Saad Haj Bakry, PhD, CEng, FIEE
1
Understanding Network Security:the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE
PRESENTATIONS IN NETWORK SECURITYPRESENTATIONS IN NETWORK SECURITY
Saad Haj Bakry, PhD, CEng, FIEE 2
Information & Data. Networks. Security. Security Policy Issues.
Objectives / Contents
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 3
Information / Data (1)ISO Information Processing Vocabulary
Term DefinitionData The representation of facts, concepts
and instructions in a formalized manner suitable for communication, interpretation, or processing.
Information The meaning that is currently assigned to data by means of conventions applied to that data.
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 4
ISO Information Processing Vocabulary
Term DefinitionData Quality The correctness, timeliness,
accuracy, completeness, relevance, and accessibility that make data appropriate for use.
Information / Data (2)
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 5
ISO Information Processing Vocabulary
Term DefinitionData Integrity The data quality that exists as
long as accidental or malicious destruction, alteration, or loss of data does not occur
Data Corruption /
Contamination
The violation of data integrity.
Information / Data (3)
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 6
Networks (1)ISO Information Processing Vocabulary
Term DefinitionFunctional
UnitThe entity of hardware, or software, or both capable of accomplishing a specific purpose.
Data Source The functional unit that originates data for transmission.
Data Source The functional unit that accepts transmitted data.
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 7
Networks (2)ISO Information Processing Vocabulary
Term DefinitionDTE:
Data Terminal Equipment
The part of a data station that serves as a data source, data sink, or both .
DCE:Data Circuit Terminating
(Communication) Equipment
In a data station, the equipment that provides the signal conversion
and coding between the DTE and
the (communication) line.
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 8
Networks (3)
ISO Information Processing Vocabulary
Term DefinitionNode In a data network, a point where one
or more functional units interconnects channels or data circuits.
Data Network
An arrangement of data circuits and switching facilities for establishing connections between DTEs
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 9
Network (4): Structure
HH
Host / DTE
Nodes
Users
NN
NN NN
NN
COMMUNICATIONS
SUBNETWORK:HH
HH HH
HH
HH
UUUU
UU
UU
UU
UU
UU
ACCESS / SERVICES SUBNETWORK
DTE
DCE
DTE DCE
Nodes
Data Network
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 10
Networks (5)ISO Information Processing Vocabulary
Term DefinitionData
TransmissionThe conveying of data from one place for reception elsewhere by telecommunication means.
Data Transmission
Channel
A means of one way transmission
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 11
Networks (6)ISO Information Processing Vocabulary
Term DefinitionData
CommunicationsTransfer of information between functional units by means of data transmission according to a protocol.
Protocol A set of semantic and syntactic rules that determines the behaviour of functional units in achieving communications
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 12
Networks (7): ISO-OSI Protocols
APPLICATIONAPPLICATION
PRESENTATIONPRESENTATION
SESSIONSESSION
TRANSPORT`TRANSPORT`
NETWORKNETWORK
DATA LINKDATA LINK
PHYSICALPHYSICAL
APPLICATIONAPPLICATION
PRESENTATIONPRESENTATION
SESSIONSESSION
TRANSPORT`TRANSPORT`
NETWORKNETWORK
DATA LINKDATA LINK
PHYSICALPHYSICAL
COMMUNICATION MEDIUM
COMMUNICATION MEDIUM
PHYSICALPHYSICAL
DATA LINKDATA LINK
NETWORKNETWORK
COMMUNICATION SUBNETWORKCOMMUNICATION SUBNETWORK
COMMUNICATION MEDIUM
COMMUNICATION MEDIUM
PEER LEVELS
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 13
Networks (8)Internet Vocabulary
Term DefinitionInternet A global network of computer networks
based on TCP/IP protocols. It has the World Wide Web as its foundation
Intranet A private (company) network based on Internet technologies, featuring the same client-server architecture.
Extranet An Intranet extended to users outside the company (partners, providers, customers)
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 14
Network (9)
The Internet Level Potential World Wide Business Activities
The Internet Level Potential World Wide Business Activities
The Extranet Level Partners / Suppliers / Customers “Business Activities”
The Extranet Level Partners / Suppliers / Customers “Business Activities”
The Intranet Level Intra-organization ActivitiesThe Intranet Level
Intra-organization Activities
SecuritySecurity
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 15
Network (10): Internet ProtocolsApplication User Interface: E-mail / http / ftp /…
TCP / UDP Transmission Control Protocol
User Datagram Protocol
ICMP Internet Control Message Protocol
Address Resolution Protocol
Internet Protocol: Addressing / Routing / Congestion Control
IP
ARP
Data Link Point-to-Point Control: LAN / WAN
Physical Communication Interface: T-R / Links
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 16
Security (1)ISO Information Processing Vocabulary
Term DefinitionSecurity The condition of being secure
or the condition of being protected from or exposed danger.
