Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Size: px
Start display at page:

Download "Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶"

Transcription

1 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1

2 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2

3 Course information (1/6) Instructor: Professor Gwoboa Horng Basic assumption It is assumed that students in this course have a basic understanding of complexity theory. Some knowledge of modular arithmetic will be helpful but not required. Course web page: 3

4 Course information (2/6) Textbook Cryptography and Network Security, 4/E by William Stallings, Prentice Hall, ( 開 發 圖 書 公 司 ) Cryptography and Network Security: Principles and Practices, 5/E by W. Stallings, Prentice Hall, ( 開 發 圖 書 公 司 ) Textbook web page: raphy/index.html 4

5 Course information (3/6) 參 考 書 籍 近 代 密 碼 學 及 其 應 用 賴 溪 松 韓 亮 張 真 誠 松 崗 旗 標 出 版 社 5

6 Course information (4/6) The objective of this course is to examine both the principles and practice of cryptography and computer network security. Our focus is on Internet Security which consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information. The course material is of use to computer and communication engineers who are interested in embedding security into an information system. 6

7 Course information (5/6) This class is Not a lab or programming course Not a math course, either 7

8 Course information (6/6) Grading (Tentative) Homework 15% (You may collaborate when solving the homework, however when writing up the solutions you must do so on your own. No typed or printed assignments.) Project 20% (Presentation and/or paper required) Midterm exam 25% (Open textbook and notes) Final exam 30% (Open textbook and notes) Class participation 10% 8

9 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 9

10 Motivation Some real examples of security incidents 10

11 Some real examples (1/12) 11

12 Some real examples (2/12) 12

13 Some real examples (3/12) 13

14 Some real examples (4/12) 14

15 Some real examples (5/12) 15

16 Some real examples (6/12) 16

17 Some real examples (7/12) 17

18 Some real examples (8/12) 18

19 Some real examples (9/12) 19

20 Some real examples (10/12) 20

21 Some real examples (11/12) 21

22 Some real examples (12/12) 22

23 Some real examples (Recapitulation) Security incidents Hacker intrusion Password compromise (access control) Spam/hoax (data integrity) Program security Virus Denial of service 23

24 Incidents reported 24

25 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 25

26 Background Information Security requirements have changed in recent times traditionally provided by physical and administrative mechanisms computer use requires automated tools to protect files and other stored information use of networks and communications links requires measures to protect data during transmission 26

27 Definitions Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers Network Security - measures to protect data during their transmission Internet Security - measures to protect data during their transmission over a collection of interconnected networks 27

28 Security Trends 28 growth in sophistication of attacks contrasting with decrease in skill & knowledge needed to mount an attack

29 Security Goals The goal of security is to institute controls that preserve secrecy: assets are accessible only by authorized parties; integrity: assets can be modified only by authorized parties; availability: assets are available to authorized parties. 29

30 Security Goals Confidentiality Integrity Availability 30

31 Services, Mechanisms, Attacks need systematic way to define requirements consider three aspects of information security: security attack security mechanism security service consider in reverse order 31

32 Security Service is something that enhances the security of the data processing systems and the information transfers of an organization intended to counter security attacks make use of one or more security mechanisms to provide the service replicate functions normally associated with physical documents eg. have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed 32

33 Security Mechanism a mechanism that is designed to detect, prevent, or recover from a security attack no single mechanism that will support all functions required however one particular element underlies many of the security mechanisms in use: cryptographic techniques hence our focus on this area 33

34 Security Attack any action that compromises the security of information owned by an organization information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems have a wide range of attacks can focus of generic types of attacks note: often threat & attack mean same 34

35 Security Services (X.800) Authentication - assurance that the communicating entity is the one claimed Access Control - prevention of the unauthorized use of a resource Data Confidentiality protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication 35

36 Security Services (X.800) Authentication - assurance that the communicating entity is the one claimed Peer Entity Authentication Used in association with a logical connection to provide confidence in the identity of the entities connected. Data-origin Authentication In a connectionless transfer, provides assurance that the source of received data is as claimed. 36

37 Security Services (X.800) Access Control - prevention of the unauthorized use of a resource The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do). 37

