University of Mosul

College of Engineering
Computer Engineering Dept.

Network Security
2024-2025
Lecture 1
Introduction to Network Security
Asst. Prof. Dr. Mayada Faris Ghanim
 References
• Security in Computing, Charles P. Pfleeger,
Shari Lawrence Pfleeger and Jonathan
Margulies, Prentice Hall, fifth edition, ISBN-
13: 978-0-13-408504-3, 2015.
• Cryptography and Network Security
Principles and Practice, William Stallings,
Pearson Education, seventh edition, ISBN
978-0-13-444428-4, 2017

2
 What is Cyber Security?
Cyber security is the protection of computer systems and
networks from the theft of or damage to their hardware,
software or data, as well as from the disruption or
misdirection of the services they provide. In other words, Cyber
security is the protection of the items you value, called the
assets of a computer or computer system.
Data

3
 What is Network Security?
Network security is a crucial aspect of
information technology that involves the
protection of computer networks, systems, and
data from unauthorized access, attacks, and
damage. As organizations increasingly rely on
interconnected systems and the internet for
their day-to-day operations, the importance of
network security cannot be overstated.
4
 The Vulnerability
• A vulnerability is a weakness in the system, for
example, in procedures, design, or
implementation, that might be exploited to
cause loss or harm. For instance, a particular
system may be vulnerable to unauthorized
data manipulation because the system does
not verify a user’s identity before allowing
data access.
5
 The Vulnerability
Computer systems have vulnerabilities too; such
as weak authentication, lack of access control,
errors in programs, finite or insufficient
resources, and inadequate physical protection.
Paired with a credible attack, each of these
vulnerabilities can allow harm. Each attack
vector seeks to exploit a particular vulnerability.

6
 Threat
• A threat to a computing system is a set of
circumstances that has the potential to cause
loss or harm.
• We can consider potential harm to assets in
two ways: First, we can look at what bad things
can happen to assets, and second, we can look
at who or what can cause or allow those bad
things to happen. These two perspectives
enable us to determine how to protect assets 7
 Control Paradigm
We use a control or countermeasure as
protection. That is, a control is an action, device,
procedure, or technique that removes or
reduces a vulnerability.
In general, we can describe the relationship
between threats, controls, and vulnerabilities in
this way: A threat is blocked by control of a
vulnerability.
8
 C-I-A Triad or the Security Triad
Availability: the ability of a system to ensure
that an asset can be used by any authorized
parties
• Ensuring that network resources and
services are accessible when needed.
• Protecting against denial-of-service (DoS)
attacks that could disrupt or degrade service
availability.
9
 C-I-A Triad or the Security Triad
Integrity: the ability of a system to ensure that
an asset is modified only by authorized parties
• Ensuring the accuracy and reliability of data.
• Detecting and preventing unauthorized
modifications or alterations to data.

10
 C-I-A Triad or the Security Triad
Confidentiality: the ability of a system to ensure
that an asset is viewed only by authorized
parties
• Protecting sensitive information from
unauthorized access.
• Encryption techniques are commonly used
to ensure that data remains confidential,
even if intercepted.
11
ISO 7498-2 adds to them two more properties
that are desirable, particularly in communication
networks:
Authentication: the ability of a system to
confirm the identity of a sender
• Verifying the identity of users, devices, or
systems attempting to access the network.
• Multi-factor authentication (MFA) is often
employed to enhance the security of access
controls.
12
Nonrepudiation or accountability: the ability of
a system to confirm that a sender cannot
convincingly deny having sent something
• Ensuring that a user or entity cannot deny
their actions.
• Digital signatures and audit logs are used to
establish a trail of activities.

13
What can happen to harm the confidentiality,
integrity, or availability of computer assets?
If a thief steals your computer, you no longer
have access, so you have lost availability;
furthermore, if the thief looks at the pictures or
documents you have stored, your confidentiality
is compromised. And if the thief changes the
content of your files but then gives them back
with your computer, the integrity of your data
has been harmed.
14
 Types of Threats
One way to analyze harm is to consider the
cause or source. We call a potential cause of
harm a threat. Harm can be caused by either
nonhuman events or humans.
1. nonhuman threats include natural disasters
like fires or floods; loss of electrical power;
failure of a component such as a
communications cable, processor chip, or
disk drive.
15
 Types of Threats
2. Human threats can be either benign
(nonmalicious) or malicious. Nonmalicious kinds
of harm include someone’s accidentally spilling a
soft drink on a laptop, inadvertently sending an
email message to the wrong person, and
carelessly typing “12” instead of “21” when
entering a phone number or clicking “yes”
instead of “no” to overwrite a file.

