Network security & information security maintainence modified
Download as PPT, PDF1 like992 views
The document is an independent study report on network security and information security maintenance. It discusses key topics like network security definitions and objectives, types of security attacks and mechanisms, security services, internet security models, information security standards, and maintenance models like the ISO model. The conclusion emphasizes the need for security techniques to reliably maintain information security.
Network security & information security maintainence modified
- 1. “Network Security & Information Security Maintenance” Independent Study (CS450) Under the guidance of: Smitesh.D.Patravali By, KeerthanKumar Shetty 2SD10CS403 CSE 8 ‘B’ SDMCET June 10,2013 Department of Computer Science &Department of Computer Science & EngineeringEngineering 1
- 2. Contents June 10,2013Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 2
- 3. Introduction :Network Security O Definition : Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. O Need for Network Security : • Protect vital information while still allowing access to those who need it Ex-Trade secrets, Business records, etc. • Provide authentication and access control for resources June 10,2013 DepartmentDepartment of Computer Science & Engineeringof Computer Science & Engineering 3
- 4. Fundamental Security Objectives June 10,2013Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 4
- 5. Security Attacks, Mechanism & Services O Security Attacks : Any action that compromises the security of information owned by an organization ,group or an individual. 2 types of Security Attacks June 10,2013Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 5
- 6. Security Attacks, Mechanism & Services June 10,2013 Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 6
- 7. Security Attacks, Mechanism & Services O Authentication Peer-Entity Data Origin O Access Control O Confidentiality Connection Confidentiality Connectionless Confidentiality Selective Confidentiality Traffic flow Confidentiality June 10,2013Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 7
- 8. Security services..Contd.. O Data Integrity Connection integrity with recovery Connection integrity without recovery Connectionless integrity Selective field Connection Integrity Selective field Connectionless Integrity O Non Repudiation Non Repudiation, origin Non Repudiation, Destination June 10,2013Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 8
- 9. Security Attacks, Mechanism & ServicesO Security Mechanisms : A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. June 10,2013 Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 9
- 10. Internetwork Security Model O A message is to be transferred from one party to another across some sort of Internet service. O The two parties, who are the principals in this transaction, must cooperate for the exchange to take place. O A logical information channel is established by defining a route through the Internet from source to destination and by the cooperative use of communication protocols (e.g., TCP/IP) by the two principals. Network Security Model June 10,2013Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 10
- 11. This general model shows that there are four basic tasks in designing a particular security service: O1. Design an algorithm for performing the security- related transformation. Thealgorithm should be such that an opponent cannot defeat its purpose. O2. Generate the secret information to be used with the algorithm. O3. Develop methods for the distribution and sharing of the secret information. O4. Specify a protocol to be used by the two principals that makes use of the securityalgorithm and the secret information to achieve a particular security service. June 10,2013Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 11 Internetwork Security Model
- 12. Internet Standards & RFC’s June 10,2013Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 12
- 13. Information Security Maintenance O Once an organization has improved the security posture of the organization, the security group must turn its attention to the maintenance of security readiness O Information security must constantly monitor the threats, assets, and vulnerabilities O The team also reviews external information to stay on top of the latest general and specific threats to its information security O It is more expensive to reengineer the information security profile again and again June 10,2013Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 13
- 14. Security Management Models Management models are frameworks that structure the tasks of managing a particular set of activities or business functions. ISO Model The ISO management model is a five-layer approach that provides structure to the administration and management of networks and systems The core ISO model addresses management and operation thorough five topics: O Fault management O Configuration and Change management O Accounting management O Performance management O Security management June 10,2013 Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 14
- 15. ISO Model Contd…. June 10,2013Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 15
- 16. The Maintenance Model June 10,2013Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 16
- 17. Conclusion O Hence, we can conclude that the need for security in communicating networks is mandatory & the techniques provided to maintain information security are more reliable & implementing the same can serve our purpose in achieving higher security to our Information & network. June 10,2013Department of Computer Science & EngineeringDepartment of Computer Science & Engineering 17
- 18. www.Wikepeadia.com. Network Security Essentials ,Fourth Edition by William Stallings. Principles of Information Security by Michael D Whitman. June 10,2013Department of Computer Science & Engineering 18 References
- 19. Thank you!!! June 10,2013Department of Computer Science & Engineering 19