Chapter-1:

Introduction to Computer and Network

Security

05/07/2024 1
 Outline

 What is Security?
 Why Security?
 Security Policy and Mechanism
 Security trend
 Sources and consequences of risks
 Types of Vulnerabilities
 Security criteria
 Security attack types
 Security services, mechanisms and model
05/07/2024 2
 Chapter Objectives

 At the end of this chapter, students will be able to understand:

 The definition of security and why we have to study this field
as computer engineering student
 Types of risk in computer and network day to day activity
 Different Security attacks and how to defend you self and the
organization you are responsible for.
 Security criteria
 Security services and mechanisms

05/07/2024 3
 What is Security?

 Most of computer science technology is concerned with

achieving desired behavior.
 In some sense, security is concerned with preventing undesired
behavior
 Different way of thinking!
 An enemy/opponent/hacker/adversary may be actively and
maliciously trying to circumvent any protective measures you
put in place

05/07/2024 4
 What is Security?...
 Security:

“The most secure

computers are those

not connected

to the Internet and

shielded from any interference”

05/07/2024 5
 What is Security?...
 Computer security is about provisions
and policies adopted to protect
information and property from theft,
corruption, or natural disaster while
allowing the information and property to
remain accessible and productive to its
intended users.

 Security of computers against intruders

(e.g.,hackers) and malicious software
05/07/2024 (e.g., viruses). 6
 What is Security?...

 Network security on the other hand deals with provisions and

policies adopted to prevent and monitor unauthorized access,

misuse, modification, or denial of the computer network and

network-accessible resources.

 Computer security: focuses on security aspects of systems in

isolation

 Network security: focuses on security of data as it is

05/07/2024 7
 Why Security?...

• Good Security Standards follow the “90 / 10” Rule:

• 10% of security safeguards are technical and

• 90% of security safeguards rely on the computer user

(“YOU”) to adhere to good computing practices .

05/07/2024 8
 Why Security?...

• Example: The lock on the door is the 10%. You remembering

to lock the lock, checking to see if the door is closed, ensuring

others do not open the door, keeping control of the keys, etc.

is the 90%.

• You need both parts for effective security.

05/07/2024 9
 Why Security?...
 What Does This Mean for Me?

 This means that everyone who uses a computer or mobile

device needs to understand how to keep their computer,
devices and data secure.

 Information Security is everyone’s responsibility and that is

why we study computer and network security.

05/07/2024 10
An Overview of Computer
Security

11
Basic components
• Confidentiality
• Integrity
• Availability

12
Confidentiality
• Confidentiality is the concealment of information or resources.
• The need for keeping information secret arises from the use of computers in
sensitive fields such as government and industry.
• For example, military and civilian institutions in the government often restrict
access to information to those who need that information.
• The first formal work in computer security was motivated by the military's
attempt to implement controls to enforce a "need to know" principle.
• This principle also applies to industrial firms, which keep their proprietary designs
secure lest their competitors try to steal the designs.
• As a further example, all types of institutions keep personnel records secret.

13
Confidentiality - Example
• Ex: Enciphering an income tax return will prevent anyone from reading it.
• If the owner needs to see the return, it must be deciphered.
• Only the possessor of the cryptographic key can enter it into a deciphering program.
• However, if someone else can read the key when it is entered into the program, the
confidentiality of the tax return has been compromised.

• All the mechanisms that enforce confidentiality require supporting services from the system.
• The assumption is that the security services can rely on the kernel, and other agents, to supply
correct data.
• Thus, assumptions and trust underlie confidentiality mechanisms.

14
Integrity
• Trustworthiness of data or resources
• Prevention vs. detection
• Blocking unauthorized attempts to change data, or attempts to
change data in unauthorized ways
• The second is much harder…
• Correctness vs. trustworthiness of data

15
Integrity
• Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of
preventing improper or unauthorized change.
• Integrity includes data integrity (the content of the information) and origin integrity (the source of
the data, often called authentication).
• The source of the information may bear on its accuracy and credibility and on the trust that
people place in the information.

16
• Prevention mechanisms seek to maintain the integrity of the data by blocking any unauthorized attempts to change
the data or any attempts to change the data in unauthorized ways.
• For example, suppose an accounting system is on a computer.
• Someone breaks into the system and tries to modify the accounting data.
• Then an unauthorized user has tried to violate the integrity of the accounting database. (example the event 40/60
housing lottery program in Addis Ababa)
• Detection mechanisms do not try to prevent violations of integrity; they simply report that the data's integrity is no
longer trustworthy.
• Detection mechanisms may analyze system events (user or system actions) to detect problems or (more commonly)
may analyze the data itself to see if required or expected constraints still hold.
• The mechanisms may report the actual cause of the integrity violation (a specific part of a file was altered), or they
may simply report that the file is now corrupt.

