King Fahd University of Petroleum & Minerals

College of Computer Science & Engineering

SEC 521: Network Security

Lecture 1
Network Security
Essentials
 Objectives

n  Describe the key security requirements of

confidentiality, integrity, and availability.
n  Describe the X.800 security architecture for OSI.
n  Discuss the types of security threats and attacks that
must be dealt with and give examples of the types
of threats and attacks that apply to different
categories of computer and network assets.
n  Explain the fundamental security design principles.
n  Discuss the use of attack surfaces and attack trees.
n  List and briefly describe key organizations involved
in cryptography standards.

2 SEC 521 Networks Security

 Overview

n  Computer security concepts

n  The O S I security architecture
n  Security attacks
n  Security services
n  Security mechanisms
n  Fundamental security design principles
n  Network security model
n  Standards

3 SEC 521 Networks Security

 Computer Security

The NIST Computer Security Handbook defines the

term computer security as:
“the protection afforded to an automated information system
in order to attain the applicable objectives of preserving the
integrity, availability and confidentiality of information system
resources” (includes hardware, software, firmware,
information/data, and telecommunications)

4 SEC 521 Networks Security

 Data vs. Information

Information
Data n  Data with context

n  Just raw facts n  Processed data

n  No context n  Value-added to data

n  Only numbers or n  summarized

text n  organized
n  analyzed
 Data vs. Information

n  Data: 98123
n  Information:
n  23/01/98 The date of the final exam
n  $98,123 is a salary
n  98123 is a house number
 Data vs. Information

Data Information
n  6.34
n  6.45 SIRIUS SATELLITE RADIO INC.

n  6.39 $7.20

$7.00
n  6.62 $6.80

6.57
Stock Price
$6.60
n 
$6.40
n  6.64 $6.20

n  6.71 $6.00

$5.80
n  6.82 1 2 3 4 5 6 7 8 9 10
Last 10 Days
n  7.12
n  7.06
Data à Information
Data

Summarizing the data

Averaging the data
Selecting part of the data
Graphing the data
Adding context
Adding value

Information
Information à Knowledge
Information

How is the info tied to outcomes?

Are there any patterns in the info?
What info is relevant to the problem?
How does this info effect the system?
What is the best way to use the info?
How can we add more value to the info?

Knowledge
 Information Systems

Generic Goal:
n  Transform Data into Information

n  Manipulate/Present Data/Information/Knowledge

n  At the Core of an Information System is a Database (raw

data).
Information Assurance
 Information Assurance and Security

n  Information assurance and security is the management and

protection of knowledge, information, and data
n  It combines two fields:
n  Information assurance: Measures that protect and defend information
and information systems by ensuring their availability, integrity,
authentication, confidentiality, and non-repudiation. These measures
include providing for restoration of information systems by incorporating
protection, detection, and reaction capabilities
n  Information security: which centers on the protection of information
and information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction in order to provide confidentiality,
integrity, and availability

National Information Assurance (IA) Glossary

 Need for Information Security

n  Exposing user accounts

n  3 billion Yahoo user accounts in 2013
n  5 million Gmail user accounts in 2014
n  Harvard students/faculty information in 2015
n  Pennsylvania State student/faculty information in 2014
n  Wiping entire hard disks
n  Aramco Shamoon 1, 2012 and Shamoon 2, end of 2016
n  South Korean banks and media organizations in 2013
n  Sony Pictures Entertainment in 2014
 Need for Information Security: Economy Impact

n  7.7 million dollars per company worldwide

n  6.5 million dollars per US organization
n  Zero-day attack will cost 27 billion pound per year
n  Zero-day ransomware attacks
n  CryptoLocker , CryptoWall, WannaCry, Jigsaw, TeslaCrypt,
Bad Rabbit, and Petya
n  CryptoLocker, 30 million dollars
n  Wannacry, 150 countries 4 billion dollars
Security Life Cycle
 Defining Information Security

q  Information security protects information that

has value, protecting “CIA”:

q  Confidentiality
q  Integrity
q  Availability
Information Security Goals
 Confidentiality

Confidentiality is probably the most common aspect of

information security. We need to protect our confidential
information. An organization needs to guard against those
malicious actions that endanger the confidentiality of its
information.
 Integrity

Information needs to be changed constantly.

