The document provides an overview of data and network security concepts including:
1) The need to protect organizational functionality, safe operations, data collection, and technology assets from various security attacks like passive eavesdropping, active masquerading, message modification, repudiation, replay, and denial of service.
2) Common security services like authentication, access control, data confidentiality, data integrity, and nonrepudiation which implement security policies through mechanisms like encryption.
3) Methods of protection such as firewalls, network segmentation, remote access VPNs, zero trust network access, and email security controls.
4) Basic cryptography concepts and techniques including plaintext, ciphertext, encryption, decryption,
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0 ratings0% found this document useful (0 votes)
173 views29 pages
Unit-I - Data and Network Security
The document provides an overview of data and network security concepts including:
1) The need to protect organizational functionality, safe operations, data collection, and technology assets from various security attacks like passive eavesdropping, active masquerading, message modification, repudiation, replay, and denial of service.
2) Common security services like authentication, access control, data confidentiality, data integrity, and nonrepudiation which implement security policies through mechanisms like encryption.
3) Methods of protection such as firewalls, network segmentation, remote access VPNs, zero trust network access, and email security controls.
4) Basic cryptography concepts and techniques including plaintext, ciphertext, encryption, decryption,
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 29
UNIT-I
Data & Network Security
Syllabus Need for Security, Security Attack, Security Services, Information Security, Methods of Protection, Basics of Cryptography: Terminologies used in Cryptography, Substitution Techniques, Transposition Techniques, Network Security, Threats in Networks, Network Security Controls. Need for Information security 1.Protecting the functionality of the organization 2.Enabling the safe operation of applications 3.Protecting the data that the organization collect and use 4.Safeguarding technology assets in organizations Attacks in Information Security
• Passive Attack: Passive attacks are in the nature of eavesdropping
on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. • Active Attacks: An Active attack attempts to alter system resources or affect their operations. Active attacks involve some modification of the data stream or the creation of false statements. Types of active attacks are as follows: • Masquerade • Modification of messages • Repudiation • Replay • Denial of Service Masquerade
A masquerade attack takes place when one entity
pretends to be a different entity. A Masquerade attack involves one of the other forms of active attacks. Masquerade assaults may be performed using the stolen passwords and logins. Modification of messages
It means that some portion of a message is
altered or that message is delayed or reordered to produce an unauthorized effect. Modification is an attack on the integrity of the original data. It basically means that unauthorized parties not only gain access to data but also alter the transmitted data packets or flooding the network with fake data. Repudiation
This attack occurs when the network is not
completely secured or the login control has been tampered with. With this attack, the author’s information can be changed by actions of a malicious user in order to save false data in log files, up to the general manipulation of data on behalf of others. Replay
It involves the passive capture of a message and
its subsequent transmission to produce an authorized effect. In this attack, the basic aim of the attacker is to save a copy of the data originally present on that particular network and later on use this data for personal uses. Denial of Service
It prevents the normal use of communication
facilities. This attack may have a specific target. For example, an entity may suppress all messages directed to a particular destination. Another form of service denial is the disruption of an entire network either by disabling the network or by overloading it with messages so as to degrade performance. Security Services X.800 defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers. Security services are processing or communication service that is provided by a system to give a specific kind of protection to system resources; security services implement security policies and are implemented by security mechanisms. Authentication The authentication service is concerned with assuring that a communication is authentic. In the case of a single message, such as a warning or alarm signal, the function of the authentication service is to assure the recipient that the message is from the source that it claims to be from. In the case of an ongoing interaction, such as the connection of a terminal to a host, two aspects are involved. First the service assures that the two entities are authentic Second, the service must assure that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties for the purposes of unauthorized transmission or reception. Access Control In the context of network security, access control is the ability to limit and control the access to host systems and applications via communications links. To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual. Data Confidentiality Confidentiality is the protection of transmitted data from passive attacks. With respect to the content of a data transmission, several levels of protection can be identified. The other aspect of confidentiality is the protection of traffic flow from analysis. This requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility. Data Integrity A connection-oriented integrity service, one that deals with a stream of messages, assures that messages are received as sent, with no duplication, insertion, modification, reordering, or replays. The destruction of data is also covered under this service. Thus, the connection-oriented integrity service addresses both message stream modification and denial of service. On the other hand, a connectionless integrity service, one that deals with individual messages without regard to any larger context, generally provides protection against message modification only. Nonrepudiation Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message. Similarly, when a message is received, the sender can prove that the alleged receiver in fact received the message. Information Security Information Security is not only about securing information from unauthorized access. Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Information can be physical or electronic one. Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your biometrics etc. Thus Information Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social Media etc. Methods of Protection Firewall Network Segmentation Remote Access VPN Zero Trust Network Access (ZTNA) Email Security Firewall
