network security 뫴룴ꙷꗾ -...
TRANSCRIPT
![Page 1: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/1.jpg)
1
Network Security 網路安全
Lecture 01February 22, 2006
洪國寶
![Page 2: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/2.jpg)
2
Outline
• Course information• Motivation• Introduction to security• Basic network concepts• Network security models• Outline of the course
![Page 3: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/3.jpg)
3
Course information (1/6)
• Instructor: Professor Gwoboa Horng• Basic assumption
It is assumed that students in this course have a basic understanding of complexity theory. Some knowledge of modular arithmetic will be helpful but not required .
• Course web page: http://ailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/main.htm
![Page 4: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/4.jpg)
4
Course information (2/6)
• Textbook– Cryptography and Network
Security, 4/E by William Stallings,Prentice Hall, 2006
– Cryptography and Network Security: Principles and Practices, 3/E by W. Stallings, Prentice Hall, 2003. (開發圖書公司)
– Textbook web page: http://williamstallings.com/Crypto/Crypto4e.html
![Page 5: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/5.jpg)
5
Course information (3/6)
‧參考書籍
近代密碼學及其應用
賴溪松、韓亮、張真誠
松崗
旗標出版社
![Page 6: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/6.jpg)
6
Course information (4/6)
• The objective of this course is to examine both the principles and practice of cryptography and computer network security.
• Our focus is on Internet Security which consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information.
• The course material is of use to computer and communication engineers who are interested in embedding security into an information system.
![Page 7: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/7.jpg)
7
Course information (5/6)
• This class is – Not a lab or programming course– Not a math course, either
![Page 8: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/8.jpg)
8
Course information (6/6)
• Grading (Tentative)Homework 15%
(You may collaborate when solving the homework, however when writing up the solutions you must do so on your own. No typed or printed assignments.)
Project 20% (Presentation and/or paper required) Midterm exam 25% (Open textbook and notes)Final exam 30% (Open textbook and notes)Class participation 10%
![Page 9: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/9.jpg)
9
Outline
• Course information• Motivation• Introduction to security• Basic network concepts• Network security models• Outline of the course
![Page 10: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/10.jpg)
10
Motivation (1/10)
• Some real examples
![Page 11: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/11.jpg)
11
Motivation (2/10)
![Page 12: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/12.jpg)
12
Motivation (3/10)
![Page 13: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/13.jpg)
13
Motivation (4/10)
![Page 14: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/14.jpg)
14
Motivation (5/10)
![Page 15: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/15.jpg)
15
Motivation (6/10)
![Page 16: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/16.jpg)
16
Motivation (7/10)
![Page 17: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/17.jpg)
17
Motivation (8/10)
![Page 18: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/18.jpg)
18
Motivation (9/10)
![Page 19: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/19.jpg)
19
Motivation (10/10)
• Hacker intrusion• Password compromise (access control)• Spam/hoax (data integrity)• Program security• Virus • Denial of service
![Page 20: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/20.jpg)
20
Outline
• Course information• Motivation• Introduction to security• Basic network concepts• Network security models• Outline of the course
![Page 21: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/21.jpg)
21
Background
• Information Security requirements have changed in recent times
• traditionally provided by physical and administrative mechanisms
• computer use requires automated tools to protect files and other stored information
• use of networks and communications links requires measures to protect data during transmission
![Page 22: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/22.jpg)
22
Definitions
• Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of interconnected networks
![Page 23: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/23.jpg)
23
Security Trends
![Page 24: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/24.jpg)
24
Security GoalsSecurity Goals
• The goal of security is to institute controls that preserve– secrecy: assets are accessible only by
authorized parties;– integrity: assets can be modified only by
authorized parties;– availability: assets are available to authorized
parties.
