Overview of Network Security

1 12/08/21 ms
 Presentation Content

• What is Internet?
• What do we need to protect?
• Threat Motivation
• Attack Types
• Security Objectives
• Security mechanisms
• References

2 12/08/21 ms
 What is Internet?

• The Internet is a worldwide IP network,

that links collection of different
networks from various sources,
governmental, educational and
commercial.

3 12/08/21 ms
 What do we need to protect

• Data
• Resources
• Reputation

4 12/08/21 ms
 Security Objectives
• Identification
• Authentication
• Authorization
• Access Control
• Data Integrity
• Confidentiality
• Non-repudiation

5 12/08/21 ms
 Identification
• Something which uniquely identifies a
user and is called UserID.
• Sometime users can select their ID as
long as it is given too another user.
• UserID can be one or combination of
the following:
– User Name
– User Student Number
– User SSN

6 12/08/21 ms
 Authentication
• The process of verifying the identity of
a user
• Typically based on
– Something user knows
• Password
– Something user have
• Key, smart card, disk, or other device
– Something user is
• fingerprint, voice, or retinal scans

7 12/08/21 ms
 • Authentication procedure
– Two-Party Authentication
• One-Way Authentication
• Two-Way Authentication
– Third-Party Authentication
• Kerberos
• X.509
– Single Sign ON
• User can access several network resources
by logging on once to a security system.

8 12/08/21 ms
 C lie n t S e rv e r

U se rID & P a ssw o rd

O n e -w a y A u th e n tic a tio n

A u th e n tic a te d

S e rv e rID &
T w o -w a y A u th e n tic a tio n
P a ssw o rd

A u th e n tic a te d

T w o - P a r ty A u th e n tic a tio n s

9 12/08/21 ms
 S e c u r ity S e r v e r

Se
d
or

rv
sw

er
as

ID
ed
,P

,P
at
ID

as
Au
ic
nt

sw
th
nt
ie

e
e

or
nt
Cl

th

d
ic
Au

at
ed
Exchange Keys
C lie n t S e rv e r
E x c h a n g e D a ta

T h ir d -P a r ty A u th e n tic a tio n s

10 12/08/21 ms
 Authorization

• The process of assigning access right

to user

11 12/08/21 ms
 Access Control
• The process of enforcing access right
• and is based on following three entities
– Subject
• is entity that can access an object
– Object
• is entity to which access can be controlled
– Access Right
• defines the ways in which a subject can
access an object.

12 12/08/21 ms
 • Access Control is divided into two
– Discretionary Access Control (DAC)
• The owner of the object is responsible for
setting the access right.
– Mandatory Access Control (MAC)
• The system defines access right based on
how the subject and object are classified.

13 12/08/21 ms
 Data Integrity.

• Assurance that the data that

arrives is the same as when it was
sent.

14 12/08/21 ms
 Confidentiality

• Assurance that sensitive

information is not visible to an
eavesdropper. This is usually
achieved using encryption.

15 12/08/21 ms
 Non-repudiation

• Assurance that any transaction

that takes place can subsequently
be proved to have taken place.
Both the sender and the receiver
agree that the exchange took
place.

16 12/08/21 ms
 Security Mechanisms

• Web Security
• Cryptographic techniques
• Internet Firewalls

17 12/08/21 ms
 Web Security
Basic Authentication

A simple user ID and password-based

authentication scheme, and provides the
following:
– To identify which user is accessing the server
– To limit users to accessing specific pages
(identified as Universal Resource Locators, URLs

18 12/08/21 ms
 Cryptographic Techniques

• Secret Key Algorithm

• Public Key Algorithm
• Digital Signature
• Certificate Authority

19 12/08/21 ms
 Secret Key Algorithm

S e c re t K e y S e c re t K e y

E n c r y p t io n D e c r y p tio n
C le a r T e x t C ip h e r T e x t C le a r T e x t

Bob A lic e

20 12/08/21 ms
 Public Key Algorithm

A lic e 's P u b lic A lic e 's

Key P r iv a te K e y

E n c r y p tio n D e c r y p tio n
C le a r T e x t C ip h e r T e x t C le a r T e x t

Bob A lic e

21 12/08/21 ms
 Digital Signature

A lic e 's A lic e 's

P r iv a te K e y P u b lic K e y

D e c r y p tio n &
E n c r y p tio n
A u th e n tic a tio n
C le a r T e x t C ip h e r T e x t C le a r T e x t

A lic e Bob

22 12/08/21 ms
 Certificate Authority

R e q u e s t B o b 's C e r tific a te
P u b lic K e y A u th o r ity P u b lis h P u b lic
Key

B o b 's P u b lic
Key

A lic e Bob
C ip h e r T e x t

23 12/08/21 ms
 Internet Firewall
• A firewall is to control traffic flow between
networks.
• Firewall uses the following techniques:
– Packet Filters
– Application Proxy
– Socks servers
– Secure Tunnel
– Screened Subnet Architecture

24 12/08/21 ms
 Packet Filtering
• Most commonly used firewall technique
• Operates at IP level
• Checks each IP packet against the filter rules
before passing (or not passing) it on to its
destination.
• Very fast than other firewall techniques
• Hard to configure

25 12/08/21 ms
 Packet Filter Cont..

Packet
N o n -S e c u re S e c u re
F ilte r in g
N e tw o rk N e tw o rk
S e rv e r

26 12/08/21 ms