Seventh Edition, Global Edition

by William Stallings
 Chapter 1

Computer and Network Security

Concepts

© 2017 Pearson Education, Ltd., All rights reserved.

Cryptographic algorithms and protocols can be
grouped into four main areas:

Symmetric encryption

• Used to conceal the contents of blocks or streams of data of any size,

including messages, files, encryption keys, and passwords

Asymmetric encryption

• Used to conceal small blocks of data, such as encryption keys and hash
function values, which are used in digital signatures

Data integrity algorithms

• Used to protect blocks of data, such as messages, from alteration

Authentication protocols

• Schemes based on the use of cryptographic algorithms designed to

authenticate the identity of entities

© 2017 Pearson Education, Ltd., All rights reserved.

 The field of network and
Internet security consists of:

measures to deter,
prevent, detect, and
correct security
violations that involve
the transmission of
information

© 2017 Pearson Education, Ltd., All rights reserved.

 Computer Security
The NIST (National Institute of Standards and Technology) Computer
Security Handbook defines the term computer
security as:
“the protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the
integrity, availability and confidentiality of
information system resources” (includes
hardware, software, firmware, information/ data,
and telecommunications)
© 2017 Pearson Education, Ltd., All rights reserved.
 Computer Security Objectives
Confidentiality
• Data confidentiality
• Assures that private or confidential information is not made available or disclosed to
unauthorized individuals
• Privacy
• Assures that individuals control or influence what information related to them may be
collected and stored and by whom and to whom that information may be disclosed

Integrity
• Data integrity
• Assures that information and programs are changed only in a specified and authorized
manner
• System integrity
• Assures that a system performs its intended function in an unimpaired manner, free
from deliberate or inadvertent unauthorized manipulation of the system

Availability
• Assures that systems work promptly and service is not denied to authorized
users
© 2017 Pearson Education, Ltd., All rights reserved.
 Key Security Concepts

Confidentiality Integrity Availability

• Preserving
• Guarding against • Ensuring timely and
authorized
improper reliable access to
restrictions on
information and use of
information access
modification or information
and disclosure,
destruction,
including means for
including ensuring
protecting personal
information
privacy and
nonrepudiation
proprietary
and authenticity
information
 Key Security Concepts

These three concepts form what is often referred to as the CIA triad . The three
concepts embody the fundamental security objectives for both data and for
information and computing services.: confidentiality, integrity, and availability.

To complete the picture, additional

concepts are needed:
Authenticity, and Accountability

Accountability: Process of
tracing, or the ability to trace,
activities to a responsible
source.

Authenticity: The property of being

genuine and being able to be verified and
trusted. This means verifying that users
are who they say they are and that each
input arriving at the system came from a
trusted source.
 Breach of Security
Levels of Impact
• The loss could be expected to have a severe or
catastrophic adverse effect on organizational

High operations, organizational assets, or individuals

• The loss could be expected to have a

serious adverse effect on organizational

Moderate operations, organizational assets, or

individuals

• The loss could be expected to

have a limited adverse effect
on organizational operations,

Low organizational assets, or

individuals

© 2017 Pearson Education, Ltd., All rights reserved.

Computer Security Challenges
• Security is not simple • Security mechanisms
• Potential attacks on the typically involve more than a
security features need to particular algorithm or
be considered protocol
• Procedures used to • Security is essentially a
provide particular services battle of wits between a
are often counter-intuitive perpetrator and the
designer
• It is necessary to decide
• Little benefit from security
where to use the various
investment is perceived until
security mechanisms
a security failure occurs
• Requires constant • Strong security is often
monitoring viewed as an impediment to
• Is too often an efficient and user-friendly
afterthought
© 2017 Pearson Education, Ltd., All rights reserved. operation
 Open Systems Interconnection (OSI)
Security Architecture
• Security attack
– Any action that compromises the security of information owned by
an organization
• Security mechanism
– A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security attack. (e.g.
Cryptography)
• Security service
– A processing or communication service that enhances the security
of the data processing systems and the information transfers of an
organization
– Intended to counter security attacks, and they make use of one or
more security mechanisms to provide the service (e.g. Anti virus)
– Security services guarantee protecting agents against attacks.
© 2017 Pearson Education, Ltd., All rights reserved.
 Security Mechanisms
Security mechanisms are technical tools and
techniques that are used to implement security
services. A mechanism might operate by itself, or with
others, to provide a particular service.