Integrity means that changes need to be done only
by authorized entities and through authorized
mechanisms.
 Availability

The information created and stored by an

organization needs to be available to authorized
entities. Information needs to be constantly
changed, which means it must be accessible to
authorized entities.
 Overview of Attacks

The three goals of security ⎯ confidentiality, integrity, and

availability ⎯ can be threatened by security attacks.

Taxonomy of attacks with relation to security goals

 Attacks Threatening Confidentiality

Snooping refers to unauthorized access to or interception

of data.

Traffic analysis refers to obtaining some other type of

information by monitoring online traffic.
 Attacks Threatening Integrity

Modification means that the attacker intercepts the

message and changes it.

Masquerading or spoofing happens when the attacker

impersonates somebody else.

Replaying means the attacker obtains a copy

of a message sent by a user and later tries to replay it.

Repudiation means that sender of the message might later

deny that she has sent the message; the receiver of the
message might later deny that he has received the
message.
 Attacks Threatening Availability

Denial of service (DoS) is a very common attack. It may

slow down or totally interrupt the service of a system.
 Defenses against Attacks

ž  Althoughmultiple defenses may be

necessary to withstand an attack
ž  These defenses should be based on five
fundamental security principles:
—  Layering
—  Limiting
—  Diversity
—  Obscurity
—  Simplicity
 Layering

ž  Information security must be created in layers

ž  One defense mechanism may be relatively easy
for an attacker to circumvent
—  Instead, a security system must have layers, making it
unlikely that an attacker has the tools and skills to
break through all the layers of defenses
ž  A layered approach can also be useful in
resisting a variety of attacks
ž  Layered security provides the most
comprehensive protection
 Limiting

ž  Limiting access to information reduces the

threat against it
ž  Only those who must use data should have
access to it
—  In addition, the amount of access granted to
someone should be limited to what that person
needs to know
ž  Some ways to limit access are technology-
based, while others are procedural
 Diversity

ž  Layers must be different (diverse)

—  If attackers penetrate one layer, they cannot use
the same techniques to break through all other
layers
ž  Usingdiverse layers of defense means that
breaching one security layer does not
compromise the whole system
 Obscurity

ž  Anexample of obscurity would be not

revealing the type of computer, operating
system, software, and network connection a
computer uses
—  An attacker who knows that information can more
easily determine the weaknesses of the system to
attack it
ž  Obscuring information can be an important
way to protect information
 Simplicity

ž  Information security is by its very nature complex

ž  Complex security systems can be hard to
understand, troubleshoot, and feel secure about
ž  As much as possible, a secure system should be
simple for those on the inside to understand and
use
ž  Complex security schemes are often easily
compromised.
—  Keeping a system simple from the inside but complex on
the outside can sometimes be difficult but reaps a major
benefit
 Computer Security Objectives (1 of 2)

Confidentiality
n  Data confidentiality

n  Assures that private or confidential information is not made

available or disclosed to unauthorized individuals
n  Privacy
n  Assures that individuals control or influence what
information related to them may be collected and stored
and by whom and to whom that information may be
disclosed

31 SEC 521 Networks Security

 Computer Security Objectives (2 of 2)