16
 Types of Threats
These human errors happen to most people; we
just hope that the seriousness of harm is not too
great, or if it is, that we will not repeat the
mistake.
Most computer security activity relates to
malicious, human-caused harm: A malicious
person actually wants to cause harm, and so we
often use the term attack for a malicious
computer security event. Malicious attacks can
be random or directed. 17
 Malicious attacks
In a random attack the attacker wants to harm
any computer or user. An example malicious
code posted on a website that could be visited
by anybody.
In a directed attack, the attacker intends harm
to specific computers, perhaps at one
organization or belonging to a specific individual
(think of trying to drain a specific person’s bank
account, for example, by impersonation).
18
Types of Threats

19
 Types of Attackers
1. Individuals: computer attackers were individuals,
acting with motives of fun, challenge, or revenge.
Early attackers acted alone.
2. Organized, Worldwide Groups: More recent
attacks have involved groups of people.

20
 Types of Attackers
3. Organized Crime: Attackers’ goals include
fraud, extortion and money laundering, areas
in which organized crime has a well-
established presence.
4. Terrorists: The link between computer
security and terrorism is quite evident.

21
 Controls
A control or countermeasure is a means to
counter threats. Harm occurs when a threat is
realized against a vulnerability. To protect
against harm, then, we can neutralize the threat,
close the vulnerability, or both. The possibility
for harm to occur is called risk.

22
We can deal with harm in several ways:
• prevent it, by blocking the attack or closing the
vulnerability
• deter it, by making the attack harder but not
impossible
• deflect it, by making another target more
attractive (or this one less so)
• mitigate it, by making its impact less severe
• detect it, either as it happens or some time after
the fact
• recover from its effects
23
 Controls
Of course, more than one of these controls can
be used simultaneously. So, for example, we
might try to prevent intrusions—but if we
suspect we cannot prevent all of them, we
might also install a detection device to warn of
an potential attack.
Security professionals balance the cost and
effectiveness of controls with the likelihood and
severity of harm.
24
We can group controls into three
largely independent classes:
1. Physical controls stop or block an attack by
using something tangible too, such as
– locks
–(human) guards
–fire extinguishers

25
 We can group controls into three
largely independent classes:
2. Procedural or administrative controls use a
command or agreement that requires or advises
people how to act; for example,
– laws, regulations
– policies, procedures, guidelines
– copyrights, patents
– contracts, agreements
26
We can group controls into three
largely independent classes:
3. Technical controls counter threats with
technology (hardware or software),including
– passwords
– program or operating system access controls
– network protocols
– firewalls, intrusion detection systems
– encryption
– network traffic flow regulators 27
Types of Countermeasures

28
 The OSI Security Architecture*
To assess effectively the security needs of an
organization and to evaluate and choose various
security products and policies, the manager responsible
for security needs some systematic way of defining the
requirements for security and characterizing the
approaches to satisfying those requirements. This is
difficult enough in a centralized data processing
environment; with the use of local and wide area
networks, the problems are compounded.

*Open Systems Interconnection (OSI). 29

 The OSI Security Architecture
The International Telecommunication Union (ITU)
Telecommunication Standardization Sector (ITU-T)
Recommendation X.800, Security Architecture for OSI,
defines such a systematic approach. The OSI security
architecture is useful to managers as a way of organizing
the task of providing security. Furthermore, because this
architecture was developed as an international standard,
computer and communications vendors have developed
security features for their products and services that relate
to this structured definition of services and mechanisms.
30
 The OSI Security Architecture
The OSI security architecture focuses on the
following:
1. Security attack
2. Security mechanism
3. Security service

31
 Security attack
A useful means of classifying security attacks is
in terms of:
1. Passive attacks
2. Active attacks
A passive attack attempts to learn or make use of
information from the system but does not affect system
resources. An active attack attempts to alter system
resources or affect their operation.

