0% found this document useful (0 votes)
566 views

Chapter 8 - Network Security and Network Management

This document discusses network security and management. It covers network security attacks like passive attacks (e.g. eavesdropping) and active attacks (e.g. message modification). It also discusses security services like confidentiality, integrity, authentication, non-repudiation. For network management, it outlines functions like configuration, fault, performance, security and accounting management. It provides examples of how network management systems monitor components and ensure efficient network operations.

Uploaded by

Muhammad Nazmi
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
566 views

Chapter 8 - Network Security and Network Management

This document discusses network security and management. It covers network security attacks like passive attacks (e.g. eavesdropping) and active attacks (e.g. message modification). It also discusses security services like confidentiality, integrity, authentication, non-repudiation. For network management, it outlines functions like configuration, fault, performance, security and accounting management. It provides examples of how network management systems monitor components and ensure efficient network operations.

Uploaded by

Muhammad Nazmi
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 34

Communication and Computer Network (SKR 3200)

Network Security and Network


Management

1
Learning Outcome

• Explain the network security services(C4)


• Show the cryptography techniques(P3)
• Explain the network management services (C4)

2
Network Security Attack

3
Security Attacks

•A means of classifying security


attacks, used both in X.800 and
RFC 4949, is in terms of passive
attacks and active attacks

• A passive attack tries to learn or


make use of information from
the system but does not affect
system resources.

• An active attack tries to alter


system resources or affect their
operation.
Passive Attacks

• Are in the nature of


eavesdropping on, or
monitoring of transmissions

• Goal of the opponent is to


obtain information that is
• Two types of passive
being transmitted
attacks are:
– The release of
message contents
– Traffic analysis
Active Attacks

• Involve some modification of


the data stream or the creation
of a false stream

• Difficult to prevent because of


the wide variety of potential
physical, software, and network
vulnerabilities

• Goal is to detect attacks and to


recover from any disruption or
delays caused by them
Active Attack - 1

Masquerade Replay*

Capture message from


Message from Hacker Bob to Alice; later
that appears to be from Bob replay message to Alice

7
Active Attack - 2

Modification of messages Denial of Service

Modifies message from Bob to Alice disrupts service provided by server

8
SECURITY SERVICES

• Network security can provide five services.


• Four of these services are related to the message
exchanged using the network.
• The fifth service provides entity authentication or
identification.

9
Non-repudiation

• Prevents either sender or receiver from denying a


transmitted message
• When a message is sent, the receiver can prove that
the alleged sender in fact sent the message
• When a message is received, the sender can prove
that the alleged receiver in fact received the message

© 2017 Pearson Education, Ltd., All rights reserved.


Message Confidentiality

• Message confidentiality or privacy means that the


sender and the receiver expect confidentiality.
• The transmitted message must make sense to only
the intended receiver.
• To all others, the message must be garbage.
• The message must be encrypted at the sender site
and decrypted at the receiver site.
• This can be done using either symmetric-key
cryptography or asymmetric-key cryptography.
Confidentiality with Symmetric-Key Cryptography
Confidentiality with Asymmetric-Key Cryptography

11
Categories of cryptography

12
Message Confidentiality
(Symmetric Keys)

13
Advantages of using
Symmetric Keys

• A symmetric cryptosystem is simple and faster.

• In Symmetric Cryptosystems, encrypted data can be


transferred on the link even if there is a possibility that the data
will be intercepted. Since there is no key transmitted with the data,
the chances of data being decrypted are null.

• A symmetric cryptosystem uses password authentication to


prove the receiver’s identity.

• A system only which possesses the secret key can decrypt a


message.
Message Confidentiality
(Asymmetric Keys)

15
Advantages of using
Asymmetric Keys

• In asymmetric or public key cryptography there is no need


for exchanging keys, thus eliminating the key distribution
problem.

• The primary advantage of public-key cryptography is increased


security: the private keys do not ever need to be transmitted or
revealed to anyone.