Examples of common security mechanisms are as follows:

Cryptography, Message digests and digital signatures.

The security services often include authentication, anti-

virus, anti-malware/spyware, intrusion detection,
Penetration testing and security event management,
among others.
 Table 1.1
Threats and Attacks (RFC 4949)

© 2017 Pearson Education, Ltd., All rights reserved.

Security Attacks
•A means of classifying security
attacks, used both in X.800 and
RFC 4949, is in terms of passive
attacks and active attacks
•A passive attack attempts to
learn or make use of information
from the system but does not
affect system resources
•An active attack attempts to
alter system resources or affect
their operation

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Passive Attacks
• Are in the nature of
eavesdropping on, or
monitoring of, transmissions

•Goal of the opponent is to

obtain information that is
being transmitted • Two types of passive
attacks are:
– The release of message
contents
– Traffic analysis

© 2017 Pearson Education, Ltd., All rights reserved.

 Passive Attacks
• Release of message contents
 Telephone conversation tapping, interception of emails or
file transferred.
 Passive Attacks (cont’d)
• Traffic Analysis
 Intercept an encrypted message and try to decrypt it
 Active Attacks
https://www.youtube.com/watch?v=yIm0Ol9Dg4Y
• Involve some modification of the
• Takes place when one entity pretends
data stream or the creation of a to be a different entity
false stream Masquerade • Usually includes one of the other
forms of active attack
• Difficult to prevent because of the
wide variety of potential physical,
software, and network • Involves the passive capture of a data
vulnerabilities unit and its subsequent
Replay retransmission to produce an
• Goal is to detect attacks and to unauthorized effect
recover from any disruption or
delays caused by them
• Some portion of a legitimate message
Modification is altered, or messages are delayed or
reordered to produce an
of messages unauthorized effect

• Prevents or inhibits the normal use or

Denial of management of communications
service facilities

© 2017 Pearson Education, Ltd., All rights reserved.

 Security Services
Security
services
guarantee
protecting
agents
against
attacks.

Watch:
https://
www.youtube.com
/watch?
v=bRgL_Dry7uw
 Authentication
• Concerned with assuring that a communication is
authentic
– In the case of a single message, assures the recipient
that the message is from the source that it claims to be
from
– In the case of ongoing interaction, assures the two
entities are authentic and that the connection is not
interfered with in such a way that a third party can
masquerade as one of the two legitimate parties
Two specific authentication services are defined in X.800:
• Peer entity authentication
• Data origin authentication

© 2017 Pearson Education, Ltd., All rights reserved.

 Access Control

• The ability to limit and control the access

to host systems and applications via
communications links
• To achieve this, each entity trying to gain
access must first be indentified, or
authenticated, so that access rights can be
tailored to the individual

© 2017 Pearson Education, Ltd., All rights reserved.

 Data Confidentiality
• The protection of transmitted data from passive
attacks
– Broadest service protects all user data transmitted
between two users over a period of time
– Narrower forms of service includes the protection of a
single message or even specific fields within a message
• The protection of traffic flow from analysis
– This requires that an attacker not be able to observe the
source and destination, frequency, length, or other
characteristics of the traffic on a communications facility

© 2017 Pearson Education, Ltd., All rights reserved.

 Data Integrity

Can apply to a stream of messages, a single

message, or selected fields within a message

Connection-oriented integrity service, one that

deals with a stream of messages, assures that
messages are received as sent with no duplication,
insertion, modification, reordering, or replays

A connectionless integrity service, one that deals

with individual messages without regard to any
larger context, generally provides protection
against message modification only

© 2017 Pearson Education, Ltd., All rights reserved.

 Nonrepudiation
• Prevents either sender or receiver from
denying a transmitted message
• When a message is sent, the receiver can
prove that the alleged sender in fact sent the
message
• When a message is received, the sender can
prove that the alleged receiver in fact received
the message

© 2017 Pearson Education, Ltd., All rights reserved.

