COMPUTER AND NETWORK

SECURITY
 Computer and Network Security
• Computer security, network security,
information security and cyber security all
deals basically with the same issues but with
different focus.
• Computer security involves measures put in
place to protect computers ( or networks) and
their resources from unauthorized access, use,
modification, damages and to prevent denial
of service.
 Why Computer and network security?

• To protect organization assets.

• To gain a competitive advantage.
• To comply with regulatory requirements
and fiduciary responsibilities.
• To keep your job. (as network admin or
sys admin.)
 Basic Terminology
• Threats
– anything that can disrupt the operation, functioning,
integrity, or availability of a network or system.
– natural threats, occurrences such as floods,
earthquakes, and storms.
– unintentional threats that are the result of accidents
and stupidity.
– intentional threats that are the result of malicious
indent.
– Each type of threat can be deadly to a network.
 Basic Terminology
• Vulnerabilities
– is an inherent weakness in the design,
configuration, or implementation of a network or
system that renders it susceptible to a threat.
– Most vulnerabilities can usually be traced back to
one of three sources:
• Poor design:
• Poor implementation:
• Poor management:
 Basic Terminology
• Identification
– is simply the process of identifying one's self to
another entity.
• Authentication
– Process of verifying the claimed identity and forms
the basis for trust.
 Basic Terminology
• Access Control (Authorization)
– Controls level of access to a resource (deny or
grant given level of access)
• Availability
• Confidentiality (privacy or secrecy)
– Achieved by restricting access to the information
or by encrypting the information so that it is not
meaningful to unauthorized individuals or entities.
 Basic Terminology
• Integrity
– This can be thought of as accuracy.
– the ability to protect information, data, or
transmissions from unauthorized, uncontrolled, or
accidental alterations.
– The term integrity can also be used in reference to
the functioning of a network, system, or
application.
 Basic Terminology
• Accountability
– ability to track or audit what an individual or
entity is doing on a network or system.
– Does the system maintain a record of functions
performed, files accessed, and information
altered?
 Basic Terminology
• Nonrepudiation
– The ability to prevent individuals or entities from
denying (repudiating) that information, data, or
files were sent or received or that information or
files were accessed or altered, when in fact they
were.
– crucial to e-commerce. Without it an individual or
entity can deny that he, she, or it is responsible for
a transaction and that he, she, or it is, therefore,
not financially liable.
 The Security Trinity
• The three legs of the "security trinity,"
prevention, detection, and response,
comprise the basis for network security.
• The security trinity should be the
foundation for all security policies and
measures that an organization develops
and deploys.
 The Security Trinity
1. Prevention
• The foundation of the security trinity I
• Implement measures to prevent the exploitation of
vulnerabilities.
• In developing network security schemes,
organizations should emphasize preventative
measures over detection and response:
• Easier, more efficient, and much more cost-effective
to prevent a security breach than to detect or
respond to one.
 The Security Trinity
2. Detection
• Put in measures and procedures to detect
potential problems or security breaches in the
event prevention measures fail.
• It is very important that problems be detected
immediately. The sooner a problem is
detected the easier it is to correct and
cleanup.
 The Security Trinity
3. Response
• A plan that identifies the appropriate response
to a security breach.
• The plan should be in writing and should
identify who is responsible for what actions
and the varying responses and levels of
escalation.
 Security Models
1. Security by Obscurity
– Relies on stealth for protection.
2. The Perimeter Defense
organizations harden or strengthen perimeter
systems and border routers, or an organization might
"hide" its network behind a firewall that separates
the protected network from an untrusted network.
3. The Defense in Depth
 Security Models
• Analogous to a castle surrounded by a moat.
• Organizations harden or strengthen perimeter
systems and border routers, or an organization
might "hide" its network behind a firewall that
separates the protected network from an untrusted
network.
• Not much is done to secure the other systems on
the network. The assumption is that perimeter
defenses are sufficient to stop any intruders so that
the internal systems will be secure.
 Security Control Levels
• Administrative
– Policies, procedures, guidelines, rules etc.
• Technical/Logical
– Use of hardware and software to implement
security. eg. passwords, firewalls, encryption,
• Physical
– Physical means to implement security. eg. security
men, burglarproof, locks and keys etc.
 Information security
• Information security
– refers to measures put in place to ensure the
protection of information in whatever form from
unauthorized access, copy, use or modification
and to prevent denial of access.
– Measures put in place to ensure confidentiality,
integrity and availability of information in
whatever form.
 Information security
• CIA-triad
– Confidentiality (privacy): - ensure only authorised
persons can access, copy, use information and that
they do it only for the intended purpose.
– Integrity (accuracy):- ensures that only authorised
persons can create, modify or delete information
and that information in one part of the system
must be consistent with same information in other
parts of the system.
 Information security
– Availability:- ensures information when needed
are available and that all security measures
implemented are up and running.
 Information security
• Information security is also about procedures
and policies that protect information from
accidents, incompetence, and natural disasters.
• Need to address the following:
– Backups,
– configuration controls,
– media controls;
– Disaster recovery and contingency planning;
– Data integrity.
 Information security
• network security is not absolute.
• All security is relative.
• Network security should be thought of as a
spectrum that runs from very unsecure to very
secure
• Network security is a balancing act that
requires the deployment of "proportionate
defenses."
 Information security
• Balancing the cost of security against the value
of the assets they are protecting;
• Balancing the probable against the possible;
• Balancing business needs against security
needs.
 Discussion
• Forms of information:
– In use
– In storage
– In transit.

How will you protect information in each of the

forms?
 Risk Assessment
– crucial to developing proportionate defenses.
• To perform a risk analysis, organizations need
to understand possible threats and
vulnerabilities.
• Risk is the probability that a vulnerability will
be exploited. The basic steps for risk
assessment are listed as follows:
 Risk Assessment
1. Identify and prioritizing assets;
2. Identify vulnerabilities;
3. Identify threats and their probabilities;
4. Identify countermeasures;
5. Develop a cost benefit analysis;
6. Develop security policies and procedures.
 Risk Assessment
• Questions to ask.
– What do you want to safeguard?
– Why do you want to safeguard it?
– What is its value?
– What are the threats?
Risk Assessment