Integrity
n  Data integrity

n  Assures that information and programs are changed

only in a specified and authorized manner

n  System integrity

n  Assures that a system performs its intended function

in an unimpaired manner, free from deliberate or

inadvertent unauthorized manipulation of the system
Availability
n  Assures that systems work promptly and service is not

denied to authorized users

32 SEC 521 Networks Security

 Essential Network and Computer Security
Requirements

33 SEC 521 Networks Security

 Breach of Security Levels of Impact

n  High
n  The loss could be expected to have a severe or

catastrophic adverse effect on organizational

operations, organizational assets, or individuals
n  Moderate
n  The loss could be expected to have a serious adverse

effect on organizational operations, organizational

assets, or individuals
n  Low
n  The loss could be expected to have a limited adverse

effect on organizational operations, organizational

assets, or individuals

34 SEC 521 Networks Security

 Computer Security Challenges

n  Security is not simple n  Security mechanisms

typically involve more than a
n  Potential attacks on the
particular algorithm or
security features need to be
protocol
considered
n  Security is essentially a
n  Procedures used to provide
battle of wits between a
particular services are often
perpetrator and the designer
counter-intuitive
n  Little benefit from security
n  It is necessary to decide
investment is perceived until
where to use the various
a security failure occurs
security mechanisms
n  Strong security is often
n  Requires constant
viewed as an impediment to
monitoring
efficient and user-friendly
n  Is too often an afterthought operation

35 SEC 521 Networks Security

 OSI Security Architecture

n  Security attack
n  Any action that compromises the security of information

owned by an organization
n  Security mechanism
n  A process (or a device incorporating such a process) that is

designed to detect, prevent, or recover from a security

attack
n  Security service
n  A processing or communication service that enhances the

security of the data processing systems and the information

transfers of an organization
n  Intended to counter security attacks, and they make use of

one or more security mechanisms to provide the service

36 SEC 521 Networks Security

 Threats and Attacks (RFC 4949)

Threat
n  A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security
and cause harm. That is, a threat is a possible danger that might
exploit a vulnerability.
Attack
n  An assault on system security that derives from an intelligent threat;
that is, an intelligent act that is a deliberate attempt (especially in the
sense of a method or technique) to evade security services and violate
the security policy of a system.

37 SEC 521 Networks Security

 Security Attacks

n  A means of classifying
security attacks, used both Darth

in X.800 and RFC 4949, is in

terms of passive attacks and
active attacks
Internet or
other comms facility

Bob Alice

n  A passive attack attempts to (a) Passive attacks

learn or make use of

information from the system
but does not affect system Darth

resources 1 2

An active attack attempts to

3

n  Internet or
other comms facility

alter system resources or Bob

(b) Active attacks
Alice

affect their operation Figure 1.2 Security Attacks

38 SEC 521 Networks Security

 Passive Attacks

n  Are in the nature of eavesdropping on, or monitoring

of, transmissions
n  Goal of the opponent is to obtain information that is
being transmitted
n  Two types of passive attacks are:
n  The release of message contents
n  Traffic analysis

39 SEC 521 Networks Security

 Active Attacks (1 of 2)

n  Involve some modification of the data stream or the

creation of a false stream
n  Difficult to prevent because of the wide variety of
potential physical, software, and network
vulnerabilities
n  Goal is to detect attacks and to recover from any
disruption or delays caused by them

40 SEC 521 Networks Security

 Active Attacks (2 of 2)

Masquerade
n  Takes place when one entity pretends to be a different entity Usually
includes one of the other forms of active attack
Replay
n  Involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect
Modification of messages
n  Some portion of a legitimate message is altered, or messages are
delayed or reordered to produce an unauthorized effect
Denial of service
n  Prevents or inhibits the normal use or management of
communications facilities

41 SEC 521 Networks Security

 Security Services

Defined by X.800 as:

n  A service provided by a protocol layer of
communicating open systems and that ensures
adequate security of the systems or of data transfers
Defined by RFC 4949 as:
n  A processing or communication service provided by
a system to give a specific kind of protection to
system resources

42 SEC 521 Networks Security

 Security Services (X.800) (1 of 7)

Authentication
n  The assurance that the communicating entity is the

one that it claims to be.

