1 / 20

Computer Security

Computer Security . CIS326 Dr Rachel Shipsey. This course will cover the following topics:. passwords access controls symmetric and asymmetric encryption confidentiality authentication and certification security for electronic mail key management.

aira
Download Presentation

Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security CIS326 Dr Rachel Shipsey

  2. This course will cover the following topics: • passwords • access controls • symmetric and asymmetric encryption • confidentiality • authentication and certification • security for electronic mail • key management

  3. The following books are recommended as additional reading to the CIS326 study guide • Computer Security by Dieter Gollman • Secrets and Lies by Bruce Schneier • Security in Computing by Charles Pfleeger • Network Security Essentials by William Stallings • Cryptography - A Very Short Introduction by Fred Piper and Sean Murphy • Practical Cryptography by Niels Ferguson and Bruce Schneier

  4. There are also many websites dealing with the subjects discussed in this course.For example, the following website provides links to a large number of sites who have security and cryptography course on-line:http://avirubin.com/courses.html

  5. What is Security? Security is the protection of assets. The three main aspects are: • prevention • detection • re-action

  6. Some differences between traditional security and information security • Information can be stolen - but you still have it • Confidential information may be copied and sold - but the theft might not be detected • The criminals may be on the other side of the world

  7. Computer Security deals with the prevention and detection of unauthorised actions by users of a computer system.

  8. There is no single definition of security What features should a computer security system provide?

  9. Confidentiality • The prevention of unauthorised disclosure of information. • Confidentiality is keeping information secret or private. • Confidentiality might be important for military, business or personal reasons.

  10. Integrity • Integrity is the unauthorised writing or modification of information. • Integrity means that there is an external consistency in the system - everything is as it is expected to be. • Data integrity means that the data stored on a computer is the same as the source documents.

  11. Availability • Information should be accessible and useable upon appropriate demand by an authorised user. • Availability is the prevention of unauthorised withholding of information. • Denial of service attacks are a common form of attack.

  12. Non-repudiation • Non-repudiation is the prevention of either the sender or the receiver denying a transmitted message. • A system must be able to prove that certain messages were sent and received. • Non-repudiation is often implemented by using digital signatures.

  13. Authentication • Proving that you are who you say you are, where you say you are, at the time you say it is. • Authentication may be obtained by the provision of a password or a scan of your retina.

  14. Access Controls • The limitation and control of access through identification and authentication. • A system needs to be able to indentify and authenticate users for access to data, applications and hardware. • In a large system there may be a complex structure determining which users and applications have access to which objects.

  15. Accountability • The system managers are accountable to scrutiny from outside. • Audit trails must be selectively kept and protected so that actions affecting security can be traced back to the responsible party

  16. Security systems • A security system is not just a computer package. It also requires security conscious personnel who respect the procedures and their role in the system. • Conversely, a good security system should not rely on personnel having security expertise.

  17. Risk Analysis • The disadvantages of a security system are that they are time-consuming, costly, often clumsy, and impede management and smooth running of the organisation. • Risk analysis is the study of the cost of a particular system against the benefits of the system.

  18. Designing a Security System There are a number of design considerations: • Does the system focus on the data, operations or the users of the system? • What level should the security system operate from? Should it be at the level of hardware, operating system or applications package? • Should it be simple or sophisticated? • In a distributed system, should the security be centralised or spread? • How do you secure the levels below the level of the security system?

  19. Security Models A security model is a means for formally expressing the rules of the security policy in an abstract detached way. The model should be: • easy to comprehend • without ambiguities • possible to implement • a reflection of the policies of the organisation.

  20. Summary By now you should have some idea about • Why we need computer security (prevention, detection and re-action) • What a computer security system does (confidentiality, integrity, availability, non-repudiation, authentication, access control, accountability) • What computer security exerts do (design, implement and evaluate security systems)

More Related