Week 01

1
Week 01

• Attacks, Services and Mechanisms
• (2007? 9? 11? 9??)

2
outline

• Attacks, services and mechanisms
• Security attacks
• Security services
• A model for network Security
• Methods of Defense
• Internet standards and RFCs

3
Internet Security

• Computer security
• Designed to protect data and to thwart hackers
• Network security (Internet security)
• Needed to protect data during their transmission

4
Attacks, Services and Mechanisms

• Security Attack Any action that compromises the
  security of information.
• Security Mechanism A mechanism that is designed
  to detect, prevent, or recover from a security
  attack.
• Security Service A service that enhances the
  security of data processing systems and
  information transfers. A security service makes
  use of one or more security mechanisms.

5
Security Attacks

• Interruption This is an attack on availability
• Interception This is an attack on
  confidentiality
• Modification This is an attack on integrity
• Fabrication This is an attack on authenticity

6
Security Goals
Confidentiality
Integrity
Avalaibility
7
(No Transcript)
8
(No Transcript)
9
Security Services

• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
• Denial of Service Attacks
• Virus that deletes files

10
Security Services

• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
• Denial of Service Attacks
• Virus that deletes files

11
Security Services

• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
• Denial of Service Attacks
• Virus that deletes files

12
Security Services

• Confidentiality (privacy)
• Authentication (who created or sent the data)
• Integrity (has not been altered)
• Non-repudiation (the order is final)
• Access control (prevent misuse of resources)
• Availability (permanence, non-erasure)
• Denial of Service Attacks
• Virus that deletes files

13
(No Transcript)
14
Security Mechanisms
15
4 basic tasks in designing a particular security
services

• Design an algorithm for performing the
  security-related transformation
• Generate the secret information
• Develop methods for the distribution of the
  secret information
• Specify protocol to be used by the two principles
  that makes use of the sec. algorithm and the
  secret information

16
Methods of Defense relating unwanted access

• Password-based login procedures
• Screening logic to detect and reject worms,
  viruses, and other similar attacks
• Internal controls that monitor activity and
  analyze stored information

17
IETF Areas and Working Groups
18
Recommended Reading

• Pfleeger, C. Security in Computing. Prentice
  Hall, 1997.
• Mel, H.X. Baker, D. Cryptography Decrypted.
  Addison Wesley, 2001.