Peer Entity Authentication
n  Used in association with a logical connection to

provide confidence in the identity of the entities

connected.
Data-Origin Authentication
n  In a connectionless transfer, provides assurance that

the source of received data is as claimed.

43 SEC 521 Networks Security

 Security Services (X.800) (2 of 7)

Access Control
n  The prevention of unauthorized use of a resource

(i.e., this service controls who can have access to a

resource, under what conditions access can occur.
and what those accessing the resource are allowed
to do).
Data Confidentiality
n  The protection of data from unauthorized disclosure.

Connection Confidentiality
n  The protection of all user data on a connection.

44 SEC 521 Networks Security

 Security Services (X.800) (3 of 7)

Connectionless Confidentiality
n  The protection of all user data in a single data block

Selective-Field Confidentiality
n  The confidentiality of selected fields within the user

data on a connection or in a single data block.

Traffic-Flow Confidentiality
n  The protection of the information that might be

derived from observation of traffic flows.

45 SEC 521 Networks Security

 Security Services (X.800) (4 of 7)

Data Integrity
n  The assurance that data received are exactly as sent

by an authorized entity (i.e., contain no

modification, insertion, deletion, or replay).
Connection Integrity with Recovery
n  Provides for the integrity of all user data on a

connection and detects any modification. Insertion,

deletion, or replay of any data within an entire data
sequence, with recovery attempted.

46 SEC 521 Networks Security

 Security Services (X.800) (5 of 7)

Connection Integrity without Recovery

n  As above, but provides only detection without recovery.

Selective-Field Connection Integrity

n  Provides for the integrity of selected fields within the user data

of a data block transferred over a connection and takes the

form of determination of whether the selected fields have been
modified, inserted, deleted, or replayed.
Connectionless Integrity
n  Provides for the integrity of a single connectionless data block
and may take the form of detection of data modification.
Additionally, a limited form of replay detection may be
provided.

47 SEC 521 Networks Security

 Security Services (X.800) (6 of 7)

Selective-Field Connectionless Integrity

n  Provides for the integrity of selected fields within a

single connectionless data block; takes the form of

determination of whether the selected fields have
been modified.
Nonrepudiation
n  Provides protection against denial by one of the
entities involved in a communication of having
participated in all or part of the communication.

48 SEC 521 Networks Security

 Security Services (X.800) (7 of 7)

Nonrepudiation, Origin
n  Proof that the message was sent by the specified

party.
Nonrepudiation, Destination
n  Proof that the message was received by the

specified art.

49 SEC 521 Networks Security

 Authentication (1 of 2)

n  Concerned with assuring that a communication is

authentic
n  In the case of a single message, assures the recipient that
the message is from the source that it claims to be from
n  In the case of ongoing interaction, assures the two entities
are authentic and that the connection is not interfered with
in such a way that a third party can masquerade as one of
the two legitimate parties

50 SEC 521 Networks Security

 Authentication (2 of 2)

n  Two specific authentication services are defined in

X.800:
n  Peer entity authentication
n  Data origin authentication

51 SEC 521 Networks Security

 Access Control

n  The ability to limit and control the access to host

systems and applications via communications links
n  To achieve this, each entity trying to gain access
must first be indentified, or authenticated, so that
access rights can be tailored to the individual

52 SEC 521 Networks Security

 Data Confidentiality

n  The protection of transmitted data from passive

attacks
n  Broadest service protects all user data transmitted between
two users over a period of time
n  Narrower forms of service includes the protection of a
single message or even specific fields within a message
n  The protection of traffic flow from analysis
n  This requires that an attacker not be able to observe the
source and destination, frequency, length, or other
characteristics of the traffic on a communications facility