 Availability Service

• Protects a system to ensure its availability

• This service addresses the security
concerns raised by denial-of-service
attacks
• It depends on proper management and
control of system resources and thus
depends on access control service and
other security services
© 2017 Pearson Education, Ltd., All rights reserved.
Security Mechanisms (X.800)

Specific Security Mechanisms

• Encipherment
• Digital signatures
• Access controls
• Data integrity
• Authentication exchange Pervasive Security Mechanisms
• Traffic padding • Trusted functionality
• Routing control • Security labels
• Notarization • Event detection
• Security audit trails
• Security recovery

© 2017 Pearson Education, Ltd., All rights reserved.

 Security Mechanisms
Specific Security
Mechanism

Watch:
https://www.youtube.com/
watch?v=H5ifNVeDXkg
 Table 1.3

Security
Mechanisms
(X.800)

(This table is found on pages

14-15 in textbook)

© 2017 Pearson Education, Ltd., All rights reserved.

Relation between security services & mechanisms

Security Service Security Mechanism

Data Confidentiality Encipherment and Routing control
Data Integrity Encipherment, digital signature, data integrity
Authentication Encipherment, digital signature, authentication exchane
Nonrepdiation Digital Signature, data integrity, and Notarization
Access Control Access Control Mechanism
Fundamental Security Design Principles

• Economy of • Least common

mechanism mechanism
• Fail-safe defaults • Psychological
acceptability
• Complete
meditation • Isolation
• Open design • Encapsulation
• Separation of • Modularity
privilege • Layering
• Least privilege • Least astonishment
© 2017 Pearson Education, Ltd., All rights reserved.
Fundamental Security Design Principles

Economy of mechanism Fail-safe defaults

• Means that access decisions
• Means that the design of should be based on permission
security measures embodied in rather than exclusion
both hardware and software • The default situation is lack of
should be as simple and small as
possible
access, and the protection
• Relatively simple, small design is scheme identifies conditions
easier to test and verify under which access is
thoroughly permitted
• With a complex design, there • Most file access systems and
are many more opportunities for virtually all protected services
an adversary to discover subtle
on client/server use fail-safe
weaknesses to exploit that may
be difficult to spot ahead of time defaults
© 2017 Pearson Education, Ltd., All rights reserved.
Fundamental Security Design Principles

Complete mediation Open design

• Means that every access must

be checked against the access • Means that the design of a security
control mechanism mechanism should be open rather
than secret
• Systems should not rely on
• Although encryption keys must be
access decisions retrieved from
secret, encryption algorithms should
a cache be open to public scrutiny
• To fully implement this, every • Is the philosophy behind the NIST
time a user reads a field or program of standardizing encryption
record in a file, or a data item in and hash algorithms
a database, the system must
exercise access control
• This resource-intensive
approach is rarely used
© 2017 Pearson Education, Ltd., All rights reserved.
 Fundamental Security Design Principles

Separation of Privilege Least privilege

• Defined as a practice in which • Means that every process and
multiple privilege attributes every user of the system should
are required to achieve access operate using the least set of
to a restricted resource privileges necessary to perform
• Multifactor user the task.
authentication is an example • An example of the use of this
which requires the use of principle is role-based access
multiple techniques, such as a control; the system security
policy can identify and define the
password and a smart card, to
various roles of users or
authorize a user
processes and each role is
assigned only those permissions
needed to perform its functions
© 2017 Pearson Education, Ltd., All rights reserved.
 Fundamental Security Design Principles

Least common mechanism

Psychological acceptability
• Means that the design should • Implies that the security mechanisms
minimize the functions shared should not interfere unduly with the
by different users, providing work of users, while at the same time
meeting the needs of those who
mutual security
authorize access
• This principle helps reduce the
number of unintended • Where possible, security mechanisms
should be transparent to the users of
communication paths and
the system or, at most, introduce
reduces the amount of minimal obstruction
hardware and software on
which all users depend, thus • In addition to not being intrusive or
burdensome, security procedures
making it easier to verify if
must reflect the user’s mental model
there are any undesirable of protection
security implications
© 2017 Pearson Education, Ltd., All rights reserved.
 Fundamental Security Design Principles