38 Security Services (X.800) Data Confidentiality protection of data from unauthorized disclosure Connection Confidentiality: The protection of all user data on a connection. Connectionless Confidentiality: The protection of all user data in a single data block. Selective-Field Confidentiality: The confidentiality of selected fields within the user data on a connection or in a single data block. Traffic-flow Confidentiality: The protection of the information that might be derived from observation of traffic flows. 38

39 Security Services (X.800) Data Integrity - assurance that data received is as sent by an authorized entity Connection Integrity with Recovery: Provides for the integrity of all user data on a connection and detects any modification, insertion, deletion, or replay of any data within an entire data sequence, with recovery attempted. Connection Integrity without Recovery Selective-Field Connection Integrity: Provides for the integrity of selected fields within the user data of a data block transferred over a connection. Connectionless Integrity: Provides for the integrity of a single connectionless data block. Selective-Field Connectionless Integrity 39

40 Security Services (X.800) Non-Repudiation - protection against denial by one of the parties in a communication Nonrepudiation, Origin: Proof that the message was sent by the specified party. Nonrepudiation, Destination: Proof that the message was received by the specified party. 40

41 Security Mechanisms (X.800) Specific security mechanisms: May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services. encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization Pervasive security mechanisms: Mechanisms that are not specific to any particular OSI security service or protocol layer. trusted functionality, security labels, event detection, security audit trails, security recovery 41

42 Security Mechanisms (X.800) Specific security mechanisms Encipherment: The use of mathematical algorithms to transform data into a form that is not readily intelligible. Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the recipient). Access Control: A variety of mechanisms that enforce access rights to resources. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. 42

43 Security Mechanisms (X.800) Specific security mechanisms (cont.) Authentication Exchange: A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. Routing Control: Enables selection of particular physically secure routes for certain data and allows routing changes. Notarization: The use of a trusted third party to assure certain properties of a data exchange. 43

44 Security Mechanisms (X.800) Pervasive security mechanisms Trusted Functionality: That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). Security Label: The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. 44

45 Security Mechanisms (X.800) Pervasive security mechanisms (cont.) Event Detection: Detection of security-relevant events. Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. Security Recovery: Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions. 45

46 Relationship between security services and mechanisms 46

47 Security Attacks 47

48 Security Attacks Interruption: This is an attack on availability Interception: This is an attack on confidentiality Modification: This is an attack on integrity Fabrication: This is an attack on authenticity 48

49 49

50 Classify Security Attacks as passive attacks - eavesdropping on, or monitoring of, transmissions to: obtain message contents, or monitor traffic flows active attacks modification of data stream to: masquerade of one entity as some other replay previous messages modify messages in transit denial of service 50

51 Passive Attack: release of message contents 51

52 Passive Attack: traffic analysis 52

53 Active Attack: replay 53

54 Active Attack: denial of service 54

55 Examples of security attacks Social engineering 55

56 Examples of security attacks Impersonation 56

57 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 57

58 Advantages of computer networks Resource sharing Increased reliability Distributing the workload Expandability 58

59 Network concepts Terminology: node, host, link, terminal Media: cable, optical fiber, microwave Type of network: LAN, WAN, internet Topology: common bus, star or hub, ring Protocol: ISO reference model, TCP/IP 59

60 The Physical Organization of Networks Node: The generic name given to all devices hooked up to a network. Each node must have a unique address assigned to it by the network. Networks are either direct-connected or those that are not directly linked. Direct-connected network: Those whose nodes have direct connections through either physical or wireless links. Point-to-point: Simplest version of direct-connected network. Connecting two computing systems.» Example of point to point: Home to ISP. Example of a network that is not directly linked: Internet. 60

61 The Physical Organization of Networks The bus network - A continuous coaxial cable to which all the devices are attached. All nodes can detect all messages sent along the bus. The ring network - Nodes linked together to form a circle. A message sent out from one node is passed along to each node in between until the target node receives the message. Linking nodes: 61

62 The Physical Organization of Networks The star network - Each node is linked to a central node. All messages are routed through the central node, who delivers it to the proper node. The tree network - (hierarchical network) Looks like an upside-down tree where end nodes are linked to interior nodes that allow linking through to another end node. Linking nodes: 62

63 The Physical Organization of Networks The fully connected network - All nodes are connected to all other nodes. Linking nodes: Internetworking - Connecting together any number of direct-connected networks. The largest: Internet. 63