![Page 25: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/25.jpg)
25
Security GoalsSecurity Goals
Integrity
Confidentiality
Availability
![Page 26: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/26.jpg)
26
Services, Mechanisms, Attacks
• need systematic way to define requirements• consider three aspects of information
security:– security attack– security mechanism– security service
• consider in reverse order
![Page 27: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/27.jpg)
27
Security Service– is something that enhances the security of the data
processing systems and the information transfers of an organization
– intended to counter security attacks– make use of one or more security mechanisms to
provide the service– replicate functions normally associated with physical
documents• eg. have signatures, dates; need protection from disclosure,
tampering, or destruction; be notarized or witnessed; be recorded or licensed
![Page 28: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/28.jpg)
28
Security Mechanism
• a mechanism that is designed to detect, prevent, or recover from a security attack
• no single mechanism that will support all functions required
• however one particular element underlies many of the security mechanisms in use: cryptographic techniques
• hence our focus on this area
![Page 29: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/29.jpg)
29
Security Attack
• any action that compromises the security of information owned by an organization
• information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems
• have a wide range of attacks• can focus of generic types of attacks• note: often threat & attack mean same
![Page 30: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/30.jpg)
30
OSI Security Architecture
• ITU-T X.800 Security Architecture for OSI• defines a systematic way of defining and
providing security requirements• for us it provides a useful, if abstract,
overview of concepts we will study
![Page 31: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/31.jpg)
31
Security Services
• X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers
• RFC 2828 defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources
• X.800 defines it in 5 major categories
![Page 32: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/32.jpg)
32
Security Services (X.800)• Authentication - assurance that the
communicating entity is the one claimed• Access Control - prevention of the unauthorized
use of a resource• Data Confidentiality –protection of data from
unauthorized disclosure• Data Integrity - assurance that data received is as
sent by an authorized entity• Non-Repudiation - protection against denial by
one of the parties in a communication
![Page 33: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/33.jpg)
33
Security Services (X.800)
![Page 34: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/34.jpg)
34
Security Services (X.800)
![Page 35: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/35.jpg)
35
Security Services (X.800)
![Page 36: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/36.jpg)
36
Security Services (X.800)
![Page 37: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/37.jpg)
37
Security Services (X.800)
![Page 38: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/38.jpg)
38
Security Mechanisms (X.800)• Specific security mechanisms: May be
incorporated into the appropriate protocol layer in order to provide some of the OSI security services.– encipherment, digital signatures, access controls, data
integrity, authentication exchange, traffic padding, routing control, notarization
• Pervasive security mechanisms: Mechanisms that are not specific to any particular OSI security service or protocol layer.– trusted functionality, security labels, event detection,
security audit trails, security recovery
![Page 39: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/39.jpg)
39
Security Mechanisms (X.800)Specific security mechanisms
![Page 40: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/40.jpg)
40
Security Mechanisms (X.800)Specific security mechanisms (Cont.)
![Page 41: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/41.jpg)
41
Security Mechanisms (X.800)Specific security mechanisms (Cont.)
![Page 42: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/42.jpg)
42
Security Mechanisms (X.800)Pervasive security mechanisms
![Page 43: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/43.jpg)
43
Security Mechanisms (X.800)Pervasive security mechanisms (Cont.)
![Page 44: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/44.jpg)
44
![Page 45: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/45.jpg)
45
Security AttacksSecurity Attacks
![Page 46: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/46.jpg)
46
Security AttacksSecurity Attacks
• Interruption: This is an attack on availability
• Interception: This is an attack on confidentiality
• Modification: This is an attack on integrity• Fabrication: This is an attack on
authenticity
![Page 47: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/47.jpg)
47
![Page 48: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/48.jpg)
48
Classify Security Attacks as
• passive attacks - eavesdropping on, or monitoring of, transmissions to:– obtain message contents, or– monitor traffic flows
• active attacks – modification of data stream to:– masquerade of one entity as some other– replay previous messages– modify messages in transit– denial of service
![Page 49: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/49.jpg)
49
Passive Attacks
![Page 50: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/50.jpg)
50
Active Attacks
![Page 51: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/51.jpg)
51
Examples of security attacks
![Page 52: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/52.jpg)
52
Examples of security attacks
![Page 53: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/53.jpg)
53
Examples of security attacks
• Social engineering
![Page 54: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/54.jpg)
54
Examples of security attacks
• Impersonation
![Page 55: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/55.jpg)
55
Outline
• Course information• Motivation• Introduction to security• Basic network concepts• Network security models• Outline of the course
![Page 56: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/56.jpg)
56
Advantages of computer networks
• Resource sharing• Increased reliability• Distributing the workload• Expandability
![Page 57: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/57.jpg)
57
Network concepts
• Terminology: node, host, link, terminal• Media: cable, optical fiber, microwave• Type of network: LAN, WAN, internet• Topology: common bus, star or hub, ring• Protocol: ISO reference model, TCP/IP
![Page 58: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/58.jpg)
58
The Physical Organization of Networks
• Node: The generic name given to all devices hooked up to a network.– Each node must have a unique address assigned to them
by the network.– Networks are either direct-connected or those that are
not directly linked.• Direct-connected network: Those whose nodes have direct
connections through either physical or wireless links.– Point-to-point: Simplest version of direct-connected network.
