Vous êtes sur la page 1sur 27

College of Mechanical & Electrical Engineering

Department of Computer Engineering


PG Program

Security Engineering (ECEg 6441)

Chapter one

An overview to Computer, Network &


Information Security

DEREJE YOHANNES (PHD)

1
 What is security?
 Why do we need security?
 Who is vulnerable?
 Computer and Network Security Concepts
 Security Services
 Security Threats / Attacks
◦ Active and passive attacks
 Model for Network Security
 Methods of Defense
 Security Policy

2
 Dictionary.com says:
1. Freedom from risk or danger; safety.
 In other words, having systems in place beforehand which
prevent attacks before they begin.
2. Freedom from doubt, anxiety, or fear; confidence.
 Related to the first definition, having peace of mind
knowing that your systems are safe and protected.
3. Something that gives or assures safety,
 This includes contingency plans for what to do when
attackers strike, hiring network security consultants to find
insecurities in your network, etc. as:
 A group or department of private guards: Call building security if
a visitor acts suspicious.
 Measures adopted by a government to prevent espionage,
sabotage, or attack.
 Measures adopted, as by a business or homeowner, to prevent a
crime such as burglary or assault: Security was lax at the firm's
smaller plant.
4. …etc.

3
 Computer security
◦ involves implementing measures to secure a single
computer.
◦ When securing a single computer, you are concerned with
protecting the resources stored on that computer and
protecting that computer from threats.
 Network security
◦ involves protecting all the resources on a network from
threats. You must consider not only the computers on the
network, but other network devices, network transmission
media, and the data being transmitted across the network.
 Information security
◦ involves protecting all the information and data stored in a
computer and network from threats. The information
should be accessed only by an authorized person

4
 Financial institutions and banks
 Internet service providers
 Pharmaceutical companies
 Educational Institutions
 Government and defense agencies
 Contractors to various government agencies
 Multinational corporations
 ANYONE ON THE NETWORK on the cyber
space.

5
 Confidentiality:
◦ Authentication
 The assurance that the communicating entity is the one it claims to be
◦ Access Control
 The prevention of unauthorized use of a resource
 who can have access to a resource,
 under what conditions access can occur,
 what those accessing the resource are allowed to do
 prevention of unauthorized disclosure of information.
 Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and
proprietary information.
 Integrity:
◦ prevention of unauthorized modification of information.
◦ Guarding against information modifications or destruction, including
ensuring information non-repudiation and authenticity.
 Availability:
◦ prevention of unauthorized withholding of information or resources.
◦ Ensuring timely and reliable access to and use of information
 Accountability:
◦ holding users accountable for their actions.
 Nonrepudiation:
◦ the ability to ensure that someone cannot deny (i.e.,repudiate) his or
her actions.
6
7
 Passive attacks
◦ Obtain message contents
◦ Monitoring traffic flows

8
Obtain message contents
◦ The release of message contents is easily understood
(Figure 1.2a). A telephone conversation, an electronic mail
message, and a transferred file may contain sensitive or
confidential information.
◦ We would like to prevent an opponent from learning the
contents of these transmissions.
Traffic analysis,
◦ (Figure 1.2b). Suppose that we had a way of masking the
contents of messages or other information traffic so that
opponents, even if they captured the message, could not
extract the information from the message.
◦ The common technique for masking contents is encryption.
If we had encryption protection in place, an opponent might
still be able to observe the pattern of these messages.
◦ The opponent could determine the location and identity of
communicating hosts and could observe the frequency and
length of messages being exchanged.
◦ This information might be useful in guessing the nature of
the communication that was taking place.
9
 Active attacks
◦ Masquerade of one entity as
some other
◦ Replay previous messages
◦ Modify messages in transmit
◦ Add, delete messages
◦ Denial of service

10
A masquerade
◦ Takes place when one entity pretends to be a different entity (Figure 1.3a).
◦ A masquerade attack usually includes one of the other forms of active attack.
For example, authentication sequences can be captured and replayed after a
valid authentication sequence has taken place, thus enabling an authorized
entity with few privileges to obtain extra privileges by impersonating an
entity that has those privileges.
Modification of messages
◦ Simply means that some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unauthorized effect
(Figure 1.3c). For example, a message meaning "Allow John Smith to read
confidential file accounts" is modified to mean "Allow Fred Brown to read
confidential file accounts.“
The denial of service
◦ prevents or inhibits the normal use or management of communications
facilities (Figure 1.3d).
◦ This attack may have a specific target; for example, an entity may suppress
all messages directed to a particular destination (e.g., the security audit
service).
◦ Another form of service denial is the disruption of an entire network, either
by disabling the network or by overloading it with messages so as to degrade
performance. 11
◦ Hackers vs. crackers
 The general view is that, while hackers build things, crackers
break things. Cracker is the name given to hackers who
break into computers for criminal gain; whereas, hackers can
also be internet security experts hired to find vulnerabilities
in systems. These hackers are also known as white hat
hackers.
 Types of hackers:
 White hat hackers, security experts hired to find
vulnerabilities in systems.
 Black hat hackers, a hacker with extensive computer
knowledge whose purpose is to breach or bypass security.
Black hat hackers are also known as crackers or dark-side
hackers.
 Grey hat hackers, who may sometimes violet laws or
typical ethical standards, but does not have the malicious
intent typical of a black hat hackers
◦ Cyber vandalism: Intentionally disrupting, defacing,
destroying Web site