64 Software Architecture of Networks Problem: Connect several different machines running different operating systems (Windows, OS/2, MacOS, UNIX, VMS...) Now, try to: send , data or files between them. Solution: Create a standardized set of rules, or protocols, that, when followed, will allow an orderly exchange of information. Protocol = set of rules governing data communication between peer entities, i.e. format and meaning of frames/packets. A collection of these programs is called a protocol suite. Must be on all computers or nodes in the network. In order to send data over the network, the necessary programs must be executed. 64

65 The concept of protocol layering Protocols are stacked vertically as series of layers. Each layer offers services to layer above through an interface, shielding implementation details. Service = set of primitives provided by one layer to layer above. Service defines what layer can do (but not how it does it). Layer n on one machine communicates with layer n on another machine (they are peer processes/entities) using Layer n Protocol. The entire hierarchy is called a protocol stack The OSI seven-layer model TCP/IP 65

66 The OSI Reference Model OSI Reference Model an internationally standardised network architecture. An abstract representation of an ideal network protocol stack; not used in real networks. OSI = Open Systems Interconnection. Specified in ISO (ISO = International Organization for Standardization) Model has 7 layers. 66

67 The OSI Model Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1 Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer 67

68 Lower/Upper Layers Layers 1-4 often referred to as lower layers. Layers 5-7 are the upper layers. Lower layers relate more closely to the communications technology. Layers 1 3 manage the communications subnet. the entire set of communications nodes required to manage comms. between a pair of machines. Layers 4 7 are true end-to-end protocols. Upper layers relate to application. 68

69 Internet Protocols vs OSI Application 7 5 Application Presentation 6 Session 5 4 TCP Transport 4 3 IP Network 3 2 Network Interface Data Link 2 1 Hardware Physical 1 69

70 Internet Protocols The Architecture of the Internet Four-layer architecture: FTP HTTP NV TFTP TCP UDP IP Network #1 Network #2 Network N 70

71 TCP/IP Protocol Layering Host A Application Layer Message Host B Application Layer Transport Layer Internet Layer Network Interface Layer Packet Datagram Frame Transport Layer Internet Layer Network Interface Layer Physical Network 71

72 Protocol Layering and Routing Host A Application Layer HTTP Message Host B Application Layer Transport Layer TCP Packet Transport Layer Internet Layer Router Internet Layer Internet Layer IP Datagram IP Datagram Network Interface Ethernet Frame Network Layer Ethernet Frame Network Interface Physical Network Physical Network 72

73 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 73

74 Model for Network Communication Security 74

75 Model for Network Communication Security using this model requires us to: design a suitable algorithm for the security transformation generate the secret information (keys) used by the algorithm develop methods to distribute and share the secret information specify a protocol enabling the principals to use the transformation and secret information for a security service 75

76 Model for Network Access Security

77 Model for Network Access Security using this model requires us to: 1. select appropriate gatekeeper functions to identify users 2. implement security controls to ensure only authorised users access designated information or resources 77

78 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 78

79 Outline of the course Introduction (Chapter 1) Conventional encryption: classical techniques, modern techniques, algorithms, confidentiality using conventional encryption (Chapters 2 7) Public-key encryption and hash functions: public-key cryptography, number theory, message authentication and hash functions, hash and MAC algorithms, digital signatures and authentication protocols (Chapters 8 13) 79

80 Outline of the course (Cont.) Network security practice: authentication applications, IP security, Web security, anonymous communications (Chapters 14 17) System security: intruders, viruses, and worms, firewalls (Chapters 18 20) Other topics: Wireless network security, Searchable encryption, Client puzzles, 80

81 Questions? 81

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements

More information

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Advanced Topics in Distributed Systems Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Security Introduction Based on Ch1, Cryptography and Network Security 4 th Ed Security Dr. Ayman Abdel-Hamid,

More information

Information System Security

Information System Security Information System Security Chapter 1:Introduction Dr. Lo ai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Chapter 1 Introduction The

More information

Chap. 1: Introduction

Chap. 1: Introduction Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed

More information

Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1 Cryptography and Network Security Chapter 1 Acknowledgments Lecture slides are based on the slides created by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood

More information

CSCI 4541/6541: NETWORK SECURITY

CSCI 4541/6541: NETWORK SECURITY 1 CSCI 4541/6541: NETWORK SECURITY COURSE INFO CSci 4541/6541 Tuesdays 6:10pm 8:40pm Bell Hall 108 Office Hours: Tuesdays 2:30pm 4:30pm Dr. Nan Zhang Office: SEH 4590 Phone: (202) 994-5919 Email: nzhang10

More information

Table: Security Services (X.800)

Table: Security Services (X.800) SECURIT SERVICES X.800 defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers. Also the

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

544 Computer and Network Security

544 Computer and Network Security 544 Computer and Network Security Section 1: Introduction Dr. E.C. Kulasekere Sri Lanka Institute of Information Technology - 2005 Background Information Security requirements have changed in recent times

More information

Notes on Network Security - Introduction

Notes on Network Security - Introduction Notes on Network Security - Introduction Security comes in all shapes and sizes, ranging from problems with software on a computer, to the integrity of messages and emails being sent on the Internet. Network

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012 Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret

More information

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11. Content 1.Introduction to Data and Network Security. 2. Why secure your Network 3. How Much security do you need, 4. Communication of network systems, 5. Topology security, 6. Cryptosystems and Symmetric

More information

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations. Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely

More information

SECURITY TRENDS-ATTACKS-SERVICES

SECURITY TRENDS-ATTACKS-SERVICES SECURITY TRENDS-ATTACKS-SERVICES 1.1 INTRODUCTION Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people

More information

Cryptography and Network Security Sixth Edition by William Stallings

Cryptography and Network Security Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 1 Overview The combination of space, time, and strength that must be considered as the basic elements of this theory of defense

More information

IY2760/CS3760: Part 6. IY2760: Part 6

IY2760/CS3760: Part 6. IY2760: Part 6 IY2760/CS3760: Part 6 In this part of the course we give a general introduction to network security. We introduce widely used security-specific concepts and terminology. This discussion is based primarily

More information

Network Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access

Network Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access Roadmap Introduction Network services X.800 RFC 2828 Players Marco Carli Conclusions 2 Once.. now: Centralized information Centralized processing Remote terminal access Distributed information Distributed

More information

Network Security. Network Security Hierarchy. CISCO Security Curriculum

Network Security. Network Security Hierarchy. CISCO Security Curriculum Network Security Network Security Hierarchy Material elaborat dupa: CISCO Security Curriculum Kenny Paterson s Lectures for: M.Sc. in Information Security, Royal Holloway, University of London 1 Objectives

More information

Cryptography and Network Security: Overview

Cryptography and Network Security: Overview Cryptography and Network Security: Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Introduction to Security

Introduction to Security 2 Introduction to Security : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l01, Steve/Courses/2013/s2/its335/lectures/intro.tex,

More information

Objectives of Lecture. Network Architecture. Protocols. Contents

Objectives of Lecture. Network Architecture. Protocols. Contents Objectives of Lecture Network Architecture Show how network architecture can be understood using a layered approach. Introduce the OSI seven layer reference model. Introduce the concepts of internetworking

More information

The OSI and TCP/IP Models. Lesson 2

The OSI and TCP/IP Models. Lesson 2 The OSI and TCP/IP Models Lesson 2 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Introduction to the OSI Model Compare the layers of the OSI and TCP/IP

More information

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan CNT5412/CNT4406 Network Security Course Introduction Zhenhai Duan 1 Instructor Professor Zhenhai Duan (duan@cs.fsu.edu) Office: 162 LOV Office hours: 1:00PM to 2:00PM, T/Th Or by appointment Email: duan@cs.fsu.edu

More information

Computer Networks Vs. Distributed Systems

Computer Networks Vs. Distributed Systems Computer Networks Vs. Distributed Systems Computer Networks: A computer network is an interconnected collection of autonomous computers able to exchange information. A computer network usually require

More information

Lecture II : Communication Security Services

Lecture II : Communication Security Services Lecture II : Communication Security Services Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 What is Communication

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

CSCI 362 Computer and Network Security

CSCI 362 Computer and Network Security The Purpose of ing CSCI 362 Computer and Security Introduction to ing Goals: Remote exchange and remote process control. A few desirable properties: Interoperability, Flexibility, Geographical range, Scalability,

More information

CSE 3461 / 5461: Computer Networking & Internet Technologies

CSE 3461 / 5461: Computer Networking & Internet Technologies Autumn Semester 2014 CSE 3461 / 5461: Computer Networking & Internet Technologies Instructor: Prof. Kannan Srinivasan 08/28/2014 Announcement Drop before Friday evening! k. srinivasan Presentation A 2

More information

CS 203 / NetSys 240. Network Security

CS 203 / NetSys 240. Network Security CS 203 / NetSys 240 Network Security Winter 2015 http://sconce.ics.uci.edu/203-w15/ 1 Contact Information Instructor: Gene Tsudik Email: gene.tsudik *AT* uci.edu Phone: (949) 824-43410 use only as the

More information

Network Security Essentials

Network Security Essentials Network Security Essentials Fifth Edition by William Stallings Chapter 1 Introduction On War The combination of space, time, and strength that must be considered as the basic elements of this theory of

More information

Chapter 9. IP Secure

Chapter 9. IP Secure Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.

More information

Fundamentals of Network Security - Theory and Practice-

Fundamentals of Network Security - Theory and Practice- Fundamentals of Network Security - Theory and Practice- Program: Day 1... 1 1. General Security Concepts... 1 2. Identifying Potential Risks... 1 Day 2... 2 3. Infrastructure and Connectivity... 2 4. Monitoring

More information

159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication

More information

ELEC3030 Computer Networks

ELEC3030 Computer Networks ELEC3030 Computer Networks Professor Sheng Chen: Building 86, Room 1021 E-mail: sqc@ecs.soton.ac.uk Download lecture slides from: http://www.ecs.soton.ac.uk/ sqc/el336/ or get them from Course Office (ECS

More information

Network Concepts. IT 4823 Information Security Concepts and Administration. The Network Environment. Resilience. Network Topology. Transmission Media

Network Concepts. IT 4823 Information Security Concepts and Administration. The Network Environment. Resilience. Network Topology. Transmission Media IT 4823 Information Security Concepts and Administration March 17 Network Threats Notice: This session is being recorded. Happy 50 th, Vanguard II March 17, 1958 R.I.P. John Backus March 17, 2007 Copyright

More information

Overview of Computer Networks

Overview of Computer Networks Overview of Computer Networks Client-Server Transaction Client process 4. Client processes response 1. Client sends request 3. Server sends response Server process 2. Server processes request Resource

More information

EE4367 Telecom. Switching & Transmission. Prof. Murat Torlak

EE4367 Telecom. Switching & Transmission. Prof. Murat Torlak Packet Switching and Computer Networks Switching As computer networks became more pervasive, more and more data and also less voice was transmitted over telephone lines. Circuit Switching The telephone

More information

CSC 474 Information Systems Security

CSC 474 Information Systems Security CSC 474 Information Systems Security Introduction About Instructor Dr. Peng Ning, assistant professor of computer science http://www.csc.ncsu.edu/faculty/ning pning@ncsu.edu (919)513-4457 Office: Room

More information

IT4405 Computer Networks (Compulsory)

IT4405 Computer Networks (Compulsory) IT4405 Computer Networks (Compulsory) INTRODUCTION This course provides a comprehensive insight into the fundamental concepts in data communications, computer network systems and protocols both fixed and

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

ΕΠΛ 674: Εργαστήριο 5 Firewalls

ΕΠΛ 674: Εργαστήριο 5 Firewalls ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized

More information

Network System Design Lesson Objectives

Network System Design Lesson Objectives Network System Design Lesson Unit 1: INTRODUCTION TO NETWORK DESIGN Assignment Customer Needs and Goals Identify the purpose and parts of a good customer needs report. Gather information to identify network

More information

Communications and Computer Networks

Communications and Computer Networks SFWR 4C03: Computer Networks and Computer Security January 5-8 2004 Lecturer: Kartik Krishnan Lectures 1-3 Communications and Computer Networks The fundamental purpose of a communication system is the

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Data Communication Networks Introduction

Data Communication Networks Introduction Data Communication Networks Introduction M. R. Pakravan Department of Electrical Engineering Sharif University of Technology Data Networks 1 Introduction The course introduces the underlying concepts and

More information

Information Security

Information Security Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked

More information

CSET 4750 Computer Networks and Data Communications (4 semester credit hours) CSET Required IT Required

CSET 4750 Computer Networks and Data Communications (4 semester credit hours) CSET Required IT Required CSET 4750 Computer Networks and Data Communications (4 semester credit hours) CSET Required IT Required Current Catalog Description: Computer network architectures and their application to industry needs.

