Next: 8.1.2 Network layers -
Up: 8.1 General concepts in
Previous: 8.1 General concepts in
The
idea
behind
setting
up
networks
is
sharing
information.
This
sharing
tends
to
take
place
through
complex
systems
with
many
users,
often
with
no
clear
boundaries
(e.g. the
Internet).
Users
can
be
hard
to
locate
and
identify,
and
access
to
local
resources
can
originate
from
a
host
far
away,
through
unknown
paths
[PFL97, p.394].
In
short,
threats
can
be
grouped
into
the
following
categories:
- Wiretapping
interception
of
traffic
in
transit;
- Impersonation
unallowed
access
to
systems
or
data
by
taking
someone
else's
identity;
- Message
confidentiality
violation
privacy
breaches;
- Message
integrity
violation
changing
contents
of
messages,
deleting
messages,
inserting
messages,
repeating
messages;
- Hacking
running
programs
at
other
hosts,
using
processing
power
at
other
hosts,
using
other
hosts
to
perform
attacks;
- Denial of service
preventing
authorized
access
to
systems,
disrupting
service.
Security
safeguards
are
called
security
services.
One
can
identify
5
fundamental
network
security
services
[FOR94, p.22]:
- Authentication
- Access
control
- Confidentiality
- Data
integrity
- Non-repudiation
(c) 1998, Filip Schepers