chapter Five

Introduction to Network Infrastructure

Security
Computer Security & Information Assurance
(InTc505)
 1. Introduction
 Information security is concerned with data confidentiality and
integrity by using techniques like cryptography.
 Whereas network infrastructure security is concerned with the
protection of the network infrastructure itself.
 That is, to focus on how to detect and prevent routers or other
network devices from being attacked or compromised.

 Although information assurance is important, it becomes

meaningless if the data, no matter how secure its content is,
cannot be delivered through the Internet infrastructure to the
targeted destination correctly.
2
 1.1 Internet Infrastructure
 Internet:- In 1969, it was started with four interconnected computers in
U.S. and was known as ARPAnet, a project funded by the Advanced
Research Projects Agency of the U.S. Department of Defense.
 Today, it is made up of hundreds of millions of hosts and hundreds of
thousands of networks all over the world, carrying various kinds of
information and services, such as electronic mail, World Wide Web, and
file transfer.
 ISPs:- are the companies that provide access to the Internet.
 If you want to access to the Internet or get the Internet services, your
computer must be part of an Internet Service Provider (ISP) network.
 Residential users may use a modem and a dial-up line to connect to an ISP.

 Commercial companies or educational institutes also require ISPs to

3 provide connections from their LANs to the Internet.
 Contd.
 POP:- most large communication companies have any Point of
Presences(POPs) in various regions, and the POPs are interconnected
via high-speed links.
 POP is a service provider’s location for connecting users.

 For example, ETC(Ethiopian Telecommunication Corporation) is a large ISP

that has a POP in each state of Ethiopia, and owns its dedicated fiber-
optic backbones connecting the POPs.

 In this way, the customers in the same state should connect to the same POP

in that state, and all of ETC’s customers in Ethiopia can talk to each other
even though they are located at different states.

 However, at the current stage, they cannot talk to the customers of another
4
ISP.
 Contd.
 NAP:- is a location where ISPs can connect with one another and
exchange traffic among them.
 To achieve the intercommunication between two ISP’s customers, both of the

ISPs have to agree to connect to a common Network Access Point (NAP)

simultaneously, which is also known as Internet Exchange Point (IXP).

 NAPs are usually operated by Internet backbone providers.

 Currently, there are dozens of large ISPs interconnected at NAPs all over

the world.

 In this way, every computer on the Internet can talk to every other.

 NAPs are critical components of the global Internet infrastructure, as the

5 connectivity they provide determines how data traffic is actually routed.

 Contd.
 There are plenty of significant NAPs in the world. Some of them are:

 USA – MAE-West California, MAE-East Wash. DC, Chicago NAP,

New York NAP, Nap of the Americas

 UK - MaNAP, LINX, LoNAP, ScotIX…

 Japan - JPIX, Media Exchange (TTNet), NSPIXP

 China - TerreNAP, SHIX (ShangHai IX)

 Singapore - SingTel IX

 Hong Kong – HKIX, ReachIX, Pilhana

6
 Network of Networks
 The Internet infrastructure is essentially a global collection of

networks.

 End computers are connected to a LAN, and LANs are connected

to an ISP (a kind of network).

 Access-level ISPs are usually interconnected through national and

international ISPs that are interconnected at the NAPs (another

kind of network) operated by Internet backbone providers

7
 Contd.

Fig. 1.1 The Internet is essentially a global collection of networks.

8
 1.2 Key Components in Internet Infrastructure
 Each ISP and NAP is essentially a network of routers and
communications links.
 Since the Internet infrastructure is made up of ISPs and NAPs, it
can be said that the Internet Infrastructure is made up of links
and routers.
 However, to implement the host-to-host communication on the
Internet, in addition to these physical components, it also requires
an addressing scheme and a naming system.
 That is, the hosts on the Internet conform to certain naming and
address conventions.
9
 Contd.
1. Links:- The links on the Internet are made up of different types of
physical media, ranging from copper wire, coaxial cable, to optical

fiber and radio spectrum.

