Week 1 Assignment 1.1: What Is The OSI Security Architecture
Week 1 Assignment1.1 What is the OSI security architecture? 1.2 What is
1.1 What is the OSI security architecture? 1.2 What is the difference between passive and active security threats? 1.3 List and briefly define categories of passive and active security attacks. 1.4 List and briefly define categories of security services. 1.5 List and briefly define categories of security mechanisms. 1.6 List and briefly define the fundamental security design principles. 1.7 Explain the difference between an attack surface and an attack tree. Complete your answers on a WORD Document.
Paper For Above instruction
The OSI (Open Systems Interconnection) security architecture provides a structured framework for implementing security measures within the layered OSI model. It integrates security services and mechanisms at different layers to ensure confidentiality, integrity, availability, authentication, and non-repudiation (Stallings, 2017). The architecture defines specific security functions and controls that protect data as it traverses the network, enabling organizations to design comprehensive security policies aligned with the layered approach of OSI. This framework facilitates the deployment of security solutions in a systematic manner, addressing various types of threats and vulnerabilities encountered across different network layers.
Understanding the difference between passive and active security threats is fundamental to developing effective security strategies. Passive threats involve unauthorized interception or monitoring of information without affecting system resources, primarily compromising confidentiality. Examples include eavesdropping and traffic analysis. Active threats, however, involve modifications or disruptions to system resources, aiming to alter, delete, or fabricate data, thereby impacting integrity and availability. Examples include hacking, malware, and Denial of Service (DoS) attacks (Kurose & Ross, 2017).
Within security attacks, categories of passive attacks include eavesdropping, traffic analysis, and passive wiretapping. These attacks are difficult to detect because they do not alter system operations but pose risks of data leakage. Active attacks encompass methods such as masquerading, modification of data, repudiation, and denial of service. These attacks directly compromise system integrity or availability and are typically detectable through various intrusion detection mechanisms (Stallings, 2017).
Security services are designed to meet the needs identified in threats and attacks. Major categories include authentication, which verifies the identities of communicating entities; access control, which ensures only authorized users can access resources; data confidentiality, which protects information from unauthorized disclosure; data integrity, which ensures information remains unaltered; and non-repudiation, which prevents entities from denying their actions. Additional services include availability, ensuring resources are accessible when needed, and privacy, which safeguards personal information (Fitzgerald & Dennis, 2019).
Security mechanisms are concrete tools or techniques used to implement these services. They include encryption algorithms, digital signatures, access control systems, firewalls, and intrusion detection systems (IDS). Encryption secures data confidentiality, digital signatures verify integrity and authenticity, access controls restrict unauthorized access, while firewalls and IDS monitor and filter network traffic to prevent malicious activities (Stallings, 2017).
The fundamental security design principles guide the development and implementation of security solutions. These principles include least privilege—granting only necessary permissions; defense in depth—multiple layers of security; fail-safe defaults—secure settings by default; economy of mechanism—simplicity enhances security; complete mediation—every access must be checked; open design—security should not depend on secrecy of design; separation of duties—dividing responsibilities to reduce risk; and psychological acceptability—security mechanisms should be user-friendly and not hinder usability (Fitzgerald & Dennis, 2019).
An attack surface refers to the total sum of all points where an attacker can try to enter or extract data from a system. It encompasses all hardware, software, and operational vulnerabilities that can be exploited. Conversely, an attack tree is a systematic, hierarchical diagram that models potential attack paths against a system, showing the different ways an attacker might compromise security. While the attack surface indicates potential points of attack, attack trees help in understanding and prioritizing attack vectors for mitigation (Shostack, 2014).
In conclusion, the OSI security architecture provides a critical framework for designing layered security solutions. Understanding threats, attacks, and the core principles of security mechanisms is essential to protect complex networked systems effectively. The concepts of attack surface and attack tree further aid security professionals in assessing risks and strengthening defenses against emerging vulnerabilities.
References
- Fitzgerald, J., & Dennis, A. (2019). Business Data Communications and Networking. McGraw-Hill Education.
- Kurose, J. F., & Ross, K. W. (2017). Computer Networking: A Top-Down Approach. Pearson.
- Shostack, A. (2014). Threat Modeling: Designing for Security. Wiley.
- Stallings, W. (2017). Network Security Essentials: Applications and Standards. Pearson.