Chapter-1

Introduction to Computer and

Network Security

02/28/2025 1
Outline

 What is Security?
 Why Security?
 Security Policy and Mechanism
 Security trend
 Sources and consequences of risks
 Types of Vulnerabilities
 Security criteria
 Security attack types
 Security services, mechanisms and model

02/28/2025 2
Chapter Objectives

 At the end of this chapter, students will be able

to understand:
 The definition of security and why we have to
study this field as computer engineering student
 Types of risk in computer and network day to day
activity
 Different Security attacks and how to defend you
self and the organization you are responsible for.
 Security criteria

02/28/2025 Security services and mechanisms
3
What is Security?

 Most of computer science technology is concerned

with achieving desired behavior.
 In some sense, security is concerned with
preventing undesired behavior
 Different way of thinking!
 An enemy/opponent/hacker/adversary may be
actively and maliciously trying to circumvent any
protective measures you put in place

02/28/2025 4
What is Security?...
 Security:

“The most secure

computers are those
not connected
to the Internet and
shielded from any
interference”

02/28/2025 5
What is Security?...

 Computer security is about

provisions and policies adopted to
protect information and property
from theft, corruption, or natural
disaster while allowing the
information and property to remain
accessible and productive to its
intended users.

 Securing computers against

02/28/2025 6
What is Security?...

 Network security on the other hand deals with

provisions and policies adopted to prevent and
monitor unauthorized access, misuse,
modification, or denial of the computer network
and network-accessible resources.

 Computer security: focuses on security aspects of

systems in isolation

 Network security: focuses on security of data as it

is transmitted between networked systems
02/28/2025 7
Why Security?...

• Good Security Standards follow the “90 / 10”

Rule:

• 10% of security safeguards are technical and

• 90% of security safeguards rely on the

computer user (“YOU”) to adhere to good

computing practices .

02/28/2025 8
Why Security?...

• Example: The lock on the door is the 10%. You

remembering to lock the lock, checking to see if

the door is closed, ensuring others do not open

the door, keeping control of the keys, etc. is the

90%.

• You need both parts for effective security.

02/28/2025 9
Why Security?...
 What Does This Mean for Me?

 This means that everyone who uses a computer

or mobile device needs to understand how to
keep their computer, devices and data secure.

 Information Security is everyone’s responsibility

and that is why we study computer and network
security.

02/28/2025 10
Computer security

Basic components

• Confidentiality

Av
ity
• Integrity

ai l
gr
Security

te

ab
objectives
• Availability

In

ili
ty
CIA triad

Confidential
ity

11
Confidentiality

• Confidentiality is the concealment of information or

resources.
• The need for keeping information secret arises from the
use of computers in sensitive fields such as government
and industry.
• For example, military and civilian institutions in the
government often restrict access to information to those
who need that information.
• The first formal work in computer security was
motivated by the military's attempt to implement
controls to enforce a "need to know" principle.
• This principle also applies to industrial firms, which keep12
Confidentiality - Example

• Enciphering an income tax return will prevent anyone from reading it.
• If the owner needs to see the return, it must be deciphered.
• Only the possessor of the cryptographic key can enter it into a deciphering
program.
• However, if someone else can read the key when it is entered into the
program, the confidentiality of the tax return has been compromised.
• All the mechanisms that enforce confidentiality require supporting services
from the system.
• The assumption is that the security services can rely on the kernel, and other
agents, to supply correct data.
• Thus, assumptions and trust underlie confidentiality mechanisms.
13
Integrity

• Trustworthiness of data or resources

• Mechanisms: Prevention vs. detection

• Blocking unauthorized attempts to change data, or attempts
to change data in unauthorized ways
• The second is much harder…

• Correctness vs. trustworthiness of data

14
Integrity

• Integrity refers to the trustworthiness of data or resources, and it is

usually phrased in terms of preventing improper or unauthorized
change.

• Integrity includes data integrity (the content of the information)

and origin integrity (the source of the data, often called
authentication).