 Different types of media transmit data at different rates, and the rates

are typically measure in bits per second (bps).

 This link may be an actual physical link or it may be a logical link that

uses one or more actual physical links.

 When the link is a logical link the type of physical link should always

be specified (e.g., data link, uplink, downlink, fiber optic link, point-to-

10
point link, etc.)
 Contd.

Fig. 1.2 The Internet is essentially a network of routers and communications links.
11
 Types of Links
A. Point-to-point:- is a dedicated link that connects exactly two
communication facilities (e.g., two nodes of a network, an intercom
station at an entryway with a single internal intercom station, a radio
path between two points, etc.)
B. Broadcast:- connect two or more nodes and support broadcast
transmission, where one node can transmit so that all other nodes can
receive the same transmission. Example Ethernet.
C. Multipoint ( also known as "multidrop" link):- is a link that connects
two or more nodes.
• Also known as general topology networks, these include ATM and Frame
Relay links, as well as X.25 networks when used as links for a network layer
protocol like IP.
• Unlike broadcast links, there is no mechanism to efficiently send a single
message to all other nodes without copying and retransmitting the
12
message.
 Contd. Types of Links

D. Point-to-multipoint:- is a specific type of multipoint link which

consists of a central connection endpoint (CE) that is connected

to multiple peripheral CEs.

 Any transmission of data that originates from the central CE is

received by all of the peripheral CEs while any transmission of

data that originates from any of the peripheral CEs is only

received by the central CE.

13
 Contd.
 The final leg of delivering connectivity from an ISP to a customer (can
be a residential user or a company’s LAN) is called last mile.
 This last mile is about 2-3 miles or it may include:
 Integrated Service Digital Network (ISDN)
 Digital Subscriber Line (DSL), e.g., ADSL, HDSL, and VDSL
 Cable and the cable modem
 Leased lines, e.g., T1, T3
 Wireless, e.g., 802.11, 802.20, WiMAX

 As the Internet backbones are the points of most Internet congestion,

they are typically made up of fiber optic trunk lines that transmit data
at extremely high rates.
 The trunk line uses multiple fiber optics in parallel to increase the link
speed. Optical Carrier (OC) levels are used to specify the speed of
fiber optic networks.
14  For example, OC-1 = 51.85 Mbps and OC-3 = 155.52 Mbps.
 Contd. Key Components in Internet Infrastructure
2. Routers:- Networks on the Internet are not usually directly
connected.
 Instead, they are indirectly connected through many intermediate
network devices known as routers.
 A router is a special-purpose dedicated computer that attaches to
two or more links (networks).
 When it receives a packet from one of its incoming links, it makes
a routing decision, and then forwards that packet to one of its
outgoing links.
 The decision is usually made based on the current state of the
networks the router is connected to.
 No matter how many networks a router is connected to, its basic
15
operation remains the same.
 How Routers Work
 To make the selection of the next hop efficient, each router uses a
routing table to keep track of routes to a particular network
destination.
 A simple routing table looks like this:
 For example, if the router with the
Destination Outgoing link
above routing table receives a packet
Network 1 Serial Line 1
destined for Network 2, it will forward
Network 2 Serial Line 2
that packet to its attached serial line
number 2.
 Routing tables are built according to
Network N Serial Line 1
the routing algorithm that the routers
in the network use.

16
 Contd.
 End computers are not usually directly connected to routers.
 To form a local area network, switches are commonly used to
interconnect end computers.
 Switches operate at the data link layer (of the Open Systems
Interconnection (OSI) reference model), and split up networks into
smaller individual collision domains.
 When a switch receives a frame, it first reads the destination
data-link address from the header information in the frame, then
establishes a temporary circuit between the source and
destination switch ports, and finally sends that frame on its way.
17
 Addressing
 On the Internet, every participating machine is identified by an Internet
Protocol (IP) address, which is a unique 32-bit binary number.

