In this chapter, the following content will be discussed: Security through obscurity, aspects of security, OSI security architecture, active and passive attacks, protection and access rights. After studying this chapter you will be able to describe the difference between security and protection, to understand access privileges and create access right metrix, to understand how different security tools be used. | Network Security Lecture 4 Presented by: Dr. Munam Ali Shah Summary of the previous lecture Prevention, Detection and Reaction How much security Security trade-offs (productivity, functionality) Penetration testing tool No free lunch Outlines Security through obscurity Aspects of Security OSI Security architecture Active and Passive attacks Protection and access rights Objectives To describe the difference between security and protection. To understand access privileges and create access right metrix. To understand how different security tools be used. There is never a free lunch Means don’t go for free software, free wallpapers etc. No one is going to give you anything free Security through obscurity ? Security through obscurity – hiding design or implementation details to gain security: keeping secret not the key, but the encryption algorithm, hiding a DB server under a name different from “db”, etc. The idea doesn’t work it’s difficult to keep secrets (. source code gets . | Network Security Lecture 4 Presented by: Dr. Munam Ali Shah Summary of the previous lecture Prevention, Detection and Reaction How much security Security trade-offs (productivity, functionality) Penetration testing tool No free lunch Outlines Security through obscurity Aspects of Security OSI Security architecture Active and Passive attacks Protection and access rights Objectives To describe the difference between security and protection. To understand access privileges and create access right metrix. To understand how different security tools be used. There is never a free lunch Means don’t go for free software, free wallpapers etc. No one is going to give you anything free Security through obscurity ? Security through obscurity – hiding design or implementation details to gain security: keeping secret not the key, but the encryption algorithm, hiding a DB server under a name different from “db”, etc. The idea doesn’t work it’s difficult to keep secrets (. source code gets stolen) if security of a system depends on one secret, then, once it’s no longer a secret, the whole system is compromised secret algorithms, protocols etc. will not get reviewed flaws won’t be spotted and fixed less security Systems should be secure by design, not by obfuscation Security AND obscurity 6 Aspects of Security Security attack Any action that compromises the security of information owned by an organization. Security mechanism A process that is designed to detect, prevent or recover from a security attack. Security service Services that enhances the security of the data processing systems and the information transfers of an organization. These services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service. The OSI security architecture focuses on security attacks,mechanisms,and services. 7 OSI Security Architecture International Telecommunication Union (ITU-T) recommends , the security architecture for