SLIDE 1
4/30/15
- Dr. Enis Karaarslan
1
Network Security Philosphy & Introduction
- Dr. Enis Karaarslan
4/30/15
- Ar. Gör. Enis Karaaslan
2
Network Security Philosphy & Introduction Dr. Enis Karaarslan - - PowerPoint PPT Presentation
Network Security Philosphy & Introduction Dr. Enis Karaarslan - - PowerPoint PPT Presentation
Network Security Philosphy & Introduction Dr. Enis Karaarslan Mula University Computer Engineering Department 4/30/15 Dr. Enis Karaarslan 1 4/30/15 Ar. Gr. Enis Karaaslan 2 SECURITY PHILOSPHY 4/30/15 Ar. Gr. Enis Karaaslan
SLIDE 2
SLIDE 3
SECURITY PHILOSPHY
4/30/15
- Ar. Gör. Enis Karaaslan
3
SLIDE 4
Computer & Network Security has
similarities with the security in normal life.
4/30/15
- Ar. Gör. Enis Karaaslan
4
SLIDE 5
There is no such thing as %100 Security
4/30/15
- Ar. Gör. Enis Karaaslan
5
SLIDE 6
Security at the gates only, is not enough
4/30/15
- Ar. Gör. Enis Karaaslan
6
SLIDE 7
4/30/15
- Ar. Gör. Enis Karaaslan
7
A chain is only as strong as its weakest link
SLIDE 8
As there is no %100 security … So give up? A possible solution: Use more than one chain
4/30/15
- Ar. Gör. Enis Karaaslan
8
SLIDE 9
MULTI LAYER SECURITY
4/30/15
- Ar. Gör. Enis Karaaslan
9
SLIDE 10
4/30/15
- Ar. Gör. Enis Karaaslan
10
SLIDE 11
Security x Usability
4/30/15
- Ar. Gör. Enis Karaaslan
11
SLIDE 12
Keep in mind that When Security measures increase, Usability decrease
4/30/15
- Ar. Gör. Enis Karaaslan
12
SLIDE 13
Value of Assets and Expenditures
- What is the VALUE of your asset
(data, prestige …)?
- Keep in mind that
- Security expenditures should not be
greater than the value of the assets
4/30/15
- Ar. Gör. Enis Karaaslan
13
SLIDE 14
Risk ...
Smoking in the oil station … %99 percent nothing happens … %1 ...
4/30/15
- Ar. Gör. Enis Karaaslan
14
SLIDE 15
SLIDE 16
Risk ...
SLIDE 17
It's discipline anyway … :)
SLIDE 18
Mitigate (azaltmak) Risk
SLIDE 19
Risk Analysis
- Risk analysis is essential
- If the risk is too low, that/some
precaution(s) can be cancelled …
4/30/15
- Ar. Gör. Enis Karaaslan
19
SLIDE 20
False Sense of Security
A “false sense of security” is worse
than “a true sense of insecurity”.
Solution:
Never think your system is secure.
4/30/15
- Ar. Gör. Enis Karaaslan
20
SLIDE 21
No Template Which Suits All
There is no templates which suits all. There is a different solution for
different organizations
- Different needs
- Different assets
4/30/15
- Ar. Gör. Enis Karaaslan
21
SLIDE 22
4/30/15
- Ar. Gör. Enis Karaaslan
22
To win a war,
- ne must know the
way Sun Tzu The Art of War
SLIDE 23
Security is a process, not a product. Bruce Schneier
4/30/15
- Ar. Gör. Enis Karaaslan
23
SLIDE 24
MONITOR
The system should be monitored for
intrusions
And immediate action should be
taken at attacks
4/30/15
- Ar. Gör. Enis Karaaslan
24
SLIDE 25
Warn The Attacker
4/30/15
- Ar. Gör. Enis Karaaslan
25
SLIDE 26
Network Awareness
Know your enemy (?) Know yourself,
- know your assets
- know what to protect
Know your systems more than the
attacker
4/30/15
- Ar. Gör. Enis Karaaslan
26
SLIDE 27
Eğer bu kadar kötü yazılım güvenliğine sahip
- lmasaydık,
Bu kadar çok ağ güvenliğine ihtiyacımız
- lmayacaktı
Bruce Schneier
SLIDE 28
(Web) Application Security
- Security by Design
- Secure coding
- And others ...
SLIDE 29
FUNDAMENTALS
4/30/15
- Ar. Gör. Enis Karaaslan
29
SLIDE 30
INFORMATION SYSTEM
Information System and Security
ATTACKER
VULNERABILITY
ATTACK USERS SECURITY MEASURES
SLIDE 31
Vulnerable Systems
The systems are vulnerable
- Mainly because of bad coding
- Must be patched (but can not be done
rapidly as they should)
- False sense of security
4/30/15
- Ar. Gör. Enis Karaaslan
31
SLIDE 32
A vulnerability timeline …
SLIDE 33
The Attacker/Intruder
The attacker can be called as:
Lamer, intruder, attacker … (wrongly used as hacker also)
Also secret organizations? Also companies
(serious antivirus/defence economy)
4/30/15
- Ar. Gör. Enis Karaaslan
33
SLIDE 34
4/30/15
- Ar. Gör. Enis Karaaslan
34
Hacker /Lamer /Attacker …
Hacker is used as attacker/lamer, in the meaning: The intruder, who gets in your system and intends to use for his/her own aims.
SLIDE 35
4/30/15
- Ar. Gör. Enis Karaaslan
35
The Attacker
The attackers strength is Dedication
- Will not stop until he/she gets in
- Can use the computer for days long sleepless
- Knows the vulnerabilities of systems
SLIDE 36
4/30/15
- Ar. Gör. Enis Karaaslan
36
SLIDE 37
4/30/15
- Ar. Gör. Enis Karaaslan
37
Network Security Assets
Network Security Overall
- Network Awareness
- Firewall, Intrusion Detection Systems … etc
- More …
Host (Computer/Server/NW Device) Security
- Physical Security
- OS and Application Security
- User Management
Encryption
SLIDE 38
4/30/15
- Ar. Gör. Enis Karaaslan
38
Firewall
SLIDE 39
4/30/15
- Ar. Gör. Enis Karaaslan
39
Firewall Basics
Rule based access control between
networks.
Software/hardware based Architecture
- Static Packet Filtering
- Dynamic Packet Filtering (Statefull
inspection)
- Application Level Protection
Logging and alert capabilities
SLIDE 40
4/30/15
- Ar. Gör. Enis Karaaslan
40
Encryption
Encryption is the conversion of data
into a form, called a ciphertext, that cannot be easily understood by unauthorized people. (Encryption x Decryption)
SLIDE 41
4/30/15
- Ar. Gör. Enis Karaaslan
41
Encryption
Two different methods (according to key use)
- Conventional– Two keys are the same
- Asymetric – (Public Key Encryption) –
Key pair (public, private)
SLIDE 42
4/30/15
- Ar. Gör. Enis Karaaslan
42
Encryption
To decyrpt an encrypted data
- How much time?
- How much Processing (Computing power)?
The science which deals with encryption is
Cryptology
SLIDE 43
4/30/15
- Ar. Gör. Enis Karaaslan
43
END OF THE SESSION
- Dr. Enis Karaaslan