1

04/29/2024
Eng. Mohamed Jaambiir
Computer Network Security
COS-413

Lecture Two
Eng. Mohamed Jaambiir
 2
Aspects of Security

There are six principles of security. They are as follows:

Confidentiality:
 The principles of confidentiality assert that information and functions can be accessed only by
authorized parties.
Integrity:
 The principles of integrity assert that information and functions can be added, altered, or removed
only by authorized people.
Availability:
 The principles of availability assert that systems, functions, and data must be available on-demand
according to agreed-upon parameters based on levels of service.
Eng. Mohamed Jaambiir 04/29/2024
 3

Non-repudiation:
 Nonrepudiation provides proof of the origin, authenticity and integrity of data. It provides
assurance to the sender that its message was delivered, as well as proof of the sender's identity to
the recipient. This way, neither party can deny that a message was sent, received and processed.
Access control:
 Access control is an essential element of security that determines who is allowed to access certain
data, apps, and resources—and in what circumstances.
Authorization:
 Authorization species the rights of actors to access resources. This includes the rights to view or
change information on a shared system or database, as well as rights to know or alter the content
of certain communications.

Eng. Mohamed Jaambiir 04/29/2024

 4
We can distinguish two types of attacks:

I. Active attack:
 An attempt to alter system resources or affect their operation.
II. Passive attack:
 An attempt to learn or make use of information from the system that does not
affect system resources.

Eng. Mohamed Jaambiir 04/29/2024

 5
We can also classify attacks based on the
origin of the attack:

I. Inside attack:
 Initiated by an entity inside the security perimeter (an “ insider”). The insider is
authorized to access system resources but uses them in a way not approved by those
who granted the authorization.
II. Outside attack:
 Initiated from outside the perimeter, by an unauthorized or illegitimate user of the
system (an “outsider”). On the Internet, potential Outside attackers range from
amateur pranksters to organized criminals, international terrorists, and hostile
governments.

Eng. Mohamed Jaambiir 04/29/2024

 6
Attack surfaces can be categorized in the
following way:

I. Network attack surface:

 This category refers to vulnerabilities over an enterprise network, wide-area network, or the
Internet. Included in this category are network protocol vulnerabilities, such as those used for a
denial-of-service attack, disruption of communications links, and various forms of intruder
attacks.
II. Software attack surface:
 This refers to vulnerabilities in application, utility, or operating system code. A particular focus
in this category is Web server software.
III. Human attack surface:
 This category refers to vulnerabilities created by personnel or outsiders, such as social
engineering, human error, and trusted insiders.
Eng. Mohamed Jaambiir 04/29/2024
Threat Consequence Threat Action (Attack)
Unauthorized Disclosure: Exposure: Sensitive data are directly released to an unauthorized entity.
A circumstance or event whereby an entity Interception: An unauthorized entity directly accesses sensitive data traveling
gains access to data for which the entity is not between authorized sources and destinations. 7
authorized. Inference: A threat action whereby an unauthorized entity indirectly accesses
sensitive data (but not necessarily the data contained in the communication)
by reasoning from characteristics or by-products of communications.
Intrusion: An unauthorized entity gains access to sensitive data by
circumventing a system’s security protections.
Deception: Masquerade: An unauthorized entity gains access to a system or performs a
A circumstance or event that may result in an malicious act by posing as an authorized entity.
authorized entity Falsification: False data deceive an authorized entity.
receiving false data and believing it to be true. Repudiation: An entity deceives another by falsely denying responsibility for an
act.
Disruption: Incapacitation: Prevents or interrupts system operation by disabling a system
A circumstance or event that interrupts or component.
prevents the correct operation of system Corruption: Undesirably alters system operation by adversely modifying system
services and functions. functions or data.
Obstruction: A threat action that interrupts delivery of system services by
hindering system operation.
Usurpation: Misappropriation: An entity assumes unauthorized logical or physical control
A circumstance or event that results in control of a system resource.
of system services or functions by an Misuse: Causes a system component to perform a function or service that is
unauthorized entity. detrimental to system security.
Eng. Mohamed Jaambiir 04/29/2024
 8
Security Policy

In developing a security policy, a security manager needs to consider the

following factors:
 The value of the assets being protected.
 The vulnerabilities of the system.
 Potential threats and the likelihood of attacks.
 Ease of use versus security.
 Cost of security versus cost of failure and recovery.