• The source of the information may bear on its accuracy and

credibility and on the trust that people place in the information.
15
Integrity
• Prevention mechanisms seek to maintain the integrity of the data by
blocking any unauthorized attempts to change the data or any attempts to
change the data in unauthorized ways.
• For example, suppose an accounting system is on a computer.
• Someone breaks into the system and tries to modify the accounting data.
• Then an unauthorized user has tried to violate the integrity of the accounting
database. (example the event 40/60 housing lottery program in Addis Ababa)
• Detection mechanisms do not try to prevent violations of integrity; they
simply report that the data's integrity is no longer trustworthy.
• Detection mechanisms may analyze system events (user or system actions) to
detect problems or (more commonly) may analyze the data itself to see if
required or expected constraints still hold.
• The mechanisms may report the actual cause of the integrity violation (a
specific part of a file was altered), or they may simply report that the file is now
corrupt. 16
Availability

• Ability to use the info or resource

• Denial of service attacks – attempts to block availability
• Denying access can lead to more serious attacks
• I.e., if credit card verification is down

17
Availability
• Availability refers to the ability to use the information or resource
desired.
• Availability is an important aspect of reliability as well as of
system design because an unavailable system is at least as bad
as no system at all.
• The aspect of availability that is relevant to security is that
someone may deliberately arrange to deny access to data or to a
service by making it unavailable.
• System designs usually assume a statistical model to analyze
expected patterns of use, and mechanisms ensure availability
when that statistical model holds.
• Someone may be able to manipulate use (or parameters that
control use, such as network traffic) so that the assumptions of
18
Threats
• A threat is a potential violation of security.
• The violation need not actually occur for there to be a threat. The
fact that the violation might occur means that those actions that
could cause it to occur must be guarded against (or prepared for).
• Those actions are called attacks. Those who execute such actions,
or cause them to be executed, are called attackers.
• The three security services—confidentiality, integrity, and
availability—counter threats to the security of a system.
• Common attacks can be categorized as:
• Snooping, eavesdropping
• Modification, alteration
• Masquerading, spoofing
• False repudiation/denial of receipt
• Network delay, denial of service
19
Threats …
• Snooping: the unauthorized interception of information, is a form of disclosure.
• It is passive, suggesting simply that some entity is listening to (or reading)
communications or browsing through files or system information.
• Wiretapping, or passive wiretapping, is a form of snooping in which a network is
monitored. Confidentiality services counter this threat.
• Modification or alteration: an unauthorized change of information, covers three
classes of threats.
• The goal may be deception, in which some entity relies on the modified data to
determine which action to take, or in which incorrect information is accepted as
correct and is released.
• If the modified data controls the operation of the system, the threats of disruption
arise.
• Masquerading or spoofing: an impersonation of one entity by another, is a form
of both deception and usurpation (take over).
• It lures a victim into believing that the entity with which it is communicating is a different
entity.
• For example, if a user tries to log into a computer across the Internet but instead reaches
another computer that claims to be the desired one, the user has been spoofed. 20
Security Policy and Mechanism

• A security policy is a statement of what is, and what is not,

allowed.
• often require some procedural mechanisms that technology
cannot enforce

• A security mechanism is a method, tool, or procedure for

enforcing a security policy.
• can be nontechnical, such as requiring proof of identity before
changing a password

• One is meaningless without 21the other…

02/28/2025
Goals of security

• Given a security policy’s specification of “secure” and

“nonsecure” actions, these security mechanisms can
prevent the attack, detect the attack, or recover from
the attack.

• Prevention – make attack fail, e.g. disconnecting a host

to prevent from attack
• Involves implementation of mecha nisms that users cannot
override and that are trusted to be implemented in a correct,
02/28/2025 22
Goals of security
• Detection – used when an attack cannot be prevented
• Detection mechanisms accept that an attack will occur; the
goal is to determine that an attack is underway, or has
occurred, and report it (monitor nature severity, results)
• Should give warning; e.g when password entered 3 times
• Drawback: do not prevent compromised system

• Recovery – two forms:

• stop an attack and to assess and repair any damage caused by
that attack
02/28/2025 23
Security Trends

 In 1994, the Internet Architecture Board (IAB)

issued a report entitled "Security in the Internet
Architecture" (Request for Comments/RFC 1636).

 The report stated the general consensus that the

Internet needs more and better security, and it
identified key areas for security mechanisms.

02/28/2025 24
Security Trends…

 Among these were:

 the need to secure the network infrastructure
from unauthorized monitoring and control of
network traffic and
 the need to secure end-user-to-end-user traffic
using authentication and encryption
mechanisms.

02/28/2025 25
Security Trends…

 Internet-related vulnerabilities over a 10-year

These include:
period.
• Security weaknesses in the
OS of attached computers
(e.g., Windows, Linux) as
well as
• Vulnerabilities in Internet
routers and
other network devices.

02/28/2025 26
Who are the attackers?