53 SEC 521 Networks Security

 Data Integrity

n  Can apply to a stream of messages, a single

message, or selected fields within a message
n  Connection-oriented integrity service, one that deals
with a stream of messages, assures that messages
are received as sent with no duplication, insertion,
modification, reordering, or replays
n  A connectionless integrity service, one that deals
with individual messages without regard to any
larger context, generally provides protection against
message modification only

54 SEC 521 Networks Security

 Nonrepudiation

n  Prevents either sender or receiver from denying a

transmitted message
n  When a message is sent, the receiver can prove that
the alleged sender in fact sent the message
n  When a message is received, the sender can prove
that the alleged receiver in fact received the
message

55 SEC 521 Networks Security

 Availability Service

n  Protects a system to ensure its availability

n  This service addresses the security concerns raised
by denial-of-service attacks
n  It depends on proper management and control of
system resources and thus depends on access
control service and other security services

56 SEC 521 Networks Security

 Security Mechanisms (X.800)

n  Specific Security
Mechanisms
n  Encipherment n  Pervasive Security
n  Digital signatures Mechanisms
n  Access controls n  Trusted functionality
n  Data integrity n  Security labels
n  Authentication n  Event detection
exchange n  Security audit trails
n  Traffic padding n  Security recovery
n  Routing control
n  Notarization

57 SEC 521 Networks Security

 Security Mechanisms (X.800)
(1 of 5)

Specific Security Mechanisms

n  May be incorporated into the appropriate protocol

layer in order to provide some of the O S I security

services.
Encipherment
n  The use of mathematical algorithms to transform

data into a form that is not readily intelligible. The

transformation and subsequent recovery of the data
depend on an algorithm and zero or more
encryption keys.

58 SEC 521 Networks Security

 Security Mechanisms (X.800)
(2 of 5)

Digital Signature
n  Data appended to, or a cryptographic transformation of,

a data unit that allows a recipient of the data unit to

prove the source and integrity of the data unit and
protect against forgery (e.g., by the recipient).
Access Control
n  A variety of mechanisms that enforce access rights to

resources.
Data Integrity
n  A variety of mechanisms used to assure the integrity of a

data unit or stream of data units.

59 SEC 521 Networks Security

 Security Mechanisms (X.800)
(3 of 5)

Authentication Exchange
n  A mechanism intended to ensure the identity of an

entity by means Of information exchange.

Traffic Padding
n  The insertion of bits into gaps in a data stream to

frustrate traffic analysis attempts.

Routing Control
n  Enables selection of particular physically secure

routes for certain data and allows routing changes,

especially when a breach of security is suspected.

60 SEC 521 Networks Security

 Security Mechanisms (X.800)
(4 of 5)

Notarization
n  The use of a trusted third party to assure certain of a data
exchange
Pervasive Security Mechanisms
n  Mechanisms that are not specific to any particular OSI security

service or protocol layer.

Trusted Functionality
n  That which is perceived to be correct With respect to some

criteria (e.g., as established by a security policy).

Security Label
n  The marking bound to a resource (which may be a data unit)

that names or designates the security attributes of that

resource.

61 SEC 521 Networks Security

 Security Mechanisms (X.800)
(5 of 5)

Event Detection
n  Detection of security-relevant events.

Security Audit Trail

n  Data collected and potentially used to facilitate a

security audit, which is an independent review and

examination of System records and activities.
Security Recovery
n  Deals with requests from mechanisms, such as

event handling and management functions, and

takes recovery actions.

