1 / 15

INTRODUCTION TO COMPUTER & NETWORK SECURITY

INTRODUCTION TO COMPUTER & NETWORK SECURITY. Instructor: Dania Alomar. Why S tudy Security ?. Security threats are real… And need protection against Keeping information secure from modification and unauthorized access. Keeping it available is getting increasingly difficult.

clodia
Télécharger la présentation

INTRODUCTION TO COMPUTER & NETWORK SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INTRODUCTION TO COMPUTER & NETWORK SECURITY Instructor: Dania Alomar

  2. Why Study Security ? • Security threats are real… • And need protection against • Keeping information secure from modification and unauthorizedaccess. • Keeping it available is getting increasingly difficult.

  3. Computer vs. Network Security • Computer security is the generic term for a collection of tools designed to protect data and to thwart hackers. • Network security is the security measures that are needed to protect data during their transmission. • In most systems, the boundaries between computer security and network security are blurred since most, if not all, of today’s systems are distributed in nature.

  4. Goals of Security • Confidentiality :prevents unauthorized useor disclosure of information. • Integrity: assurance that the information has not been tampered. • Availability: information is accessible to authorized entities at the proper time

  5. Basic Terminology • Authentication: Verification that the user’s claimed identity is valid, such as through the use of a password • Authorization: The privileges allocated to an individual (or process) that enable access to a computer resource

  6. Cont. • Non-repudiation: offer of evidence that a party is indeed the sender or a receiver of certain information. (prevents a party in a communication from later denying its participation in communication) • Access control: facilities to determine and enforce who is allowed access to what resources, hosts, software, network connections • Data Origin Authentication: provides assurance that a piece of data originated from a particular source. • Mechanisms: e.g. passwords. • Something you know (password, PIN) • Something you have (ID, smart card) • Something you are (fingerprint, DNA)

  7. Threats and Attacks • A threat : A person, thing, event, or idea which poses some danger to an asset in terms of that asset's confidentiality, integrity or availability. • An attack: A realization of a threat; Any action that attempts to compromise the security of the information owned by an organization/person. • Categories of Attacks • Interruption • Interception • Modification • Fabrication

  8. Interruption • