Scribd
Upload
4 views

Lecture 1_Fourth Year _Network Secuirty

The presentation by Dr. Ezz Eldin Badawy Gad Alrab Hemdan introduces key concepts in network security, including definitions of information security, cyber security, and network security, as well as their differences. It discusses the levels of cyber security, the NIST Cybersecurity Framework, and the Cyber Security Cube, which outlines principles, data states, and countermeasures. The presentation concludes with real-world examples of cyber threats and the roles of different types of hackers.

Uploaded by

Mo'men Sa'ed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

Lecture 1_Fourth Year _Network Secuirty

The presentation by Dr. Ezz Eldin Badawy Gad Alrab Hemdan introduces key concepts in network security, including definitions of information security, cyber security, and network security, as well as their differences. It discusses the levels of cyber security, the NIST Cybersecurity Framework, and the Cyber Security Cube, which outlines principles, data states, and countermeasures. The presentation concludes with real-world examples of cyber threats and the roles of different types of hackers.

Uploaded by

Mo'men Sa'ed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

Menoufia University

Faculty of Electronic Engineering


Department of Computer Science and Engineering
Network Security (CSE 413)

Lecture 1
Introduction to Network Security
Presented By
Dr.Ezz Eldin Badawy Gad Alrab Hemdan
Head of Cyber Security and Data Analytics Engineering Program
Faculty of Electronic Engineering
Menoufia University

NETWORK SECURITY 1
Attention !
THE CONTENTS OF THIS PRESENTATION FOR
EDUCATION PURPOSE ONLY

NETWORK SECURITY 2
Information, Network and Cyber Security

Cyber Security Levels

Cyber Security Cube

Security and Availability For Networked Systems

War Stories

Conclusion

NETWORK SECURITY 3
Information, Network
and Cyber Security

NETWORK SECURITY 4
Information Security Vs. Cyber Security
According to the National Institute of Standards and Technology (NIST):

✓ Information Security is the "protection of information and information systems from

unauthorized access, use, disclosure, disruption, modification, or destruction to provide

confidentiality, integrity, and availability“.

✓ Cyber Security is the "ability to defend or protect the use of cyberspace from cyber

attacks". It is a subunit of Information Security

➢ The difference between Cyber Security and Information Security is in scope.

NETWORK SECURITY 5
Cyber Security Vs. Network Security
✓ Cyber Security is a common term concerned with all aspects of cyber space. It is a subset

of information security that deals with protecting the integrity of networks, devices, and

programs from attack, damage, or unauthorized outside access. (Outside Threats)

✓ Network Security is a subset of cyber security which deals with planning and

implementing network security measures to protect the integrity of networks and

programs against hacking and unauthorized Internal access. (Internal Threats)

➢ The difference between Cyber Security and Network Security is in Border Scope.

NETWORK SECURITY 6
Cyber Security Levels

NETWORK SECURITY 7
What is Cyber Security?
✓ Protection of networked system and data from unauthorized use or harm.

Levels of Cyber Security


❑ Personal level
✓ You need to safeguard your identity, your data, and your computing
devices.

❑ Corporate level
✓ It is everyone’s responsibility to protect the organization’s reputation, data,
and customers.

❑ State level
✓ National security, and the safety and well-being of the citizens are at stake.
NETWORK SECURITY 8
NIST Cyber security Framework
NIST Cybersecurity Framework - a set of standards designed to integrate existing standards,
guidelines, and practices to help better manage and reduce cybersecurity risk.

NETWORK SECURITY 9
Cyber Security Cube

NETWORK SECURITY 10
Cyber Security Cube

NETWORK SECURITY 11
Dimension One: Cybersecurity Principles CIA

• Confidentiality: assurance that sensitive information is not


intentionally or accidentally disclosed to unauthorized individuals.

• Integrity: assurance that information is not intentionally or


accidentally modified in such a way as to call into question its
trustworthiness or reliability.

• Availability: ensuring that authorized individuals have both timely


and reliable access to information and information systems.

NETWORK SECURITY 12
Dimension Two: Information (data) States

• Storage: Stored data in storage places such as memory, on a drive, or


USB flash drive(data at rest).

• Transmission: transferring data between systems (data at motion)

• Processing: performing operations on data like modification, backup,


correction.

NETWORK SECURITY 13
Dimension Three: Security Countermeasures or Safeguards
• Policy and practices: administrative controls, such as information
security policies, procedures, guidelines, and management directives.

• People(Human factors): ensuring that the users of information


systems are aware of their roles and responsibilities. Requires
awareness and education programs.

• Technology: software- and hardware-based solutions designed to


protect information systems, like anti-virus, firewalls, and IDS/IPS
systems.

NETWORK SECURITY 14
Security and Availability For
Networked Systems

NETWORK SECURITY 15
Security vs. Availability for Network Systems
❑Most enterprise networks must be up and running at all times.
❑Preferred uptime is often measured in the number of down minutes in a year. A
“five nines” uptime means that the network is up 99.999% of the time (or
down for no more than 5 minutes a year).
❑Trade off between strong security and permitting business functions.

NETWORK SECURITY 16
War Stories

NETWORK SECURITY 17
Hijacked People
❑A hacker set up an open “rogue” wireless hotspot posing as a legitimate
wireless network.
❑A customer logged onto her bank’s website.
❑The hacker hijacked her session.
❑The hacker gained access to her bank accounts.

NETWORK SECURITY 18
Ransomed Companies
❑An employee receive an email from his CEO, containing an attached PDF.
❑Ransomware is installed on the employee’s computer.
❑Ransomware gathers and encrypts corporate data.
❑The attackers hold the company’s data for ransom until they are paid.

NETWORK SECURITY 19
Targeted Nations
Stuxnet Worm

❑Stuxnet worm was designed to impede Iran’s progress in enriching uranium


o Example of network attack motivated by national security concerns

❑Infiltrated Windows operating systems.


❑Targeted Step 7 software that controls programmable logic controllers (PLCs)
to damage the centrifuges in nuclear facilities.
❑Transmitted from the infected USB drives into the PLCs eventually damaging
many cetrifuges.

NETWORK SECURITY 20
Threat Actors and Hackers

NETWORK SECURITY 21
Hackers

NETWORK SECURITY 22
Hackers
White Hat Hackers
◦ Ethical hackers who use their programming skills for good, ethical, and legal purposes.
◦ Perform penetration tests to discover vulnerabilities and report to developers before
exploitation.
▪Grey Hat Hackers
◦ Commit crimes and do unethical things but not for personal gain or to cause damage.
◦ May compromise network and then disclose the problem so the organization can fix the
problem.
▪Black Hat Hackers
◦ Unethical criminals who violate security for personal gain, or for malicious reasons, such as
attacking networks.
NETWORK SECURITY 23
Conclusion

NETWORK SECURITY 24
Conclusion
In This presentation we covered

✓ Information, Network and Cyber Security

✓ Cyber Security Levels

✓ Cyber Security Cube

✓ Security and Availability For Networked Systems

✓ War Stories

NETWORK SECURITY 25
NETWORK SECURITY 26
NETWORK SECURITY 27

You might also like