LEC1

By: Shimaa
Yagoub Ali
 ‫التقويم المستمر للمقرر‬

‫النسبة‬ ‫الرق عنصر التقويم‬

‫م‬
‫‪10%‬‬ ‫الحضور‬ ‫‪1‬‬
‫‪20%‬‬ ‫العملي‬ ‫‪2‬‬
‫‪20%‬‬ ‫امتحان نصف الفترة‬ ‫‪3‬‬
‫‪50%‬‬ ‫امتحان نهائي‬ ‫‪4‬‬
‫تنبيه هام ‪:‬‬
‫غياب ‪ %25‬فاكثر من المحاضرات بدون عذر رسمي يعرض‬
‫الطالب لحرمانه من الجلوس لالمتحان النهائي أو منحه تقدير‬ ‫‪2‬‬
Introduction
• In general terms Security is a
continuous process of protecting an
object from attack.
• That object may be:
 person.
 organization.
 computer system.
 file.

3
Introduction
When we consider a computer system, for
example, its security involves the security
of all its resources such as its physical
hardware components such as readers,
printers, the CPU, the monitors, and
others. In addition to its physical
resources, it also stores non-physical
resources such as data and information
that need to be protected.

4
 Introduction
• In a distributed computer system such as a
network, the protection covers physical and
non-physical resources that make up the
network including communication channels
and connectors like modems, bridges,
switches, and servers, as well as the files
stored on those servers.
• security means preventing unauthorized
access, use, alteration, and theft or physical
damage to these resources.
5
Introduction
information needs to be secured from
attacks.
•To be secured, information needs to be
hidden from unauthorized
access(confidentiality).
•protected from unauthorized change
(integrity).
•available to an authorized entity when it is
needed (availability).
6
Security Goals

Confidentiali
ty

Integrity Availabilit
y
Security Goals
Security as defined thus involves the following three
elements:
1.Confidentiality: to prevent unauthorized access or
disclosure of information to third parties.
2.Integrity: to prevent unauthorized modification of
resources. It includes the integrity of system
resources, information.
3.Availability: to prevent unauthorized withholding of
system resources from those who need them when
they need them.

8
 Security Attacks

Attack an attack is an attempt to access

resources on a computer or a network without
authorization, or to bypass security measures
that are in place.
Our three goals of security confidentiality,
integrity, and availability can be threatened by
security attacks.
Security Attacks

10
Security Attacks

11
 Classify Security Attacks as
• passive attacks :
 Passive attacks are in the nature of eavesdropping
on, or monitoring of transmissions to:
– Read or obtain message contents (snooping).
– monitor traffic flows (traffic analysis).
 Passive attacks are very difficult to detect because
they do not involve any alteration of the data.
Typically, the message traffic is sent and received
in an apparently normal fashion and neither the
sender nor receiver is aware that a third party has
read the messages or observed the traffic pattern.12
passive attacks

13
• active attacks:
Active attacks involve some modification of the data stream
or the creation of a false stream and can be subdivided into
four categories:
 masquerade of one entity as some other: man-in-the-
middle.
 replay previous messages.
 modify messages in transit.
 denial of service.

14
 active attacks
•Modification: After intercepting or accessing
information, the attacker modifies the information to
make it beneficial to herself. sometimes the attacker
simply deletes or delays the message to harm the
system.

15
 masquerade

masquerade takes place when one entity pretends to be a

different entity.

16
 replay previous messages
Replay: in replaying, the attacker obtains a copy of
a message sent by a user and later tries to replay
it.

17
 denial of service
The denial of service: prevents the normal use of
communications facilities.
It may slow down or totally interrupt the service of a
system.

18
Taxonomy of attacks with relation to
security goals
 Security Services
Services and Techniques
•to prevent attacks we defines some
security services to achieve security
goals and prevent attacks.
 Security Services
• Confidentiality:
protects system data and information from unauthorized disclosure,
protection of any information from being exposed to unintended
entities.
• Authentication: assurance that an entity of concern or the origin of
a communication is authentic - it’s what it claims to be or from
• Integrity: assurance that the information has not been tampered
with protects data against active threats such as those that may alter
it.
• Access control: facilities to determine and enforce who is allowed
access to what resources, hosts, software, network connections.

21
 Security Mechanisms

• is any process that is designed to detect, prevent, or recover from a

security attack. Examples of mechanisms are encryption
algorithms, digital signatures, and authentication protocols.
 Cryptographic Techniques.
– will see next
 Software and hardware for access limitations:
– Firewalls
 Security Policies:
– define who has access to which resources.

22
Security Mechanisms
 Physical security
– Keep it in a safe place with limited and authorized physical
access.
 Authentication
– User name.
– Password.
 Hardware for authentication
– Smartcards, security tokens

23
 Security Architecture for
OSI
OSI of ISO
Internet Stack
Application
 IPsec. Presentation
 Firewalls. Upper Layers
 Session
Email sec.
 Web sec. Transport Transport
 ….etc Network Internet
Will see later
Data Link Data Link
Physical Physical
24