NETWORK SECURITY REQUIREMENTS                         

AND

ATTACKS

What is Network?

We call two entities are in network if there exists a communication path between these two entities. When these entities are computer then the network is called computer network. The fundamental purpose of the communications system is the exchange of data between the two involved parties.

 Need for Security and Authentication:

Our Network is exposed to various kinds of ATTACK. In order to combat against them we need to incorporate SECURITY as well as AUTHENTICATION. Though with new means of combat mechanisms there are developments of new techniques to crash them, still there are always endeavors to create an attack free world.

In order to be able to understand the types of threats that exist to the security, we need to have a definition of security requirements. Computer and network security address three requirements: -

q       Secrecy: Requires that the information in a computer system only be accessible for reading by authorized parties. This type of access includes printing, displaying, and other forms of disclosure.

q       Integrity: Requires that only authorized parties can modify the computer system assets. Modification includes writing, changing, changing status, deleting and creating.

q       Availability: Requires that the computer system assets are available to authorized parties only.

The types of attacks on the security of a system or network are best characterized by viewing the function of the system as providing information. In general, there is flow of information from source, such as file or region of main memory, to a destination, such as another file or user.  The remaining parts show the following four categories of attacks: -

q       Interruption: An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on Availability. Examples include destruction of apiece of hardware or cutting off of communication line.

q       Interception: An unauthorized party gains access to an asset. This is an attack on Confidentiality. Examples include wiretapping to capture data in a network, and illicit copying of files and programs.

q       Modification: An unauthorized party not only gains access to but tampers with an asset. This is an attack on Integrity. Examples include changing values in a data files, and modifying messages in a network.

q       Fabrication: An unauthorized party includes counterfeit objects into the system. This is an attack on Confidentiality. Examples are insertion of spurious messages in a network or addition of records to a file.