62 SEC 521 Networks Security

 Fundamental Security Design Principles
(1 of 8)

n  Economy of n  Least common

mechanism mechanism
n  Fail-safe defaults n  Psychological
n  Complete acceptability
meditation n  Isolation
n  Open design n  Encapsulation
n  Separation of n  Modularity
privilege n  Layering
n  Least privilege n  Least astonishment

63 SEC 521 Networks Security

 Fundamental Security Design Principles
(2 of 8)

Economy of mechanism
n  Means that the design of Fail-safe defaults
security measures embodied in n  Means that access decisions
both hardware and software should be based on permission
should be as simple and small rather than exclusion
as possible n  The default situation is lack of
n  Relatively simple, small design access, and the protection
is easier to test and verify scheme identifies conditions
thoroughly under which access is
n  With a complex design, there permitted
are many more opportunities n  Most file access systems and
for an adversary to discover virtually all protected services
subtle weaknesses to exploit on client/server use fail-safe
that may be difficult to spot defaults
ahead of time

64 SEC 521 Networks Security

 Fundamental Security Design Principles
(3 of 8)

Complete mediation
n  Means that every access must
Open design
be checked against the access
n  Means that the design of a
control mechanism
security mechanism should be
n  Systems should not rely on
open rather than secret
access decisions retrieved from
n  Although encryption keys must
a cache
be secret, encryption
n  To fully implement this, every
algorithms should be open to
time a user reads a field or public scrutiny
record in a file, or a data item
in a database, the system must n  Is the philosophy behind the NI
exercise access control ST program of standardizing
encryption and hash algorithms
n  This resource-intensive
approach is rarely used

65 SEC 521 Networks Security

 Fundamental Security Design Principles
(4 of 8)

Least privilege
n  Means that every process and
Separation of privilege every user of the system should
operate using the least set of
n  Defined as a practice in which
privileges necessary to perform
multiple privilege attributes are
the task
required to achieve access to a
restricted resource n  An example of the use of this
principle is role-based access
n  Multifactor user authentication
control; the system security
is an example which requires
policy can identify and define
the use of multiple techniques,
the various roles of users or
such as a password and a
processes and each role is
smart card, to authorize a user
assigned only those
permissions needed to perform
its functions

66 SEC 521 Networks Security

 Fundamental Security Design Principles
(5 of 8)

Psychological acceptability

Least common mechanism n  Implies that the security

n  Means that the design should mechanisms should not interfere
minimize the functions shared by unduly with the work of users,
different users, providing mutual while at the same time meeting the
security needs of those who authorize
access
n  This principle helps reduce the
number of unintended n  Where possible, security
communication paths and reduces mechanisms should be transparent
the amount of hardware and to the users of the system or, at
software on which all users depend, most, introduce minimal obstruction
thus making it easier to verify if
there are any undesirable security n  In addition to not being intrusive or
implications burdensome, security procedures
must reflect the user’s mental
model of protection

67 SEC 521 Networks Security

 Fundamental Security Design Principles
(6 of 8)

Isolation
Encapsulation
n  Applies in three contexts:
n  Can be viewed as a specific
n  Public access systems
form of isolation based on
should be isolated from
object-oriented functionality
critical resources to prevent
disclosure or tampering n  Protection is provided by
encapsulating a collection of
n  Processes and files of
procedures and data objects in
individual users should be
a domain of its own so that the
isolated from one another
internal structure of a data
except where it is explicitly
object is accessible only to the
desired
procedures of the protected
n  Security mechanisms
subsystem, and the procedures
should be isolated in the may be called only at
sense of preventing access designated domain entry points
to those mechanisms

68 SEC 521 Networks Security

 Fundamental Security Design Principles
(7 of 8)

Layering
n  Refers to the use of
Modularity multiple, overlapping
n  Refers both to the protection approaches
development of security addressing the people,
functions as separate, technology, and
protected modules and to operational aspects of
the use of a modular information systems
architecture for n  The failure or
mechanism design and circumvention of any
implementation individual protection
approach will not leave
the system unprotected

69 SEC 521 Networks Security

 Fundamental Security Design Principles
(8 of 8)

Least astonishment
n  Means that a program or user interface should

always respond in the way that is least likely to

astonish the user
n  The mechanism for authorization should be

transparent enough to a user that the user has a

good intuitive understanding of how the security
goals map to the provided security mechanism

