Abstract image of a woman sitting on books and studying on a laptop

2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh

Download as PPTX, PDF
M
maniv2769

The OSI security architecture, defined by the X.800 standard, provides a framework for securing open systems, focusing on security services and mechanisms for data protection. It classifies attacks into passive and active types, detailing various security services like authentication, integrity, and non-repudiation while also outlining mechanisms for securing data transmission. Key components include encipherment, digital signatures, access control, and the labeling of data to enforce security classifications.

Education
1 of 58
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
OSI SECURITY ARCHITECTURE
OSI SECURITY ARCHITECTURE • X.800 is a standard developed by the International Telecommunication Union (ITU) defined Security Architecture for OSI. • OSI Security Architecture – provides a framework for security services in open systems. – defines security to systems and also for the data being transferred between them. – Open systems refer to computer systems that interact with other systems over a network, often using standardized communication protocols.
OSI SECURITY ARCHITECTURE • The OSI security architecture is useful to managers as a way of organizing the task of providing security. • Furthermore, because this architecture was developed as an international standard, computer and communications vendors have developed security features for their products and services that relate to this structured definition of services and mechanisms.
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
THE OSI SECURITY ARCHITECTURE • Security attack: Any action that compromises the security of information owned by an organization. • Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks and are implemented by security mechanisms. • Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.
SECURITY ATTACK • Unauthorized attempt to access, manipulate, damage, disrupt, or disable computer systems, networks, or data. • Attacks are carried out by individuals or groups, often referred to as attackers.
SECURITY ATTACK-INSECURED COMMUNICATION . INSECURE CHANNEL ALICE BOB MIDDLE MAN
SECURITY ATTACKS • Broadly classified into two types – passive attacks – active attacks
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
Passive Attacks • Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. • The goal of the opponent is to obtain information that is being transmitted. • Two types of passive attacks are the – release of message contents – traffic analysis.
Release of message contents- obtain information that is being transmitted.
Traffic analysis- monitoring the transmissions. • The opponent could determine the – location of communicating hosts – identity the communicating hosts – observe the frequency of messages being exchanged. – length of messages being exchanged.
Traffic analysis
Active Attacks Active attacks involve –some modification of the data stream –or the creation of a false stream –can be subdivided into four categories: • masquerade • replay • modification of messages • denial of service.
Masquerade • Masquerade takes place when one entity pretends to be a different entity.
Masquerade
Replay • Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
Replay
Modification of messages • Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect
Modification of messages
Denial of service • Denial of service prevents or inhibits the normal use or management of communications facilities. • This attack may have a specific target. • for example, an entity may suppress all messages directed to a particular destination.
Denial of service
SECURITY SERVICES • X.800 defines a security service as a service that is provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers. • Security services implement security policies and are implemented by security mechanisms.
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
AUTHENCATION
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
Integrity- No Modification
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
Non Repudiation
SECURITY MECHANISMS • The mechanisms are divided into two types: – those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol – those that are not specific to any particular protocol layer or security service. Two Types • SPECIFIC SECURITY MECHANISMS (implemented in a specific protocol layer) • PERVASIVE SECURITY MECHANISMS (not specific to any particular protocol layer)
SPECIFIC SECURITY MECHANISMS • May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services. The mechanisms are:
Encipherment • The use of mathematical algorithms to transform data into a form that is not readily intelligible. • The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.
Encipherment or Encryption
Digital Signature • Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.
2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh
Access Control • A variety of mechanisms that enforce access rights to resources.
Data Integrity • A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
Traffic Padding • The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Routing Control • Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected.
Notarization • The use of a trusted third party to assure certain properties of a data exchange.
Authentication Exchange • A mechanism intended to ensure the identity of an entity by means of information exchange.
PERVASIVE SECURITY MECHANISMS • Mechanisms that are not specific to any particular OSI security service or protocol layer. The mechanisms are:
Trusted Functionality • Trusted Functionality refers to specific functions within a system that perform their intended actions securely. • Trusted Functionalities operate under strict security protocols, ensuring they cannot be easily tampered with by malicious entities. • Trusted functionalities include: – Key Management – Authentication and Authorization – Data Integrity and Confidentiality
Security Label • A security label is a tag of metadata attached to an object, such as a file, database record, or communication message, indicating the level of security associated with that object. • Security labels are used to enforce access control policies, ensuring that only authorized users or systems can access or modify the labeled object according to its security classification.
Security Labels
• Unclassified: Information that does not require any protection against unauthorized disclosure. Available to the public and can be freely shared without restriction. • Confidential: Information that could cause damage to an organization or individual if disclosed without authorization. Restricted to individuals who have been granted specific clearance to access this level of information. Security Labels
• Secret: Information that could cause serious damage to an organization or individual if disclosed without authorization. Restricted to individuals with higher clearance levels, typically involving more stringent vetting procedures. • Top Secret: Information that could cause exceptionally grave damage to an organization or individual if disclosed without authorization. The highest level of classification, with very limited access granted only to individuals who have undergone rigorous background checks. Security Labels
Event Detection • Detection of security-relevant events.
Security Audit Trial • Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities.
Security Audit Trial
SECURITY RECOVERY • Deals with requests from mechanisms, such as – event handling- security breach should be handled . – management functions- security breach should be managed. – Take recovery actions- Recovery actions taken to rfecover from security breach.

