COMPUTER SYSTEMS AND NETWORK

SECURITY

Instructor: Kedir Mohammed

1
 Outline
• What is Security?
• Security trend
• Sources and consequences of risks
• Types of Vulnerabilities
• Security criteria
• Security attack types
• Security services and mechanisms
• Security model (X.800 and X.805)

2
 Computer and Network Security
• What is Security?
 Security is about
• Threats (bad things that may happen,
e.g. your money getting stolen)
• Vulnerabilities (weaknesses in your
defenses, e.g. your front door being
made of thin wood and glass)
• Attacks (ways in which the threats
may be actualized,
• e.g. a thief breaking through your
weak front door while you and the neighbors
are on holiday)
3
Computer and Network Security…

“The most secure

computers are those
not connected
to the Internet and
shielded
from any
interference”

4
 Computer and Network Security…
• Computer security is about
provisions and policies adopted to
protect information and property
from theft, corruption, or natural
disaster
– while allowing the information and
property to remain accessible and
productive to its intended users.
• security of computers against
intruders (e.g.,hackers) and
malicious software (e.g., viruses).

5
 Computer and Network Security…
• Network security on the other hand deals with
provisions and policies adopted to prevent and monitor
unauthorized access, misuse, modification, or denial
of the computer network and network-accessible
resources.

Not Sufficient!!

6
 Security trends
• In 1994, the Internet Architecture Board (IAB) issued a
report entitled "Security in the Internet Architecture" (RFC
1636).
• The report stated the general consensus that the Internet
needs more and better security, and it identified key areas
for security mechanisms.

• Among these were:

– the need to secure the network infrastructure from
unauthorized monitoring and control of network traffic and
– the need to secure end-user-to-end-user traffic using
authentication and encryption mechanisms.

7
 • The trends reported by the Computer Emergency Response
Team (CERT) Coordination Center (CERT/CC)

Internet-related vulnerabilities over a 10-

year period.

These include:

• Security weaknesses in the operating

systems of attached computers
(e.g., Windows, Linux) as well as

• Vulnerabilities in Internet routers and

other network devices.

8
• The number of security-related incidents reported to CERT.
• These include:
– denial of service attacks; IP spoofing, in which intruders create packets
with false IP addresses and exploit applications that use
authentication based on IP;
– various forms of eavesdropping and packet sniffing, in which attackers
read transmitted information, including logon information and database
contents.

9
 Why Cyberecurity is needed?

• Nations, organizations and their

information systems and networks are
faced with security threats from a wide
range of sources, including:
– Computer-assisted fraud
– Sabotage
– Vandalism
– Fire or flood
– Hacking
– Denial of service attacks
– …
10
 Who are the attackers?
• Vandals (Hackers, crackers) driven by intellectual challenge.
• Insiders: employees or customers seeking revenge or gain
informal benefits
• Natural disasters: flooding, fire, storms, earthquake…
• Criminals seeking financial gain.
• Organized crime seeking gain or hiding criminal activities.
• Organized terrorist groups or nation states trying to influence
national policy.
• Foreign agents seeking information (spying) for economic,
political, or military purposes.
• Tactical countermeasures intended to disrupt military
capability.
• Large organized terrorist groups
• Cyber attacks
11
 What kind of War?

• Cyber crime and terrorism has

escalated during recent years
– It is well-organized, advanced technically,
well-financed
• It has adopted a new view
– The old view: quick entry and exit
– The new view: hidden long term presence

We are not prepared for Cyber War –

and it is Economic war now!!
12
 What are the vulnerabilities?
• Physical vulnerabilities (Eg. Computer can be stolen)
• Natural vulnerabilities (Eg. Earthquake)
• Hardware and Software vulnerabilities (Eg. Failures)
• Media vulnerabilities (Eg. Hard disks can be stolen)
• Communication vulnerabilities (Ex. Wires can be
tapped)
• Human vulnerabilities (Eg. Insiders)
• Poorly chosen passwords
• Software bugs (non reliability of software)
– buffer overflow attacks
13
 What are the vulnerabilities?...
• Automatically running active content: active-x, scripts,
Java programs (applet)
• Open ports: telnet, mail
• Incorrect configuration
– file permissions
– administrative privileges
• Untrained users/system administrators
• Trap doors (intentional security holes)
• Unencrypted communication
• Limited Resources (i.e. TCP connections)

14
 Consequences…

• Failure/End of service
• Reduction of QoS, down to Denial of Service (DDoS)
• Internal problems in the enterprise
• Trust decrease from partners (client, providers, share-
holders)
• Technology leakage
• Human consequences (personal data, sensitive data -
medical, insurances, …)