 In computer and computer networks, an attacker

is the individual or organization who performs the
malicious activities to destroy, expose, alter,
disable, steal or gain unauthorized access to or
make unauthorized use of an asset.

 Attackers use every tools and techniques they

would try and attack us to get unauthorized
access.

02/28/2025 27
Who are the attackers?...

 Basically, there are four main types of attackers:

02/28/2025 28
Who are the attackers?...

1. Cyber Criminals

 Cybercriminals are individual or group of people

who use technology to commit cybercrime with
the intention of stealing sensitive company
information or personal data and generating
profits.

 In today's, they are the most prominent and most

active type of attacker.

02/28/2025 29
Who are the attackers?...

2. Hacktivists

 Hacktivists are individuals or groups of hackers

who carry out malicious activity to promote a
political agenda, religious belief, or social
ideology.

 They are not like cybercriminals who hack

computer networks to steal data for the cash.

 They see themselves as fighting injustice.

02/28/2025 30
Who are the attackers?...

3. State-sponsored Attacker

 These attackers have particular objectives

aligned with either the political, commercial or
military interests of their country of origin.

 The government organizations have highly skilled

hackers and specialize in detecting vulnerabilities
and exploiting these before the holes are
patched. It is very difficult to defeat these
attackers due to the vast
02/28/2025 31
resources they use.
Who are the attackers?...

4. Insider Threats

 The insider threat is a threat to an organization's

security or data that comes from within.

 These type of threats usually occur from

employees or former employees, but may also
arise from third parties, including contractors,
temporary workers, employees or customers.

02/28/2025 32
Who are the attackers?...

4. Insider Threats

 Insider threats can be categorized in to three:

02/28/2025 33
Who are the attackers?...

4.1. Malicious

 Malicious threats are attempts by an insider to

access and potentially harm an organization's
data, systems or IT infrastructure.

 These insider threats are often attributed to

dissatisfied employees or ex-employees who
believe that the organization was doing
something wrong with them in some way, and
they feel justified in seeking revenge.
02/28/2025 34
Who are the attackers?...

4.2. Accidental

 Accidental threats are threats which are

accidently done by insider employees.

 In this type of threats, an employee might

accidentally delete an important file or
inadvertently share confidential data with a
business partner going beyond company’s policy
or legal requirements.
02/28/2025 35
Who are the attackers?...
4.3. Negligent

 These are the threats in which employees try to

avoid the policies of an organization put in place
to protect endpoints and valuable data.

 For example, if the organization have strict

policies for external file sharing, employees
might try to share work on public cloud
applications so that they can work at home.

 Note: In addition to the above mentioned

02/28/2025 36
What are the vulnerabilities?

 Physical vulnerabilities (Eg. Computer can be

stolen)

 Natural vulnerabilities (Eg. Earthquake)

 Hardware and Software vulnerabilities (Eg.

Failures)

 Media vulnerabilities (Eg. Hard disks can be

stolen)

 Communication vulnerabilities (Ex. Wires can be

02/28/2025 37
What are the vulnerabilities?...

 Poorly chosen passwords

 Software bugs (non reliability of software)
 Automatically running active content: active-x,
scripts, Java programs (applet)
 Open ports
 Incorrect configuration
 File permissions
 Administrative privileges

02/28/2025 38
What are the vulnerabilities?...

 Untrained users/system administrators

 Trap doors (intentional security holes)

 Unencrypted communication

 Limited Resources (i.e. TCP connections)

02/28/2025 39
What are the consequences?

 Failure/End of service

 Reduction of Quality of Service (QoS), down to Denial

of Service (DoS).

 Internal problems in the enterprise

 Trust decrease from partners (client, providers, share-

holders)

 Technology leakage

 Human consequences (personal data, sensitive data -

02/28/2025 40
Next:
• Security criteria
• Attack types and measures
• Services
• Mechanisms
• models
Security Criteria

 Security Evaluation Criteria are usually presented

as a set of parameter thresholds that must be
met for a system to be evaluated and deemed
acceptable.

 These criteria are established based on a Threat

Assessment to establish the extent of the data
sensitivity, the security policy, and the system
characteristics.

02/28/2025 42
Security Criteria

 Security is expressed in terms of:

 Availability
 Integrity
 Confidentiality
 Authentication

 Note: Authentication is a foundations of security.

In its absence, all security properties can be
violated
02/28/2025 43
Security Criteria…

1. Availability

 It requires that computer and network assets are

only available to authorized parties.

