Scribd
Upload
21 views44 pages

Cys505 Lecture01

The document discusses a network security course, including grading, textbooks, course outlines, and topics like cryptography, symmetric and public key encryption, network security applications, and system security. It provides details on the course structure, chapters to be covered, and security concepts like the OSI security architecture, security attacks, services, and mechanisms.

Uploaded by

Abdirizak Abokar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views44 pages

Cys505 Lecture01

The document discusses a network security course, including grading, textbooks, course outlines, and topics like cryptography, symmetric and public key encryption, network security applications, and system security. It provides details on the course structure, chapters to be covered, and security concepts like the OSI security architecture, security attacks, services, and mechanisms.

Uploaded by

Abdirizak Abokar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 44

CYS505 Network Security

Prepared By: Dr. Ihab ELAFF


 What ? Why ? How?
 Grading System
 Text Books
 Course Outlines
Grading Item Marks
Homework 10
Presentations 20
Midterm Exam 30
Final Exam 40
Total 100
 Cryptography and Network Security Principles
and Practices, Fourth Edition, By William
Stallings
 Part One: Symmetric Ciphers [Ch2 – Ch7]
 Part Two: Public-Key Encryption and Hash
Functions [Ch8 – Ch13]
 Part Three: Network Security Applications
[Ch14 – Ch17]
 Part Four: System Security [Ch18 – Ch20]
Week Subjects
1 Introduction Ch1
2 Classical Encryption Techniques, and Block Ciphers and the Ch2, Ch3
Data Encryption Standard
3 Finite Fields and Advanced Encryption Standard, Ch4, Ch5
4 More on Symmetric Ciphers and Confidentiality Using Ch6, Ch7
Symmetric Encryption
5 Public-Key Cryptography and RSA and Public-Key Ch8 – Ch10
Cryptosystems
6 Message Authentication and Hash Functions, Hash and MAC Ch11 - Ch13
Algorithms and Digital Signatures and Authentication Protocols.
7 MIDTERM EXAM
8 Authentication Applications Ch14
9 Electronic Mail Security Ch15
10 IP Security Ch16
11 Web Security Ch17
12 Intruders Ch18
13 Malicious Software Ch19
14 Firewalls Ch20
FINAL EXAM
 Information Security requirements have
changed in recent times
 Traditionally provided by physical and
administrative mechanisms
 Computer use requires automated tools
to protect files and other stored
information
 Use of networks and communications
links requires measures to protect data
during transmission
 Computer Security - generic name for
the collection of tools designed to
protect data from hackers
 Network Security - measures to protect
data during their transmission
 Internet Security - measures to protect
data during their transmission over a
collection of interconnected networks
1. The OSI Security Architecture
2. Security Attacks
3. Security Services
4. Security Mechanisms
5. Model for Network Security
1. The OSI Security Architecture
2. Security Attacks
3. Security Services
4. Security Mechanisms
5. Model for Network Security
 ITU-T Recommendation X.800,
Security Architecture for OSI, defines
such a systematic approach.
 The OSI security architecture is useful
to managers as a way of organizing
the task of providing security.
 The OSI security architecture provides
a useful, if abstract, overview of many
of the concepts that this book deals
with.
 The OSI security architecture focuses on
security attacks, services and
mechanisms.
 Threat: A potential for violation of
security, which exists when there is a
circumstance, capability, action. (threat
is a possible danger that might exploit a
vulnerability).

 Attack: An intelligent act that is a


deliberate attempt to evade security
services and violate the security policy of
a system.
1. The OSI Security Architecture
2. Security Attacks
3. Security Services
4. Security Mechanisms
5. A Model for Network Security
 Any action that compromises the
security of information owned by an
organization
 Information security is about how to
prevent attacks, or failing that, to
detect attacks on information-based
systems
 Have a wide range of attacks
 Can focus of generic types of attacks
 Passive Attacks
 Active Attacks
Passive Attacks
 Passive Attacks
 Passive Attacks
Active Attacks
 Active Attacks
 Active Attacks
 Active Attacks
 Active Attacks
1. The OSI Security Architecture
2. Security Attacks
3. Security Services
4. Security Mechanisms
5. Model for Network Security
 X.800: defines a security service as a
service provided by a protocol layer of
communicating open systems, which
ensures adequate security of the
systems or of data transfers.
 RFC 2828 (Request for Comments):
defines a security service as a
processing or communication service
that is provided by a system to give a
specific kind of protection to system
resources; security services implement
security policies and are implemented
by security mechanisms.
1. Authentication
2. Access Control
3. Data Confidentiality
4. Data Integrity
5. Nonrepudiation
6. Availability
1. The OSI Security Architecture
2. Security Attacks
3. Security Services
4. Security Mechanisms
5. Model for Network Security
 A mechanism that is designed to
detect, prevent, or recover from a
security attack
 No single mechanism that will support
all functions required
 However one particular element
underlies many of the security
mechanisms in use: cryptographic
techniques.
 Specific Security Mechanisms
 Pervasive Security Mechanisms
1. The OSI Security Architecture
2. Security Attacks
3. Security Services
4. Security Mechanisms
5. Model for Network Security

You might also like