15
 Cyberattack eg SCADA

• Supervisory Control & Data

Acquisition Systems (SCADA)
– Used in energy sector for controlling
processes
– Increasingly becoming remotely
controllable via the Internet / wireless!
– Could SCADA be remotely hijacked?
YES

breaching dams, shutting down power

grids, contaminating water supplies etc…
 Cyberattack surface

Cyber Crime

Will costs $8 trillion greatest transfer of

annually by 2023, economic wealth
growing to $410.5 in history
trillion by 2025

greatest threat the biggest

to every problems
company with
17
mankind.
Cyber crime cost include

• damage and • Fraud

destruction • tele com, e-
of data commerce

theft of
intellectual Technology
property leakage

theft of
DoS and
DDoS
financial
data

• Loss of • lost
tion, productivity
Reputa
brand

18
 Cybersecurity Spending

How about we Ethiopians as a nation

and companies? 19
 Security and privacy criteria
 Properties of Security?
• Security is expressed in terms of:
 Confidentiality (Privacy)
 Integrity
 No repudiation
 Availability (Denial of Service)

• Authentication is a foundations of security

 In its absence, security properties can be violated

20
 Security criteria (in detail)
• To understand the types of threats to security that
exist, first we need to have a definition of
security requirements.
• In this section, different security requirements are
presented.

Availability
• It requires that computer and network assets are only
available to authorized parties.
• computer and network should provide all the designated
services in the presence of all kinds of security attack.

21
 Security criteria...
Integrity
• It requires that messages should be modified or altered only
by authorized parties.
– Modification includes writing, changing, deleting, and creating the
message that is supposed to be transmitted across the network.

• Integrity guarantees that no modification, addition, or

deletion is done to the message;
• The altering of message can be malicious or
accidental.

22
 Security criteria...
Confidentiality
• It requires that the message can only be accessible for reading by
authorized parties.
• It also requires that the system should verify the identity of a
user.

Authentication
• It means that correct identity is known to communicating parties.
• This property ensures that the parties are genuine not
impersonator.

Authorization
• This property gives access rights to different types of users.
– For example a network management can be performed by network
administrator only. 23
 Computer and Network Security
Attacks
• Categories of Attacks

– Interruption: An attack on availability

– Interception: An attack on confidentiality

– Modification: An attack on integrity

– Fabrication: An attack on authenticity

24
 Computer and Network Security
Attacks…
• Categories of Attacks/Threats
Source

Destination
Normal flow of information
Attack

Interruption Interception

Modification Fabrication 25
 Security attack types
• The attacks can also be classified by the following criteria.
– Passive or active,
– Internal or external,
– At different protocol layers.
Passive vs. active attacks
• A passive attack attempt to learn or make use of the
information without changing the content of the message and
disrupting the operation of the communication.
• Examples of passive attacks are:
-- Eavesdropping , traffic analysis, and traffic monitoring.

26
 Security attack types…

• Active attack attempts to interrupt, modify, delete,

or fabricate messages or information thereby
disrupting normal operation of the network.

• Some examples of active attacks include:

– Jamming, impersonating, modification, denial of
service (DoS), and message replay.

27
 Passive Attacks
• Passive attacks do not affect system resources
– Eavesdropping, monitoring
– The goal of the opponent is to obtain information that is
being transmitted
• Two types of passive attacks
– Release of message contents
– Traffic analysis
• Passive attacks are very difficult to detect
– Message transmission apparently normal
• No alteration of the data
– Emphasis on prevention rather than detection
• By means of encryption 28
 Passive Attacks (1)
Release of Message Contents

29
Passive Attacks (2)
Traffic Analysis

30
 Active Attacks
• Active attacks try to alter system resources or
affect their operation
– Modification of data, or creation of false data
• Four categories
– Masquerade of one entity as some other
– Replay previous message
– Modification of messages
– Denial of service (DoS): preventing normal use
• A specific target or entire network

• Difficult to prevent
– The goal is to detect and recover
31
Active Attacks (1)
Masquerade

32
Active Attacks (2)
Replay

33
 Active Attacks (3)
Modification of Messages

34
Active Attacks (4)
Denial of Service

35
 Security attack types…
Internal vs. External attacks
• External attacks are carried out by hosts that don’t
belong to the network domain, sometimes they
are called outsider.
– E.g.it can causes congestion by sending false routing
information thereby causes unavailability of
services.
• In case of internal attack, the malicious node from the
network gains unauthorized access and acts as a genuine
node and disrupts the normal operation of nodes.
• They are also known as insider.

