Internet Security – Comprehensive Study Notes

Chapter 1 – Introduction to Internet Security

• Opening slide indicates course begins at time-stamp $00{:}00$ and slide number $8$
• Overall goal: build foundational understanding of measures that protect data during network transmission

Table of Contents (as presented)

• Computer Security Concepts – Section $01$
• OSI Security Architecture – Section $02$
• Security Attacks – Section $03$
• Security Services – Section $04$
• Security Mechanisms – Section $05$

Computer Security Concepts

• Umbrella term covering protection of computer-based assets against compromise
• Three nested scopes (definitions slide):
  • Computer Security – generic collection of tools to protect data and thwart hackers
  • Network Security – measures to protect data while in transit across a single network
  • Internet Security – measures to protect data while in transit across interconnected networks (the Internet)

Aim of the Course

• Focus specifically on Internet Security
• Objectives: deter, prevent, detect, and correct violations that involve transmission of information

Key Security Concepts (CIA Triad + AA)

• Confidentiality – prevent disclosure to unauthorised entities
• Integrity – prevent unauthorised alteration or destruction
• Availability – ensure authorised users have access on demand
• Additional concepts introduced later:
  • Authenticity – verify users & data really originate from claimed source
  • Accountability – actions of every entity can be uniquely traced

Formal Security Requirement Definitions (examples)

• Confidentiality: “information is not made available or disclosed to unauthorised individuals, entities, or processes.”
• Integrity: “data has not been altered or destroyed in an unauthorised manner.”
• Availability: “system or resource accessible and usable upon demand by an authorised entity.”

Breach of Security – Impact Levels (High/Moderate/Low)

• High: severe or catastrophic adverse effect on operations/assets/individuals
• Moderate: serious adverse effect
• Low: limited adverse effect

Computer Security Challenges

• Security is not simple – involves hardware, software, networks, humans
• Need to anticipate a spectrum of possible attacks on security features
• Procedures can feel counter-intuitive; balancing usability vs. security
• Difficulty deciding where to apply each mechanism
• Requires constant monitoring for timely detection/response
• Effective solutions rarely rely on a single algorithm/protocol; involve technical + procedural + human components
• “Battle of wits” between attacker and designer – constant evolution
• Benefits often invisible until failure occurs; investment perceived as cost
• Strong security may impede efficiency or user friendliness

OSI Security Architecture

• Based on ISO/ITU-T standards – provides common vocabulary for:
  • Security Attacks – actions compromising information security
  • Security Mechanisms – technical/procedural means to prevent, detect, recover
  • Security Services – processing/communication services that provide protection

ITU-T X.800

• UN specialised agency for telecommunications standards
• X.800 defines systematic categorisation of security requirements & mechanisms inside the 7-layer OSI model
• Full text available at: https://www.itu.int/rec/T-REC-X.800-199103-I

RFC 4949 – “Internet Security Glossary v2”

• IETF document providing standardised definitions for security terms
• Purpose: ensure clear and consistent communication among practitioners
• Definitions used in slides:
  • Threat: potential for security violation given certain circumstances/capabilities/events
  • Attack: deliberate attempt (intelligent act) to evade services and violate policy
  • Reference link: https://datatracker.ietf.org/doc/html/rfc4949

Classification of Security Attacks (per X.800 & RFC 4949)

• Two broad categories:
  1. Passive Attacks – eavesdropping/monitoring; no alteration of resources
     • Objective: covertly obtain information (e.g., traffic analysis, data interception)
  2. Active Attacks – attempt to alter resources or disrupt operations
     • Hard to prevent due to many hardware/software/network vulnerabilities
     • Include modification, spoofing, DoS, malicious code injection

Sub-Categories of Active Attack

• Masquerade – entity pretends to be another
• Replay – capture & retransmit data to produce unauthorised effects
• Modification of Messages – alter, delay, or reorder legitimate data
• Denial of Service (DoS) – inhibit normal use or management of facilities by exhausting resources or flooding

Security Services (per X.800)

• Definition (X.800): “service provided by protocol layer of communicating open systems that ensures adequate security.”
• Definition (RFC 4949): “processing/communication service that gives specific protection to resources.”
• Five major categories:
  1. Authentication
  2. Access Control
  3. Data Confidentiality
  4. Data Integrity
  5. Non-repudiation
• Some texts treat Availability as sixth service; slide does so under “Availability Service.”