32
 Passive attacks
Passive attacks (see the following figure) are in
the nature of eavesdropping on, or monitoring
of, transmissions. The goal of the opponent is to
obtain information that is being transmitted.
Two types of passive attacks are the release of
message contents and traffic analysis.

33
Passive attacks

34
 Release of message contents
The release of message contents is easily
understood. A telephone conversation, an
electronic mail message, and a transferred file
may contain sensitive or confidential
information. We would like to prevent an
opponent from learning the contents of these
transmissions.

35
 Traffic Analysis
A second type of passive attack, traffic analysis, is subtler.
Suppose that we had a way of masking the contents of
messages or other information traffic so that opponents, even
if they captured the message, could not extract the
information from the message. The common technique for
masking contents is encryption. If we had encryption
protection in place, an opponent might still be able to observe
the pattern of these messages. The opponent could determine
the location and identity of communicating hosts and could
observe the frequency and length of messages being
exchanged. This information might be useful in guessing the
nature of the communication that was taking place. 36
 Passive attacks
Passive attacks are very difficult to detect, because they
do not involve any alteration of the data. Typically, the
message traffic is sent and received in an apparently
normal fashion, and neither the sender nor receiver is
aware that a third party has read the messages or
observed the traffic pattern. However, it is feasible to
prevent the success of these attacks, usually by means
of encryption. Thus, the emphasis in dealing with
passive attacks is on prevention rather than detection.
37
 Active Attacks
Active attacks involve some modification of the
data stream or the creation of a false stream
and can be subdivided into four categories:
masquerade, replay, modification of messages,
and denial of service.

38
Active Attacks

39
 Active Attacks
A masquerade takes place when one entity pretends to
be a different entity (path 2 of previous figure is active).
A masquerade attack usually includes one of the other
forms of active attack. For example, authentication
sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling
an authorized entity with few privileges to obtain extra
privileges by impersonating an entity that has those
privileges.
40
 Active Attacks
Replay involves the passive capture of a data unit and
its subsequent retransmission to produce an
unauthorized effect (paths 1, 2, and 3 active).
Modification of messages simply means that some
portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an
unauthorized effect (paths 1 and 2 active). For example,
a message meaning “Allow John Smith to read
confidential file accounts” is modified to mean “Allow
Fred Brown to read confidential file accounts.” 41
 Active Attacks
The denial of service prevents or inhibits the normal
use or management of communications facilities (path
3 active). This attack may have a specific target; for
example, an entity may suppress all messages directed
to a particular destination (e.g., the security audit
service). Another form of service denial is the
disruption of an entire network, either by disabling the
network or by overloading it with messages so as to
degrade performance.
42
 Active Attacks
Active attacks present the opposite characteristics of
passive attacks. Whereas passive attacks are difficult to
detect, measures are available to prevent their success.
On the other hand, it is quite difficult to prevent active
attacks absolutely because of the wide variety of
potential physical, software, and network
vulnerabilities. Instead, the goal is to detect active
attacks and to recover from any disruption or delays
caused by them. If the detection has a deterrent effect,
it may also contribute to prevention. 43
 Security Services
X.800 defines a security service as a service that is
provided by a protocol layer of communicating open
systems and that ensures adequate security of the
systems or of data transfers. Perhaps a clearer
definition is found in RFC 4949, which provides the
following definition: a processing or communication
service that is provided by a system to give a specific
kind of protection to system resources; security
services implement security policies and are
implemented by security mechanisms.
44
X.800 divides these services into five
categories and fourteen specific services:

45
You can refer to the book (Reference 2) to read
the details of these categories at p.p. (29-32).

46
 Security Mechanisms
The following table lists the security mechanisms. The
mechanisms are divided into those that are
implemented in a specific protocol layer, such as TCP or
an application-layer protocol, and those that are not
specific to any particular protocol layer or security
service.

47
Security Mechanisms

48
Security Mechanisms

49
Relationship Between Security
Services and Mechanisms

50