Network Security

Postgraduate
Course
Dr. Mohammed Younis Thanoun
Assistant Professor
Electrical Engineering
Department
Mosul University
Iraq
 About This Course
• Textbook:
1. Network Security Essentials: Applications and Standards, 7th
Ed. William Stallings
2. Cryptography and Network Security: Principles and
Practices, 6th Ed. William Stallings
• Contents:
1. Cryptography
– Algorithms and protocols
– Conventional and public key-based encryption, hash func,
digital signatures, and key exchange
2. Network security applications
– Applications and tools
– Kerberos, X.509v3 certificates, PGP, S/MIME, IP
security, SSL/TLS, SET, and SNMPv3
3. System security
– System-level issues
– Intruders, viruses, worms, DOS
 Coursework Components
• Homework:
– After each chapter
• Projects:
– Cryptography (RSA implementation)
– A secure instant messenger system
• Exams: Comprehensive in English
 Chapter 1 – Introduction
… teaches us to rely not on the likelihood of the enemy's not
coming, but on our own readiness to receive him; not on the
chance of his not attacking, but rather on the fact that we have
made our position unassailable.
—The Art of War, Sun Tzu

... ‫ ب لعلىاستع دادنا‬، ‫ي علمنا أ الن عتمد علىاحتما لعدم مجيء ا لع دو‬
‫ ف ن‬- .‫ ب لعلىحقيقة أننا جعلنا موقفنا مني ًع ا‬، ‫ال ستقبا له ؛ ل يسب سببعدم هجومه‬
‫ ص نت زو‬،‫ا لحرب‬
 Outline
• Background
• Attacks, services and mechanisms
• Security attacks
• Security services
• Methods of Defense
• A model for Internetwork Security
• Internet standards and RFCs
 Background
• Information Security requirements have
changed in recent times
• Traditionally provided by physical and
administrative mechanisms
• Many daily activities have been shifted from
physical world to cyber space
• Use of computers
• Protect files and other stored information
• Use of networks and communications links
• Protect data during transmission

• The focus of many funding agencies in US

• DOD, NSF, DHS, etc.
• ONR: game theory for cyber security
 Definitions
• Computer Security
• Generic name for the collection of tools designed
to protect data and to thwart hackers
• Network Security
• Measures to protect data during their
transmission
• Internet Security (our focus!)
• Measures to protect data during their
transmission over a collection of interconnected
networks
Security Trends
 OSI Security Architecture
• ITU-T X.800 “Security Architecture for OSI”
• A systematic way of defining and providing security
requirements
• Provides a useful, if abstract, overview of concepts
we will study

ITU-T: International Telecommunication Union

Telecommunication Standardization Sector
OSI: Open Systems Interconnection
 3 Aspects of Info Security
• Security Attack
• Any action that compromises the security of
information.
• Security Mechanism
• A mechanism that is designed to detect, prevent, or
recover from a security attack.
• Security Service
• A service that enhances the security of data
processing systems and information transfers.
• Makes use of one or more security mechanisms.
 Security Attacks
• Threat & attack
– Often used equivalently
• There are a wide range of attacks
– Two generic types of attacks
• Passive

• Active

12
Security Attack Classification

13
 Security Attacks
• Interruption: This is an attack on availability
• Interception: This is an attack on confidentiality
• Modification: This is an attack on integrity
• Fabrication: This is an attack on authenticity

14
3 Primary Security Goals

Fundamental security objectives for both data and

information/computing services
15
16
 Security Services
X.800
– A service provided by a protocol layer of communicating open systems,
which ensures adequate security of the systems or of data transfers
• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
– Denial of Service Attacks
– Virus that deletes files

17
 Security Mechanism
• Features designed to detect, prevent, or recover from a
security attack
• No single mechanism that will support all services required
• One particular element underlies many of the security
mechanisms in use:
– Cryptographic techniques
– Hence we will focus on this topic first

18
 Security Mechanisms (X.800)
• Specific security mechanisms:
– Encipherment, digital signatures, access controls,
data integrity, authentication exchange, traffic
padding, routing control, notarization
• Pervasive security mechanisms:
– Trusted functionality, security labels, event
detection, security audit trails, security recovery

19
Model for Network Security

20
 Model for Network Security
Using this model requires us to:
1. design a suitable algorithm for the security
transformation (message de/encryption)
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information (keys)
4. specify a protocol enabling the principals to
use the transformation and secret information
for a security service (e.g. ssh)
21
Model for Network Access Security

22
Model for Network Access Security
Using this model requires us to implement:
1. Authentication
 select appropriate gatekeeper functions to identify
users
2. Authorization
 implement security controls to ensure only
authorized users access designated information or
resources
Trusted computer systems may be useful
to help implement this model
23
 Methods of Defense
• Encryption
• Software Controls
– Limit access in a database or in operating
systems
– Protect each user from other users
• Hardware Controls
– Smartcard (ICC, used for digital signature and
secure identification)
• Policies
– Frequent changes of passwords
– Recent study shows controversial arguments
• Physical Controls
24
Internet standards and RFCs
• Three organizations in the Internet
society
– Internet Architecture Board (IAB)
• Defining overall Internet architecture
• Providing guidance to IETF
– Internet Engineering Task Force (IETF)
• Actual development of protocols and standards
– Internet Engineering Steering Group (IESG)
• Technical management of IETF activities and
Internet standards process

25
Internet RFC Publication
Standardization Process

26
 Recommended Reading
• Pfleeger, C. Security in Computing. Prentice Hall,
1997.

• Mel, H.X. Baker, D. Cryptography Decrypted.

Addison Wesley, 2001.

27