2 What is Security? Definitions from the Amer. Herit. Dict. : Freedom from risk or danger; safety. (NO!) Measures adopted to prevent a crime such as burglary or assault. (ALMOST!) Network security measures: Mechanisms to prevent, detect, and recover from network attacks, or for auditing purposes.
4 A Secured Network A network is secured if it has deployed adequate measures for prevention of, detection of, and recovery from attacks. Adequate = commensurate with the value of the network s assets and liabilities, and the perceived threat intensity. By Breno
5 Security Goals C onfidentiality I ntegrity A vailability
6 Confidentiality Prevent against: adversarial capture (of information) undue public disclosures Audit of data accesses Detection of unauthorized data access Retaliation (legal, PR, info. warfare)
7 Integrity: Data integrity + Authenticity Prevent against unauthorized data modification, and impersonation attacks Detect impersonation and/or undue data modification Recover from detected attacks Audit data modification, entity authentication
8 Availability Continuous service, quality of service, resource wastefulness reduction Typical attack: DoS, DDoS Prevention by removal of bottlenecks Detection of attacks Recovery of service provision ability Audit of service requests.
9 Concrete Security Measures Securing an open network requires adoption of a myriad of measures: Policies, audit and evaluation Personnel training Physical security/ EM emanation shielding Authentication and access control Communication security: Cryptographybased techniques.
10 Open Systems Interconnection A standard-centric networking model
11 Open Systems Open Systems: general-purpose networks that support standardized communication protocols and may accommodate heterogeneous sub-networks transparently. Corporate Intranets: Ethernet, Token Ring and Wireless subnets. Internet
12 Open Systems Interconnection Model ISO s layered approach to standardization Application layer FTP, Telnet, SSH Presentation layer MIME, XDR, SSH 5. Session layer NetBios, FTP, Telnet, SSH 4. Transport layer TCP,UDP,SSL/TLS 3. Network layer IP, ICMP, IPSEC 2. Data link layer Ethernet, PPP, ISDN 1. Physical layer pins, cabling, radio
13 1-2. Physical/Data Link Layers Physical layer: Radio, fiber, cable, pins Data link layer orchestrates the signaling capabilities of the physical medium (unreliable, noisy channel) into reliable transmission of protocol data units (PDUs). PDUs contain control information, addressing data, and user data. Hardware-based encryption operates at 1+2.
14 3. Network Layer Exports a logical network interface, allowing for uniform addressing and routing over heterogeneous subnetworks. E.g.: IP can route between Ethernet- and x - networks
15 4. Transport Layer Permits connection and connectionless associations. Connections enable reliable transmission of data streams. End-to-end security first becomes meaningful at this level. Security associations: An association is either a connection or a connectionless transmission service at levels 4-7.
16 Levels 5 and Higher Application through session protocol layers. Many network applications implement their own session management. Moreover, they typically depend on system libraries for presentation layer capabilities. Such applications, from a data-path viewpoint, may be considered a single layer: PDUs only typically appear at the session layer.
17 Example: SSH SSH provides provides services at all topmost three OSI layers. Application: Terminal/file transfer Presentation: Encryption Session: Connection, synchronization Only at the session layer the data (encrypted buffers of user input) gets first packaged into a protocol data unit for transmission.
18 TCP/IP networking model A data-path centric model
19 TCP/IP network model ( TCP/IP Protocol) TCP/IP Application Layer TCP/IP Transport Layer TCP/IP Network Layer TCP/IP Data Link Layer TCP/IP Physical Layer 7. OSI Application 6. OSI Presentation 5. OSI Session 4. OSI Transport 3. OSI Network 2. OSI Data Link Layer 1. OSI Physical Layer
20 Protocol PDU Wrapping SUN Sun Product Documentation
22 Fitting Security How security measures fit into the network models
23 Network Configuration Wireless access point Security Mechanisms in... V. L. Voydock and S. T. Kent
24 Association Model An association is either a connectionless data transmission service or a connection at any of OSI layers 4-7, or TCP/IP application /transport layers An N-association is the data-path through which N+1 entities communicate: Generally at session layer or below. N+1-layer data packaged into N-PDUs
25 Association Model (2) The association model simplifies the network environment, while still capturing the essential elements needed for security design. Security Mechanisms in... V. L. Voydock and S. T. Kent
26 Security at levels 1-3 Implemented at the host/network interface level (lack notion of association): Link-to-link security. Encryption/authentication requires operations at each network node. Each network node must be trusted. Impractical for Open Systems?
