lecture 1 - Philadelphia University

slurpslapoutΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

103 εμφανίσεις

Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Module
1

Introduction: To Information &
Security


Modified by :Ahmad Al Ghoul


Philadelphia University


Faculty Of Administrative & Financial Sciences


Business Networking & System Management
Department


Room Number
32406


Email Address: ahmad
4
_
2
_
69
@hotmail.
com



Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Objectives


Information cycle, What is the role of computers in the
information cycle?


What is System Security?


What are we protecting?



Ensure security in a network & Enhancing security by


Security awareness


Causes of system security lapses


Security procedures & Security phases


Security Goals


Types of Threat, Risk, Attack


Security Policy Definition and planning

Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Information cycle


Security is required at all phases of the
information cycle


1
-
gathering,
2
-
creating,
3
-
processing,
4
-
storing,
5
-

transmitting and
6
-
deleting. Security is only as good as the
weakest link in the system

Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

What is the role of computers in the
information cycle?


Accept data through input devices


Process data using microprocessors


Store data for interactive use in the
RAM and for longer periods of storage
in the hard disks


Output data through output devices.


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

What is System Security?


Protection of assets from unauthorized access


protection from unauthorized access both from within
and external


Security is a process of reducing risk or the
likelihood of harm


Security is a weak link problem
-

total security is no
better than the weakest link.


It must, therefore, be evaluated across the entire
enterprise


Security is a series of trade
-
offs: the greater the level of
security the worse the ease of use.



Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

What are we protecting?


We are protecting system resources:


Business information


Equipment


Systems


Data (information)


Data and Information
-

the most important resource:


Data is a physical phenomena that represents certain aspects of our
knowing of the world


When we process data we give it meaning and we call it information.


Data and information are:


Stored


Moved over communication channels


We focus on security of data and information:


At source ( source: server/client)


At destination (destination: server/client)


In the communication channel


The security of computer networks means the security of information
on that network.






Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Ensure security in a network by:


Access


legal channels of getting
resources


Identification


to uniquely distinguish a
user of a resource


Authentication


to prove positively that
the user is what he/she claims to be.


Authorization


being able to determine
and allow the user only those resources
the user has ability to utilize.



Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Enhance security by:


Accountability


ability to associate
activities with the actors.


Awareness


create a level of understanding
of security issues


Administration


ability to manage the
security system.


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Security awareness


Security is a continuous process of making
valuable resources secure.


First act in securing system resources is
awareness


Process of making people understand the
implications of security in their lives


All people in the enterprise must understand the
importance of security


All people must understand the following:


Appropriate use of resources


all people must know
why security of resources matter.


Relevancy of security


Individual’s role


Responsibility



Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Causes of system security
weakness

-

Hardware


many security problems originate
from hardware failures and poor designs


Software


lots of security problems originate
from poor software designs and testing


Human/user


humans are very unpredictable
and malicious


* Resources ( data and information)


because the
resources within the computer system themselves
may contain loopholes through which, if found,
intruders enter the systems.


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011


Security procedures:


Good and effective security is a result of a good
security policy


A policy may have one or more of the following
procedures:


For servers and Clients:


Intrusion Detection Systems (IDS)


Firewalls


For the communication channel:


Encryption


Authentication


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011



Security phases:


Inspection


identifying key security functions needed
and the capabilities available to achieve the desired
security level


Protection


proactive risk reduction


mechanism in
place to prevent reduction in desired security level


Detection ( in action)


to take measures to detect
whether an asset has been damaged, how, and who has
caused the damage.


Response ( post
-
action)


to take measures that allow
recovery of assets or recovery from damage, and
minimize losses.


Reflection


plans/processes that focus on security
improvements.


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011


There are
10
fundamental aspects of security ( system
security):


Awareness


make every one understand the critical role security
plays in their well
-
being


Access


ability to connect to the system resources


Identification


to be able to know the user



Authentication


preventing unauthorized interception of
information during transmission


Authorization


allowing identifiable users access to the resources


Availability


preventing unauthorized withholding of
information and resources


Integrity


preventing unauthorized modification of information


Accuracy


an assurance of the integrity of the resources


Confidentiality


the assets of a computing system are accessible
only by authorized parties.


access to information, the source can be easily found it.





Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Security Goals


Confidentiality


the assets of a computing system are accessible
only by authorized parties.


Integrity


assets can be modified only by authorized
parties or only in authorized ways.


Availability


assets are accessible to authorized parties.


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Fourth Objective


Securing
computing resources
:
prevent/detect/ improper
use

of computing
resources


Hardware


Software


Data


Network


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Confidentiality


Only authorized people can see protected
data.


