Communication networks are used to transfer valuable and confidential information for a variety of purposes. As a consequence, they attract the attention of people who intend to steal or misuse information, or to disrupt or destroy the systems storing or communicating it. In this unit you will study some of the main issues involved in achieving a reasonable degree of resilience against network attacks. Some attacks are planned and specifically targeted, whereas others may be opportunistic, resulting from eavesdropping activities.
Threats to network security are continually changing as vulnerabilities in both established and newly introduced systems are discovered, and solutions to counter those threats are needed. Studying this unit should give you an insight into the more enduring principles of network security rather than detailed accounts of current solutions.
The aims of this unit are to describe some factors that affect the security of networks and data communications, and their implications for users; and to introduce some basic types of security service and their components, and indicate how these are applied in networks.
Ideally, after studying this unit you should be able to apply the material appropriately in unfamiliar circumstances. In particular, you should be able to describe some threats to the security of communication networks and some of the countermeasures employed. The following learning outcomes are an indication of the level of knowledge you should have. You should be able to:
- Identify some of the factors driving the need for network security.
- Identify and classify particular examples of attacks.
- Define the terms vulnerability, threat and attack.
- Identify physical points of vulnerability in simple networks.
- Compare and contrast symmetric and asymmetric encryption systems and their vulnerability to attack, and explain the characteristics of hybrid systems.
- Explain the implications of implementing encryption at different levels of the OSI reference model.
- Explain what is meant by data integrity and give reasons for its importance.
- Describe methods of providing assurances about data integrity.
- Describe the use of hash functions and explain the characteristics of one-way and collision-free functions.
- Describe and distinguish between different mechanisms to assure the freshness of a message.
- Explain the role of third-party agents in the provision of authentication services.
- Discuss the effectiveness of passwords in access control and the influence of human behaviour.
- Identify types of firewall implementation suitable for differing security requirements.
- Apply and explain simple filtering rules based on IP and TCP header information.
- Distinguish between firewalls based on packet-filtering routers, application level gateways and circuit level gateways.