Overview

• What is network security?

• Kind of security services one might desire

• What kind of attacks should we try to protect a network against?

• What are the available protection strategies available?

• What support can we expect from LINUX?

What is network security?

• A network is secure if you can depend on it and its nodes behave as you expect.

• If you do not know what you are protecting, why you are protecting it, and what you are protecting it from, your task will be rather difficult!

Kind of security one might desire

• Authentication

• Confidentiality (Privacy)

• Integrity

• Availability

• Non-Repudation

• Auditing

Authentication

• Authentication is the process of reliably verifying the identity of someone (or something) by means of:

– A secret (password [one-time], ...)

– An object (smart card, ...)

– Physical characteristics (fingerprint, retina, ...)

– Trust

• Do not mistake authentication for authorization!

Integrity Vs Confidentiality

• Integrity

– Protecting information from being deleted or altered in any way without the permission of the owner of that information.

• Confidentiality

– Protecting information from being read or copied by anyone who has not been explicitly authorized by the owner of that information.

Availability

If the system is unavailable when an authorized user needs it, the result can be as bad as having the information that resides on the system deleted!

Non repudation

The ability of the receiver of something to prove to a third party that the sender really did send the message.

Auditing

The ability to record events that might have some security relevance. In such cases, you need to determine what was affected. In some cases, the audit trail may be extensive enough to allow “undo”

operations to help restore the system to a correct state.