More information

IT4504 - Data Communication and Networks (Optional)

IT4504 - Data Communication and Networks (Optional) - Data Communication and Networks (Optional) INTRODUCTION This is one of the optional courses designed for Semester 4 of the Bachelor of Information Technology Degree program. This course on Data Communication

More information

524 Computer Networks

524 Computer Networks 524 Computer Networks Section 1: Introduction to Course Dr. E.C. Kulasekere Sri Lanka Institute of Information Technology - 2005 Course Outline The Aim The course is design to establish the terminology

More information

Core Syllabus. Version 2.6 C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS. June 2006

Core Syllabus. Version 2.6 C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS. June 2006 Core Syllabus C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS Version 2.6 June 2006 EUCIP CORE Version 2.6 Syllabus. The following is the Syllabus for EUCIP CORE Version 2.6, which

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

Indian Institute of Technology Kharagpur. TCP/IP Part I. Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology

Indian Institute of Technology Kharagpur. TCP/IP Part I. Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology Indian Institute of Technology Kharagpur TCP/IP Part I Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology Kharagpur Lecture 3: TCP/IP Part I On completion, the student

More information

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13 COURSE TITLE : INFORMATION SECURITY COURSE CODE : 5136 COURSE CATEGORY : ELECTIVE PERIODS/WEEK : 4 PERIODS/SEMESTER : 52 CREDITS : 4 TIME SCHEDULE MODULE TOPICS PERIODS 1 Introduction to Computer Security

More information

Overview of computer and communications security

Overview of computer and communications security Overview of computer and communications security 2 1 Basic security concepts Assets Threats Security services Security mechanisms 2 Assets Logical resources Information Money (electronic) Personal data

More information

Data Communication Networks and Converged Networks

Data Communication Networks and Converged Networks Data Communication Networks and Converged Networks The OSI Model and Encapsulation Layer traversal through networks Protocol Stacks Converged Data/Telecommunication Networks From Telecom to Datacom, Asynchronous

More information

EE5723/EE4723. Computer & Network Security. Course Coverage. Prerequisites. Course Logistics. Truly a Network Security course

EE5723/EE4723. Computer & Network Security. Course Coverage. Prerequisites. Course Logistics. Truly a Network Security course EE 5723/EE4723 Computer & Network Security Classroom: EERC 508 Course Logistics Meeting time: MWF 12:05pm-12:5512:55 pm Office hours: MW 3:00pm-4:00pm Other time by appointment Instructor Office: EERC

More information

Computer Network. Interconnected collection of autonomous computers that are able to exchange information

Computer Network. Interconnected collection of autonomous computers that are able to exchange information Introduction Computer Network. Interconnected collection of autonomous computers that are able to exchange information No master/slave relationship between the computers in the network Data Communications.

More information

Communication Networks. MAP-TELE 2011/12 José Ruela

Communication Networks. MAP-TELE 2011/12 José Ruela Communication Networks MAP-TELE 2011/12 José Ruela Network basic mechanisms Network Architectures Protocol Layering Network architecture concept A network architecture is an abstract model used to describe

More information

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized Internet users

More information

Computer Networks CS321

Computer Networks CS321 Computer Networks CS321 Dr. Ramana I.I.T Jodhpur Dr. Ramana ( I.I.T Jodhpur ) Computer Networks CS321 1 / 22 Outline of the Lectures 1 Introduction OSI Reference Model Internet Protocol Performance Metrics

More information

Layered Architectures and Applications

Layered Architectures and Applications 1 Layered Architectures and Applications Required reading: Garcia 2.1, 2.2, 2.3 CSE 3213, Fall 2010 Instructor: N. Vlajic 2 Why Layering?! 3 Montreal London Paris Alice wants to send a mail to Bob and

More information

First concepts. Terminology FLORIDA STATE UNIVERSITY

First concepts. Terminology FLORIDA STATE UNIVERSITY First concepts Terminology What is Security? Definitions from the Amer. Herit. Dict. : Freedom from risk or danger; safety. (NO!) Measures adopted to prevent a crime such as burglary or assault. (ALMOST!)

