Post on 12-Jan-2016
description
NETE0519 & ITEC4614Computer Network Security
Asst.Prof.Supakorn Kungpisdan, Ph.D.supakorn@mut.ac.th
NETE0519-ITEC4614 2
Supakorn Kungpisdan, Ph.D.
Assistant Professor of Information Technology Education
PhD (Computer Science and Software Engineering), Monash University, Australia
M.Eng. (Computer Engineering), KMUTT Specializations
Information and Network Security, Electronic Commerce, Formal Methods, Computer Networking
NETE0519-ITEC4614 3
Course Descriptions Textbook
W. Stallings: Cryptography and Network Security, 4th Edition, Pearson Prentice Hall, ISBN 0-13-202322-9 or later
Supplementary materials M. E. Whitman and H. J. Mattord, Principles of Information
Security, 3rd Edition, Thomson, ISBN 1-4239-0177-0 G. De Laet and G. Schauwers: Network Security Fundamentals,
Cisco Press, ISBN 1-58705-167-2
http://www.msit.mut.ac.th/media
NETE0519-ITEC4614 4
Evaluation Criteria
Quizzes 10% Lab 30% Midterm exam 20% Final exam 40%
Course Outlines
Network Security Overview Information Security
Symmetric Cryptography, Public-key Cryptography, Hash Functions and MAC
Network Security IP Security, Web Security, Email Security, Firewalls, Intrusion Detection
Systems
Security Management Security Standards and Policy
NETE0519-ITEC4614 5
Lecture 01 Network Security Overview
Supakorn Kungpisdan, Ph.D.supakorn@mut.ac.th
NETE0519-ITEC4614 7
What is Security?
“The quality or state of being secure—to be free from danger”
A successful organization should have multiple layers of security in place: Information Security Systems Security Network Security Security Management Physical security
NETE0519-ITEC4614 8
Source: http://www.technewsworld.com/story/76109.html
NETE0519-ITEC4614 9
Source:http://www.networkworld.com/research/2012/100812-security-manager39s-journal-i-hired-263130.html?source=nww_rss
NETE0519-ITEC4614 10
Security Trends
NETE0519-ITEC4614 11
C.I.A Triangle
Confidentiality Integrity Availability
NETE0519-ITEC4614 12
Vulnerabilities, Threats, and Attacks
Vulnerability Threat Attack
NETE0519-ITEC4614 13
NETE0519-ITEC4614 14
NETE0519-ITEC4614 15
How Hackers Exploit Weaknesses
NETE0519-ITEC4614 16
Types of Attacks
Interruption Attack on Availability
Interception Attack on Confidentiality
NETE0519-ITEC4614 17
Types of Attacks (cont.)
Modification Attack on Integrity Tampering a resource
Fabrication Attack on Authenticity Impersonation,
masquerading
Passive VS Active Attacks
Passive Attacks To obtain information that is
being transmitted. E.g. Release of confidential
information and Traffic analysis Difficult to detect Initiative to launch an active
attack Interception Relieved by using encryption
Active Attacks Involve modification of the data
stream or creation of a false stream
E.g. Masquerade, replay, message modification, denial of services
Potentially detected by security mechanisms
Interruption, Modification, Fabrication
NETE0519-ITEC4614 18
NETE0519-ITEC4614 19
Hackers White Hat Hackers Grey Hat Hackers Script Kiddies Hacktivists Crackers or Black Hat Hackers
Malicious Codes
Viruses A destructive program code
that attaches itself to a host and copies itself and spreads to other hosts
Viruses replicates and remains undetected until being activated.
Worms Unlike viruses, worms is
independent of other programs or files. No trigger is needed.
Trojans Externally harmless program
but contains malicious code
Spyware Software installed on a target
machine sending information back to an owning server
NETE0519-ITEC4614 20
NETE0519-ITEC4614 21
Security at Each Layer
NETE0519-ITEC4614 22
A Model for Network Security
NETE0519-ITEC4614 23
A Model for Network Access Security
NETE0519-ITEC4614 24
Security Controls
NETE0519-ITEC4614 25
NETE0519-ITEC4614 26
NSTISSC Security Model
The National Security Telecommunications and Information Systems Security Committee
NETE0519-ITEC4614 27
Balancing Information Security and Access
NETE0519-ITEC4614 28
Approaches to Information Security Implementation
NETE0519-ITEC4614 29
Approaches to Information Security Implementation: Bottom-Up Approach
Grassroots effort: systems administrators attempt to improve security of their systems
Key advantage: technical expertise of individual administrators
Seldom works, as it lacks a number of critical features:
Participant support
Organizational staying power
NETE0519-ITEC4614 30
Approaches to Information Security Implementation: Top-Down Approach
Initiated by upper management
Issue policy, procedures, and processes
Dictate goals and expected outcomes of project
Determine accountability for each required action
The most successful also involve formal development strategy referred to as systems development life cycle
NETE0519-ITEC4614 31
Security as a Social Science
Social science examines the behavior of individuals interacting with systems
Security begins and ends with the people that interact with the system
Security administrators can greatly reduce levels of risk caused by end users, and create more acceptable and supportable security profiles
Questions?
Next weekSymmetric Cryptography and
Applications