 That is, IP addresses are normally expressed as a string of four decimal

octets separated by periods, ranging from [Link] to
[Link], with some reserved values for specific purposes.

 Therefore, the IP address of like 10000000 00001011 00000011

00011111can be written as [Link]

 Internet addresses are not only used to identify a host but also to
specify routing information on the Internet.

 Data packets traverse the Internet by following a path from their source
through a number of routers to the final destination.
18
 Contd.
 The data packets are called IP packets or datagrams, which is the basic
unit of transmission across the Internet and contains both source and
destination IP address.

 Upon receiving a datagram, based on the destination address, a router

determines a next hop to which the datagram should be sent.

 Since IP addresses exhibit a hierarchical structure, they can be used to

make routing decisions.

 Each 32-bit IP address is divided into two parts: network ID and host
ID.

 The addresses of the hosts in the same network should have the same
network ID but different host ID.
19
 Contd.
 IP defines three classes of networks: classes A, B and C with network IDs
8, 16 and 24 bits long respectively.

 In classful IP addressing, the network portion can take only these three
predefined number of bits.

 In classless addressing, any number of bits can be assigned to the

network ID.

 To determine the length of the network ID, the use of subnet mask is
needed.

 The subnet mask is a kind of bit mask containing a number of ones

starting from the left hand side, which can be expressed by the slash
form or the decimal-octets-periods form.
20
 Contd.
 For example, if the network ID is 24 bits long, the subnet mask can be
expressed by “/24” or “[Link]”.

 By performing a bit-wise AND on the IP address and the subnet mask,

the corresponding network ID can be obtained.

21
 IP Addressing: Classful Addressing
 In classful addressing, the address space is divided into five classes: A, B, C, D, and E.
 Parts in IP Address: Netid and Hostid
 Each IP address is made of two parts; netid and hostid.

 The netid identifies the network whereas the hostid identifies a

host on that network. Both parts are required in an IP address.
 This is known as Hierarchal addressing.

23
 How IP Addresses and Subnet Masks Interact
 When an IP host is configured, a subnet mask is assigned along with an IP address.
 Like the IP address, the subnet mask is 32 bits long.
 It signifies which part of the IP address is network and which part is host.
 The subnet mask is compared to the IP address from left to right, bit for bit.
 The 1s in the subnet mask represent the network portion; the 0s represent the host
portion.
 In the example shown, the first three octets are network, and the last octet represents
the host.
 When a host sends a packet, it compares its subnet mask to its own IP address and the
destination IP address.
 If the network bits match, both the source and destination host are on the same network
and the packet can be delivered locally.
 If they do not match, the sending host forwards the packet to the local router interface to be
sent on to the other network.

24
 Private Vs. Public IP Addresses
 All hosts that connect directly to the Internet require a unique public IP
address..
 Because of the finite number of 32-bit addresses available, there is a
risk of running out of IP addresses.
 One solution to this problem was to reserve some private addresses for
use exclusively inside an organization.
 This allows hosts within an organization to communicate with one another
without the need of a unique public IP address.
 Private IP addresses are not recognized globally.

Class Network Address Total

Class A 10.0.0 1
Class B [Link] to [Link] 16

25 Class C 192.168.0 .0 to [Link] 256

 Contd.
 Private addresses can be used internally by hosts in an organization
as long as the hosts do not connect directly to the Internet.
 Therefore, the same set of private addresses can be used by multiple
organizations.
 Private addresses are not routed on the Internet and will be quickly
blocked by an ISP router.
 The use of private addresses can provide a measure of security since
they are only visible on the local network, and outsiders cannot gain
direct access to the private IP addresses.
 There are also private addresses that can be used for the diagnostic
testing of devices.
 This type of private address is known as a loopback address. The
26 class A, [Link] network, is reserved for loopback addresses.
 Subnetting and Supernetting
A. Subnetting:- is the segmentation of classful network into
smaller subnetworks.
 The main purpose of subneting is to avoid wastage of IP address
usage.
 As per our network requirement we can can create an IP address
assignment.
 [Read more on this]

