Scribd
Upload
32 views

Network Security: Presented By: Dr. Munam Ali Shah

This document summarizes a lecture on network security. It discusses security through obscurity and how it is not an effective security method. It outlines different types of security attacks like passive attacks which obtain message content and active attacks which modify or replay messages. The lecture aims to describe the difference between security and protection and how access privileges can be created using an access matrix. The next topics to be covered will include different types of security attacks like viruses, worms, and Trojans as well as denial of service attacks.

Uploaded by

Nadeem Shoukat
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
32 views

Network Security: Presented By: Dr. Munam Ali Shah

This document summarizes a lecture on network security. It discusses security through obscurity and how it is not an effective security method. It outlines different types of security attacks like passive attacks which obtain message content and active attacks which modify or replay messages. The lecture aims to describe the difference between security and protection and how access privileges can be created using an access matrix. The next topics to be covered will include different types of security attacks like viruses, worms, and Trojans as well as denial of service attacks.

Uploaded by

Nadeem Shoukat
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 25

Network Security

Lecture 4

Presented by: Dr. Munam Ali Shah


Summary of the previous lecture

Prevention, Detection and Reaction


How much security
Security trade-offs (productivity, functionality)
Penetration testing tool
No free lunch
Outlines
 Security through obscurity
 Aspects of Security
 OSI Security architecture
 Active and Passive attacks
 Protection and access rights
Objectives

 To describe the difference between security and

protection.
 To understand access privileges and create access right

metrix.
 To understand how different security tools be used.
There is never a free lunch
 Means don’t go for free software, free wallpapers etc.
 No one is going to give you anything free
Security through obscurity … ?
 Security through obscurity – hiding design
or implementation details to gain security:
 keeping secret not the key, but the encryption
algorithm,
 hiding a DB server under a name different from “db”, etc.
 The idea doesn’t work
 it’s difficult to keep secrets (e.g. source code gets stolen)
 if security of a system depends on one secret, then,
once it’s no longer a secret, the whole system is compromised
 secret algorithms, protocols etc. will not get reviewed  flaws
won’t be spotted and fixed  less security
 Systems should be secure by design, not by obfuscation

 Security AND obscurity


Aspects of Security
 Security attack
Any action that compromises the security of information
owned by an organization.
 Security mechanism
A process that is designed to detect, prevent or
recover from a security attack.
 Security service
Services that enhances the security of the data processing
systems and the information transfers of an organization.
These services are intended to counter security attacks, and
they make use of one or more security mechanisms to
provide the service.
OSI Security Architecture

  International Telecommunication Union (ITU-T)


recommends X.800, the security architecture for OSI
 Defines a systematic way of defining and providing
security requirements
Security Attacks Classification

 Any action that compromises the security of information


owned by an organization
 Information security is about how to prevent attacks, or
failing that, to detect attacks
 Classification according to X.800
 Passive attack
 Active attack
Passive attack
 Obtaining message content
 Traffic analysis
Active attack
 Masquerade
 Replay previous messages
 Modify messages in transit
 Denial of service
Security Attacks

Security Attacks

Snooping Modification Denial of Service

Traffic Analysis Masquerading Threat to Availability

Threat to Confidentiality Replaying

Repudiation

Threat to Integrity
Passive Versus Active Attacks

Bob
Alice

 Alice and Bob want to communicate in presence of adversaries


 Adversaries:
 Passive – just looking
 Active – may change msgs
Categorization of passive and
active attacks
Attacks Passive/Active Threatening
Snooping Passive Confidentiality
Traffic Analysis

Modification Active Integrity


Masquerading
Replaying
Repudiation

Denial of Service Active Availability


Security Service

 Enhance security of data processing systems and


information transfers of an organization
 Intended to counter security attacks
 Using one or more security mechanisms
 X.800 defines a security service as
“a service provided by a protocol layer of communicating
open systems, which ensures adequate security of the
systems or of data transfers”

15
Protection
 In one protection model, computer consists of a
collection of objects, hardware or software

 Each object has a unique name and can be accessed


through a well-defined set of operations

 Protection problem - ensure that each object is accessed


correctly and only by those processes that are allowed to
do so
Principles of Protection
 Guiding principle – principle of least privilege
 Programs, users and systems should be given just enough privileges to
perform their tasks
 Limits damage if entity has a bug, gets abused
 Can be static (during life of system, during life of process)
 Or dynamic (changed by process as needed) – domain switching, privilege
escalation
 “Need to know” a similar concept regarding access to data
 Must consider “grain” aspect
 Rough-grained privilege management easier, simpler, but least privilege now
done in large chunks
 Fine-grained management more complex, more overhead, but more protective
 File ACL lists, RBAC
 Domain can be user, process, procedure
Domain Structure

 Access-right = <object-name, rights-set>


where rights-set is a subset of all valid operations that can be
performed on the object

 Domain = set of access-rights


Access control
prevention of the unauthorized use of a resource, that is
this service controls
- who can have access to a resource
- under what condition access can occur
- what those accessing are allowed to do

19
Access Matrix

 View protection as a matrix (access matrix)

 Rows represent domains

 Columns represent objects

 Access(i, j) is the set of operations that a process executing in


Domaini can invoke on Objectj
Access Matrix
Role-based Access Control in Solaris 10
Summary of today’s lecture
 In today’s lecture, we talked about security through
obscurity
 We also learnt about different types of attacks such as
Active and Passive attacks.
 We have developed an understanding about access
rights and how to use access metrix
Next lecture topics
 We will discuss different types of security attacks such
as virus, worms, Trojan horse etc.
 DoS attacks, DDoS attacks and its different types
The End

You might also like