More Related Content

PPTX
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
maniv2769
 
PPTX
CNS new ppt unit 1.pptx
RizwanBasha12
 
PDF
Lec 01.pdf
MohammedElkayesh
 
PDF
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
PPT
Module-1.ppt cryptography and network security
AparnaSunil24
 
PPTX
Ch1 Cryptography network security slides.pptx
salutiontechnology
 
PPTX
Unit 1-NETWORK Security.pptx............
r47381047
 
PDF
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
karthikasivakumar3
 
2-OSI SECURITY ARCHITECTURE F1.pptxfdddss
maniv2769
 
CNS new ppt unit 1.pptx
RizwanBasha12
 
Lec 01.pdf
MohammedElkayesh
 
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Module-1.ppt cryptography and network security
AparnaSunil24
 
Ch1 Cryptography network security slides.pptx
salutiontechnology
 
Unit 1-NETWORK Security.pptx............
r47381047
 
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
karthikasivakumar3
 

Similar to 2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh (20)

PPTX
abc.pptx
BhargaviGorde1
 
PPT
ch01.ppt
ssuser4198c4
 
PPTX
information security unit 1 notes ppt contents
Krishna681298
 
PPT
Ch01
ssusere796b3
 
PDF
Network security chapter 1
osama elfar
 
PPTX
Ch01 NetSec5e.pptx
Awais725629
 
PPTX
information security.pptx
Awais725629
 
PDF
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
Abiramis19
 
PDF
Ch01 NetSec5e.pdf
MohammadAbusaa3
 
PPTX
Basics -1.pptx kiy fdest xfderwe dgdar d
SoundaryaBC2
 
PPTX
X.800 defines a security service iyew gt
SoundaryaBC2
 
PPT
CNS Unit-I_final.ppt
SwapnaPavan2
 
PPTX
Unit-1.pptx
ssuseref9c81
 
PPT
Network and Information Security unit 1.ppt
Vivekananda Gn
 
PPTX
Computer security concepts
Prachi Gulihar
 
PPT
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 
PDF
BAIT1103 Chapter 1
limsh
 
PPTX
2.Types of Attacks.pptx
NISARSHAIKH57
 
PPTX
Lecture one Network Security Introduction.pptx
AreebaSaeed18
 
PPT
VIT311 Network Security Essentials Unit 1.ppt
ssuser000e54
 
abc.pptx
BhargaviGorde1
 
ch01.ppt
ssuser4198c4
 
information security unit 1 notes ppt contents
Krishna681298
 
Ch01
ssusere796b3
 
Network security chapter 1
osama elfar
 
Ch01 NetSec5e.pptx
Awais725629
 
information security.pptx
Awais725629
 
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
Abiramis19
 
Ch01 NetSec5e.pdf
MohammadAbusaa3
 
Basics -1.pptx kiy fdest xfderwe dgdar d
SoundaryaBC2
 
X.800 defines a security service iyew gt
SoundaryaBC2
 
CNS Unit-I_final.ppt
SwapnaPavan2
 
Unit-1.pptx
ssuseref9c81
 
Network and Information Security unit 1.ppt
Vivekananda Gn
 
Computer security concepts
Prachi Gulihar
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 
BAIT1103 Chapter 1
limsh
 