B. Supernetting
 Combining several class C addresses to create a larger range of
addresses
 [Read more on this]

27
cont’d
 Three levels of hierarchy : netid, subnetid, and hostid
 Naming Systems
 As IP addresses are in numeric form, they are difficult for human
to remember or mention.
 Therefore, in addition to an IP address, we can also assign a
symbolic name to a machine on the Internet.
 The symbolic name consists of a series of alpha-numeric text
separated by periods.
 For example, the machine with IP address [Link] can be
assigned the name [Link].
 Although users prefer to the more mnemonic symbolic names, the
underlay network protocols and routers operate based on IP
addresses which is fixed-length and hierarchically structured.
 Thus, application software (e.g., Web browser and email client) in
the sending machine, which allows users to enter the symbolic
name, is responsible for translating the name into an equivalent IP
address of the destination, and assigning the IP address in binary
29 form in IP packets.
 Contd.
 The translation process requires a directory service that maps
symbolic names to IP addresses.

 It is the main task of the Internet’s Domain Name System (DNS).

 The DNS is a distributed database implemented with many servers

located all over the world.

 The servers are called name servers or DNS servers, each of them
only maintains part of the database and none of them has a
complete copy.

 More specifically, a name server only holds the name-to-address

mappings of the machines under its management.
30
 Contd.
 In summary, DNS provides the infrastructure for translating
domain names into their equivalent IP addresses for application
software on the Internet.

 In spite of its importance, DNS provides no security mechanisms.

DNSSEC (short for DNS Security Extensions) adds a set of
security extensions to DNS to provide authenticity and integrity.

 The extensions are mostly based on the use of cryptographic

digital signature.

31
 Internet Infrastructure Security
 Internet infrastructure security focuses on the protection of the key
infrastructure components, such as links, routers, DNS servers, and
naming systems.

 At the beginning, the Internet was designed without the concern of

security.

 As a result, the infrastructure is vulnerable to a variety of security

threats and attacks, leading to various kinds of network problems.

32 Fig. 1.3 Packet Mistreatment Attack

 Contd.
Threat Description
Interruption To stop packets from reaching authorized destinations
Interception To get unauthorized access to the packet content
Modification To alter the packet content
Fabrication To construct packets that look like originating from
authorized users
Replication To replay packets
Routing-table positioning To purposely send bogus information to poison a router’s
routing table.
Packet mistreatment To alter the normal behavior of traffic
Address Spoofing To illegally forge an address so as to hide the attacker’s
identity
Server Compromising To intrude a server to modify its configuration

33 Table 1.1Typical Internet Infrastructure Security Threats

 Contd.
Problem Description
Sub-optimal routes Packets will go through a path that is less optimal, instead of going
through the most favorable or desirable path, leading to a longer
latency, and unnecessary network traffic
Routing loops The path to convey packets forms a loop, preventing the packets
from reaching their destinations
Congestion Packets are maliciously forwarded to particular links or networks,
making the offered loads of them exceed their capacity, resulting
in high latency and even packets drop
Network partition A single network will be artificially separated into two or more
partitions, making hosts belonging to one partition cannot
communicate with host belonging to the other partitions
Blackhole An area of the network where packets enter but do not come out.
Denial of Service Because of the abnormal huge amount of traffic, routers are
overloaded, and unable to serve the legitimate requests.
Traffic subversion The traffic is redirected to pass through a certain link so that the
attacker could eavesdrop or modify the data, though the traffic will
be still forwarded to the correct destination
34
Table 1.2 Network Problems
 Importance of Network Infrastructure Security
1. Attack to the infrastructure would affect a large portion of the
Internet and creates a large amount of service disruption.

