Chapter VII

Data Security and Integrity

Introduction to Network Security
A network management can be defined as a system which help to maintain, characterize &
troubleshoot a network.
And Security has moved to the forefront of network management and implementation.
The overall security challenge is to find a balance between two important requirements:
the need to open networks to support evolving business opportunities, and
the need to protect private, personal, and strategic information
Implementing a Security Policy is the most important step that an organization can take to
protect its network.
It provides guidelines about the activities to be carried out and the resources to be used to
secure an organization's network.
Introduction to Network Security
Why is Network Security Important?
If the security of the network is compromised, there could be serious consequences, such as
loss of privacy, theft of information, and even legal liability.
As e-business and Internet applications continue to grow, finding the balance between being isolated
and open is critical.
In addition, the rise of mobile commerce and wireless networks demands that security solutions
become seamlessly integrated, more transparent, and more flexible.
As the types of threats, attacks, and exploits have evolved, various terms have been coined to
describe the individuals involved:
White hat, hacker, black hat, cracker, phreaker, spammer, phisher and etc
Introduction to Network Security
When discussing network security, three common factors are :
Vulnerability, Threat & Attack
I. Vulnerability: is the degree of weakness which is inherent in
every network and device.
There are three primary vulnerabilities or weaknesses:
Technological weaknesses (it includes TCP/IP protocol,
operating system, and network equipment weaknesses)
Configuration weaknesses (unsecured accounts, easy
passwords, misconfigured services, etc..)
Security policy weaknesses
The mitigation technique to this vulnerabilities is to avoid the
weaknesses
II. Threat: are the people interested and qualified in taking
advantage of each security weakness. Such individuals can be
expected to continually search for new exploits and weaknesses.

The threats use a variety of tools, scripts, and programs to

launch attacks against networks and network devices.

Typically, the network devices under attack are the endpoints,

such as servers and desktop computers.
Threat: to the physical infrastructure
The four classes of physical threats are:
Hardware threats -Physical damage to servers, routers, switches,
cabling plant, and workstations
Environmental threats -Temperature extremes (too hot or too cold)
or humidity extremes (too wet or too dry)
Introduction to Network Security
Electrical threats -Voltage spikes, insufficient supply voltage
(brownouts), unconditioned power (noise), and total power loss

Maintenance threats -Poor handling of key electrical

components (electrostatic discharge), lack of critical spare parts,
poor cabling, and poor labeling

some of the ways to mitigate physical threats:

Hardware threat mitigation

Environmental threat mitigation

Electrical threat mitigation

Introduction to Network Security
1.Threat: Hardware threat mitigation
Introduction to Network Security
2. Threat: Environmental threat mitigation
Introduction to Network Security
3. Threat: Electrical threat mitigation
 Introduction to Network Security
2. Threat: maintenance threat mitigation
Introduction to Network Security
Threats: to the networks
common computer crimes that have implications for network security can be grouped into four
primary classes of threats to networks:
Unstructured Threats : consist of mostly inexperienced individuals using easily available hacking
tools, such as shell scripts and password crackers.
Structured Threats: come from individuals or groups that are more highly motivated and technically
competent. These people know system vulnerabilities and use sophisticated hacking techniques to
penetrate unsuspecting businesses.
 External Threats: can arise from individuals or organizations working outside of a company who do
not have authorized access to the computer systems or network.
Internal Threats: occur when someone has authorized access to the network with either an account or
physical access. Just as for external threats, the severity of an internal threat depends on the expertise
of the attacker.
Introduction to Network Security
Threat: to the networks
Introduction to Network Security
Types of Network Attacks: the four classes of attack

Reconnaissance: is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is

also known as information gathering and, in most cases, it precedes another type of attack.

Access: is the ability for an intruder to gain access to a device for which the intruder does not have an
account or a password.

Entering or accessing systems usually involves running a hack, script, or tool that exploits a
known vulnerability of the system or application being attacked.
Introduction to Network Security
Denial of Service: (DoS) is when an attacker disables or corrupts networks, systems, or services with the
intent to deny services to intended users.

DoS attacks involve either crashing the system or slowing it down to the point that it is unusable.

But DoS can also be as simple as deleting or corrupting information. In most cases, performing the
attack involves simply running a hack or script. For these reasons, DoS attacks are the most feared.

Worms, Viruses and Trojan Horse: Malicious software can be inserted onto a host to damage or corrupt a
system, replicate itself, or deny access to networks, systems, or services. Common names for this type of
software are worms, viruses, and Trojan horses.
Introduction to Network Security
General Mitigation Techniques:

Device Hardening:

When a new operating system is installed on a computer, the security settings are set to the default values.
In most cases, this level of security is inadequate. The simple steps that should be taken that apply to most
operating systems:

Default usernames and passwords should be changed immediately.