17
Availability
• Denial of service attacks
• Denying access can lead to more serious attacks
• I.e., if credit card verification is down

18
Availability
• Availability refers to the ability to use the information or resource desired.
• Availability is an important aspect of reliability as well as of system design because an unavailable
system is at least as bad as no system at all.
• The aspect of availability that is relevant to security is that someone may deliberately arrange to
deny access to data or to a service by making it unavailable.
• System designs usually assume a statistical model to analyze expected patterns of use, and
mechanisms ensure availability when that statistical model holds.
• Someone may be able to manipulate use (or parameters that control use, such as network traffic)
so that the assumptions of the statistical model are no longer valid.
• This means that the mechanisms for keeping the resource or data available are working in an
environment for which they were not designed. As a result, they will often fail.

19
 Threats
• A threat is a potential violation of security.
• The violation need not actually occur for there to be a threat. The fact that the
violation might occur means that those actions that could cause it to occur must
be guarded against (or prepared for).
• Those actions are called attacks. Those who execute such actions, or cause them
to be executed, are called attackers.
• The three security services—confidentiality, integrity, and availability—counter
threats to the security of a system.
• Common attacks can be categorized as:
• Snooping, eavesdropping
• Modification, alteration
• Masquerading, spoofing
• False repudiation/denial of receipt
• Network delay, denial of service
20
 Threats …
• Snooping: the unauthorized interception of information, is a form of disclosure.
• It is passive, suggesting simply that some entity is listening to (or reading) communications or
browsing through files or system information.
• Wiretapping, or passive wiretapping, is a form of snooping in which a network is monitored.
Confidentiality services counter this threat.
• Modification or alteration: an unauthorized change of information, covers three classes of threats.
• The goal may be deception, in which some entity relies on the modified data to determine which
action to take, or in which incorrect information is accepted as correct and is released.
• If the modified data controls the operation of the system, the threats of disruption arise.
• Masquerading or spoofing: an impersonation of one entity by another, is a form of both deception and
usurpation.
• It lures a victim into believing that the entity with which it is communicating is a different entity.
• For example, if a user tries to log into a computer across the Internet but instead reaches another
computer that claims to be the desired one, the user has been spoofed.

21
 Security Policy and Mechanism

• A security policy is a statement of what is, and what is not,

allowed.

• A security mechanism is a method, tool, or procedure for enforcing

a security policy.

• One is meaningless without the other…

• Problems when combining security policies of multiple

organizations
05/07/2024 22
 Security Trends

 In 1994, the Internet Architecture Board (IAB) issued a report

entitled "Security in the Internet Architecture" (Request for

Comments/RFC 1636).

 The report stated the general consensus that the Internet needs

more and better security, and it identified key areas for

security mechanisms.

05/07/2024 23
 Security Trends…

 Among these were:

 the need to secure the network infrastructure from

unauthorized monitoring and control of network traffic

and

 the need to secure end-user-to-end-user traffic using

authentication and encryption mechanisms.

05/07/2024 24
 Security Trends…
 Internet-related vulnerabilities over a 10-year period.

These include:
• Security weaknesses in the OS of
attached computers (e.g., Windows,
Linux) as well as
• Vulnerabilities in Internet routers
and
other network devices.

05/07/2024 25
 Who are the attackers?

 In computer and computer networks, an attacker is the

individual or organization who performs the malicious

activities to destroy, expose, alter, disable, steal or gain

unauthorized access to or make unauthorized use of an asset.

 Attackers use every tools and techniques they would try and

attack us to get unauthorized access.

05/07/2024 26
 Who are the attackers?...

 Basically, there are four main types of attackers:

05/07/2024 27
 Who are the attackers?...

1. Cyber Criminals

 Cybercriminals are individual or group of people who use

technology to commit cybercrime with the intention of

stealing sensitive company information or personal data and

generating profits.

 In today's, they are the most prominent and most active type

of attacker.
05/07/2024 28
 Who are the attackers?...

2. Hacktivists

 Hacktivists are individuals or groups of hackers who carry out

malicious activity to promote a political agenda, religious

belief, or social ideology.

 They are not like cybercriminals who hack computer

networks to steal data for the cash.

 They see themselves as fighting injustice.