Fig. 1.4 The attacker increases the cost of link B so that traffic
from domains W, X and Y to domain K takes the
35 suboptimal path, causing denial of service
 Contd.
2. The growing fear of cyberterrorism.
 Cyberterrorism is a phrase used to describe the use of Internet
based attacks in terrorist activities, including acts of deliberate,
large-scale disruption of computer networks, especially of
personal computers attached to the Internet, by the means of
tools such as computer viruses.
 Cyberterrorism is related to deployments, by known terrorist
organizations, of disruption attacks against information systems
for the primary purpose of creating alarm and panic.
 It can also be defined much more generally as any computer
crime targeting computer networks without necessarily affecting

36
real world infrastructure, property, or lives.
 Difficulties of Securing the Infrastructure
A. Internet Infrastructure is Vulnerable
 Many network devices and protocols were designed without security
concerns in mind at the beginning, making the Internet vulnerable to
various kinds of attack.
B. Solutions usually require a larger scale of modification
 The design of network infrastructure is fundamentally insecure, new
security solutions usually require certain level of modification of
existing network devices such as firmware updates or even device
replacement.
 The cost and efforts spending on large-scale deployment can be high.
C. Security and performance tradeoff
 Security usually requires extra processes to run or more CPU cycles to
execute the security process, which reduces the performance of the
37
current devices.
 Contd.
D. Security is only as strong as the weakest link
 Since the Internet is heterogeneous and made up of various kinds
of networks, the overall security level will highly depend on the
weakest link or computer on the networks.
 Though there are advanced security technologies, if any one of the
nodes in the network does not (or fails to) employ them, the security
of the network is not guaranteed
 Besides, though some nodes employ self-defense technologies,
which make them less vulnerable, they may still believe some
malicious messages (as they look legitimate) from the compromised
node.
 On the other hand, there is no central authority or organization to
38 ensure the security level of each network on the Internet.
 Contd.
E. Attacks can be easily launched and difficult to be traced.
 Because of the inherent openness of the Internet, anyone with a
computer and a Internet connection can reach any point on the
Internet, making it possible to launch attack from anywhere in
the world.
 Compounding the problem, a general computer can easily
pretend itself as a switch or router (by running a special
software package), and broadcast malicious information to
mislead the real network devices to perform abnormally.

39
 Assignment
1. Read about the data link layer protocols such as
Address Resolution Protocol (ARP), Spanning Tree
Protocol (STP), and Virtual Local Area Network
(VLAN) protocols.
2. Read about the different VLAN attack types

40
Security Policies, Services and Mechanisms

Computer Security & Information

Assurance
(InTc505)
 Overview
 Security polices, Attacks, services and mechanisms

 Security attacks

 Security services

 Methods of Defense

 A model for Internetwork Security

42
 Security Policy
 is a document or set of documents that states an organization’s
intentions and decisions on what and how electronic information
should be secured.
 a statement of what is and what is not allowed.

 It is a set of rules and practices that specify or regulate how

a system or organization provides security services to protect
sensitive and critical system resources.
 Is also the set of rules laid down by the security authority
governing the use and provision of security services and
facilities.
43
 Security attacks, Mechanisms and Services
 Security attack: any action that will compromise the security of
information.
 These attacks take many forms, but in most cases, they seek to
obtain sensitive information, destroy resources, or deny legitimate
users access to resources.

 Security mechanism:- is a mechanism that is designed to

detect , prevent, or recover from a security attack.