27 Security protocols 3 Many VPN technologies work at level 2 PPTP, L2F, L2TP Rationale: Directed at dial-up VPN networks, (PPP is level-2). Provide service to a variety of network-level protocols, such as IP or IPX. IPSEC works at level 3, essentially extends IPv6/IPv4.
28 Security above level 3 Most flexible security measures End-to-end security: The security policies and mechanisms can be based on associations between entities (applications, processes, connections), as opposed to hostbased: In multi-user environments, or when hosts are not physically secure, host-based policies are not sufficiently fine-grained.
29 Summary Security measures can take three main forms: 1. End-to-end security at the TCP/IP application layer (5-7 OSI model layers) 2. End-to-end security at the (TCP/IP,OSI) transport layer 3. Link-to-link security at the network, datalink and physical layers.
30 Attacks A taxonomy
31 Attack Types And their impact on end-to-end communication security mechanisms
32 Passive Attacks Observation of N+1-layer data in an N-layer PDU: release of data contents, or eavesdropping Observation of control/ address information on the N-PDU itself: traffic analysis. Transport/network boundary = End-to-end/ link-to-link boundary. Traffic analysis is least effective if N+1 = 4.
33 Active Attacks Impersonation Packet injection (attacker-generated PDU) Packet deletion/delay Packet modification/re-ordering Replay attacks If a breech can be achieved by both active and passive attacks, which is more powerful? (problematic)
Notes on Network Security - Introduction Security comes in all shapes and sizes, ranging from problems with software on a computer, to the integrity of messages and emails being sent on the Internet. Network
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
COMPUTER NETWORKS NETWORK ARCHITECTURE AND PROTOCOLS The Need for Standards Computers have different architectures, store data in different formats and communicate at different rates Agreeing on a particular
COMPUTER NETWORK SECURITY QUESTION BANK UNIT-I DATA COMMUNICATION 1. Define protocol. 2. Define transmission medium. 3. What are the basic components of data communication? 4. What is dataflow? 5. List
Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking
1 Network Reference Models - OSI Reference Model - A computer network connects two or more devices together to share information and services. Multiple networks connected together form an internetwork.
Computer Networks CS321 Dr. Ramana I.I.T Jodhpur Dr. Ramana ( I.I.T Jodhpur ) Computer Networks CS321 1 / 22 Outline of the Lectures 1 Introduction OSI Reference Model Internet Protocol Performance Metrics
OSI MODEL 1 Introduction Open Systems Interconnection Basic Reference Model (OSI Reference Model or OSI Model) is an abstract description for layered communications and computer network protocol design.