36
 Security attack types…
• Attacks on different layers of the TCP/IP model:
• The security attacks can also be classified as according to the
TCP/IP layers. Table shows the attack types at each layer.
Layer Attacks
Application layer E-mail bombing, Repudiation, data
corruption, malicious code attack
(Trojan, maleware,virus,...)

Transport layer Session hijacking, Altering checksum,

SYN flooding.
Network layer IP spoofing, ICMP echo,Worm hole, black
hole, gray hole, Byzantine, flooding
Data link layer Traffic analysis, disruption (E.g M AC
I E E E 802.11 Wi-Fi)
Physical layer J a m m i n g , interception, eavesdropping
Cross-layer attack D o S , impersonation, replay, man-in-the3-7
middle attack
 Common security attacks and their
countermeasures
• Finding a way into the network
– Firewalls
• Exploiting software bugs, buffer overflows
– Intrusion Detection Systems
• Denial of Service
– access filtering, IDS
• TCP hijacking
– IPSec
• Packet sniffing
– Encryption (SSL, HTTPS)
• Social problems
38
– Education
 Security Services
• X.800:
“a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data
transfers”

• RFC 2828:
“a processing or communication service provided by a
system to give a specific kind of protection to
system resources”
39
 Security Services (X.800)
• Authentication - assures that communicating entity is the
one claimed
– have both peer-entity & data origin authentication
• Access Control - prevention of the unauthorized use of
a resource
• Data Confidentiality –protection of data from
unauthorized disclosure
• Data Integrity - assurance that data received is as sent
by an authorized entity
• Non-Repudiation - protection against denial by one of
the parties in a communication
• Availability – resource accessible/usable
40
 Security Mechanism
• Feature designed to detect, prevent, or recover
from a security attack
• no single mechanism that will support all
services required
• however one particular element underlies many
of the security mechanisms in use:
– Cryptographic techniques
• hence our focus on this course

41
 Security Mechanisms (X.800)
• Specific security mechanisms:
– Ciphering/deciphering, digital signatures, data integrity,
authentication exchange, routing control, …
– Firewall, proxy server
– Access control, Intrusion detection system

42
Model for Network Security

43
 Model for Network Security…
• In considering the place of encryption, its useful to use the
above model.
• Information being transferred from one party to another over an
insecure communications channel,
– in the presence of possible opponents.
• The two parties, who are the principals in this transaction, must
cooperate for the exchange to take place.
• They can use:
– an appropriate security transform (encryption
algorithm),
– with suitable keys (secret information),
– possibly negotiated using the presence of a trusted third
party. 44
 Model for Network Security…

• Using this model requires to:

1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by the
algorithm
3. develop methods to distribute and share the secret
information (key)
4. specify a protocol enabling the principals to use the
transformation and secret information for a
security service

45
Model for Network Access Security…

Access control Firewalls/ Antivirus/IDS

proxy servers

46
 Model for Network Access Security…
• This model is concerned with controlling access to information
or resources on a computer system, in the presence of possible
opponents.
– Here appropriate controls are needed on the access to and within
the system, to provide suitable security.
• The security mechanisms needed to cope with unwanted access
fall into two broad categories (as shown in the figure).
• The first category might be termed a gatekeeper function.
– It includes password-based login procedures that are designed to deny
access to all but authorized users (access control) and
– screening logic that is designed to detect and reject worms, viruses, and
other similar attacks. (firewalls/proxy server)
• Once either an unwanted user or unwanted software gains
access,
• The second line of defense consists of a variety of internal
that monitor activity and analyze stored information in an attempt to
controls 47
detect the presence of unwanted intruders. (antivirus/IDS)
 Model for Network Access Security…

• Using this model requires us to:

1. select appropriate gatekeeper functions to identify
users
2. implement security controls to ensure only
authorised users access designated information or
resources

48
Thank you!
62
 ITU: A Brief Overview
A specialized agency of the UN
Founded in 1865 with focus on Telecommunication
/ ICTs

193 Member States ITU-R: ITU’s Radio-communication Sector globally manages

radio-frequency spectrum and satellite orbits that ensure safety
567 Sector Members of life on land, at sea and in the skies.
159 Associates
104 Academia

ITU-T: Standardization
ons by ensuring d
ITU’s devices are

Telecommunication Sector enables

global communicati that
Headquartered in
tor fosters
Geneva, countries’ arity in the
4 Regional and in the
Offices ICT
ovement
ent
of and
7 Area Offices.
networks

an speaking the same language.

