

















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An introduction to information security, focusing on security tools and services such as confidentiality, authenticity, access control, integrity, non-repudiation, availability, firewalls, intrusion detection systems, network address translation, proxy servers, demilitarized zones, virtual private networks, honeypots, and secure socket layer. It covers the principles and functions of each security service and tool, as well as existing security systems.
Typology: Lab Reports
1 / 25
This page cannot be seen from the preview
Don't miss anything!


















(^) Introduction (^) Security Services (^) Overview of Existing Security Tools
To keep a message secret to those that are not authorized to read it Confidentiality Authenticatio n Access Control Integrity Availability Non-repudiation
Confidentiality Authentication Access Control Integrity Availability Non-repudiation To be able to tell who can do what with which resource
Confidentiality Authentication Access Control Integrity Availability Non-repudiation To make sure that a message has not been changed while on Transfer, storage, etc
Confidentiality Authentication Access Control Integrity Availability Non-repudiation To make sure that the services are always available to users.
(^) Introduction (^) Security Services Overview of Existing Security Systems
Overview of Existing Security Systems : Detection - Intrusion Detection Systems Intrusion Detection System (IDS) Examines the activity on a network Goal is to detect intrusions and take action Two types of IDS: Host-based IDS Installed on a server or other computers (sometimes all) Monitors traffic to and from that particular computer Network-based IDS Located behind the firewall and monitors all network traffic
Network Address Translation (NAT) Systems Hides the IP address of network devices Located just behind the firewall. NAT device uses an alias IP address in place of the sending machine’s real one “You cannot attack what you can’t see”
Adding a Special Network called Demilitarized Zone (DMZ) Demilitarized Zones (DMZ) Another network that sits outside the secure network perimeter. Outside users can access the DMZ, but not the secure network Some DMZs use two firewalls. This prevents outside users from even accessing the internal firewall Provides an additional layer
Overview of Existing Security Systems : Virtual Private Networks (VPN) (^) Virtual Private Networks (VPNs) A secure network connection over a public network
Overview of Existing Security Systems : Honeypots Honeypots Computer located in a DMZ and loaded with files and software that appear to be authentic, but are actually imitations Intentionally configured with security holes Goals: Direct attacker’s attention away from real targets; Examine the techniques used by hackers
Overview of Existing Security Systems : Secure Socket Layer (SSL) SSL is used for securing communication between clients and servers. It provides mainly confidentiality, integrity and authentication WWW Server Client Establish SSL connection - communication protected