Firewalls control incoming and outgoing traffic
on networks, with predetermined security rules. Firewalls keep out unfriendly traffic and is a necessary part of daily computing. Network Security relies heavily on Firewalls, and especially Next Generation Firewalls, which focus on blocking malware and application-layer attacks. Network Segmentation
Network segmentation defines boundaries between
network segments where assets within the group have a common function, risk or role within an organization. For instance, the perimeter gateway segments a company network from the Internet. Potential threats outside the network are prevented, ensuring that an organization’s sensitive data remains inside. Organizations can go further by defining additional internal boundaries within their network, which can provide improved security and access control. Remote Access VPN
Remote access VPN provides remote and secure
access to a company network to individual hosts or clients, such as telecommuters, mobile users, and extranet consumers. Each host typically has VPN client software loaded or uses a web-based client. Privacy and integrity of sensitive information is ensured through multi-factor authentication, endpoint compliance scanning, and encryption of all transmitted data. Zero Trust Network Access (ZTNA)
The zero trust security model states that a user should
only have the access and permissions that they require to fulfill their role. This is a very different approach from that provided by traditional security solutions, like VPNs, that grant a user full access to the target network. Zero trust network access (ZTNA) also known as software-defined perimeter (SDP) solutions permits granular access to an organization’s applications from users who require that access to perform their duties. Email Security • Email security refers to any processes, products, and services designed to protect your email accounts and email content safe from external threats. Most email service providers have built-in email security features designed to keep you secure, but these may not be enough to stop cybercriminals from accessing your information. • Terminologies used in cryptography Plaintext original message Ciphertext encrypted or coded message Encryption convert from plaintext to ciphertext (enciphering) Decryption restore the plaintext from ciphertext (deciphering) Key information used in cipher known only to sender/receiver Cipher a particular algorithm (cryptographic system) Cryptography study of algorithms used for encryption Cryptanalysis study of techniques for decryption without knowledge of plaintext Cryptology areas of cryptography and cryptanalysis Types of ciphering techniques • Substitution cipher Monoalphabetic Polyalphabetic • Transposition cipher Monoalphabetic Cipher Polyalphabetic Cipher Less secure More secure than a Monoalphabetic cipher. Contains frequency of letters same as the It does not contain the same frequency of message. letters as in the message. The space between words is left blank. The space between the words are also mapped to some letters. Brute force algorithm can decrypt it. Brute force algorithm cannot decrypt it. It is not used nowadays. It is used more frequently than Monoalphabetic cipher. The same alphabet in the message will be The same alphabet in the code may or made up of similar code letters. may not be made of similar code letters. Transposition cipher Transposition Cipher is a cryptographic algorithm where the order of alphabets in the plaintext is rearranged to form a cipher text. In this process, the actual plain text alphabets are not included. A very different kind of mapping is achieved by performing some sort of permutation on the plaintext letters. This technique is referred to as a transposition cipher. Threats to Information Security
• Information Security threats can be many like Software
attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion. • Threat can be anything that can take advantage of a vulnerability to breach security and negatively alter, erase, harm object or objects of interest. • Software attacks means attack by Viruses, Worms, Trojan Horses etc. Many users believe that malware, virus, worms, bots are all same things. But they are not same, only similarity is that they all are malicious software that behaves differently. Basic Information security controls fall into three groups: • Preventive controls, which address weaknesses in your information systems identified by your risk management team before you experience a cybersecurity incident. • Detective controls, which alert you to cybersecurity breach attempts and also warn you when a data breach is in progress, so your cybersecurity staff can begin to limit the damage. • Corrective controls, such as backups used after a cybersecurity incident, to minimize data loss and damage to information systems; and to restore your information systems as quickly as possible. Information security controls can also be classified into several areas of data protection • Physical access controls. This includes restrictions on physical access such as security guards at building entrances, locks, close circuit security cameras, and perimeter fences. • Cyber access controls. These are cybersecurity controls and policies such as up-to-date firewalls, password policies, and software applications that alert you to cybersecurity risks like ransomware attacks and phishing. • Procedural controls. This includes security awareness education, security framework compliance training, and incident response plans and procedures put in place to enhance network security. • Technical controls. Increasingly common are controls such as multi-factor user authentication at login, and also granting internal access to your IT system on a need-to-know basis. • Compliance controls. This means adherence to privacy laws and cybersecurity frameworks and standards designed to minimize security risks. These typically require an information security risk assessment, and impose information security requirements. For example, if your company is required to be in compliance with the NIST cybersecurity framework but isn’t, it can face monetary penalties until those compliance controls are put into place.