NetworkSecurityEssentials4 Notes Not From Lectures

This page includes Dr. A's own notes (Lecture notes) on Network Security Essentials 4th Edition.

Contents

  1. NetworkSecurityEssentials4 Notes Not From Lectures
    1. Chapter 1
    2. Chapter 13
    3. Chapter 2: Symmetric Cryptosystems
    4. Chapter 3: Public Key Cryptosystems
    5. Chapter 10: Malicious Software
    6. Chapter 12

Chapter 1

  1. No clear boundary exists between computer security and network/Internet security. This book comes to the problem from the network security side.
  2. CIA triad from "computer security"

    1. Confidentiality

    2. Integrity

    3. Availability

    4. Many experts add:
      1. Authenticity
      2. Accountability (non-repudiation, deterrence, fault isolation, intrusion detection and prevention, after-action recovery and legal action)
  3. Computer security is complex
    1. Requirements stated in one word, but mechanisms to fulfill requirements often complex
    2. Security mechanisms prone to attack
    3. Threat analysis to a security service may reveal additional complexity
    4. Placement of the mechanisms not trivial... see the rest on page 8.
  4. OSI securiity model

    1. Users and software use Security Services which in turn use...

    2. Security Mechanisms to block

    3. Security Attacks. An example can be seen in Figure 1.

    4. Figure 1. OSI Model.png

    5. You should know these categories well!

Chapter 13

  1. What is cybercrime? The department of justice categorizes cybercrimes into three categories:
    1. Computers as targets: This form of crime targets a computer system, to acquire information stored on that computer system, to control the target system without authorization or payment (theft of service), or to alter the integrity of data or interfere with the availability of the computer or server. Using the terminology of Chapter 1, this form of crime involves an attack on data integrity, system integrity, data confidentiality, privacy, or availability.
    2. Computers as storage devices: Computers can be used to further unlawful activity by using a computer or a computer device as a passive storage medium. For example, the computer can be used to store stolen password lists, credit card or calling card numbers, proprietary corporate information, pornographic image files, or “warez” (pirated commercial software).
    3. Computers as communications tools: Many of the crimes falling within this category are simply traditional crimes that are committed online. Examples include the illegal sale of prescription drugs, controlled substances, alcohol, and guns; fraud; gambling; and child pornography.
  2. Intellectual Property (Patents and Copyright issues)
    1. What is a patent, what does it cover, how long is it in place for?
    2. What is a copyright, what does it cover, how long is it in place for?
    3. In your opinion, which of these is the most abused by the owners? Which is the most abused by the users?
  3. Privacy (We discussed this on the first day of class)
    1. What privacy protections are in place in the USA? How do these differ from other countries? (Especially European)
    2. Be able to name some of the relevant laws regarding privacy in the USA. Be able to describe at least one of them in detail.

    3. Material I prepared on Privacy (2010) Privacy, Legal and Ethical Issues.pptx

  4. Ethics

    1. Professional Ethics ethics.bmp

    2. ACM Code of Ethics

Chapter 2: Symmetric Cryptosystems

See: DES

Chapter 3: Public Key Cryptosystems

See: RSA

Chapter 10: Malicious Software

See: NetworkSecurity/MaliciousSoftware

Chapter 12

SNMP, check:

NetworkSecurity/NetworkSecurityEssentials4 (last edited 2011-04-04 15:47:11 by vmhost3b)