Problems


1
-
who determine who is authorized?


2
-

what he/ she can see ?


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Integrity


There are three aspects to integrity


1
-
Authorized action.


2
-
Separation and protection of resources.


3
-
Error detection and correction

Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Availability


Availability applies both to data and to
service ( access to computing resources


Availability means:


1
-

Presence of object or service in usable
form.


2
-

Capacity to meet service needs.


3
-

Progress: bounded waiting time.


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Goals of Availability


1
-

Timely response.


2
-

Fault tolerance.
The ability of a computer or an
operating system to respond to a catastrophic event or fault


3
-
Utility or Usability ( can be used as
intended)


4
-

Controlled concurrency: support for
simultaneous access, deadlock management,
and exclusive access.


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Security Goals

Integrity

Confidentiality

Avalaibility

Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Achieving Security


Policy


What to protect?


Mechanism


How to protect?


Assurance


How good is the protection?


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Threat, Risk, Attack

Threat
: potential occurrence that can have an undesired
effect on the system


Risk
: measure of the possibility of security breaches and
severity of the damage


Attack
: action of malicious intruder that exploits
vulnerabilities of the system to cause a threat to occur


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Types of Threats



Threats


Interruption
: an asset of the system becomes lost,
unavailable, or unusable


Interception
: some unauthorized party has gained
access to an asset


Modification
: an unauthorized party not only accesses
but tampers with an asset


Fabrication
: unauthorized party fabricate counterfeit
objects on a computing system


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Threats to Hardware


Interruption


denial of service


destruction, etc.


Interception


Theft: unauthorized product owned by other vendors


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Threats to Software


Interruption


deletion


configuration management is required


Interception


software theft:this attack include unauthorized copying of software


Modification


Trojan horse:a program that does one thing while covertly doing
anther



virus: a specific type of trojan horse, that can be used to spread
infection from one computer to anther.



trapdoor: a program that has a secret entry point.



information leaks: in a program, which make information accessible
to unintended people or programs


check the vendor


use anti
-
virus software


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Threats to Data


Interruption(loss)



availability


include key loss(encryption)


Interception


confidentiality


Modification


integrity


Fabrication


include replay attack


internet banking

Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Assets vs. Threats

Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Security of Data

Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Types of Attacks (
1
)


Interruption



an asset is destroyed, unavailable
or unusable (
availability
)

Interception



unauthorized party gains access to
an asset (
confidentiality
)

Modification



unauthorized party tampers with
asset (
integrity
)

Fabrication



unauthorized party inserts
counterfeit object into the system (
authenticity
)


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Types of Attacks (
2
)


Passive attacks
:

Eavesdropping

Monitoring

Active attacks
:

Masquerade



one entity pretends to be a different
entity

Replay



passive capture of information and its
retransmission

Modification

of messages


legitimate message is
altered

Denial of service



prevents normal use of resources


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Intrusion Points


Intrusion points are areas that provide an access point to your
company's information. Some of these are obvious, but others are not.
For instance, you might realize that you need to install a firewall to
protect the internal network and computers from hackers, but if a
hacker took a temporary job at your company, the firewall would be of
little use. When identifying intrusion points, you must consider internal
threats as well as external threats. Some internal and external access
points are as follows:


Internal access points


Systems that are not in a secured room


Systems that do not have any local security configured


External access points


Network components that connect your company to the Internet


Applications that are used to communicate across the Internet


Communications protocols


Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Security Policy

Organizational

Policy

Computerized

Information System

Policy

Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Planning a security policy


The first, and most important, principle
in security of any kind is to have a well
-
defined security policy. To develop a
policy, you need to answer these two
questions:

1.
What constitutes a well
-
defined security
policy?

2.
How can I make a security policy without
understanding the threats against me?



Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

Security policy Basics


Consistent with other corporate policies


Accepted by the network support staff as
well as the appropriate levels of
management


Suitable for using with the existing network
equipment and procedures


Compliant with local, state, and federal
laws

Network Security

PHILADELPHIA UNIVERSITY
Ahmad Alghoul
2010
-
2011

What is a good Security policy?



A well
-
defined security policy outlines your
requirements and limits your exposure to risk.
There are three criteria for creating and
evaluating a policy for information security.

1.
Confidentiality: Your information must be kept
private. Unauthorized access must be prevented.

2.
Integrity: Your information must be protected
from tampering. It cannot be modified from its
original form without your authorization.

3.
Availability: Your information must be available
to authorized users when they need it.