2.Types of Attacks.pptx
NISARSHAIKH57
 
Lecture one Network Security Introduction.pptx
AreebaSaeed18
 
VIT311 Network Security Essentials Unit 1.ppt
ssuser000e54
 
Ad

Recently uploaded (20)

PDF
Race Reva University – Shaping Future Leaders in Artificial Intelligence
RACE REVA University
 
PDF
IP : I ; Unit I : Preformulation Studies
RAGHUNATH SAKHARE
 
PDF
LEARNERS WITH ADDITIONAL NEEDS ProfEd Topic
Johnlloyd489543
 
PDF
Journal of Dental Science - UDMY (2020).pdf
Nay Aung
 
PPTX
What’s under the hood: Parsing standardized learning content for AI
Rustici Software
 
PDF
Climate and Adaptation MCQs class 7 from chatgpt
AkashDTejwani
 
PPTX
Module on health assessment of CHN. pptx
GurdeepSingh626704
 
PPTX
DRUGS USED FOR HORMONAL DISORDER, SUPPLIMENTATION, CONTRACEPTION, & MEDICAL T...
SaravananKumar545925
 
PPTX
Education and Perspectives of Education.pptx
Central University of South Bihar, Gaya, Bihar
 
PPTX
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
PPTX
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
PDF
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
PDF
Environmental Education MCQ BD2EE - Share Source.pdf
Dr Raja Mohammed T
 
PDF
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Nay Aung
 
PPTX
Core Concepts of Personalized Learning and Virtual Learning Environments
Dr. Bushra Sumaiya
 
PDF
Vision Prelims GS PYQ Analysis 2011-2022 www.upscpdf.com.pdf
navneetgupta711851
 
PDF
MBA _Common_ 2nd year Syllabus _2021-22_.pdf
DrAnubha4
 
PDF
Journal of Dental Science - UDMY (2022).pdf
Nay Aung
 
PDF
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
PDF
CISA (Certified Information Systems Auditor) Domain-Wise Summary.pdf
infosecTrain
 
Race Reva University – Shaping Future Leaders in Artificial Intelligence
RACE REVA University
 
IP : I ; Unit I : Preformulation Studies
RAGHUNATH SAKHARE
 
LEARNERS WITH ADDITIONAL NEEDS ProfEd Topic
Johnlloyd489543
 
Journal of Dental Science - UDMY (2020).pdf
Nay Aung
 
What’s under the hood: Parsing standardized learning content for AI
Rustici Software
 
Climate and Adaptation MCQs class 7 from chatgpt
AkashDTejwani
 
Module on health assessment of CHN. pptx
GurdeepSingh626704
 
DRUGS USED FOR HORMONAL DISORDER, SUPPLIMENTATION, CONTRACEPTION, & MEDICAL T...
SaravananKumar545925
 
Education and Perspectives of Education.pptx
Central University of South Bihar, Gaya, Bihar
 
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
Environmental Education MCQ BD2EE - Share Source.pdf
Dr Raja Mohammed T
 
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Nay Aung
 
Core Concepts of Personalized Learning and Virtual Learning Environments
Dr. Bushra Sumaiya
 
Vision Prelims GS PYQ Analysis 2011-2022 www.upscpdf.com.pdf
navneetgupta711851
 
MBA _Common_ 2nd year Syllabus _2021-22_.pdf
DrAnubha4
 
Journal of Dental Science - UDMY (2022).pdf
Nay Aung
 
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
CISA (Certified Information Systems Auditor) Domain-Wise Summary.pdf
infosecTrain
 
