TECHNOLOGICAL UNIVERSITY (MEIKTILA)

DEPARTMENT OF INFORMATION TECHNOLOGY

Chapter-9
Security and Privacy Architecture

Date-30.1.2024 Presented by
Ma Lwin Lwin Mar
VI-IT-13
Security and Privacy Architecture

 Security and privacy of user, application, device and network resources

and data are increasingly important areas of network architecture and
design.
 Security is integrated within all areas of the network and impacts all other
functions on the network.
 For the proper functioning of security within a network, it is critical that
the relationships among security mechanisms, as well as between and
other the security architecture and other component architectures, be well
understood.
Objectives
 To learn about various security mechanisms (such as physical
security, protocol and application security, encryption/decryption,
and perimeter and remote access security)
 To develop the security architecture
Background
 Network security is defined as the protection of networks and their
services from unauthorized access, modification, destruction, or
disclosure.
 It provides assurance that the network performs its critical functions
correctly and there are no harmful side effects.
 Network privacy is a subset of network security, focusing on protection
of networks and their services from unauthorized access or disclosure.
 This includes all user, application, device, and network data.
Cont’d
 There are three classic security considerations :
i. The protecting the integrity
ii. The confidentiality and
iii. The availability of network and system resources and data.
 Cont’d
 Effective security and privacy combine an understanding
of what security means to each of the components of the
system-users, applications, devices and networks-together
with the planning and implementation of security policies
and mechanisms.
 Security in the network needs to protect network resources
from being disabled, stolen, modified, or damaged.
 This includes protecting devices, servers, users, and
system data, as well as the users’ and organization’s
privacy and image.
 Cont’d
 Attacks against the system range from seemingly innocuous
unauthorized probing and use of resources to keeping authorized
users from accessing resources (denial of service), to modifying,
stealing, or destroying resources.
Developing a Security and Privacy Plan
 Toward developing a security architecture, we should answer the following
questions:
1. What are we trying to solve, add, or differentiate by adding security
mechanisms to this network?
2. Are security mechanisms sufficient for this network?
 When security mechanisms are indicated, it is best to start simple and work
toward a more complex security architecture when warranted.
 Cont’d
 Simplicity may be archived in the security architecture by implementing
security mechanisms only in selected areas of the network (e.g., at the
access or distribution[server] networks), or by using only one or a few
mechanisms, or by selecting only those mechanisms that are easy to
implement, operate, and maintain.
 In developing the security architecture, you should determine what
problems your customer is trying to solve.
 Some common areas that are addressed by the security architecture
include:
 Which resources need to be protected
 What problems (threats) are we protecting against
 The likelihood of each problem (threat)
Security and Privacy Administration

 Two important components in preparing for security:

1. Threat analysis and
2. Policies and procedures.
Threat Analysis

 A threat analysis typically consists of identifying the assets to be protected,

as well as identifying and evaluating possible threats.
 Assets may include, but are not restricted to:
 User hardware (workstations/PCs)
 Servers
 Specialized devices
 Network devices (hubs, switches, routers, OAM&P)
 Software (OS, utilities, client programs)
 Services (applications, IP services)
 Data(local/remote, stored, archived, databases, data in-transit)
Cont’d
 And threats may include, but are not restricted to:
 Unauthorized access to data/services/software/hardware
 Unauthorized disclosure of information
 Denial of service
 Theft of data/services/software/hardware
 Corruption of data/services/software/hardware
 Viruses, worms, Trojan horses
 Physical damage
 Policies and Procedures
 The list of areas for policies and procedures shown below can be used as a
staring point to apply to the security architecture:
 User Access to the system
 Authorization of use
 Authentication of identify and use of passwords
 Training and acceptance of responsibility for compliance
 Notices that corporate equipment is not private property
 Expectations of the right to privacy
 Administrator Skills and Requirements for Certification
 Superusers as well as administrators
 Cont’d
 System Configuration and Management
 Maintenance
 Virus/Trojan protection
 Patching operating systems and applications
 Monitoring CERT advisories for notices of hacks
 Overseeing who can and cannot connect devices to the network
 Managing notice screens during login or startup
 Establishing what data get backed up
 Establishing what data get saved off-site
 Developing contingency computing plans
 Determining what to do when the system is attacked
Security and Privacy Mechanisms
 Each security mechanism should be evaluated for the network it is being
applied to, based on the degree of protection it provides, it is impacts on
users’ ability to do work, the amount of expertise required for installation
and configuration, the cost of purchasing, implementing, and operating it
and the amounts of administration and maintenance required.
i. Physical security and awareness
ii. Protocol and application security
iii. Encryption/decryption
iv. Network perimeter security and
v. Remote access security
Physical Security and Awareness
 Physical security is the protection of devices from physical access,
damage, and theft.
 Devices are usually network and system hardware, such as network
devices (routers, switches, hubs, etc.), servers and specializes
devices, but can also be software CDs, tapes, or peripheral devices.
 Physical security should be addressed as part of the network
architecture even when the campus or building has access
restrictions or security guards.
Cont’d
 Ways to implement physical security include the following
 Access-controlled rooms(e.g., via card keys) for shared
devices(servers) and specialized devices.
 Backup power sources and power conditioning
 Off-site storage and archival
 Alarm systems(e.g., fire and illegal entry alarms)
 Physical security also applies to other types of physical threats, such
as natural disasters (e.g., fires, earthquakes, and storms).
Cont’d
 Security awareness entails getting users educated and involved with the day-
to-day aspects of security in their network, and helping them to understand
the potential risks of violating security policies and procedures.
 Security awareness can be promoted through providing sessions on security,
where users have a chance to discuss the issues and voice their opinions and
problems with security mechanisms, policies, and procedures, and potentially
offer options for security and privacy; by providing users with bulletins or
newsletters (or adding information to the organization’s newsletter) on
network security and what users can do to help; and by providing with
information on the latest security attacks.
Thanks For Your Attention!