Notes on Network Security - Introduction. Security comes in all shapes and sizes, ranging from problems with software on a computer, to the integrity of. Introduction. Page 3. 3. © , Cisco Systems, Inc. NTW Network Security Components Source: CSI/FBI Computer Crime and Security Survey. Many good books covering computer or network security are available. some lag time between the introduction of a new virus and a vendor updating its.
|Language:||English, Spanish, Hindi|
|Genre:||Politics & Laws|
|ePub File Size:||26.74 MB|
|PDF File Size:||11.68 MB|
|Distribution:||Free* [*Regsitration Required]|
Passwords, Tokens, PKI, Biometrics. • Secure Connectivity. Work Happens Everywhere, Virtual Private Networks. • Intrusion Protection. Network, Host. • Security. Introduction to networks. ▻ Network security protocols. ◦ SSL/TLS. ◦ IPsec. ▻ Firewall technologies. ▻ Intrusion detection. EIT - Computer. IRJMST Vol 5 Issue 5 [Year ] ISSN – (0nline) – (Print) Introduction to Network Security, Attacks and Services Aruna Tiwari.
The insertion of bits into gaps stream to frustrate traffic analysis attempts. Please check your email for instructions on resetting your password. Log In Sign Up. In a Replay attacks , a user captures a sequence of events or some data units and re-sends them. The data that is traveling can be encoded some ways.
However , if many message are passing through , a passive attacker could try to figure out similarities between them to come up with some sort of pattern the provides her some class regarding the communication that is taking place. Such attempts of analyzing message to come up with likely patterns are the work of the traffic analysis attack.
In Active attacks , the contents of the original message are modified in the same way. Active attacks are three types: Masquerade is caused when an unauthorized entity pretends to be another entity. In this attacks, an entity poses an another entity. In this attacks, usually some other forms of active attacks are also embedded. In a Replay attacks , a user captures a sequence of events or some data units and re-sends them. Alteration of message involves some change to the original message.
For instance , an unauthorized user might send too many login requests to a server using random user ids one after the other quick succession, so as to flood the network and deny other legitimate user from using the network facilities.
The Practical Side of Attacks: Security attacks can happen at the application level or network level. These attacks happen at an application level in the sense that the attacker attempts to access, modify or prevent to information of a particular application or to the application itself.
These attacks generally aim at reducing the capabilities of a network by a number of possible means. These attacks generally make attempt to either slow down or completely bring to halt, a computer network. Program That Attacks: Let us discuss a few programs that attacks computer systems to cause damage or to create confusion.
A virus is a computer program that attaches itself to another legitimate program and causes damage to the computer system or to the network. Similar in concept to a virus, a worm is actually different in implementation. A worm does not perform any destructive actions and instead, only consumes system resources to bring it down.
A Trojan Horse is a hidden piece of code, like a virus. However, the purpose of a Trojan horse is different.
A Trojan horse allows an attacker to obtain some confidential information about a computer or a network. Java applets and ActiveX controls are small client-side programs that might cause security problems, if used by attackers with a malicious intention.
Specific Attacks: A packet, like a postal envelope contains the actual data to be sent and the addressing information. Attackers target these packets , as they travel from the source computer to the destination computer over the internet.
These attacks take two forms. An attacker need not hijack a conversation, but instead, can simply observe packets needs to be protected in some ways. This can be done at two level: The data that is traveling can be encoded some ways.
The transmission link itself can be can be encoded. To read a packet , the computer via which the traffic goes through.
Usually, this is a router. However , routers are highly protected resources. Therefore , an attacker might not be able to attack a less protected computer on the same path. In this technique, an attacker sends packets with a false source address. When this happens, the receiver would inadvertently send replies back to this forged address are not to the attacker. This can lead to three possible cases: The attacker can intercept the reply- If the attacker is between the destination and forged source, the attacker can see the reply and use that information for hijacking attacks.
IV Security Services There following categories of security services: The assurance that the communicating entity is the one that is claims to be. Used in association with a logical connection to provide confidence in the identity of the entities connected. In a connectionless transfer , provides assurance that the source of received data is as claimed.
Access Control: In the context of network security , access control is the ability to limit and control the access to host systems and application via communications links. To achieve this , each entity trying to gain access must first be identified , or authenticated ,so that access rights can be tailored to the individual.
Data Confidentiality: The protection of data from unauthorized disclosure. The protection of all user data on a connection. The protection of all user data in single data block. The confidentiality of selected fields within the user data on a connection or in a single data block.
The protection of the information that might be derived from observation of traffic flows.
Data Integrity: The assurance that data received are exactly as sent by an authorized entity i. Provides for the integrity of all user data on a connection and detects any modification, insertion , deletion , or replay of any data within recovery attempted.
As above , but provides only detection without recovery. Provides for the integrity of selected fields within the user data of data block transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted , deleted or replayed. Provides for the integrity of a single connectionless data block and may take the form of detection of data modification. Additionally , a limited form of replay detection may be provided.
Provides for the integrity of selected fields connectionless data block; takes the form of determination of whether the selected fields have been modified. Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Proof that the message was sent by specified party. Proof that the message was received by the specified party.
V Security Mechanisms 1. Specific Security Mechanisms: May be incorporated into the appropriate protocol layer in order to provide some of OSI security services. The transformation and subsequent recovery of the data depend on the algorithm and zero or more encryption keys. Data appended to , or a cryptographic transformation of , a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.
A variety of mechanisms that enforce access rights to resources. A variety of mechanisms used to assure the integrity of a data unit of stream of data units. A mechanisms intended to ensure the identity of an entity by means of information exchange.
The insertion of bits into gaps stream to frustrate traffic analysis attempts. Enables selection of particular physically secure routes for certain data S. The use of trusted third party to assure certain properties of a data exchange.
A message is to be transferred from one party to another across some sort of internet. The two parties , who are principals in this transaction , must cooperate for the exchange to take place. To achieve the goal of network security, one must first understand the attackers, what could become their targets, and how these targets might be attacked.
The tasks of network security are to provide confidentiality, integrity, nonrepudiation, and availability of useful data that are transmitted in public networks or stored in networked computers.
Building a deep layered defense system is the best possible defense tactic in network security. Within this type of defense system, multiple layers of defense mechanisms are used to resist possible attacks.
Introduction to Network Security: Theory and Practice.
Please check your email for instructions on resetting your password. If you do not receive an email within 10 minutes, your email address may not be registered, and you may need to create a new Wiley Online Library account. If the address matches an existing account you will receive an email with instructions to retrieve your username. Chapter 1. Zachary A. Book Author s: First published: Tools Request permission Export citation Add to favorites Track citation.
Share Give access Share full text access. Share full text access.