented and modified and include any
exceptions that may need to be in place for
business continuity.
All users need to be trained on these best
practices with continuing education at
regular intervals.
Security Risk 14
The increased deployment and dependence of ICT
makes the system vulnerable to attacks.
The attackers may steal critical information from the
system or mislead the system by giving false
information.
Developing the trust management system and
authentication of messages & devices are essential.
The risk assessment is a scientific method to recognize
the potential risks to Smart Grid and its impact on the
grid.
Threat = Probability of threat × Damage Potential
7
20/08/2018
8
20/08/2018
Vulnerability
9
20/08/2018
Threat
A statement of an intention to injure,
damage or any other enemy action.
A potential for violation of security.
In case of “house” example:
“Loss of Money” is a threat
4 kind of threats:
Interception
Interruption
Modification
Fabrication
10
20/08/2018
11
20/08/2018
Source: https://genesisdatabase.wordpress.com/
12
20/08/2018
Attack
An assault on system security
A deliberate attempt to evade security services
Kind of attacks:
Passive attacks
Active attacks
Passive Attacks
13
20/08/2018
Active Attacks
14
20/08/2018
15
20/08/2018
Availability
Availability stands for reliable and timely
access to information to an authorized
object/user.
Availability provides an assurance to an
uninterrupted access to information.
It also ensures backup of the data to
prevent data loss due to interruption.
Attack
Denial of services (DoS) can congest the
network with unwanted request thereby
choking the communication network.
Spoofing attack can allow a malicious
program to masquerades as a genuine
program and falsify the data to gain control
of the system.
16
20/08/2018
Data Integrity
Maintaining the veracity of the
data/information and right to modify by
authorized object/user.
It is an assurance that the data is unaltered
from its original shape.
Additionally, activity log should be
maintained to keep trail of activities for
reference.
Attack
The process to maliciously modify or destroy
information with an intent to harm the normal
functioning of the system is an attack on data
integrity
Trojan horse, SQL injection attack, etc. are an
attack on the integrity of data.
“Internet-based load-altering attack” is an
attempt to control and change (usually
increase) certain load types that are
accessible through the Internet in order to
damage the grid.
17
20/08/2018
Confidentiality
Preserving the information, information access
and disclosure, including the means to access
the personal and private information is an
objective of confidentiality.
Confidentiality provides an assurance that the
data will not be disclosed to unauthorized
person/entity while in storage, in the process and
in transit.
The loss of confidentiality leads to exposing the
data to the unauthorized user which may use it
for illegitimate activities.
Attack
Attack on confidentiality include password
hacking, capturing network traffic, port
scanning, eavesdropping, Key logger,
wiretapping, etc.
18
20/08/2018
Access Control
Availability Integrity Confidentiality
End-user security
- Intrusion / Hacking
- Malware
Network
Authentication
Security
Content Filtering
Key Distribution
- Firewalls,
- PKI Nonrepudiation
- Spam Filters,
- End-to-End security - Censorware and - Wiretaps
Authentication
Verifying the genuineness of the message,
message generator, transmission medium
and the process itself are essential for
authentication.
Authentication verifies the source of
information and its integrity.
Identification and authentication are always
used together as a single two-step process.
19
20/08/2018
Attack
Data and identity stealing and Phishing are
such types of attack.
20
20/08/2018
Attack
Man in the middle attack, data theft, and
eavesdropping are a type of the attack
prevalent in communication and network.
Web security
The strong demand for e-Commerce has
enabled wide use of TCP/IP based client-server
communication.
The financial transaction requires end-to-end
security. A. End-user security
21
20/08/2018
Attack
Falsification of data, Phishing, etc. are an
example of attacks on web security.
The recent ransomware attack on many
systems world-over is an example of attack
on client-server based communication.
Similarly, WikiLeaks also used the security
vulnerabilities to leak/steal internal
confidential and private information either
through intrusion or insider attack.
End-user security
Data acquisition at end-user is a prominent
activity in Network.
Integrating cyber security management at
end user is best practice for robust and
secure end-user device.
Minimizing threats at data acquisition can
reduce security risk manifold in the system.
22
20/08/2018
Attack
The end-user devices are vulnerable to attack
by malware (virus/worm). These malwares can
alter the specifications of the software and
corrupt the integrity of the data. It can steal
the information stored on the system.
Viruses, backdoors and logic bombs are such
examples.
Independent malwares are a self-contained
program that runs with the support of the
operating system. These programs can perform
unauthorized, unwanted or harmful activities.
23
20/08/2018
24
20/08/2018
25
20/08/2018
vi Security Misconfiguration 52
If the security is not hardened across different
application stack then may application/software will
become vulnerable.
The instances of security misconfiguration are:-
Outdated software including Operating System,
Web Server, DBMS and libraries,
Enabling/ disabling unwanted features,
Unauthorized delivery of error messages.
Periodical audit of the installed software can detect
possible security misconfiguration.
26
20/08/2018
27
20/08/2018
28