Access to system resources should be restricted to only the individuals that are authorized to use those
resources.

Any unnecessary services and applications should be turned off and uninstalled, when possible.
Introduction to Network Security
General Mitigation Techniques
Antivirus Software :
protect against known viruses & trojan applications: it does this in two ways
It scans files, comparing their contents to known viruses in a virus dictionary. Matches are flagged in a
manner defined by the end user.
It monitors suspicious processes running on a host that might indicate infection. This monitoring may
include data captures, port monitoring, and other methods.
Operating System Patches
The most effective way to mitigate a worm and its variants is to download security updates from the
operating system vendor and patch all vulnerable systems.
Introduction to Network Security
General Mitigation Techniques:

Personal Firewall

Personal computers connected to the Internet through a dialup connection, DSL, or cable modems are as vulnerable
as corporate networks.

Personal firewalls reside on the PC of the user and attempt to prevent attacks.

Personal firewalls are not designed for LAN implementations, such as appliance-based or server-based firewalls,
and they may prevent network access if installed with other networking clients, services, protocols, or adapters.

Some personal firewall software vendors include McAfee, Norton, Symantec, and Zone Labs.
Introduction to Network Security
General Mitigation Techniques:
Intrusion Detection and Prevention

Intrusion detection systems (IDS) detect attacks against a network and send logs to a management console.
Intrusion prevention systems (IPS) prevent attacks against the network and should provide the following
active defense mechanisms in addition to detection:
Prevention-Stops the detected attack from executing.
Reaction-Immunizes the system from future attacks from a malicious source.
Either technology can be implemented at a network level or host level, or both for maximum protection.
Encryption and Privacy
Maintaining privacy in our personal communications is something everyone desires. Encryption is a means to
achieve that privacy. It was invented for that very purpose.
Encryption is the process of scrambling a message so that only the intended recipient can read it.
Cryptography has a long history dating back at least as far as Julius Caesar, modern cryptographic techniques
, including many of those used in the internet are based on advances made in the past 30 years.
Cryptography is used to ensure confidentiality of messages
Cryptographic techniques allow a sender to disguise data so that an intruder can gain no information from the
intercepted data. however the receiver must be able to recover the original data from the disguised data.
 The language of cryptography
Alices Bobs
K encryption
A K decryption
key B key

plaintext encryption ciphertext decryption plaintext

algorithm algorithm

symmetric key crypto: sender, receiver keys identical

public-key crypto: encryption key public, decryption key secret
(private)
 Symmetric key cryptography
All cryptographic algorithms involves substituting one thing for another.
substitution cipher: substituting one thing for another
monoalphabetic cipher: substitute one letter for another

plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

E.g.: Plaintext: bob. i love you. alice

ciphertext: nkn. s gktc wky. mgsbc
 Symmetric key cryptography

K K
A-B A-B

plaintext encryption ciphertext decryption plaintext

message, m algorithm algorithm

symmetric key crypto: Bob and Alice share know same (symmetric) key: K
e.g., key is knowing substitution pattern in mono alphabetic substitution cipher
 Public key cryptography
symmetric key crypto
requires sender, receiver know shared secret key
public key cryptography
radically different approach

sender, receiver do not share secret key

public encryption key known to all

private decryption key known only to receiver

 Public key cryptography
+ Bobs public
K
B key

- Bobs private
K
B key

plaintext encryption ciphertext decryption plaintext

message, m algorithm + algorithm message
K (m)
B m = K -(K +(m))
B B
 Digital Signatures
cryptographic technique analogous to hand-written signatures.
sender (Bob) digitally signs document, establishing he is document owner/creator.
verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else
(including Alice), must have signed document
 Digital Signatures
simple digital signature for message m:
Bob signs m by encrypting with his private key KB, creating
signed message, KB(m)

-
Bobs message, m K B Bobs private -
K B(m)
key
Dear Alice
Bobs message,
Oh, how I have missed public key m, signed
you. I think of you all the
time! (blah blah blah) encryption (encrypted) with
algorithm his private key
Bob
 Digital Signatures (more)
suppose Alice receives msg m, digital signature KB(m) -
Alice verifies m signed by Bob by applying Bobs public key KB to
KB(m) then checks
+ KB-(KB(m) ) = m. -
if KB(K+B(m)- ) = m, whoever signed m must have used Bobs private
key.

Alice thus verifies that:

Bob signed m.
No one else signed m.
Bob signed m and not m.
non-repudiation:
Alice can take m, and signature KB(m) to court
- and prove that
Bob signed m.