Network Security

What is Security

Dictionary.com says:
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear; confidence.
3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor acts suspicious.
2. Measures adopted by a government to prevent espionage, sabotage, or attack.
3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary
or assault: Security was lax at the firm's smaller plant.

etc.

What is Security

Dictionary.com says:
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear; confidence.
3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor acts suspicious.
2. Measures adopted by a government to prevent espionage, sabotage, or attack.
3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary
or assault: Security was lax at the firm's smaller plant.

etc.

What is Security

Dictionary.com says:
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear; confidence.
3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor acts suspicious.
2. Measures adopted by a government to prevent espionage, sabotage, or attack.
3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary
or assault: Security was lax at the firm's smaller plant.

etc.

What is Security

Dictionary.com says:
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear; confidence.
3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor acts suspicious.
2. Measures adopted by a government to prevent espionage, sabotage, or attack.
3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary
or assault: Security was lax at the firm's smaller plant.

etc.

Why do we need security?

Protect

vital information while still allowing access to those

who need it
Trade secrets, medical records, etc.

Provide

authentication and access control for resources

Ex: AFS
Guarantee

availability of resources

Ex: 5 9s (99.999% reliability)

Who is vulnerable?
Financial

institutions and banks

Internet service providers
Pharmaceutical companies
Government and defense agencies
Contractors to various government agencies
Multinational corporations
ANYONE ON THE NETWORK
7

Security Goals
Generally there a three security goals: confidentiality,
integrity and availability

Taxonomy of security goals

Confidentiality
Confidentiality,
keeping
information
secret
from
unauthorized access, is probably the most common aspect of
information security: we need to protect confidential
information. An organization needs to guard against those
malicious actions that endanger the confidentiality of its
information.
Integrity
Information needs to be changed constantly. In a bank, when
a customer deposits or withdraws money, the balance of their
account needs to be changed. Integrity means that changes
should be done only by authorized users and through
authorized mechanisms.

Availability
The third component of information security is availability.
The information created and stored by an organization needs
to be available to authorized users and applications.
Information is useless if it is not available. Information needs
to be changed constantly, which means that it must be
accessible to those authorized to access it. Unavailability of
information is just as harmful to an organization as a lack of
confidentiality or integrity. Imagine what would happen to a
bank if the customers could not access their accounts for
transactions.

Attacks

The three goals of securityconfidentiality, integrity and

availabilitycan be threatened by security attacks. Fig.
relates the taxonomy of attack types to security goals.

Taxonomy of attacks with relation to security goals

Attacks threatening confidentiality

In general, two types of attack threaten the confidentiality of
information: snooping and traffic analysis. Snooping refers
to unauthorized access to or interception of data. Traffic
analysis refers other types of information collected by an
intruder by monitoring online traffic.
Attacks threatening integrity
The integrity of data can be threatened by several kinds of
attack: modification, masquerading, replaying and
repudiation.

Attacks threatening availability

Denial of service (DoS) attacks may slow down or totally
interrupt the service of a system. The attacker can use several
strategies to achieve this. They might make the system so
busy that it collapses, or they might intercept messages sent
in one direction and make the sending system believe that
one of the parties involved in the communication or message
has lost the message and that it should be resent.

Security services
Standards have been defined for security services to achieve
security goals and prevent security attacks. Figure shows the
taxonomy of the five common services.

Security services

Techniques
The actual implementation of security goals needs some help
from mathematics. Two techniques are prevalent today: one
is very generalcryptographyand one is specific
steganography.
Cryptography
Some security services can be implemented using
cryptography. Cryptography, a word with Greek origins,
means secret writing.
Steganography
The word steganography, with its origin in Greek, means
covered writing, in contrast to cryptography, which means
secret writing.