70 SEC 521 Networks Security

 Attack Surfaces

n  An attack surface consists of the reachable and

exploitable vulnerabilities in a system
n  Examples:
n  Open ports on outward facing Web and other servers, and
code listening on those ports
n  Services available on the inside of a firewall
n  Code that processes incoming data, email, XML, office
documents, and industry-specific custom data exchange
formats
n  Interfaces, S Q L, and Web forms
n  An employee with access to sensitive information
vulnerable to a social engineering attack

71 SEC 521 Networks Security

 Attack Surface Categories

n  Network attack surface

n  Refers to vulnerabilities over an enterprise network, wide-
area network, or the Internet
n  Software attack surface
n  Refers to vulnerabilities in application, utility, or operating
system code
n  Human attack surface
n  Refers to vulnerabilities created by personnel or outsiders

72 SEC 521 Networks Security

 Defense in Depth and Attack Surface

73 SEC 521 Networks Security

 Attack Tree

n  A branching, hierarchical data structure that

represents a set of potential techniques for
exploiting security vulnerabilities
n  The security incident that is the goal of the attack is
represented as the root node of the tree, and the
ways that an attacker could reach that goal are
represented as branches and subnodes of the tree
n  The final nodes on the paths outward from the root,
(leaf nodes), represent different ways to initiate an
attack
n  The motivation for the use of attack trees is to
effectively exploit the information available on attack
patterns

74 SEC 521 Networks Security

 An Attack Tree for Internet Banking
Authentication

75 SEC 521 Networks Security

 Model for Network Security

76 SEC 521 Networks Security

 Network Access Security Model

77 SEC 521 Networks Security

 Unwanted Access

n  Placement in a computer system of logic that exploits

vulnerabilities in the system and that can affect
application programs as well as utility programs such as
editors and compilers
n  Programs can present two kinds of threats:
n  Information access threats

n  Intercept or modify data on behalf of users who

should not have access to that data

n  Service threats

n  Exploit service flaws in computers to inhibit use by

legitimate users

78 SEC 521 Networks Security

 Standards (1 of 3)

National Institute of Standards and Technology

n  NIST is a U.S. federal agency that deals with measurement science,
standards, and technology related to U.S. government use and to the
promotion of U.S. private-sector innovation
n  Despite its national scope, NIST Federal Information Processing
Standards (FIPS) and Special Publications (SP) have a worldwide
impact
Internet Society
n  ISOC is a professional membership society with world-wide
organizational and individual membership
n  Provides leadership in addressing issues that confront the future of
the Internet and is the organization home for the groups responsible
for Internet infrastructure standards

79 SEC 521 Networks Security

 Standards (2 of 3)

ITU-T
n  The International Telecommunication Union (ITU) is

an international organization within the United

Nations System in which governments and the
private sector coordinate global telecom networks
and services
n  The ITU Telecommunication Standardization Sector

(ITU-T) is one of the three sectors of the ITU and

whose mission is the development of technical
standards covering all fields of telecommunications

80 SEC 521 Networks Security

 Standards (3 of 3)

ISO
n  The International Organization for Standardization is

a world-wide federation of national standards bodies

from more than 140 countries
n  ISO is a nongovernmental organization that

promotes the development of standardization and

related activities with a view to facilitating the
international exchange of goods and services and to
developing cooperation in the spheres of intellectual,
scientific, technological, and economic activity

81 SEC 521 Networks Security

 Critical Thinking Exercises

82 SEC 521 Networks Security

 Summary

n  Computer security n  Security services

concepts n  Authentication
Access control
Definition
n 
n 
n  Data confidentiality
n  Examples
n  Data integrity
n  Challenges n  Nonrepudiation
n  The O S I security n  Availability service
architecture n  Security mechanisms
n  Security attacks n  Fundamental security
n  Passive attacks design principles
n  Active attacks n  Network security
n  Attack surfaces and model
attack trees n  Standards
83 SEC 521 Networks Security