Connecting two computing systems. » Example of point to point: Home to ISP.
• Example of a network that is not directly linked: Internet.
![Page 59: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/59.jpg)
59
The Physical Organization of Networks
Linking nodes:• The bus network -– A continuous coaxial cable to
which all the devices are attached.
– All nodes can detect all messages sent along the bus.
• The ring network -– Nodes linked together to form a
circle.– A message sent out from one
node is passed along to each node in between until the target node receives the message.
![Page 60: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/60.jpg)
60
The Physical Organization of Networks
Linking nodes:• The star network -– Each node is linked to a central
node.– All messages are routed
through the central node, who delivers it to the proper node.
• The tree network -(hierarchical network)– Looks like an upside-down tree
where end nodes are linked to interior nodes that allow linking through to another end node.
![Page 61: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/61.jpg)
61
The Physical Organization of Networks
Linking nodes:• The fully connected network -
– All nodes are connected to all other nodes.
• Internetworking -– Connecting together any number
of direct-connected networks.– The largest: Internet.
![Page 62: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/62.jpg)
62
The Physical Organization of Networks
• Categorizing networks according to size:
– DAN (Desk Area Network)– LAN (Local Area Network)– MAN (Metropolitan Area Network)– WAN (Wide Area Network)
![Page 63: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/63.jpg)
63
The Physical Organization of Networks
• DAN (Desk Area Network)– Making all components of a desktop computer available
to other computers on the network.• CPU - Unused computing power can be used by other
computers on the network.• Hard Disk - Items stored can be accessed by others or items
may be placed on the hard drive from other computers.• Video Display - Alert messages can be sent to the computer’s
display.• Other items - Other devices connected to the computer might
be needed by others connected to the network.
![Page 64: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/64.jpg)
64
The Physical Organization of Networks
• LAN (Local Area Network)– A collection of nodes within a small area.– The nodes are linked in a bus, ring, star, tree, or fully
connected topology network configuration.
– Benefits of LANs:• Sharing of hardware resources.• Sharing of software and data.• Consolidated wiring/cabling.• Simultaneous distribution of information.• More efficient person-to-person communication.
![Page 65: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/65.jpg)
65
The Physical Organization of Networks
• MAN (Metropolitan Area Network)– Consists of many local area networks linked
together.– Span the distance of just a few miles.
• WAN (Wide Area Network)– Consists of a number of computer networks including
LANs.– Connected by many types of links.
![Page 66: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/66.jpg)
66
Software Architectureof Networks
• Problem: – Connect several different machines running different operating
systems (Windows, OS/2, MacOS, UNIX, VMS...)– Now, try to: send email, data or files between them.
• Solution:– Create a standardized set of rules, or protocols, that, when
followed, will allow an orderly exchange of information.– A collection of these programs is called a protocol suite.
• Must be on all computers or nodes in the network.• In order to send data over the network, the necessary programs must
be executed.
![Page 67: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/67.jpg)
67
The concept of protocol layering
• The OSI seven layer model• TCP/IP
![Page 68: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/68.jpg)
68
Protocol Hierarchies
• Protocols are stacked vertically as series of ‘layers’.• Each layer offers services to layer above through
an interface, shielding implementation details.• Layer n on one machine communicates with layer
n on another machine (they are peer processes/entities) using Layer n Protocol.