05/07/2024 29
 Who are the attackers?...

3. State-sponsored Attacker

 These attackers have particular objectives aligned with either

the political, commercial or military interests of their country

of origin.

 The government organizations have highly skilled hackers

and specialize in detecting vulnerabilities and exploiting these

before the holes are patched. It is very difficult to defeat these

05/07/2024 30
 Who are the attackers?...

4. Insider Threats

 The insider threat is a threat to an organization's security or

data that comes from within.

 These type of threats are usually occurred from employees or

former employees, but may also arise from third parties,

including contractors, temporary workers, employees or

customers.
05/07/2024 31
 Who are the attackers?...

4. Insider Threats

 Insider threats can be categorized in to three:

05/07/2024 32
 Who are the attackers?...

4.1. Malicious

 Malicious threats are attempts by an insider to access and

potentially harm an organization's data, systems or IT

infrastructure.

 These insider threats are often attributed to dissatisfied

employees or ex-employees who believe that the organization

was doing something wrong with them in some way, and they
05/07/2024 33
 Who are the attackers?...

4.2. Accidental

 Accidental threats are threats which are accidently done by

insider employees.

 In this type of threats, an employee might accidentally delete

an important file or inadvertently share confidential data with

a business partner going beyond company’s policy or legal

requirements.
05/07/2024 34
 Who are the attackers?...

4.3. Negligent

 These are the threats in which employees try to avoid the

policies of an organization put in place to protect endpoints

and valuable data.

 For example, if the organization have strict policies for

external file sharing, employees might try to share work on

public cloud applications so that they can work at home.

05/07/2024 35
 Who are the attackers?...

 Note: In addition to the above mentioned attackers, it should

be noted that Natural disasters: flooding, fire, storms,

earthquake… can be an attacker.

05/07/2024 36
 What are the vulnerabilities?

 Physical vulnerabilities (Eg. Computer can be stolen)

 Natural vulnerabilities (Eg. Earthquake)

 Hardware and Software vulnerabilities (Eg. Failures)

 Media vulnerabilities (Eg. Hard disks can be stolen)

 Communication vulnerabilities (Ex. Wires can be tapped)

 Human vulnerabilities (Eg. Insiders)

05/07/2024 37
 What are the vulnerabilities?...
 Poorly chosen passwords

 Software bugs (non reliability of software)

 Automatically running active content: active-x, scripts, Java

programs (applet)

 Open ports

 Incorrect configuration

 File permissions

 Administrative privileges
05/07/2024 38
 What are the vulnerabilities?...
 Untrained users/system administrators

 Trap doors (intentional security holes)

 Unencrypted communication

 Limited Resources (i.e. TCP connections)

05/07/2024 39
 What are the consequences?
 Failure/End of service

 Reduction of Quality of Service (QoS), down to Denial of

Service (DoS).

 Internal problems in the enterprise

 Trust decrease from partners (client, providers, share-holders)

 Technology leakage

 Human consequences (personal data, sensitive data - medical,

insurances, …)

05/07/2024 40
 Security Criteria

 Security Evaluation Criteria are usually presented as a set of

parameter thresholds that must be met for a system to be

evaluated and deemed acceptable.

 These criteria are established based on a Threat Assessment to

establish the extent of the data sensitivity, the security policy,

and the system characteristics.

05/07/2024 41
 Security Criteria

 Security is expressed in terms of:

 Availability

 Integrity

 Confidentiality

 Authentication

 Note: Authentication is a foundations of security. In its

absence, all security properties can be violated
05/07/2024 42
 Security Criteria…

1. Availability

 It requires that computer and network assets are only available

to authorized parties.

 Computer and network should provide all the designated

services in the presence of all kinds of security attack.

05/07/2024 43
 Security Criteria…

2. Integrity

 It requires that messages should be modified or altered only

by authorized parties.

 Modification includes writing, changing, deleting, and

creating the message that is supposed to be transmitted across

the network.

 Integrity guarantees that no modification, addition, or deletion

05/07/2024 44
 Security Criteria…

3. Confidentiality

 It requires that the message can only be accessible for reading

by authorized parties.

 It also requires that the system should verify the identity of a

user.

05/07/2024 45
 Security Criteria…

4. Authentication

 It means that correct identity is known to communicating

parties.

 This property ensures that the parties are genuine not

impersonator.