 Security services: A service that enhances the security of data

processing systems and information transfers.
 A security service makes use of one or more security mechanisms.
44
 Security Attacks
 Is an assault on system security- an intelligent act that is a deliberate
attempt to evade security services and violate the security policy of
a system.
Information Information
source destination

a) Normal flow

b) Interruption
c) Interception

45 d) Modification e) Fabrication
 Contd.
Interruption

 The system is destroyed or becomes unavailable

 This is an attack on availability.
 This could be a destruction of a piece of hardware or
cutting a communication line.
46
 Contd.
Interception

 Unauthorized party gets access to information

 This is an attack on confidentiality
• Overhearing, eavesdropping over a communication line
 The attacker could be a person or program.
• Eg. of this could be unauthorized copying of files.
47
 Contd.
Modification

 An unauthorized party gains access to information and also

modifies it.
 This is an attack on integrity of information.
 Modification of program or date files to operate or contain
different information.
 Corrupting transmitted data or tampering with it before it reaches its
48 destination
 Contd.
Fabrication

 An unauthorized party injects fabricated information into

the system.
 That is, Faking data as if it were created by a legitimate and
authentic party
 This is an attack on authenticity.
 Examples of this is insertion of spurious messages, addition
of records to a file etc.
49
 Attack Types
1. Passive attacks:- are the type of attacks which do not
change or modify the information flowing between the parties.
 This type of attacks are hard to detect since it does not involve
the other party or alter the data.
 The objective of the opponent is to obtain the information that
is being transmitted.
 Passive attacks attempt to learn or make use of information
from the system but don’t affect the system resources.
 This kind of attack can be prevented rather than detected.
Examples are Eavesdropping or monitoring of traffic.
50
 Passive Attack Types
A. Release of Message Content:- Messages, such as telephone
conversation, an e-mail, and transferred file, may contain sensitive or
confidential information.
 An opponent may get to know the contents of the message.

 Prevent the opponent from learning the contents of these

transmission.

B. Traffic Analysis:- Analyzing or determining the location and

identity of hosts and paths to guess on the nature of communication
that is/was taking place.
 Here, the link traffic profile and information gathering is done by
the opponent.
51
52
 Contd.
2. Active attacks:- are types of attacks which attempt to

alter system resources or affect their operation

 Are easier to detect since the information stream is altered and
involves the other party.

 Harder to prevent since no absolute protection is

available with the current buggy systems.
 Involves some modification of the data stream or creation
of a false stream.

53
 Active Attack Types
A. Masquerading:- The entity pretends to be a different entity.

 It usually includes one of the other forms

B. Replay:- involves the passive capture of a data unit and its

subsequent retransmission to produce an authorized effect.
 Passive capture of data, alter and then retransmit.

C. Modification of Message:- Means some portion of the legitimate

message is altered, or the messages are delayed or reordered,

to produce an authorized effect.
D. Denial of Service:- Prevents or inhibits the normal use or
management of communications facilities.
54
55
 Security Services
 A security service is the collection of mechanisms, procedures and

other controls that are implemented to help reduce the risk associated

with threat.

 For example, the identification and authentication service helps

reduce the risk of the unauthorized user threat.

 Some services provide protection from threats, while other services

provide for detection of the threat occurrence.

 An example of this would be a logging or monitoring service.

56
 Security Services Types
A. Confidentiality (privacy):- is the protection of
transmitted data from passive attacks.
 The other aspect of confidentiality is the protection of
traffic flow from analysis.
 The attacker will not be able to observe the source and
destination, frequency, length or other characteristics of the
traffic on a communications facility.

B. Integrity (has not been altered):- ensures that the

messages are received with no duplication, insertion,
modification, reordering or replays.
57
 Contd.
 Connection oriented service:- addresses DoS and modifications

(duplication, insertion, modification and reordering problems

handled).
 Connectionless service:- deals with only individual messages and

only assures against modification. This is because it only deals with

individual packets.
C. Access Control:- This service controls who can have access to a
resource, under what conditions access can occur and what those
accessing the resources are allowed to do.
D. Non-repudiation:- Prevents either sender or receiver from denying a
transmitted message.
58
 Contd.
E. Authentication:- is the assurance that the communicating
entity is the one that it claims to be.
I. Peer Entity Authentication:- is used in association with a logical
connection to provide confidence in identity of the entities.
II. Data Origin Authentication:- In a connectionless transfer, it
provides assurance that the source of received data is as cl

F. Audit:- Recording & analyses of participation, roles and actions in

information communication by relevant entities..