ITU-D:
 Eight Security Dimensions Address the
Breadth of Network Vulnerabilities
• Limit & control access to
network elements, services Access Control
• Provide Proof of Identity
& applications
• Examples: password, ACL, • Examples: shared secret
firewall Authentication key, PKI, digital signature,
digital certificate
• Prevent ability to deny that
an activity on the network Non-repudiation • Ensure confidentiality of data
occurred • Example: encryption
• Examples: system logs,
digital signatures Data Confidentiality

• Ensure data is received as

• Ensure information only Communication Security sent or retrieved as
flows from source to stored
destination • Examples: MD5, digital
• Examples: VPN, MPLS, Data Integrity signature, anti-virus
L2TP software
Availability
• Ensure network elements, • Ensure identification and
services and application network use is kept private
available to legitimate users Privacy • Examples: NAT, encryption
• Examples: IDS/IPS,
network
redundancy, BC/DR
50
 How the Security Dimensions
Map to the Security Threats

Security X.805 Security Threats

Dimension Destruction Corruption Removal Disclosure Interruption

Access Control    

Authentication  
Non-
Repudiation
    
Data
Confidentiality
 
Communication
Security
 

Data Integrity  

Availability  

Privacy  51
 Security
Security Objectives
Dimension
Ensure that only authorised personnel or devices are allowed access to end-user data that is
Access Control transiting a network element or communications link or is resident in an offline storage device.

Verify the identity of the person or device attempting to access end-user data that is transiting a
Authentication network element of communications link or is resident in an offline storage device.
Authentication techniques may be required as part of Access Control.
Provide a record identifying each individual or device that accessed end-user data that is transiting a
Non-Repudiation network element or communications link, or is resident in offline devices and that the action was
performed. The record is to be used as proof of access to end-user data.
Protect end-user data that is transiting a network element or communications link, or is resident in
Data
an offline storage device against unauthorised access or viewing. Techniques used to address access
Confidentiality control may contribute to providing data confidentiality for end-user data.

Communication Ensure that end-user data that is transiting a network element or communications link is not
Security diverted or intercepted as it flows between the end points (without an authorised access)

Protect end-user data that is transiting a network element or communications link or is resident in
Data Integrity offline storage devices against unauthorised modification, deletion, creation and replication.

Ensure that access to end-user data resident in in offline storage devices by authorised personnel
Availability
and devices cannot be denied.

Ensure that network elements do not provide information pertaining to the end-users network
5 Privacy activities (eg. Users geographic location, websites visited, content etc.) to unauthorised personnel.
2
 Three Security Layers
Applications Security
3 - Applications Security Layer:
THREATS
• Network-based applications accessed by end-
Services Security
Destruction users
VULNERABILITIES
Corruption
• Examples:
Removal
Disclosure – Web browsing
Vulnerabilities Can Exist
Infrastructure
Interruption – Directory assistance
In Each Layer Infrastructure Security
Security
ATTACKS – Email
– E-commerce

1 - Infrastructure Security Layer: 2 - Services Security Layer:

• Fundamental building blocks of networks • Services Provided to End-Users
services and applications • Examples:
• Examples: – Frame Relay, ATM, IP
– Individual routers, switches, servers – Cellular, Wi-Fi,
– Point-to-point WAN links – VoIP, QoS, IM, Location services
– Ethernet links – call services

• Each Security Layer has unique vulnerabilities, threats

• Infrastructure security enables services security enables applications security
53
 Example: Applying Security Layers to
IP Networks
Applying Security Layers to IP Networks
Infrastructure Security Layer
– Individual routers, servers
– Communication links
Services Security Layer
– Basic IP transport
– IP support services
(e.g., AAA, DNS,
DHCP)
– Value-added
services: (e.g., VPN,
VoIP, QoS)
Applications Security
55
Layer
– Basic applications
 Cybersecurity Planes
• Concept of Security Planes could be instrumental for
ensuring that essential network activities are protected
independently
• (e.g. compromise of security at the End-user Security Plane does not
affect functions associated with the Management Security Plane).

• Concept of Security Planes allows to identify potential

network vulnerabilities that may occur when distinct
network activities depend on the same security
measures for protection.