Review of ing Concepts Part 2: Protocols and Services ed Protocol Architectures Services OSI Reference Model Summary of Topics Protocol, s, Encapsulation Services Protocol Architecture OSI Reference Model
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
Information System Security Chapter 1:Introduction Dr. Lo ai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Chapter 1 Introduction The
Communication Networks MAP-TELE 2011/12 José Ruela Network basic mechanisms Network Architectures Protocol Layering Network architecture concept A network architecture is an abstract model used to describe
Advanced Topics in Distributed Systems Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Security Introduction Based on Ch1, Cryptography and Network Security 4 th Ed Security Dr. Ayman Abdel-Hamid,
Chapter 1: Introduction Professor of CIS Columbus, OH 43210 Jain@cse.ohio-state.edu http://www.cse.ohio-state.edu/~jain/cis677-98/ 1B-1 Data Communication vs Networking q Communication: Two Nodes. Mostly
Network Architecture and the OSI Reference Model Advanced Computer Networks D12 Architecture Outline The Internet and IP Network Architecture Protocols and s Encapsulation The OSI Reference Model The Seven
Protocol Architecture ed Protocol Architectures OSI Reference Model TCP/IP Protocol Stack Need for Protocols The task of exchanging information between devices requires a high degree of cooperation between
Rab Nawaz Khan Jadoon Lecturer Department of Computer Sciences COMSATS Institute of Information Technology, Lahore, Pakistan Email: firstname.lastname@example.org Home: http://jadoon956.wordpress.com The OSI
Computer Networks III Wide Area Networks and Packet Switching Network Protocols and the OSI Layers The Internet Internet Infrastructure 1 Wide Area Networks (recap) 2 Page 1 Basic WAN structure Host Router
Computer Network Layers CIS748 Class Notes Alex S. 1 The Layers Normally, the task of communication from computer to computer is broken up into layers. Each device attached to the network has a corresponding
VPN Date: 4/15/2004 By: Heena Patel Email:email@example.com What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
TCP/IP Protocol Architecture CSE 3213 Fall 2011 1 The Need For Protocol Architecture 1.) the source must activate communications path or inform network of destination 2.) the source must make sure that
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist firstname.lastname@example.org Specialties: Routing &
The OSI Model and the TCP/IP Protocol Suite Pritee Parwekar ANITS 1 To study To discuss the idea of multiple layering in data communication and networking and the interrelationship between layers. To discuss
Introduction Computer Network. Interconnected collection of autonomous computers that are able to exchange information No master/slave relationship between the computers in the network Data Communications.
Why do we need networks? Networking Basics and Network Security Shared Data and Functions Availability Performance, Load Balancing What is needed for a network? ISO 7-Layer Model Physical Connection Wired:
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
Local Area Networks (LANs) The CCNT Local Area Networks (LANs) Course April 2012 release blueprint lists the following information. Courseware Availability Date identifies the availability date for the
Advanced Higher Computing Computer Networks Homework Sheets Topic : Network Protocols and Standards. Name the organisation responsible for setting international standards and explain why network standards
ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server Inhalte Teil 01 Network Architecture Standards Network Components and Terminology Network Architecture Network Media Access Control Methods
Link Layer and Network Layer Security for Wireless Networks Interlink Networks, Inc. May 15, 2003 1 LINK LAYER AND NETWORK LAYER SECURITY FOR WIRELESS NETWORKS... 3 Abstract... 3 1. INTRODUCTION... 3 2.
Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices
Convergence Technologies Professional (CTP) Course 1: Data Networking The Data Networking course teaches you the fundamentals of networking. Through hands-on training, you will learn the vendor-independent
Protocols and Architecture Protocol Architecture. Layered structure of hardware and software to support exchange of data between systems/distributed applications Set of rules for transmission of data between
SFWR 4C03: Computer Networks & Computer Security Jan 3-7, 2005 Lecturer: Kartik Krishnan Lecture 1-3 Communications and Computer Networks The fundamental purpose of a communication network is the exchange
Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology
IY2760/CS3760: Part 6 In this part of the course we give a general introduction to network security. We introduce widely used security-specific concepts and terminology. This discussion is based primarily
The Purpose of ing CSCI 362 Computer and Security Introduction to ing Goals: Remote exchange and remote process control. A few desirable properties: Interoperability, Flexibility, Geographical range, Scalability,
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol (PPP) Point-to-Point Tunneling Protocol (PPTP) [NetSec], WS 2006/2007 10.1 Scope of Link Layer Security Protocols
Protocols and Architecture 1 Protocol Architecture Layered structure of hardware and software that supports the exchange of data between systems as well as a distributed application (e.g. email or file
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