More information

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun CSCI 454/554 Computer and Network Security Instructor: Dr. Kun Sun About Instructor Dr. Kun Sun, Assistant Professor of Computer Science http://www.cs.wm.edu/~ksun/ Phone: (757) 221-3457 Email: ksun@wm.edu

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

IC3 - Network Security. IC3 - Network Security. M.Sc. in Information Security Royal Holloway, University of London

IC3 - Network Security. IC3 - Network Security. M.Sc. in Information Security Royal Holloway, University of London IC3 - Network Security M.Sc. in Information Security Royal Holloway, University of London IC3 - Network Security Lecture 1, Part 1 Introduction to Networking 1 2 Objectives of Lecture Networking background

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999 Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999 Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks

More information

The OSI Model: Understanding the Seven Layers of Computer Networks

The OSI Model: Understanding the Seven Layers of Computer Networks Expert Reference Series of White Papers The OSI Model: Understanding the Seven Layers of Computer Networks 1-800-COURSES www.globalknowledge.com The OSI Model: Understanding the Seven Layers of Computer

More information

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01 JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT Test Code: 4514 Version: 01 Specific Competencies and Skills Tested in this Assessment: PC Principles Identify physical and equipment

More information

CompTIA Network+ (Exam N10-005)

CompTIA Network+ (Exam N10-005) CompTIA Network+ (Exam N10-005) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

INTERNATIONAL TELECOMMUNICATION UNION $!4! #/--5.)#!4)/..%47/2+3 /0%. 3934%-3 ).4%2#/..%#4)/. /3) 3%#52)49 3425#452%!.$!00,)#!4)/.

INTERNATIONAL TELECOMMUNICATION UNION $!4! #/--5.)#!4)/..%47/2+3 /0%. 3934%-3 ).4%2#/..%#4)/. /3) 3%#52)49 3425#452%!.$!00,)#!4)/. INTERNATIONAL TELECOMMUNICATION UNION ##)44 8 THE INTERNATIONAL TELEGRAPH AND TELEPHONE CONSULTATIVE COMMITTEE $!4! #/--5.)#!4)/..%47/2+3 /0%. 3934%-3 ).4%2#/..%#4)/. /3) 3%#52)49 3425#452%!.$!00,)#!4)/.3

More information

What is CSG150 about? Fundamentals of Computer Networking. Course Outline. Lecture 1 Outline. Guevara Noubir noubir@ccs.neu.

What is CSG150 about? Fundamentals of Computer Networking. Course Outline. Lecture 1 Outline. Guevara Noubir noubir@ccs.neu. What is CSG150 about? Fundamentals of Computer Networking Guevara Noubir noubir@ccs.neu.edu CSG150 Understand the basic principles of networking: Description of existing networks, and networking mechanisms

More information

INTERNATIONAL TELECOMMUNICATION UNION DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND APPLICATIONS

INTERNATIONAL TELECOMMUNICATION UNION DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND APPLICATIONS INTERNATIONAL TELECOMMUNICATION UNION CCITT X.800 THE INTERNATIONAL TELEGRAPH AND TELEPHONE CONSULTATIVE COMMITTEE DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND

More information

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life Overview Dipl.-Ing. Peter Schrotter Institute of Communication Networks and Satellite Communications Graz University of Technology, Austria Fundamentals of Communicating over the Network Application Layer

More information

Protocol Architecture

Protocol Architecture Protocol Architecture ed Protocol Architectures OSI Reference Model TCP/IP Protocol Stack Need for Protocols The task of exchanging information between devices requires a high degree of cooperation between

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Compter Networks Chapter 9: Network Security

Compter Networks Chapter 9: Network Security Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau

More information

UPPER LAYER SWITCHING

UPPER LAYER SWITCHING 52-20-40 DATA COMMUNICATIONS MANAGEMENT UPPER LAYER SWITCHING Gilbert Held INSIDE Upper Layer Operations; Address Translation; Layer 3 Switching; Layer 4 Switching OVERVIEW The first series of LAN switches

More information

The OSI Model and the TCP/IP Protocol Suite PROTOCOL LAYERS. Hierarchy. Services THE OSI MODEL