Eng. Mohamed Jaambiir 04/29/2024

 9
Security Implementation

Security implementation involves four complementary courses of action:

I. Prevention:
 helps reduce the risk of those incidents from happening in the first place.
II. Detection:
 Monitoring and responding are the methods of detection. As soon as a breach is recognized, fail-safes and
alarms can help to stop the bleeding before it’s too late.
III. Response:
I. focuses on minimizing and containing the damage which may include shutting down the systems or
disconnecting victim systems from the network
IV. Recovery:
 An example of recovery is the use of backup systems, so that if data integrity is compromised, a prior, correct
04/29/2024
copy
Eng. Mohamed of the data can be reloaded.
Jaambiir
 10
The Ten Security Principles

Eng. Mohamed Jaambiir 04/29/2024

 11

Economy of mechanism Fail-safe defaults

This principle defines that the  This principle says that if any
security measures implemented in user wants access to any
the software and the hardware must mechanism then whether the
be simple and small. access is permitted or denied
should be based on authorization
rather than elimination.

Eng. Mohamed Jaambiir 04/29/2024

 12

Complete mediation Open design

 This principle says that the  According to this principle, the

system should not trust the access security architecture and design of
decisions it recovers from the a system should be made publicly
system cache. available.

Eng. Mohamed Jaambiir 04/29/2024

 13

Least privilege
Separation of privilege

 This security principle states that whenever  This principle states that each user
a user tries to gain access to a system, the should be able to access the
access should not be granted based on a system with the least privilege.
single attribute or condition. Instead, there
Only those limited privileges
must be multiple situations or conditions or
attribute which should be verified to grant should be assigned to the user
access to the system. which are essential to perform the
desired task.

Eng. Mohamed Jaambiir 04/29/2024

 14

Least common mechanism Psychological acceptability

 According to this principle, the cost  This principle states that user
of bypass a security mechanism interfaces should be well designed
should be compared with the and intuitive, and all security-
resources of an attacker when related settings should adhere to
designing a security scheme. what an ordinary user might
expect.

Eng. Mohamed Jaambiir 04/29/2024

 15

Compromise recording
Work factor
 This principle states that
 This security principle there should sometimes it is more desirable to
be minimum common functions to record the details of an intrusion
share between the different user. than to adopt more sophisticated
measures to prevent it.

Eng. Mohamed Jaambiir 04/29/2024

 16
Cryptographic terminology
1. Plaintext
 plaintext is an unencrypted, readable, plain message that anyone can read.
2. Ciphertext
 Ciphertext is the result of the encryption process.
3. Encryption
 is the process of applying a mathematical function to turn plaintext to cipher text
4. Decryption
 turning ciphertext back to plaintext.
5. Keys
 The encryption process requires a cryptographic key that tells the algorithm how to transform the plaintext into ciphertext
6. Hash
 an encryption algorithm to convert your plaintext password to a hash. A hash is different from encryption in that once the
Eng. Mohamed Jaambiir 04/29/2024
data is hashed, it cannot be unhashed.
 17
Attack models in cryptography.

 The first thing we must admit is that the attacker knows the encryption and decryption
functions. This is known as Kerckhoffs’ Principle.
Lars Knudsen, a Danish researcher, proposed the following division for determining the scale
of attacker's success:
 Total break: deducing and obtaining a secret key.
 Global deduction: discovering an algorithm, which allows to decrypt many messages,
without knowing the actual secret key.
 Local deduction: discovering an original plaintext of the specific given ciphertext.
 Information deduction: obtaining some information about the secret key or original message
(for example, a few bits of the key or information about a plaintext format).
Eng. Mohamed Jaambiir 04/29/2024
 18

The End
Eng. Mohamed Jaambiir 04/29/2024