Virtual Private Networks Solutions for Secure Remote Access White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information
CN1047 INTRODUCTION TO COMPUTER NETWORKING CHAPTER 2 OSI MODEL OSI Model The Open Systems Interconnection model (OSI Model) is a conceptual model that characterizes and standardizes the communication functions
IT 4823 Information Security Concepts and Administration March 17 Network Threats Notice: This session is being recorded. Happy 50 th, Vanguard II March 17, 1958 R.I.P. John Backus March 17, 2007 Copyright
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 2 An Introduction to Networking Learning Objectives Upon completion of this chapter, you should be able to: Describe the
Cryptography and Network Security Chapter 1 Acknowledgments Lecture slides are based on the slides created by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood
Introduction p. xvii Introduction to Information Security p. 1 Introduction p. 2 What Is Information Security? p. 3 Critical Characteristics of Information p. 4 CNSS Security Model p. 5 Securing Components
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected
Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks Introduction Issues Design Goals Classifications TCP Over Ad Hoc Wireless Networks Other Transport Layer Protocols Security
Virtual Private Networks Jonathan Reed email@example.com MIT IS&T VPN Release Team Overview Basic Networking Terms General Concepts How the VPN works Why it s useful What to watch out for Q&A Networking 101
William Stallings Data and Computer Communications Chapter 15 Internetwork Protocols Internetworking Terms (1) Communications Network Facility that provides data transfer service An internet Collection
SECURITY TRENDS-ATTACKS-SERVICES 1.1 INTRODUCTION Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people
Understand the OSI Model Part 2 Lesson Overview In this lesson, you will learn information about: Frames Packets Segments TCP TCP/IP Model Well-known ports for most-used purposes Anticipatory Set Review
The OSI Reference Model Review of the seven layers of tasks that make communications systems operate. Types of Internetworking Devices The main devices on an internetwork: bridges, switches, routers, and
Mathatma Gandhi University BSc Computer Science IV th semester BCS 402 Computer Network &Internet MULTIPLE CHOICE QUESTIONS 1. The computer network is A) Network computer with cable B) Network computer
Network System Design Lesson Unit 1: INTRODUCTION TO NETWORK DESIGN Assignment Customer Needs and Goals Identify the purpose and parts of a good customer needs report. Gather information to identify network
Configure A VoIP Network Prof. Mr. Altaf. I. Darvadiya Electronics & Communication C.U.Shah College of Engg. & Tech. Wadhwan(363030), India e-mail: firstname.lastname@example.org Ms. Zarna M. Gohil Electronics & Communication
Network Security Internet not originally designed with (much) security in mind original vision: a group of mutually trusting users attached to a transparent network Security considerations in all layers!
Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that
The OSI Model and the TCP/IP Protocol Suite - the OSI model was never fully implemented. - The TCP/IP protocol suite became the dominant commercial architecture because it was used and tested extensively
Outline: Introduction Last class recap a. Internet is made up of hosts (end systems), communication links, and packet switches). Hosts and packet switches run various networking protocols and work together
Introduction To Computer Networking Alex S. 1 Introduction 1.1 Serial Lines Serial lines are generally the most basic and most common communication medium you can have between computers and/or equipment.
544 Computer and Network Security Section 1: Introduction Dr. E.C. Kulasekere Sri Lanka Institute of Information Technology - 2005 Background Information Security requirements have changed in recent times
Review questions 1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network B Local area network C Client/server
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
Module 1 Introduction Lesson 2 Layered Network Architecture Specific Functional Objectives On Completion of this lesson, the students will be able to: State the requirement for layered approach Explain
Security Functions in Telecommunications Placement & Achievable Security Reiner Sailer, Hannes Federrath, Andreas Pfitzmann Abstract The placement of security functions determines which kinds of data they
VPN: Virtual Private Network Presented by: ABHIJIT R.PATIL INTRODUCTION What is a VPN? Introduction: What is a VPN? Virtual Private Network Introduction to VPN Introduction (continued): Four Categories:
1. What type of network is more likely to include Frame Relay, Switched Multi-megabit Data Services (SMDS), and X.25? A. Local area network (LAN) B. Wide area network (WAN) C. Intranet D. Internet 2. Which
C101:IntroductiontotheCommunications ProtocolsandTheirUsesin ITSApplications(K) C101: Introduction to Communications Protocols and Their Table of Contents Introduction/Purpose... 2 NTCIP Framework... 3
CSE 123 Computer Networks Fall 2009 Lecture 2: Protocols & Layering Today What s a protocol? Organizing protocols via layering Encoding layers in packets The OSI & Internet layering models The end-to-end
Local Area Networks: Internetworking Chapter 81 Learning Objectives List the reasons for interconnecting multiple local area networks and interconnecting local area networks to wide area networks. Identify