Encapsulation
Isolation
• Applies in three contexts: • Can be viewed as a specific form
– Public access systems should of isolation based on object-
be isolated from critical oriented functionality
resources to prevent • Protection is provided by
disclosure or tampering encapsulating a collection of
– Processes and files of procedures and data objects in
individual users should be a domain of its own so that the
isolated from one another internal structure of a data
except where it is explicitly object is accessible only to the
desired procedures of the protected
– Security mechanisms should subsystem, and the procedures
be isolated in the sense of may be called only at
preventing access to those designated domain entry points
mechanisms
© 2017 Pearson Education, Ltd., All rights reserved.
 Fundamental Security Design Principles

Modularity Layering
• Refers both to the • Refers to the use of multiple,
development of security overlapping protection
functions as separate, approaches addressing the
protected modules and to people, technology, and
the use of a modular operational aspects of
architecture for mechanism information systems
design and implementation • The failure or circumvention
of any individual protection
approach will not leave the
system unprotected

© 2017 Pearson Education, Ltd., All rights reserved.

Fundamental Security Design Principles

Least astonishment
• Means that a program or user interface should
always respond in the way that is least likely to
astonish the user
• The mechanism for authorization should be
transparent enough to a user that the user has a
good intuitive understanding of how the security
goals map to the provided security mechanism

© 2017 Pearson Education, Ltd., All rights reserved.

 Attack Surfaces
• An attack surface consists of the reachable and exploitable
vulnerabilities in a system
• Examples:
– Open ports on outward facing Web and other servers, and code
listening on those ports
– Services available on the inside of a firewall
– Code that processes incoming data, email, XML, office
documents, and industry-specific custom data exchange
formats
– Interfaces, SQL, and Web forms
– An employee with access to sensitive information vulnerable to
a social engineering attack
© 2017 Pearson Education, Ltd., All rights reserved.
 Attack Surface Categories

• Network attack surface

– Refers to vulnerabilities over an enterprise
network, wide-area network, or the Internet
• Software attack surface
– Refers to vulnerabilities in application, utility,
or operating system code
• Human attack surface
– Refers to vulnerabilities created by personnel
or outsiders
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 Model for Network Security

© 2017 Pearson Education, Ltd., All rights reserved.

Network Access Security Model

© 2017 Pearson Education, Ltd., All rights reserved.

 Unwanted Access
• Placement in a computer system of logic that
exploits vulnerabilities in the system and that
can affect application programs as well as
utility programs such as editors and compilers
• Programs can present two kinds of threats:
– Information access threats
• Intercept or modify data on behalf of users who
should not have access to that data
– Service threats
• Exploit service flaws in computers to inhibit
use by legitimate users
© 2017 Pearson Education, Ltd., All rights reserved.
 Standards
National Institute of Standards and Technology
• NIST is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S.
government use and to the promotion of U.S. private-sector innovation
• Despite its national scope, NIST Federal Information Processing Standards (FIPS) and Special Publications (SP) have
a worldwide impact

Internet Society
• ISOC is a professional membership society with world-wide organizational and individual membership
• Provides leadership in addressing issues that confront the future of the Internet and is the organization home for
the groups responsible for Internet infrastructure standards

ITU-T
• The International Telecommunication Union (ITU) is an international organization within the United Nations
System in which governments and the private sector coordinate global telecom networks and services
• The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors of the ITU and whose
mission is the development of technical standards covering all fields of telecommunications

ISO
• The International Organization for Standardization is a world-wide federation of national standards bodies from
more than 140 countries
• ISO is a nongovernmental organization that promotes the development of standardization and related activities
with a view to facilitating the international exchange of goods and services and to developing cooperation in the
spheres of intellectual, scientific, technological, and economic activity
© 2017 Pearson Education, Ltd., All rights reserved.
 Summary
• Computer security • Security services
concepts – Authentication
– Definition – Access control
– Examples – Data confidentiality
– Challenges – Data integrity
• The OSI security – Nonrepudiation
architecture – Availability service
• Security attacks • Security mechanisms
– Passive attacks • Fundamental security
– Active attacks design principles
– Attack surfaces and attack • Network security
trees © 2017 Pearson Education, Ltd., All rights reserved. model