210 likes | 484 Views
Security. Objectives . Cover the fundamental issues in Computer, Data and Network Security. Discuss Overview of computer security Introduction to cryptography. Information Systems Security. Deals with. Security of end systems
E N D
Security www.AssignmentPoint.com
Objectives • Cover the fundamental issues in Computer, Data and Network Security www.AssignmentPoint.com
Discuss • Overview of computer security • Introduction to cryptography www.AssignmentPoint.com
Information Systems Security • Deals with.. • Security of end systems • Examples: Operating system, files in a host, records,databases, accounting information, logs, etc. • Security of information in transit over a network • Examples: e-commerce transactions, online banking,confidential e-mails, file transfers, record transfers,authorization messages, etc. www.AssignmentPoint.com
Principles of computer security • Principle of easiest penetration: An intruder must be expected to use any available means of penetration.The penetration may not necessarily be by the most obvious means,nor is it necessarily the one against which the most solid defense has been installed. • Principle of adequate protection: Computer items must be protected only until they lost their value. www.AssignmentPoint.com
Some terminologies • Threat • Set of circumstances that has the potential to cause loss or harm • Vulnerability • a weakness in the security system(in procedures,design and implementation) • Control • Some protective measures www.AssignmentPoint.com
“A threat is blocked by controlof vulnerabilities” www.AssignmentPoint.com
Types of threats • Interception • Un-authorized party gained access to an asset. • For example, • Illegal copying of program or data. • Wiretapping to obtain data in a network. www.AssignmentPoint.com
Types of threats • Interruption • an asset of the system become lost, unavailable or unusable. For example, • Hardware failure • Operating system malfunction • Erasure of a program or data file www.AssignmentPoint.com
Types of threats • Modification: Not only an-authorized access, but tampers with an asset. For example, • Alteration of data www.AssignmentPoint.com
Types of threats • Fabrication: • Addition of imaginary in information to a system by an un authorized party. For example, • addition of a record to an existing database www.AssignmentPoint.com
MOM • What does an attacker have? • Method—sufficient skill,tools and knowledge to initiate an attack • Opportunity– Time and access to accomplish the attack • Motive– Why he wants to do that? Must have a reason. www.AssignmentPoint.com
Security goals(CIA) • Confidentiality: • Keeping data and resources secret or hidden.(secrecy or privacy) • Only authorized party can access information. • access does not mean write but allows to read, view or print information. www.AssignmentPoint.com
Security goals(CIA) • Integrity: • Assets can be modified only by authorized parties or only in authorized ways. • Modification includes writing, deleting, creating, changing etc. • Availability: • Ensuring authorized access to data and resources when desired www.AssignmentPoint.com
Security goals(additional) • Authenticity : • ensures that the sender of a message is correctly identified, with an assurance that the identity is not false. • Non-repudiation: • ensures that neither the sender nor the receiver of a message can deny afterwards that it was not he, who send or receive the message. • So, Non-repudiation services provide unforgivable evidence that a specific action has occurred www.AssignmentPoint.com
Vulnerabilities • Always look for the vulnerabilities that can be the obstacles to reach the security goals • Exist in all three major categories of system resources… • Hardware vulnerabilities • Software vulnerabilities • Data vulnerabilities www.AssignmentPoint.com
Hardware vulnerabilities • Hardware are always exposed • Very easy to occurs Examples.. • add/remove devices • physically drenched with water • dust and ash from cigarette smoke • voluntary machine slaughter www.AssignmentPoint.com
Software vulnerabilities • Software can be replaced, destroys maliciously,changed, modified,deleted, because of its vulnerabilities. Example—In a banking software, monthly interest on an account is calculated as $14.5467. But,software credits it as $14.54 and ignores $.0067. what can be the result if an attacker modifies this software? www.AssignmentPoint.com
Software vulnerabilities • Software deletion: • Easy to delete • Accidental erasure of a file • Software modification: • modifications cause software to fail or do unintended task • Various categories of software modification includes Logic bomb, Trojan horse,virus,trapdoor etc. • Software theft : • piracy www.AssignmentPoint.com
Data vulnerabilities • Confidentiality • Integrity • Availability www.AssignmentPoint.com
What is cyber law? • Cyber law encompasses a wide variety of political and legal issues related to the Internet and other communications technology, including intellectual property, privacy, freedom of expression, and jurisdiction. www.AssignmentPoint.com