G. Availability:- having your data accessible and obtainable at all

times.
59
 Contd.
1. Confidentiality
 Data Confidentiality
 Traffic Confidentiality
Primary Services
2. Data Integrity
3. Authentication
 Data Origin Authentication
 Peer Authentication
4. Access Control
5. Non-Repudiation
 Non-Repudiation of Origin
 Non-Repudiation of Reception
6. Audit
60
7. Availability – an after-thought but increasingly important
 Security Mechanisms
1. Encipherment:- is the use of mathematical algorithms to transform

data into a form that is not readily intelligible.

2. Digital Signature:- is a mathematical scheme for demonstrating the

authenticity of a digital message or document.

 A valid digital signature gives a recipient reason to believe that the

message was created by a known sender, and that it was not altered in

transit.

3. Access Control:- a variety of mechanisms that enforce access

rights to resources.
61
 Contd.
4. Data Integrity:- a variety of mechanisms used to assure the integrity
of data unit or stream of data units.
5. Authentication Exchange:- a mechanism intended to ensure the
identity of an entity by means of information exchange.

6. Traffic Padding:- The insertion of bits into gaps in a data stream to

frustrate traffic analysis attempt.

7. Routing Control:- Enables selection of particularly secure routes from

certain data & allows routing changes, especially when a breach of
security is suspended.

8. Notarization:- The use of a trusted 3rd party to assure certain

62 properties of a data exchange.

 Confidentiality
• Protection of information from disclosure to unauthorized entities
(organizations, people, machines, processes).
• Information includes data contents, size, existence, communication
characteristics, etc.
Service Types Protection Mechanisms
 Data Confidentiality / Disclosure  Data Encryption
Protection  Symmetric (Secret-Key)
 Connection Oriented  Asymmetric (Public-Key)
 Connectionless
 Selective Field
 Traffic Flow Confidentiality
 Origin Destination Association
 Message Size
 Transmission Patterns
63
 Accompanied with Data Integrity
 Integrity
 Protection of data against creation, alteration, deletion,
duplication, re-ordering by unauthorized entities (organizations,
people, machines, processes).
 Integrity violation is always caused by active attacks.

Service Types Protection Mechanisms

 Message Integrity  Message Digests (Hashing)
 Associated with  Sequence Numbers
connectionless communication  Nonce ID (Random Number)
 Message Stream Integrity  Time Stamps
 Associated with
connection oriented
communication
64
 Authentication
• Communicating entities are provided with assurance & information of
relevant identities of communicating partners (people, machines,
processes).
• Personnel Authentication requires special attention.

Service Types Protection Mechanisms

 Data Origin Authentication  Password
 Associated with  Manual
Connectionless Communication
 One-Time Password
 Peer Entity Authentication
 Key Sharing
 Associated with
 Manual
Connection Oriented Communication
 Symmetric Key (Tickets)
 Fundamental for access control
 Asymmetric Key (Certificates)
hence, confidentiality & integrity
 Challenge – Response
 Nonce Based
 Zero Knowledge Proof
65
 Access Control
Protection of information resources or services from access or use by unauthorized
entities (organizations, people, machines, processes).
 Privileges – rights to access or use resources or services
 Principles – entities own access control privileges
 Subjects – entities exercise access control privileges
 Objects / Targets – resources or services accessed/used by subjects
 Delegation – transfer of access control privileges among principals
 Authorization – transfer of access control privileges from principals to subjects

Service Types Protection Mechanisms

 Subject Based Typing  Access Control Lists (ACLs)
 Identity Based  Object Based Specification
 Role Based Ex.: UNIX File System
 Enforcement Based Typing  Capabilities
 Mandatory Access Control  Subject Based Specification
― Management Directed  Issue Tickets/Certificates
 Discretionary Access Control ―
66
Resource Owner Directed
 Non-Repudiation
Protection against denial of participation by communicating

entities in all or part of a communication.