• The entire hierarchy is called a protocol stack– e.g. the TCP/IP protocol stack
![Page 69: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/69.jpg)
69
Services and Protocols
• Service = set of primitives provided by one layer to layer above.
• Service defines what layer can do (but not how it does it).
• Protocol = set of rules governing data communication between peer entities, i.e. format and meaning of frames/packets.
![Page 70: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/70.jpg)
70
Layers, Protocols & Interfaces
Layer nLayer n-1/ninterface
Layer n/n+1interface
Layer nLayer n-1/ninterface
Layer n/n+1interfaceLayer n protocol
Physical communications medium
Layer 1 Layer 1
Layer 2 Layer 2Layer 1/2interface
Layer 1/2interface
Layer 2/3interface
Layer 2/3interfaceLayer 2 protocol
Layer 1 protocol
![Page 71: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/71.jpg)
71
Layering Principles
(n+1) EntityService User
(n) EntityService Provider
(n+1) EntityService User
(n) EntityService Provider
n+1PDU
Layer n+1 protocol
Layer n ServiceAccess Point (SAP)SDU
Layer n protocol
nPDU
PDU - Protocol Data UnitSDU - Service Data Unit
![Page 72: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/72.jpg)
72
The OSI Reference Model
• OSI Reference Model – an internationally standardised network architecture.
• An abstract representation of an ideal network protocol stack; not used in real networks.
• OSI = Open Systems Interconnection.• Specified in ISO 7498-1.• Model has 7 layers.
![Page 73: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/73.jpg)
73
Services in the OSI Model
• In OSI model, each layer provide servicesto layer above, and ‘consumes’ servicesprovided by layer below.
• Active elements in a layer are called entities.• Entities in same layer in different machines
are called peer entities.
![Page 74: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/74.jpg)
74
The OSI Model
Application LayerLayer 7
Layer 6
Layer 5
Layer 4
Presentation Layer
Session Layer
Transport Layer
Network LayerLayer 3
Data Link LayerLayer 2
Physical LayerLayer 1
![Page 75: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/75.jpg)
75
Lower/Upper Layers
• Layers 1-4 often referred to as lower layers.• Layers 5-7 are the upper layers.• Lower layers relate more closely to the
communications technology.• Layers 1 – 3 manage the communications subnet.
– the entire set of communications nodes required to manage comms. between a pair of machines.
• Layers 4 – 7 are true ‘end-to-end’ protocols.• Upper layers relate to application.
![Page 76: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/76.jpg)
76
Layer 7: Application Layer
• Home to wide variety of protocols for specific user needs, e.g.:– virtual terminal service,– file transfer,– electronic mail,– directory services.
![Page 77: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/77.jpg)
77
Layer 6: Presentation Layer
• Concerned with representation of transmitted data.• Deals with different data representations.
– ASCII or EBCDIC,– one’s complement or two’s complement,– byte ordering conventions,– floating point conventions (IEEE or proprietary).
• Also deals with data compression.
![Page 78: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/78.jpg)
78
Layer 5: Session Layer• Allows establishment of sessions between machines, e.g.
to– allow remote logins– provide file transfer service.
• Responsible for:– dialogue control
• which entity sends when with half-duplex communications.– token management
• E.g. control which entity can perform an operation on shared data. – synchronisation
• E.g. insertion of checkpoints in large data transfers.
![Page 79: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/79.jpg)
79
Layer 4: Transport Layer• Basic function is to take data from Session Layer, split it
up into smaller units, and ensure that the units arrive correctly.
• Concerned with efficient provision of service.– maybe multiple connections per session or multiple sessions per
connection.• The Transport Layer also determines the ‘type of service’
to provide to the Session Layer.– most commonly, error-free, point-to-point, with guarantee of
correct ordering of data.– could be transport of isolated messages only (no ordering
guarantees) or broadcast.
![Page 80: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/80.jpg)
80
Layer 3: Network Layer• Provides uniform addressing scheme for network addresses.• Shields upper layers from details of lower layers.• A key responsibility is control of routing.• Routing can be based on:
– static tables,– determined at start of session,– highly dynamic (varying for each packet depending on network
load).• Also responsible for congestion control and usage
monitoring.
