LectureIInternetSecurityLandscape.pptVIP

2005/09/20 Internet Security - Introduction 2005/09/20 Internet Security: Principle Practice John K Zao Lecture I : Internet Security Landscape Internet Security: Principles Practices John K. Zao, PhD SMIEEE National Chiao-Tung University Fall 2005 The Problem Internet (Packet Switching) is inherently insecure Highly Asymmetric Defense Offenders can use little amount of resources Defenders must consume large amount of resources Situation is getting worse, and will not get better More “Bad Guys”: Armature Hackers “Ankle Bitters” Professional Criminals Corporate Espionage International Cyber-warfare More Powerful Attacks : Public Domain Attack Tools Automated Attacks Concealed Tracks Consequences is becoming more devastating Attack Sophistication vs. Intruder Knowledge The Causes Our world relies increasingly on a Global Information Infrastructure Why? Add Values Reduce Costs Increase Productivity Our industry makes more aggressive tradeoffs and thus more devastating mistakes Easy to Use vs. Safe to Operate ? Mismanagement Time to Market vs. Perfect in Making ? Flaws Performance vs. Costs ? Under-investment Our community becomes both more diverse and more integrated Many users One Network The Solution Space Type of Protection Aspects of Enforcement Procedures of Realization Types of Protection (ISO 7498-2) Security Services Authentication Data Origin Authentication Peer Entity Authentication Confidentiality Connectionless Confidentiality Connection Confidentiality Selective Field Confidentiality Traffic Flow Confidentiality Integrity Connectionless Integrity Connection Integrity Selective Field Integrity Non-Repudiation Data Origin Data Reception Access Control Security Mechanisms Encipherment Secret Key Ciphers Public Key Ciphers Integrity Checks Non-keyed Checks Keyed Checks Digital Signature Access Control Mechanisms Access Control Lists Capabilities Traffic Padding Notarization Audit Aspects of Enforcement Procedures of Realization * * * *