Service Types Protection Mechanisms

 Non-Repudiation of Origin  Notarization

 Non-Repudiation of Reception  Time Stamp

 Digital Signature

67
 Audit
 Recording & analyses of participation, roles and actions in

information communication by relevant entities.

Service Types Protection Mechanisms

 Intrusion Monitors / Sensors
 Off-line Analysis
 Common Intrusion Detection
(Computer Forensic)
Framework (CIDF)
 On-line Analysis
 Common Information Model
(Real-time Intrusion Detection) (CIM)

68
 Service vs. Layer Mapping
Service / Layer 1 2 3 4 6 7
Confidentiality, Connectionless Y Y Y Y
Confidentiality, Connection Y Y Y Y Y
Confidentiality, Selected Field Y Y
Confidentiality, Traffic Flow Y Y
Authentication, Data Origin ? Y Y Y
Authentication, Peer Entity Y Y Y
Integrity, Message Y Y Y Y
Integrity, Message Stream ? Y Y Y
Access Control ? Y Y Y
Non-Repudiation, Origin Y
Non-Repudiation, Receipt Y
? = difference between IEEE802 and ISO
69
 A Model for Network Security

70
 Design Issues in the Model
1. Design an algorithm for performing the security-related
transformation.
 The algorithm should be such that an opponent cannot defeat its
purpose.
2. Generate the secret information to be used with the
algorithm.
3. Develop methods for the distribution and sharing of the secret
information.
4. Specify a protocol to be used by the two principles that
makes use of the security algorithm and the secret information
to achieve a particular security service.
71
 Other Considerations
1. Network Design Considerations
 Designing for acceptable risk.

 Use of network models with security (LAN/WAN more secure, Dedicated/non-

dedicated, segregation and isolation)

2. Host hardening
 Firewalls, Packet filtering

3. Choice of network devices

 Choice of routers and other hardware

 Routing protocols

4. Intrusion detection systems (IDS)

 Host based IDS

 Network based IDS

72
 Network Penetration Attacks and Firewalls

Passed Packet Attack

Internet Packet
Firewall
Hardened
Client PC Internet

Attacker

Dropped
Packet

Hardened
Server Internal
Log File Corporate
Network
73
 Intrusion Detection System

1.
4. Alarm Intrusion Suspicious
Detection Packet
System
Network
2. Suspicious
Administrator Internet
Packet Passed
Attacker

3. Log
Packet

Hardened
Server
Log File Corporate Network

74
 Encryption for Confidentiality

Encrypted
Message
“100100110001”

Client PC Server
Bob Alice
“100100110001”

Attacker (Eve) intercepts

Original but cannot read Decrypted
Message Message
“Hello” “Hello”

75
 Impersonation and Authentication

I’m Bob

Prove it!
Client PC Attacker (Authenticate Yourself)
Server
Bob (Eve) Alice

76
 Secure Dialog System

Secure Dialog

Client PC
Automatically Handles Server
Bob
Negation of Security Options Alice
Authentication
Encryption
Integrity
Attacker cannot
read messages, alter
messages, or impersonate

77
 Hardening Host Computers
1. The Problem
 Computers installed out of the box have known vulnerabilities
 Not just Windows computers
 Hackers can take them over easily
 They must be hardened—a complex process that involves many
actions
2. Elements of Hardening
 Physical security
 Secure installation and configuration
 Fix known vulnerabilities
 Turn off unnecessary services (applications)
 Harden all remaining applications
 Manage users and groups
 Manage access permissions
 For individual files and directories, assign access permissions specific
users and groups
 Back up the server regularly
78
 Advanced protections