Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
7 views23 pages

Is Lecture 02 OSI Architecture

Info security lec 2

Uploaded by

jiaali56789
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
7 views23 pages

Is Lecture 02 OSI Architecture

Info security lec 2

Uploaded by

jiaali56789
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 23

INFORMATION SECURITY

Course Instructor:
Mr Aizaz Raziq
Definitions

• Computer Security - generic name for the collection


of tools designed to protect data and to thwart
hackers
• Network Security - measures to protect data during
their transmission
• Internet Security - measures to protect data during
their transmission over a collection of interconnected
networks
Aim of Course
• Our focus is on Internet Security
• Which consists of measures to, prevent,
detect, and correct security violations that
involve the transmission & storage of
information
Security Trends
OSI Security Architecture
• In an organization, the manager responsible
for security has to effectively assess the
security needs of an organization.
• He has to evaluate and choose various
security products and policies.
OSI Security Architecture
• ITU-T X.800 “Security Architecture for OSI”
• defines a systematic way of defining and
providing security requirements
• For us it provides a useful, if abstract, overview
of concepts we will study
• The International Telecommunication Union is the
United Nations specialized agency for information
and communication technologies.(ITU-T) is a United
Nations sponsored agency that develops standards,
called Recommendations, relating to
telecommunications and to open systems
interconnection (OSI).

• Recommendation X.800, Security Architecture for


OSI.
• The open systems interconnection (OSI) security
architecture was developed in the context of the OSI
protocol architecture.
• The OSI security architecture is useful to
managers as a way of organizing the task of
providing security.
• It focuses on security attacks,
mechanisms, and services.
• These are defined next:
Aspects of Security
• consider 3 aspects of information security:
– security attack
– security mechanism
– security service
Security Attack
• any action that compromises the security of
information owned by an organization
• information security is about how to prevent attacks,
or failing that, to detect attacks on information-based
systems
• often threat & attack used to mean same thing
• have a wide range of attacks
• can focus of generic types of attacks
– passive
– active
Passive Attacks
Active Attacks
Security Service
– enhance security of data processing
systems and information transfers of
an organization
– intended to counter security attacks
– using one or more security
mechanisms
– often replicates functions normally
associated with physical documents
• which, for example, have signatures,
dates; need protection from disclosure,
tampering, or destruction; be notarized
or witnessed; be recorded or licensed
Security Services (X.800)
• Authentication - assurance that the communicating
entity is the one claimed
• Access Control - prevention of the unauthorized use
of a resource
• Data Confidentiality –protection of data from
unauthorized disclosure
• Data Integrity - assurance that data received is as
sent by an authorized entity
• Non-Repudiation - protection against denial by one
of the parties in a communication
Security Mechanism
• feature designed to detect, prevent, or
recover from a security attack
• no single mechanism that will support all
services required
• however one particular element underlies
many of the security mechanisms in use:
– cryptographic techniques
• hence our focus on this topic
Security Mechanisms (X.800)
• specific security mechanisms:
– encipherment, digital signatures, access controls,
data integrity, authentication exchange, traffic
padding, routing control, notarization
• pervasive security mechanisms:
– trusted functionality, security labels, event
detection, security audit trails, security recovery
Model for Network Security
Model for Network Security
• Using this model requires us to:
1. design a suitable algorithm for
the security transformation
2. generate the secret information
(keys) used by the algorithm
3. develop methods to distribute
and share the secret information
4. specify a protocol enabling the
principals to use the
transformation and secret
information for a security service
Model for Network Access Security
Model for Network Access Security
• using this model requires us to:
1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only
authorised users access designated information
or resources
• trusted computer systems may be useful to
help implement this model
Summary
• have considered:
– definitions for:
• computer, network, internet security
• X.800 standard
• security attacks, services, mechanisms
• models for network (access) security
Q/A

You might also like