Authentication

• Goal: assurance that communicating entity is who it claims
• Two specific services:
  • Peer-Entity Authentication – for logical connections (ongoing)
  • Data-Origin Authentication – for individual connectionless transfers

Access Control

• Limit/control access to hosts & applications via links
• Requires prior identification/authentication of entity so rights can be tailored

Data Confidentiality

• Protects data against passive attacks
• Variants: Connection Confidentiality, Connectionless Confidentiality, Selective-Field Confidentiality, Traffic-Flow Confidentiality

Data Integrity

• Assurance data received are exactly as sent
• Variants: Connection Integrity (with or without recovery), Selective-Field Connection Integrity, Connectionless Integrity, Selective-Field Connectionless Integrity

Non-repudiation

• Prevents sender or receiver denying transmitted message
• Sub-types:
  • Non-repudiation, Origin – proof message was sent by specified party
  • Non-repudiation, Destination – proof message was received by specified party
• Example: digital signatures used to counter “denial of message sending.”

Availability Service

• Ensures system/resource accessible per performance specs
• Addresses DoS concerns; depends on proper management & control of resources

Security Mechanisms (per X.800)

• Specific Mechanisms (tied to protocol layers / individual services)
  • Encipherment – mathematical algorithms + keys transform data
  • Digital Signature – cryptographic checksum to prove source & integrity
  • Access Control – enforce rights to resources
  • Data Integrity Mechanisms – detect/handle modification
  • Authentication Exchange – interactive proof of identity
  • Traffic Padding – insert dummy bits to frustrate analysis
  • Routing Control – choose secure paths; reroute if breach suspected
  • Notarization – trusted third-party asserts properties of exchange
• Pervasive Mechanisms (not specific to layer/service)
  • Trusted Functionality – components proven correct wrt security policy
  • Security Label – metadata binding identifying security attributes
  • Event Detection – monitor & flag security-relevant events
  • Security Audit Trail – collected data enabling independent audit
  • Security Recovery – coordinate recovery actions when events detected

Mapping between Services & Mechanisms

• Table (slide 35) shows which mechanisms (columns) support which services (rows). Highlights include:
  • Encipherment supports all confidentiality variants & helps integrity
  • Digital Signatures vital for data origin authentication, integrity, non-repudiation
  • Access Control mechanism underpins Access Control service
  • Traffic Padding supports Traffic-Flow Confidentiality
  • Notarization assists Non-repudiation

Models Illustrating Security Concepts

Model for Network Security (Figure $1.2$)

• Sender applies security-related transformation using secret information to create secure message
• Receiver uses corresponding transformation + secret info to recover original
• Trusted Third Party may distribute secret info or arbitrate disputes
• Opponent attempts to read/modify message over public information channel

Network Access Security Model (Figure $1.3$)

• Focus on preventing unwanted access into an information system
• Components:
  • Opponent = human attacker or malicious software (virus/worm)
  • Access Channel = path attacker exploits
  • Software Gatekeeper = explicit controls guarding entry
  • Internal Security Controls = additional layers protecting computing resources

Unwanted Access – Threat Types arising from Malicious Logic

• Information Access Threats – intercept/modify data for unauthorised users
• Service Threats – exploit flaws to inhibit legitimate usage (ties back to DoS)

Relevant Standards Bodies

• NIST (U.S. National Institute of Standards and Technology)
  • Publishes cybersecurity frameworks, guidance, measurement standards
  • Website: https://csrc.nist.gov/
• ISO (International Organization for Standardization)
  • Coordinates international standards across multiple domains incl. InfoSec
  • Website: https://www.iso.org/

Closing Slide

• “THANK YOU for your Attendance and Attention” – slide code contained numeric patterns such as $0000{-}0000$, $00000$, $3000$, $100000000$ (no technical relevance but included for completeness)