 Computer and network should provide all the

designated services in the presence of all kinds
of security attack.

02/28/2025 44
Security Criteria…

2. Integrity

 It requires that messages should be modified or

altered only by authorized parties.

 Modification includes writing, changing, deleting,

and creating the message that is supposed to be
transmitted across the network.

 Integrity guarantees that no modification,

addition, or deletion is done to the message.
02/28/2025 45
Security Criteria…

3. Confidentiality

 It requires that the message can only be

accessible for reading by authorized parties.

 It also requires that the system should verify the

identity of a user.

4. Authentication

 It means that correct identity is known to

communicating parties.46
02/28/2025
Security Attack Types

 Categories of Attacks
 Interruption: An attack on Availability
 Modification: An attack on Integrity
 Interception: An attack on Confidentiality
 Fabrication: An attack on Authenticity

02/28/2025 47
Security Attack Types…
 Attacks…
Source

Normal flow of information Destination

Attack

Interruption Interception

Modification Fabrication

02/28/2025 48
Security Attack Types…

 The attacks can also be classified by the

following criteria.
 Passive or active,
 Internal or external,
 At different TCP/IP protocol Layers

02/28/2025 49
Security Attack Types…

1. Passive vs. Active attacks

 A passive attack is a network attack in which a system

is monitored and sometimes scanned for open ports
and vulnerabilities.

 The purpose of a passive attack is to gain information

about the system being targeted; it does not involve
any direct action on the target.

 These kind of attacks attempt to learn or make use of

the information without
02/28/2025 50 changing the content of the
Security Attack Types…

1. Passive vs. Active attacks

 Passive attacks include active reconnaissance

and passive reconnaissance.

 In a computer security context, reconnaissance is

the act of exploring a system or network in order
to gather information before conducting a full
attack.

 Example: traffic analysis and monitoring,

Eavesdropping
02/28/2025 51
Security Attack Types…

1. Passive vs. active attacks…

 Passive attacks do not affect system resources

and they are very difficult to detect because:
 Message transmission apparently normal
 No alteration of the data

 Emphasis on prevention rather than detection

 By means of encryption

02/28/2025 52
Security Attack Types…

1. Passive vs. active attacks…

 Active attack attempts to interrupt, modify,

delete, or fabricate messages or information
thereby disrupting normal operation of the
network.

 Some examples of active attacks include:

Jamming, impersonating, modification, denial of
service (DoS).

 Difficult to prevent. The

02/28/2025 53
goal is to detect and
Security Attack Types…

2. Internal vs. External attacks

 External attacks are carried out by hosts that

don’t belong to the network domain, sometimes
they are called outsider.

 E.g. It can cause congestion by sending false

routing information thereby causing
unavailability of services.

 In case of internal attack, the malicious node

from the network gains54 unauthorized access and
02/28/2025
Security Attack Types…
3. Attacks at different TCP/IP protocol Layers

02/28/2025 55
Common security attacks and their
countermeasures
 Finding a way into the network
 Firewalls

 Exploiting software bugs, buffer overflows

 Intrusion Detection Systems

 Denial of Service
 Access filtering, IDS

 TCP hijacking
 IPSec
02/28/2025 56
Common security attacks and their
countermeasures…
 Packet sniffing
 Encryption (SSL, HTTPS)

 Social problems
 Education

02/28/2025 57
Security Services

 X.800:

 “a service provided by a protocol layer of

communicating open systems, which ensures
adequate security of the systems or of data
transfers”

 RFC 2828:

 “a processing or communication service provided

by a system to give a specific kind of protection
to system resources”
02/28/2025 58
Security Services (X.800)…

 Authentication - assures that communicating entity is

the one claimed.

 Access Control - prevention of the unauthorized use

of a resource.

 Data Confidentiality –protection of data from

unauthorized disclosure.

 Data Integrity - assurance that data received is as

sent by an authorized entity.

 Non-Repudiation - protection against denial by one of

02/28/2025 59
Security Mechanism

 Security mechanisms are features designed to

detect, prevent, or recover from a security
attack.

 No single mechanism that will support all

services required.

 However one particular element underlies many

of the security mechanisms in use.

 Hence Cryptographic techniques will be our focus

02/28/2025 60
Security Mechanism (X.800)

 Specific security mechanisms:

 Ciphering/deciphering, digital signatures, data

integrity, authentication exchange, routing
control, …

 Firewall, proxy server

 Access control, Intrusion detection system

02/28/2025 61
Security Model

 A Network Security Model exhibits how the

security service has been designed over the
network to prevent the opponent from causing a
threat to the confidentiality or authenticity of the
information that is being transmitted through the
network.