12
13
 Identity and Access Management (IAM)
◦ Authentication
◦ Authorization
◦ Auditing
 Encryption
 Securing channels of communication (SSL, S-HTTP,
VPNs)
 Firewalls
 Intrusion detection systems
 Software Controls (access limitations in a data base, in
operating system protect each user from other users)
 Hardware Controls (smartcard)
 Regular scanning, detection and removal of viruses
 Security Policies and management
 Physical Controls

14
15
 Encryption
◦ Transforms data into cipher text readable
only by sender and receiver
◦ Secures stored information and information
transmission
◦ Provides key dimensions of security:
1. Message integrity
2. Nonrepudiation
3. Authentication
4. Confidentiality

16
17
 Secure Sockets Layer (SSL):
◦ Establishes a secure, negotiated client-server
session in which URL of requested document,
along with contents, is encrypted

 S-HTTP:
◦ Provides a secure message-oriented
communications protocol designed for use in
conjunction with HTTP

 Virtual Private Network (VPN):


◦ Allows remote users to securely access
internal network via the Internet, using Point-
to-Point Tunneling Protocol (PPTP)

18
19
 Firewall
◦ Hardware or software
◦ Uses security policy to filter packets
◦ Two main methods:
1. Packet filters
2. Application gateways

 Proxy servers (proxies)


◦ Software servers that handle all
communications originating from or
being sent to the Internet

20
21
Internet DMZ
Web server, email
server, web proxy,
etc
Firewall

Firewall
Intranet

22
 Used to monitor for “suspicious activity” on a network
◦ Can protect against known software exploits, like buffer
overflows
 Open Source IDS: Snort, www.snort.org
 Uses “intrusion signatures”
◦ Well known patterns of behavior
 Ping sweeps, port scanning, web server indexing, OS fingerprinting,
DoS attempts, etc.
 Example
◦ IRIX vulnerability in webdist.cgi
◦ Can make a rule to drop packets containing the line
 “/cgi-bin/webdist.cgi?distloc=?;cat%20/etc/passwd”
 However, IDS is only useful if contingency plans are
in place to curb attacks as they are occurring

23
 Operating system security enhancements
◦ Upgrades, patches

 Anti-virus software:
◦ Easiest and least expensive way to prevent threats
to system integrity
◦ Regular scanning, detection and removal of viruses
◦ Requires daily updates

24
 needs to address:
◦ scope and purpose including relation of objectives to
business, legal, regulatory requirements
◦ IT security requirements
◦ assignment of responsibilities
◦ risk management approach
◦ security awareness and training
◦ general personnel issues and any legal sanctions
◦ integration of security into systems development
◦ information classification scheme
◦ contingency and business continuity planning
◦ incident detection and handling processes
◦ how when policy reviewed, and change control to it

25
 Risk assessment
 Security policy
 Implementation plan
◦ Access controls
◦ Authentication
procedures, inc.
biometrics
◦ Authorization policies,
authorization
management systems
 Security organization
 Security audit

26
1. Read and prepare a document about the Challenges and the most Common
Security threats listed bellow and indicate the techniques that could be
implemented to mitigate the risk
 Malicious code: Viruses, Worms, Trojan horses, Bots, botnets

 Unwanted programs: Browser parasites, Adware, Spyware

 Phishing

 Credit card fraud/theft


 Spoofing

 Pharming

 Spam/junk Web sites

 Denial of service (DoS) attack


 Sniffing

 Insider jobs

 Poorly designed server and client software

 TCP attacks
 malicious software

 Vishing/smishing,

1. List down some of the Current Smartphone security risks and enumerate some of
the tips to overcome the risks
2. Justify why it is not possible to protect or secure a given network, computer or
Information 100%?

Submission Date:- December 5,2019


27

Vous aimerez peut-être aussi