05/07/2024 46
 Security Attack Types

 Categories of Attacks

 Interruption: An attack on Availability

 Modification: An attack on Integrity

 Interception: An attack on Confidentiality

 Fabrication: An attack on Authenticity

05/07/2024 47
 Security Attack Types…

 Attacks…
Source

Normal flow of information Destination

Attack

Interruption Interception

Modification Fabrication

05/07/2024 48
 Security Attack Types…

 The attacks can also be classified by the following criteria.

 Passive or active,

 Internal or external,

 At different TCP/IP protocol Layers

05/07/2024 49
 Security Attack Types…
1. Passive vs. Active attacks

 A passive attack is a network attack in which a system is

monitored and sometimes scanned for open ports and
vulnerabilities.

 The purpose of a passive attack is to gain information about

the system being targeted; it does not involve any direct action
on the target.

 These kind of attacks attempt to learn or make use of the

information without changing the content of the message and
05/07/2024 50
 Security Attack Types…
1. Passive vs. Active attacks

 Passive attacks include active reconnaissance and passive

reconnaissance.

 In a computer security context, reconnaissance is the act of

exploring a system or network in order to gather information
before conducting a full attack.

 Example: traffic analysis and monitoring, Eavesdropping

05/07/2024 51
 Security Attack Types…

1. Passive vs. active attacks…

 Passive attacks do not affect system resources and they are

very difficult to detect because:

 Message transmission apparently normal

 No alteration of the data

 Emphasis on prevention rather than detection

 By means of encryption
05/07/2024 52
 Security Attack Types…

1. Passive vs. active attacks…

 Active attack attempts to interrupt, modify, delete, or fabricate

messages or information thereby disrupting normal operation

of the network.

 Some examples of active attacks include: Jamming,

impersonating, modification, denial of service (DoS).

 Difficult to prevent. The goal53 is to detect and recover

05/07/2024
 Security Attack Types…
2. Internal vs. External attacks

 External attacks are carried out by hosts that don’t belong to

the network domain, sometimes they are called outsider.

 E.g. It can causes congestion by sending false routing

information thereby causes unavailability of services.

 In case of internal attack, the malicious node from the

network gains unauthorized access and acts as a genuine node
and disrupts the normal operation of nodes. They are also
known as insider.
05/07/2024 54
 Security Attack Types…
3. At different TCP/IP protocol Layers

05/07/2024 55
 Common security attacks and their
countermeasures
 Finding a way into the network
 Firewalls

 Exploiting software bugs, buffer overflows

 Intrusion Detection Systems

 Denial of Service
 Access filtering, IDS

 TCP hijacking
 IPSec

05/07/2024 56
 Common security attacks and their countermeasures…

 Packet sniffing
 Encryption (SSL, HTTPS)

 Social problems
 Education

05/07/2024 57
 Security Services
 X.800:

 “a service provided by a protocol layer of communicating

open systems, which ensures adequate security of the systems
or of data transfers”

 RFC 2828:

 “a processing or communication service provided by a system

to give a specific kind of protection to system resources”

05/07/2024 58
 Security Services (X.800)…
 Authentication - assures that communicating entity is the one
claimed.

 Access Control - prevention of the unauthorized use of a resource.

 Data Confidentiality –protection of data from unauthorized

disclosure.

 Data Integrity - assurance that data received is as sent by an

authorized entity.

 Non-Repudiation - protection against denial by one of the parties in

a communication.


05/07/2024 59
 Security Mechanism

 Security mechanisms are features designed to detect, prevent,

or recover from a security attack.

 No single mechanism that will support all services required.

 However one particular element underlies many of the

security mechanisms in use.

 Hence Cryptographic techniques will be our focus on this

course
05/07/2024 60
 Security Mechanism (X.800)
 Specific security mechanisms:

 Ciphering/deciphering, digital signatures, data integrity,

authentication exchange, routing control, …

 Firewall, proxy server

 Access control, Intrusion detection system

05/07/2024 61
 Security Model

 A Network Security Model exhibits how the security service

has been designed over the network to prevent the opponent

from causing a threat to the confidentiality or authenticity of

the information that is being transmitted through the network.

 Any security service would have the three components

discussed below:

05/07/2024 62
 Security Model

 1. Transformation of the information which has to be sent to

the receiver. So, that any opponent present at the information

channel is unable to read the message.

 This indicates the encryption of the message.

 It also includes the addition of code during the transformation

of the information which will be used in verifying the identity

of the authentic receiver.

05/07/2024 63
 Security Model

 2. Sharing of the secret information between sender and

receiver of which the opponent must not any clue.

 Yes, we are talking of the encryption key which is used during

the encryption of the message at the sender’s end and also

during the decryption of message at receiver’s end.