56
 Three Security Planes
Security Layers
Applications Security
THREATS 1 - End-User Security Plane:
• Access and use of the network by the
Destruction
Services Security Corruption customers for various purposes:
VUVULLNNEERRAABIBL Removal – Basic connectivity/transport
IITLE
I ISTIES
Disclosure
– Value-added services (VPN, VoIP,
Interruption
Vulnerabilities Can Exist Infrastructure Security etc.)
In Each Layer and Plane ATTACKS – Access to network-based applications
(e.g., email)
End
End User Security
User Security
Security Planes Control/Signaling
Control/Signaling Security
Security
Planes Management Security

3 - Management Security Plane: 2 - Control/Signaling Security Plane:

• The management and provisioning of network • Activities that enable efficient functioning of
elements, services and applications the network
• Machine-to-machine communications

• Security Planes represent the types of activities that occur on a network.

• Each Security Plane is applied to every Security Layer to yield nine security Perspectives
(3 x 3)
• Each security perspective has unique vulnerabilities and threats
57
 Example: Applying Security
Planes to Network
Protocols
End User Security Plane
Activities Protocols
•End-user data transfer • HTTP, RTP, POP, IMAP
•End-user – application • TCP, UDP, FTP
interactions • IPsec, TLS

Control/Signaling Security Plane

Activities Protocols
• Update of routing/switching tables • BGP, OSPF, IS-IS, RIP, PIM
• Service initiation, control, and • SIP, RSVP, H.323, SS7.
teardown • IKE, ICMP
• Application control • PKI, DNS, DHCP, SMTP

Management Security Plane

Activities Protocols
•Operations •SNMP
•Administration •Telnet
•Management •FTP
•Provisioning •HTTP
58
 ITU-T X.805: Security Architecture for Systems
Providing End-to-End Communications
Security Layers
Applications Security
THREATS

Communication Security
Access CMoantargoel

Data Confidentiality

IDnatetagrInittyegrity
Destruction

Non-repudiation
Authentication

Availability
Corruption

Privacy
VULNERABILITIES
Services Security

ment
Removal
Vulnerabilities Disclosure
Can Exist
In Each Interruption
Layer, Infrastructure Security
Securit y
Plane ATTACKS

End User Security

End User Security

Security Planes Control/Signaling Security

Control/Signaling Security 8 Security Dimensions
Management Security

5
8
 Modular Form of X.805
Infrastructure Applications
Services Layer
Layer Layer
Management
Module one Module four Module seven
Plane

Control/Signaling
Module two Module five Module eight
Plane
User Plane
Module three Module six Module Nine

Access Control Communication Security

– Management Network: top row Authentication Data Integrity

– Network Services: middle column
– Security Module: Layer & Plane Non-repudiation Availability
Intersection
Data Confidentiality Privacy

The eight Security Dimensions Are

Applied to Each Security Module

59 Provides a systematic, organized way for performing network security

assessments and planning
 Summary: X.805 Provides a
Holistic Approach to Network
Security
 Comprehensive, end-to-end network view of security

 Applies to any network technology

– Wireless, wireline, optical networks
– Voice, data, video, converged networks

 Applies to variety of networks

– Service provider networks
– Enterprise (service provider’s customer) networks
– Government networks
– Management/operations, administrative networks
– Data center networks

 Is aligned with other security ITU-T Recommendations and ISO

standards

60
 Acronyms
• AAA Authentication, Authorization, Accounting • L2TP Layer Two Tunneling Protocol

• ACL Access Control List • MPLS Multi-Protocol Label Switching

• ATM Asynchronous Transfer Mod • NAT Network Address Translation

• BC Business Continuity • OSPF Open Shortest Path First

• BGP Border Gateway Protocol • PIM Protocol-Independent Multicast

• DHCP Dynamic Host Configuration Protocol • PKI Public Key Infrastructure

• DNS Domain Name Service • POP Post Office Protocol

• DR Disaster Recovery • QoS Quality of Service

•FCAPS Fault-management, Configuration, • RIP Routing Information Protocol

Accounting, Performance, and Security
• RSVP Resource Reservation Setup Protocol
• FTP File Transfer Protocol
• RTP Real-time Transport Protocol
• HTTP Hyper Text Transfer Protocol
• SIP Session Initiation Protocol
• ICMP Internet Control Message Protocol
• SMTP Simple Mail Transfer Protocol
• IDS Intrusion Detection System
• SNMP Simple Network Management Protocol
• IKE Internet Key Exchange protocol
• SS7 Signaling System 7
• IM Instant Messaging
• TCP Transmission Control Protocol
• IMAP Internet Message Access Protocol
• TLS Transport Layer Security protocol
61 •
IPS Intrusion Prevention System
• UDP User Datagram Protocol
• IPsec IP security (set of protocols)
 Thank you!

62