![Page 81: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/81.jpg)
81
Layer 2: Data Link Layer
• Provides reliable, error-free service on top of raw Layer 1 service.– corrects errors at the ‘bit’ level.
• Breaks data into frames. – requires creation of frame boundaries using special bit
sequences.
• Frames used to manage errors via acknowledgements and selective frame retransmission.
![Page 82: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/82.jpg)
82
Layer 1: Physical Layer
• Concerned with bit transmission over physical channel.
• Issues include:– definition of 0/1,– whether channel simplex/duplex,– connector design.
• Mechanical, electrical, procedural matters.
![Page 83: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/83.jpg)
83
Internet Protocols vs OSI
Application
Presentation
Session
Transport
Network
Data Link
Physical
Application
TCPIP
Network Interface
Hardware
7
65
5
443 3
2 2
11
![Page 84: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/84.jpg)
84
Internet Protocols
• The Architecture of the Internet– Four-layer architecture:
FTP HTTP NV TFTP
TCP UDP
IP
Network #1 Network NNetwork #2
![Page 85: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/85.jpg)
85
TCP/IP Protocol LayeringHost A Host B
Application Layer Application Layer
Transport Layer
Internet Layer
Network Interface Layer
Physical Network
Transport Layer
Internet Layer
Network Interface Layer
Message
Packet
Datagram
Frame
![Page 86: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/86.jpg)
86
Protocol Layering and RoutingHost A Host B
Application Layer Application Layer
Transport Layer
Internet Layer
NetworkInterface
Physical Network
EthernetFrame
EthernetFrame
Network Layer
Transport Layer
Internet Layer
Network Interface
HTTP Message
TCP Packet
RouterInternet Layer
IP Datagram IP Datagram
Physical Network
![Page 87: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/87.jpg)
87
Outline
• Course information• Motivation• Introduction to security• Basic network concepts• Network security models• Outline of the course
![Page 88: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/88.jpg)
88
Model for Network Communication Security
![Page 89: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/89.jpg)
89
Model for Network Communication Security
• using this model requires us to: – design a suitable algorithm for the security
transformation – generate the secret information (keys) used by
the algorithm – develop methods to distribute and share the
secret information – specify a protocol enabling the principals to use
the transformation and secret information for a security service
![Page 90: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/90.jpg)
90
Model for Network Access Security
![Page 91: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/91.jpg)
91
Model for Network Access Security
• using this model requires us to: – select appropriate gatekeeper functions to
identify users – implement security controls to ensure only
authorised users access designated information or resources
• trusted computer systems can be used to implement this model
![Page 92: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/92.jpg)
92
Outline
• Course information• Motivation• Introduction to security• Basic network concepts• Network security models• Outline of the course
![Page 93: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/93.jpg)
93
Outline of the course
• Introduction (Chapter 1)• Conventional encryption: classical techniques,
modern techniques, algorithms, confidentiality using conventional encryption (Chapters 2—7)
• Public-key encryption and hash functions: public-key cryptography, number theory, message authentication and hash functions, hash and MAC algorithms, digital signatures and authentication protocols (Chapters 8—13)
![Page 94: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/94.jpg)
94
Outline of the course (Cont.)
• Network security practice: authentication applications, electronic mail security, IP security, Web security, anonymous communications (Chapters 14—17)
• Wireless network security• System security: intruders, viruses, and worms,
firewalls (Chapters 18—20)
![Page 95: Network Security 뫴룴ꙷꗾ - ailab.cs.nchu.edu.twailab.cs.nchu.edu.tw/course/NetworkSecurity/94b/0222.pdf · Crypto4e.html . 5 Course information (3/6) ... however when writing](https://reader036.vdocuments.site/reader036/viewer/2022070713/5ecf7777f54e942c9f1131da/html5/thumbnails/95.jpg)
95
Summary
• have considered:– computer, network, internet security def’s– security services, mechanisms, attacks– X.800 standard– basic network concepts– models for network (access) security