05/07/2024 64
 Security Model
 3. There must be a trusted third party which will distribute the
secret information to both sender and receiver.

 While designing the network security model, designer must

also concentrate on developing the methods to distribute the
key to the sender and receiver.

 An appropriate methodology must be used to deliver the

secret information to the communicating parties without the
interference of the opponent.

05/07/2024 65
 Security Model
 Model for Network Security

05/07/2024 66
 Security Model…Eight Security Dimensions
1. Access Control Security Dimension

 The Access Control Security Dimension ensures that only

authorized personnel or devices are allowed access to network
elements, stored information, information flows, services and
applications.

 In addition, Role-BasedAccess Control (RBAC) provides different

access levels to guarantee that individuals and devices can only gain
access to and perform operations on network elements, stored
information, and information flows that they are authorized for.

 Examples: password, firewall

05/07/2024 67
 Security Model…Eight Security Dimensions
2. Authentication Security Dimension

 The Authentication Security Dimension serves to confirm the

identities of communicating entities.

 Authentication ensures the validity of the claimed identities of the

entities participating in communication (e.g. person, device, service
or application) and provides assurance that an entity is not
attempting a masquerade or unauthorized replay of a previous
communication.

 Examples: shared secret key, digital signature, digital certificate

 Digital signatures create a virtual fingerprint that is unique to a person or
05/07/2024 68
 Security Model…Eight Security Dimensions
3. Non-repudiation Security Dimension

 The Non-repudiation Security Dimension provides Assurance that

the sender of information is provided with proof of delivery and the
recipient is provided with proof of the sender's identity, so neither
can later deny having processed the information.

 It ensures the availability of evidence that can be presented to a

third party and used to prove that some kind of event or action has
taken place.

 Example: Digital Signature

05/07/2024 69
 Security Model…Eight Security Dimensions
4. Data Confidentiality Security Dimension

 The Data Confidentiality Security Dimension protects data from

unauthorized disclosure.

 Data Confidentiality ensures that the data content cannot be

understood by unauthorized entities.

 Example: Encryption, access control lists, and file permissions are

methods often used to provide data confidentiality.

05/07/2024 70
 Security Model…Eight Security Dimensions
5. Communication Security Dimension

 The Communication Security Dimension ensures that information

flows only between the authorized end points (the information is not
diverted or intercepted as it flows between these end points).

 It ensures that information flows from source to destination.

 Ex: Virtual Private Network(VPN), Multiprotocol Label

Switching(MPLS)
 VPN describes the opportunity to establish a protected network
connection when using public networks.
 MPLS, is a networking technology that routes traffic using the shortest
05/07/2024 71
 Security Model…Eight Security Dimensions
6. Data Integrity Security Dimension

 The Data Integrity Security Dimension ensures the correctness or

accuracy of data.

 The data is protected against unauthorized modification, deletion,

creation, and replication and provides an indication of these
unauthorized activities.

 Examples: MD5, digital signature, anti-virus software

 MD5(Message Digest Algorithm) is a cryptographic protocol used for
authenticating messages as well as content verification

05/07/2024 72
 Security Model…Eight Security Dimensions
7. Availability Security Dimension

 The Availability Security Dimension ensures that there is no denial

of authorized access to network elements, stored information,
information flows, services and applications due to events
impacting the network.

 Disaster recovery solutions are included in this category.

 Examples IDS/IPS, network redundancy.

 Network redundancy is process of providing multiple paths for

traffic, so that data can keep flowing even in the event of a

05/07/2024
failure. 73
 Security Model…Eight Security Dimensions
8. Privacy Security Dimension

 The Privacy Security Dimension provides for the protection of

information that might be derived from the observation of network
activities.

 It Ensures that identification and network use is kept private

 Examples of this information include web-sites that a user has

visited, a user's geographic location, and the IP addresses and DNS
names of devices in a Service Provider network.

 Examples: Network Address Translator (NAT), encryption

 NAT It's a way to map multiple local private addresses to a public one before
05/07/2024 transferring the information so that
74 the private addresses will not be made
 Security Model…Eight Security Dimensions
 Quiz: A hacked computer can be used to… (select all that
apply)
a) Record keystrokes and steal passwords.
b) Send spam and phishing emails.
c) Harvest and sell email addresses and passwords.
d) Access restricted or personal information on your
computer or other systems that you have access to.
e) Infect other systems.
f) Hide programs that launch attacks on other computers.
05/07/2024 75
 Thank You

05/07/2024 76