网络安全概述课件.pptVIP

Introduction to Network Security 陳嘉玫 中山大學 資管系 Why Need Security? Computers store a wide range of information -- medical, credit card, or financial data; Computer networks get popular; Misuse computer systems or alter the data. Why secure a computer/network is hard? Error-free software? Security is added/considered at late stage. Security add-on cost. People who use/administer the system/network do not follow security guidelines. Social engineering Security Plan To define your security needs Understands potential attackers Provides the security services Determine the level of security needed Find out the vulnerabilities Security Attack Categories interruption -- attack on availability interception -- attack on confidentiality modification -- attack on integrity fabrication -- attack in authentication Passive attack eavesdropping monitoring transmission Active attack modification of message masquerade replay denial of service Attacking Classification Attacks against design as strong as the encryption algo random number generator Attacks against implementation Attacks against hardware Attacks against trust models Attacks on users Attacks against failure recovery default to insure mode version rollback attack upgrade without shutting down Attacks against cryptography Security Services Confidentiality Integrity Availability Authentication Authorization Non-repudiation Tasks for Designing of a security service Design an algorithm for performing security-related transformation Create secret info used with the algorithm Develop methods for distribution and sharing secret info. Specify a protocol for two parties model from Fig 1-3 Network Access Security Model Information access threats intercept/modify data Service threats exploit service flaws Cases that not fit in model in Fig 1-3 Cryptography Classified in 3 dimensions type of operations used for transformation substitution transposition number of keys used way in which the plaintext processed block cipher – on blocks