 Any security service would have the three

components discussed below:

02/28/2025 62
Security Model

 1. Transformation of the information which has to

be sent to the receiver. So, that any opponent
present at the information channel is unable to
read the message.

 This indicates the encryption of the message.

 It also includes the addition of code during the

transformation of the information which will be
used in verifying the identity of the authentic
receiver.
02/28/2025 63
Security Model

 2. Sharing of the secret information between

sender and receiver of which the opponent must
not get any clue.

 Yes, we are talking of the encryption key which is

used during the encryption of the message at the
sender’s end and also during the decryption of
message at receiver’s end.

02/28/2025 64
Security Model

 3. There must be a trusted third party which will

distribute the secret information to both sender
and receiver.

 While designing the network security model,

designer must also concentrate on developing
the methods to distribute the key to the sender
and receiver.

 An appropriate methodology must be used to

deliver
02/28/2025 the secret65 information to the
Security Model
 Model for Network Security

02/28/2025 66
Security Model…Eight Security

Dimensions
1. Access Control Security Dimension

 The Access Control Security Dimension ensures that

only authorized personnel or devices are allowed
access to network elements, stored information,
information flows, services and applications.

 In addition, Role-BasedAccess Control (RBAC) provides

different access levels to guarantee that individuals
and devices can only gain access to and perform
operations on network elements, stored information,
and information flows that67 they are authorized for.
02/28/2025
Security Model…Eight Security

Dimensions Security Dimension

2. Authentication

 The Authentication Security Dimension serves to

confirm the identities of communicating entities.

 Authentication ensures the validity of the claimed

identities of the entities participating in
communication (e.g. person, device, service or
application) and provides assurance that an entity is
not attempting a masquerade or unauthorized replay
of a previous communication.

 Examples: shared secret key, digital signature, digital

02/28/2025 68
Security Model…Eight Security

Dimensions
3. Non-repudiation Security Dimension

 The Non-repudiation Security Dimension provides

Assurance that the sender of information is provided
with proof of delivery and the recipient is provided
with proof of the sender's identity, so neither can later
deny having processed the information.

 It ensures the availability of evidence that can be

presented to a third party and used to prove that
some kind of event or action has taken place.
02/28/2025 69
Security Model…Eight Security

Dimensions
4. Data Confidentiality Security Dimension

 The Data Confidentiality Security Dimension protects

data from unauthorized disclosure.

 Data Confidentiality ensures that the data content

cannot be understood by unauthorized entities.

 Example: Encryption, access control lists, and file

permissions are methods often used to provide data
confidentiality.

02/28/2025 70
Security Model…Eight Security

Dimensions Security Dimension

5. Communication

 The Communication Security Dimension ensures that

information flows only between the authorized end
points (the information is not diverted or intercepted
as it flows between these end points).

 It ensures that information flows from source to

destination.

 Ex: Virtual Private Network(VPN), Multiprotocol Label

Switching(MPLS)
 VPN describes the opportunity to establish a protected
02/28/2025 71
Security Model…Eight Security

Dimensions
6. Data Integrity Security Dimension

 The Data Integrity Security Dimension ensures the

correctness or accuracy of data.

 The data is protected against unauthorized

modification, deletion, creation, and replication and
provides an indication of these unauthorized
activities.

 Examples: MD5, digital signature, anti-virus software

 MD5(Message Digest Algorithm) is a cryptographic
02/28/2025 protocol used for authenticating
72 messages as well as
Security Model…Eight Security

Dimensions
7. Availability Security Dimension

 The Availability Security Dimension ensures that there

is no denial of authorized access to network elements,
stored information, information flows, services and
applications due to events impacting the network.

 Disaster recovery solutions are included in this

category.

 Examples IDS/IPS, network redundancy.

 Network redundancy is process of providing

02/28/2025 73
Security Model…Eight Security

Dimensions
8. Privacy Security Dimension

 The Privacy Security Dimension provides for the

protection of information that might be derived from
the observation of network activities.

 It Ensures that identification and network use is kept

private

 Examples of this information include web-sites that a

user has visited, a user's geographic location, and the
IP addresses and DNS names of devices in a Service
Provider network.
02/28/2025 74
Thank You

02/28/2025 75