COMPUTER
NETWORK SECURITY
Compiled by:
BEHAILU GOBANTI
CHAPTER ONE
CONTENTS
01
02
03
04
Definition of Computer Security and
Challenges of Computer Security
Security Goals and Security Attacks
Passive Attacks and Active Attacks
Types of Attacks Based on Security Goals
Network Security Services(NSS)
Data Confidentiality, Data Integrity,
Authentication, Non Repudiation, Access
Control
 Security Mechanisms
Cryptography & Steganography
INTRODUCTION TO SECURITY
DEFINITION OF COMPUTER SECURITY AND
CHALLENGES OF COMPUTER SECURITY
Definition of Computer Security and Challenges of
Computer Security
Your T COMPUTER SECURITY
also called cyber security, the protection
You
can simply impress
your and
audience
and add a unique
of computer
systems
information
from zing
and appeal to your Presentations. Get a modern PowerPoint
harm,
theft,
unauthorized
Presentation
thatand
is beautifully
designed.use. Here
Computer facilities have been physically
protected for three reasons:
To prevent theft of or damage to the hardware
To prevent theft of or damage to the information
To prevent disruption of service
Why ?
Increased rate of cyber crime.
Increased demand to protect data.
Increased number of Cyber criminals and cyber army .
Increased financial frauds
Why ?
24,000 millions of mobile
apps blocked daily
300 Billions passwords
were be generated
24 plus millions records
exposed every day
Cybercrime costs six
million dollar
In 2021
In 2020
In 2018
Health care attack will be quadruple
 60% of fraud originated from mobile devices
Personal data will be cheap
90 % the hackers uses encryption
In 2021
Future
expectation
The Challenges of Computer Security
Computer and network security is both fascinating and complex. Some of the
reasons follow:
Ransomware attacks
IoT attacks
Cloud attacks
Phishing attacks
Block chain and cryptocurrency attacks
Software vulnerabilities
Machine learning and AI attacks
Insider attacks
Outdated hardware
FACTORS AFFECTING CYBER
SECURITY
PLATFORMS AND TOOLS
OPERATION SUPPORT FOR SECURITY
NEW OR EMERGING SECURITY TOOLS
LEVEL OF IT COMPLEXITY AND
NETWORK CONNECTIVITY
NATURE OF BUSINESS
OUT SOURCING SERVICE PROVI
DERS
RISK TOLERANCE AND INDUSTRY
TREND
PARTNER SHIP
SECURITY GOALS
AVAILABILITY
CONFIDENTIALITY
Prevention of unauthorized disclosure of information
Authorized parties can access the information
(military secret )
INTEGRITY
Prevention of unauthorized
modification of information
Authorizing people can add,
remove or alter information
Prevention of unauthorized
withholding of information or resource
Information must be available on
demand
APPROACHES TO CYBER SECURITY
COMPLIANCE BASED SECURITY
Determine security implementation
Risk based security
Identifying unique risk
AD hoc
Implementing security with out criteria
CYBER SECURITY: KEY TERMS
Give rise to
THREAT AGENT
THREAT
Indirectly affects
EXPOSURE
VENERABILITY
.
Counter
measure
RISK
ASSET
Can damage
THREAT ACTOR CATEGORIES AND TYPES
Script kiddies
and Hactivist
B
A
C
Organized crime and
Nation state APT
Insider and Competitor
D
Natural environmental
threat
Sociopolitical threats
Supply system threat
Man made threat
MALWARE TYPES
WORMS
VIRUS
Backdoor
TROJANS
LOGIC BOMBS.
MALWARE
ADWARE
ROOT KIT .
SPYWARE
RANSOM WARE .
SECURITY ATTACKS
An attempt to gain unauthorized access to information resource or
services, or to cause harm or damage to information systems.
Internet
The unauthorized or illegal actions that are taken against the government, corporate, or
private IT assets in order to destroy, modify, or steal the sensitive data.
Intruder intercept
data traveling
through the network
Intruder Initiates of
commands to disrupt
network normal
operation
Active attacks
Hackers & Snoopers
Passive attacks
TYPES OF ATTACKS BASED ON SECURITY GOALS
AVAILABILITY
CONFIDENTIALITY
Threat level three
Threat level one
Monitoring Attack
Traffic Analysis Attack
Main in the middle(MiMA) Attack
SECURITY
INTEGRITY
Threat level two
Message Alternation Attack
message Fabrication attack
Incorrect Data Injecting Attack
DOS Attack
DDOS Attack
Malware Attack
Black hole Attack
Broadcast Tampering Attack
Spamming Attack
SECURITY SERVICES
Ports and Services Vulnerability Scan
OS Vulnerability Scan
Virus Check
Vulnerability Assessment
Automated to be sent to the customer
Endpoint device security protection and monitoring
Email spam and malware protection, monitoring, and
alerting
Domain Name System (DNS) breach protection and
internet-wide visibility on and off your networ
Firewall, IDS, and IPS monitoring and alerting
Quarterly vulnerability scan
CRYPTOGRAPHY & STEGANOGRAPHY
CRYPTOGRAPHY
Some security services can be implemented using
cryptography. Cryptography, a word with Greek origins,
means “secret writing”.
STEGANOGRAPHY
The word steganography, with its origin in Greek, means
“covered writing”, in contrast to cryptography, which
means “secret writing”.
STEGANOGRAPHY
Steganography is the art of hiding the existence of a message.
• It is used to insert digital watermarks on images to identify illegal copies.
• It is used to send secret messages through emails.
• It involves concealing the very existence of data by hiding it in some
other media such as a picture, audio, and video file.
Computer Security
Assignment (10%):
•
•
Read about these security attack related keywords.
Study about one of these keywords and write a five
page (maximum) summary of your findings
including any recorded history of significant
damages created by these attacks.
Send your report by email (bgobanti@gmail.com)
in doc. format one day before the next class).
Report content:
•
•
•
•
Introduction ( definition)
How the attack works
Prevention mechanisms
Serious damages caused
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
Brute Force Attack
Buffer Overflow
Cookie Injection
Cookie Poisoning
Cracking
DNS Poisoning
DoS Attack
DDoS Attack
Eavesdropping
HTTP Tunnel Exploit
ICMP Flood
Logic Bomb
Malware Attack
Packet Sniffing
Ping of Death
Serge
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
Spike
Server Spoofing
Session Hijacking
Smurf Attack
SNMP Community Strings
Spamming
Scam and Phishing
Spoofing Attack
SQL Injection
SYN Attack
Teardrop
Traffic Analysis
Trojan Horses
UDP Flood
Viruses
Worms
War Dialing
Wire Tapping
THANK YOU