Chapter One

Basic Nework Security Concepts & Terminologies

Part One

Information Security
(BIS 321)
 Introduction
While computer systems today have some of the best security

systems ever, they are more vulnerable than ever before.

Computer and network security comes in many forms,

including encryption algorithms, access to facilities, digital

signatures, and using fingerprints and face scans as passwords.

The OSI security architecture provides a systematic frame

work for defining security attacks, mechanisms and services.

2
 Contd.
 The OSI security architecture focuses on security attacks,
mechanisms and services.
Security attack:- Any action that compromises the security of

information owned by an organization.

Security mechanism:- A process (or a device incorporating such a

process) that is designed to detect, prevent, or recover from a

security attack.
Security service:- A processing or communication service that

enhances the security of the data processing systems and the

information transfers of an organization.
 The services are intended to counter security attacks, and they make

3 use of one or more security mechanisms to provide the service.

Why Is Computer and Network Security Important?
1. To protect company assets:- One of the primary goals of computer and network
security is the protection of company assets (hardware, software and/or information).

2. To gain a competitive advantage:- Developing and maintaining effective

security measures can provide an organization with a competitive
advantage over its competition
3. To comply with regulatory requirements and fiduciary responsibilities:-
organizations that rely on computers for their continuing operation must
develop policies and procedures that address organizational security
requirements.
 Such policies and procedures are necessary not only to protect company assets
but also to protect the organization from liability
4. To keep your job:-Security should be part of every network or
systems administrator's job. Failure to perform adequately can result
4
in termination..
Contd.

Internal External
attacker attacker

Corporate Assets Incorrect

Virus permissions

 A network security design protects assets from threats and vulnerabilities in an

organized manner
 To design security, analyze risks to your assets and create responses
5
The Security Trinity
The three legs of the "security trinity," prevention,

detection, and response, comprise the basis for

network security.
The security trinity should be the foundation for all

security policies and measures that an organization

develops and deploys.

6
Contd.
1. Prevention:- is the foundation of the security trinity.
 To provide some level of security, it is necessary to implement
measures to prevent the exploitation of vulnerabilities.
 In developing network security schemes, organizations should
emphasize preventative measures over detection and response.
 It is easier, more efficient, and much more cost-effective to
prevent a security breach than to detect or respond to one.
2. Detection:- Once preventative measures are implemented,
procedures need to be put in place to detect potential
problems or security breaches, in the event preventative
measures fail.
7  The sooner a problem is detected the easier it is to correct and cleanup.
Contd.

3. Response:- Organizations need to develop a plan that

identifies the appropriate response to a security breach.

 The plan should be in writing and should identify who

is responsible for what actions and the varying

responses and levels of escalation.

8
 Network Security In Action
NETWORK
Client
DNS Network Services FTP/Telnet SMTP/POP Web Server
Configuration

VULNERABILITAS
IP & Port Web Server Sniffing KeyStroke Password
Email Exploit DoS Attack Trojan Attack MITM Attack
Scanning Exploit Traffic Logging Cracking

PREVENT
Hardening AntiVirus Using Using Using
Using SSH Using IPSec
Host Applications Firewall GPG/PGP Certificate

DETECTION
Intrusion Spyware
System Log Backup and Finding
Detection HoneyPot Detection and
Analysis Restore Hidden Data
System Removal
9
Information Security
 Network security is concerned, above all else, with the security of
information assets.
 Information security means protecting information and information
systems from unauthorized access, use, disclosure, disruption,
modification, perusal, inspection, recording or destruction.
Information security = confidentiality + integrity +
availability + authentication.
 The terms information security, computer security and information
assurance are frequently incorrectly used interchangeably.
 These fields are interrelated often and share the common goals of
protecting the confidentiality, integrity and availability of information;
however, there are some subtle differences between them.
10
 Contd.
 Information security is concerned with the confidentiality,
integrity and availability of data regardless of the form the
data may take: electronic, print, or other forms.
 Computer security can focus on ensuring the availability
and correct operation of a computer system without concern
for the information stored or processed by the computer.
 Information security offers many areas for specialization
including: securing network(s) and allied infrastructure,
securing applications and databases, security testing,
information systems auditing, business continuity
11
planning and digital forensics science, etc
 Definitions

 Computer Security - generic name for the collection of tools

designed to protect data and to hackers from attacking the

organizational assets.

 Network Security - measures to protect data during their

transmission over the network.

 Internet Security - measures to protect data during their

transmission over a collection of interconnected

12
networks(network of networks)
 Basic Security Terminology
 Network security terms are the foundation for any discussion of network
security and are the elements used to measure the security of a network.

 Some of these terms include:-

1. Identification:- is simply the process of identifying one's self to another

entity or determining the identity of the individual or entity with whom
you are communicating.

2. Authentication:- is the assurance that the communicating entity is the one

that it claims to be.
 Authentication serves as proof that you are who you say you are or
what you claim to be.
 Authentication is required when communicating over a network or
13
logging onto a network.
Contd.
 When communicating over a network you should ask
yourself two questions:
1) With whom am I communicating?
2) Why do I believe this person or entity is who he, she, or it claims
to be?

 When logging onto a network, three basic schemes are used

for authentication:
 Something you know
 Something you have

14
 Something you are
 Contd.
3. Access Control(Authorization):- refers to the ability to control
the level of access that individuals or entities have to a network
or system and how much information they can receive.
 Your level of authorization basically determines what you're
allowed to do once you are authenticated and allowed access
to a network, system, or some other resource such as data or
information.
 Access control is the determination of the level of
authorization to a system, network, or information (i.e.,

15
classified, secret, or top-secret).
Contd.

4. Confidentiality:- can also be called privacy or secrecy and refers

to the protection of information from unauthorized disclosure.
 Usually achieved either by restricting access to the information or

by encrypting the information so that it is not meaningful to

unauthorized individuals or entities.

5. Availability:- refers to whether the network, system, hardware,

and software are reliable and can recover quickly and completely in
the event of an interruption in service.
 Ideally, these elements should not be susceptible to denial of service

attacks (DOS).
16
 Contd.
6. Data Integrity:- refers to the assurance of data received
are exactly as sent by an authorized entity.
 Data integrity is achieved by preventing unauthorized or
improper changes to data, ensuring internal and external
consistency, and ensuring that other data attributes (such as
timeliness and completeness) are consistent with requirements.

7. Accountability:- refers to the ability to track or audit what

an individual or entity is doing on a network or system.
 Does the system maintain a record of functions performed, files
accessed, and information altered?
17
 Contd.

8. Non-Repudiation:- refers to the ability to prevent

individuals or entities from denying (repudiating) that

information, data, or files were sent or received or that

information or files were accessed or altered, when in

fact they were.

 is crucial to e-commerce.

18