Privacy The state or quality of being private.
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 17
ISO Information Processing Vocabulary
Computer System SecurityThe technological and the administrative safeguards established and applied to data processing to protect hardware, software, and data from accidental or malicious destruction or disclosure.
Security (2)
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 18
Security (3): Analysis of Definition
Issue DescriptionObject
(to be protected)
Hardware / Software / Data
Challenges (source)
Accidental / Malicious
Effect (protection from)
Destruction / Disclosure
Means (of
protection)
Technological / Administrative
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 19
Security (4)ISO Information Processing Vocabulary
Privacy ProtectionThe implementation of appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of data records, and to protect both security and confidentiality against any threat or hazard that could result in substantial harm, embarrassment, inconvenience or unfairness to any individual about whom such information is maintained.
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 20
Issue DescriptionObject (to be
protected)
Information / Data: Records (associated with individuals, or organizations: privacy)
Challenge (to object)
Security / Privacy
Effect (protection
from)
Threat & hazard that could result in harm, embarrassment, inconvenience,
or unfairness
Means (of protection)
Physical / Administrative / Technical
Security (5): Analysis of DefinitionUnderstanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 21
Security (6)ISO Information Processing Vocabulary
Term DefinitionCryptography A discipline involving
principles, means, and methods for changing data so that it is not readable.
Cryptanalysis An attack on one of the principles, means, or methods (to recover readability)
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 22
Security (7)ISO Information Processing Vocabulary
Term DefinitionEncryption / Enciphering
The process of changing data (plain text) so that it becomes unreadable (cipher text).
Decryption / Deciphering
The process of transforming cipher text back into plain text.
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 23
Policy (1): Security Levels
ISO Security Perimeters / LevelsAround the Network
Perimeter of trust: Trusted users (no hackers) Trusted system (reliability / testing)
Around the Process
Passport rules Vaccination for processes
programs & applications
Layered Perimeters
On each layer (ISO layered protocols): Peer entity (same level) services
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 24
Policy (2): Information Security Goals
ISO-OSI Special Interest Group on Security
Information Security GoalsProtection of data against: undetected loss and repetition unauthorized modification unauthorized disclosure
Data is Sequenced
Sealed
Private
Ensuring correct identity of sender & receiver
Signed by Sender Stamped by Receiver
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 25
Intranet-Extranet-Internet Flow / Flooding
Security of Information FlowProtection from undesired data
streams entering the Intranet (Private / National Networks)
Firewalls
Protection of private data streams from leaking out of the Intranet
Protection from denial of service :
Flooding “undesired generation of data”.
Anti-Virus
Policy (3): Goals Information Flow
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 26
Challenges on: HW / SW / Information
Security / Privacy
ISO Network Security Scope Technology (Systems) Administration / Management (Organization) People (Users / Hackers) Accidental / Malicious.
Policy Recommendations: ISO / Internet
Remarks / Understanding
Understanding Network Security: the ISO Principles
Saad Haj Bakry, PhD, CEng, FIEE 27
References M.D. Abrams and A.B. Jeng, “Network security protocol reference
model, and the trusted system evaluation criteria”, IEEE Network Magazine, Vol.1, No.2, pp 34-39, April 1987.
D.K. Branstad, “Considerations for security in the OSI architecture”, IEEE Network Magazine, Vol.1, No.2, pp 34-39, April 1987.
S.H. Bakry, “Security issues in computer networks”, Middle East Communications, Vol. 5, No. 12, pp. 13-16, December 1990.
D.Minoli, Telecommunications Technology Handbook, Artech House(US), 1991.
ISO Dictionary of Computer Science: The Standardized Vocabulary (23882), ISO, 1997.
F. Botto, Dictionary of e-Business, Wiley (UK), 2000. H.M. Deitel, P.J. Deitel, K. Steinbuhler, e-Business and e-Commerce
for Managers, Prentice-Hall (USA), 2001
Understanding Network Security: the ISO Principles