Ad

2-OSI SECURITY ARCHITECTURE F1-1.pptxhhhh

  • 2. OSI SECURITY ARCHITECTURE • X.800 is a standard developed by the International Telecommunication Union (ITU) defined Security Architecture for OSI. • OSI Security Architecture – provides a framework for security services in open systems. – defines security to systems and also for the data being transferred between them. – Open systems refer to computer systems that interact with other systems over a network, often using standardized communication protocols.
  • 3. OSI SECURITY ARCHITECTURE • The OSI security architecture is useful to managers as a way of organizing the task of providing security. • Furthermore, because this architecture was developed as an international standard, computer and communications vendors have developed security features for their products and services that relate to this structured definition of services and mechanisms.
  • 5. THE OSI SECURITY ARCHITECTURE • Security attack: Any action that compromises the security of information owned by an organization. • Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks and are implemented by security mechanisms. • Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.
  • 6. SECURITY ATTACK • Unauthorized attempt to access, manipulate, damage, disrupt, or disable computer systems, networks, or data. • Attacks are carried out by individuals or groups, often referred to as attackers.
  • 8. SECURITY ATTACKS • Broadly classified into two types – passive attacks – active attacks
  • 10. Passive Attacks • Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. • The goal of the opponent is to obtain information that is being transmitted. • Two types of passive attacks are the – release of message contents – traffic analysis.
  • 11. Release of message contents- obtain information that is being transmitted.
  • 12. Traffic analysis- monitoring the transmissions. • The opponent could determine the – location of communicating hosts – identity the communicating hosts – observe the frequency of messages being exchanged. – length of messages being exchanged.
  • 14. Active Attacks Active attacks involve –some modification of the data stream –or the creation of a false stream –can be subdivided into four categories: • masquerade • replay • modification of messages • denial of service.
  • 15. Masquerade • Masquerade takes place when one entity pretends to be a different entity.
  • 17. Replay • Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
  • 19. Modification of messages • Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect
  • 21. Denial of service • Denial of service prevents or inhibits the normal use or management of communications facilities. • This attack may have a specific target. • for example, an entity may suppress all messages directed to a particular destination.
  • 23. SECURITY SERVICES • X.800 defines a security service as a service that is provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers. • Security services implement security policies and are implemented by security mechanisms.
  • 37. SECURITY MECHANISMS • The mechanisms are divided into two types: – those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol – those that are not specific to any particular protocol layer or security service. Two Types • SPECIFIC SECURITY MECHANISMS (implemented in a specific protocol layer) • PERVASIVE SECURITY MECHANISMS (not specific to any particular protocol layer)
  • 38. SPECIFIC SECURITY MECHANISMS • May be incorporated into the appropriate protocol layer in order to provide some of the OSI security services. The mechanisms are:
  • 39. Encipherment • The use of mathematical algorithms to transform data into a form that is not readily intelligible. • The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.
  • 41. Digital Signature • Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.
  • 43. Access Control • A variety of mechanisms that enforce access rights to resources.
  • 44. Data Integrity • A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
  • 45. Traffic Padding • The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
  • 46. Routing Control • Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected.
  • 47. Notarization • The use of a trusted third party to assure certain properties of a data exchange.
  • 48. Authentication Exchange • A mechanism intended to ensure the identity of an entity by means of information exchange.
  • 49. PERVASIVE SECURITY MECHANISMS • Mechanisms that are not specific to any particular OSI security service or protocol layer. The mechanisms are:
  • 50. Trusted Functionality • Trusted Functionality refers to specific functions within a system that perform their intended actions securely. • Trusted Functionalities operate under strict security protocols, ensuring they cannot be easily tampered with by malicious entities. • Trusted functionalities include: – Key Management – Authentication and Authorization – Data Integrity and Confidentiality
  • 51. Security Label • A security label is a tag of metadata attached to an object, such as a file, database record, or communication message, indicating the level of security associated with that object. • Security labels are used to enforce access control policies, ensuring that only authorized users or systems can access or modify the labeled object according to its security classification.
  • 53. • Unclassified: Information that does not require any protection against unauthorized disclosure. Available to the public and can be freely shared without restriction. • Confidential: Information that could cause damage to an organization or individual if disclosed without authorization. Restricted to individuals who have been granted specific clearance to access this level of information. Security Labels
  • 54. • Secret: Information that could cause serious damage to an organization or individual if disclosed without authorization. Restricted to individuals with higher clearance levels, typically involving more stringent vetting procedures. • Top Secret: Information that could cause exceptionally grave damage to an organization or individual if disclosed without authorization. The highest level of classification, with very limited access granted only to individuals who have undergone rigorous background checks. Security Labels
  • 55. Event Detection • Detection of security-relevant events.
  • 56. Security Audit Trial • Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities.
  • 58. SECURITY RECOVERY • Deals with requests from mechanisms, such as – event handling- security breach should be handled . – management functions- security breach should be managed. – Take recovery actions- Recovery actions taken to rfecover from security breach.