The OSI Model and the TCP/IP Protocol Suite PROTOCOL LAYERS. Hierarchy. Services THE OSI MODEL The OSI Model and the TCP/IP Protocol Suite - the OSI model was never fully implemented. - The TCP/IP protocol suite became the dominant commercial architecture because it was used and tested extensively

More information

Introduction to computer networks and Cloud Computing

Introduction to computer networks and Cloud Computing Introduction to computer networks and Cloud Computing Aniel Nieves-González Fall 2015 Computer Netwoks A computer network is a set of independent computer systems that are connected by a communication

More information

Basics of Internet Security

Basics of Internet Security Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational

More information

ICTTEN8195B Evaluate and apply network security

ICTTEN8195B Evaluate and apply network security ICTTEN8195B Evaluate and apply network security Release 1 ICTTEN8195B Evaluate and apply network security Modification History Release Release 2 Comments This version first released with ICT10 Integrated

More information

Mathatma Gandhi University

Mathatma Gandhi University Mathatma Gandhi University BSc Computer Science IV th semester BCS 402 Computer Network &Internet MULTIPLE CHOICE QUESTIONS 1. The computer network is A) Network computer with cable B) Network computer

More information

an interconnected collection of autonomous computers interconnected = able to exchange information

an interconnected collection of autonomous computers interconnected = able to exchange information Overview: Network Introduction what is a computer network? digital transmission components of a computer network network hardware network software What is a computer network? an interconnected collection

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server

ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server Inhalte Teil 01 Network Architecture Standards Network Components and Terminology Network Architecture Network Media Access Control Methods

More information

T/A/Mentors Office and Office Hours: Check the Staff Information Page on class site

T/A/Mentors Office and Office Hours: Check the Staff Information Page on class site University of Southern California Course Title: EE450: Computer Networks Semester: Fall Semester 2014 Instructor: Professor A. Zahid, azahid@usc.edu Office: PHE 418, 213-740-9058 Office Hours: TTH 9:00

More information

Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks

Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks Introduction Issues Design Goals Classifications TCP Over Ad Hoc Wireless Networks Other Transport Layer Protocols Security

More information

Local Area Networks (LANs) Blueprint (May 2012 Release)

Local Area Networks (LANs) Blueprint (May 2012 Release) Local Area Networks (LANs) The CCNT Local Area Networks (LANs) Course April 2012 release blueprint lists the following information. Courseware Availability Date identifies the availability date for the

More information

Data Link Protocols. TCP/IP Suite and OSI Reference Model

Data Link Protocols. TCP/IP Suite and OSI Reference Model Data Link Protocols Relates to Lab. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet, and the Point-to-Point Protocol (PPP). 1 TCP/IP Suite

More information

Layered protocol (service) architecture

Layered protocol (service) architecture Layered protocol (service) architecture The Internet is complex! many pieces : hosts access network routers links of various media applications protocols Question: Is there any hope of organizing a structure

More information

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected

More information

CRYPTOG NETWORK SECURITY

CRYPTOG NETWORK SECURITY CRYPTOG NETWORK SECURITY PRINCIPLES AND PRACTICES FOURTH EDITION William Stallings Prentice Hall Upper Saddle River, NJ 07458 'jkfetmhki^^rij^jibwfcmf «MMr""'-^.;

More information

Computer Networks. Credit value: 10 Guided learning hours: 60. Aim and purpose. Unit introduction. Learning outcomes

Computer Networks. Credit value: 10 Guided learning hours: 60. Aim and purpose. Unit introduction. Learning outcomes Unit 9: Computer Networks Unit code: QCF Level 3: Credit value: 10 Guided learning hours: 60 Aim and purpose R/601/7320 BTEC National The aim of this unit is to ensure learners understand the key components

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

CCNA 1: Networking Basics. Cisco Networking Academy Program Version 3.0

CCNA 1: Networking Basics. Cisco Networking Academy Program Version 3.0 CCNA 1: Networking Basics Cisco Networking Academy Program Version 3.0 Table of Contents CCNA 1: NETWORKING BASICS...1 TARGET AUDIENCE...3 PREREQUISITES...3 COURSE DESCRIPTION...3 COURSE OBJECTIVES...3

More information