• Can provide digital signatures


Message Integrity

• Message integrity means that the data must arrive at


the receiver exactly as they were sent.

• Encryption and decryption provide secrecy, or


confidentiality, but not integrity.

• However, on occasion we may not even need secrecy,


but instead must have integrity.

17
Note

To preserve the integrity of a document,


both the document and the fingerprint are needed.

18
Message and Message
Digest

Note

The message digest needs to be kept secret.

19
Checking Integrity

20
Criteria of a Hash Function

One wayness : Ensure a message digest is created by a one-way hashing


function and must not be able to recreate the message from the digest

Weak collision resistance : Ensure that a message cannot be easily be


forged

Strong collision resistance: Ensure that we cannot find two messages that
hash to the same digest.

21
Message Authentication

• Message authentication is a service beyond message


integrity.
• In message authentication the receiver needs to be sure
of the sender’s identity and that an imposter has not sent
the message.
• The digest created by a hash function can detect any
modification in the message, but not authentication.

22
MAC - Created by Alice and
Checked by Bob

23
Message Non-repudiation

• Message non-repudiation means that a sender must not


be able to deny sending a message that he or she, in
fact, did send.
• The burden of proof falls on the receiver.

Note

Non-repudiation can be provided using a trusted party.

24
Using a Trusted Center
for Non-repudiation

25
Digital Signature

• When Alice sends a message to Bob, Bob needs to


check the authenticity of the sender; he needs to be
sure that the message comes from Alice and not Eve.
• Bob can ask Alice to sign the message electronically.
• In other words, an electronic signature can prove the
authenticity of Alice as the sender of the message.
• We refer to this type of signature as a digital signature.

Note

A digital signature needs a public-key system.

26
Entity Authentication

• Entity authentication is a technique designed to let one


party prove the identity of another party.
• An entity can be a person, a process, a client, or a
server.
• The entity whose identity needs to be proved is called
the claimant; the party that tries to prove the identity of
the claimant is called the verifier.

27
Entity Authentication

• Passwords Authentication : fixed password and one-


time password
• Challenge Response Authentication:
1. Using a symmetric-key cipher
2. Using a Keyed hash function
3. Using digital signature

28
Network Management System

• Network management are the monitoring, testing,


configuring, and troubleshooting network components
to meet a set of requirements defined by an
organization
• The functions performed by a network management
system can be divided into five broad categories:
– configuration management,
– fault management,
– performance management,
– security management, and
– accounting management.

29
Functions of a Network
Management System

30
Configuration Management

• Configuration management system must know at any


time, the status of each entity and its relation to other
entities
• Reconfiguration: adjusting the network component and
features. 3 types of reconfiguration:
– Hardware reconfiguration
– Software reconfiguration
– User account reconfiguration
• Documentation: The original network configuration and
each subsequent change must be recorded
meticulously for hardware, software and user accounts.

31
Fault Management

• Reactive Fault Management System


– Is responsible for detecting, isolating, correcting, and recording
faults.
– It handles short term solutions to faults

• Proactive Fault Management System


– It tries to prevent faults from occurring.
– Although this is not always possible, some types of failures can
be predicted and prevented.
– E.g., if a fault happens frequently at one particular point of a
network, it is wise to carefully reconfigure the network to
prevent the fault from happening again

32
Performance Management

• Closely related to fault management, tries to monitor


and control the network to ensure that it is running as
efficiently as possible
• Capacity : limited capacity of a network
• Traffic: Number of packets travelling inside and outside
the network
• Throughput: Throughput of an individual device
• Response Time : measure the time a user requests a
service to the time the service is granted

33
Security and Accounting
Management
• Security Management
– Is responsible for controlling access to the network based on
the predefined policy

• Accounting Management
– Is the control of users’ access to network resources through
charges.
– Individual users, departments, divisions are charged for the
services they receive from the network maybe for budgeting
purpose

34

You might also like