Introduction to Network Security
The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Cryptography systems can be broadly classified into symmetric-key systems that use a single key that both the sender and recipient have, and public-key systems that use two keys, a public key known to everyone and a private key that only the recipient of messages uses.
Write down objectives of computer security.
1. Confidentiality: This term covers two related concepts:
- Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.
- Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
2. Integrity: This term covers two related concepts:
- Data integrity: Assures that information and programs are changed only in a specified and authorized manner.
- System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
3. Availability: Assures that systems work promptly and service is not denied to authorize users.
A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability.
An assault on system security that derives from an intelligent threat. That is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.
Define Passive attack
Passive attack attempts to learn or make use of information from the system but does not affect system resources.
Define Active attack
Active attacks attempts to alter system resources or affect their operation.
OSI security architecture focuses on:
• Security attack: Any action that compromises the security of information owned by an organization.
• Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.
What do you mean by security service?
Service that is provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers. A processing or communication service that is provided by a system to give a specific kind of protection to system resources; security services implement security policies and are implemented by security mechanisms X.800 divides these services into five categories and fourteen specific services.
List X.800 Security Services
- Access control
- Data confidentiality
- Data integrity
- Non repudiation
Define Non repudiation.
Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.
The process of attempting to discover the plain text or key is known as cryptanalysis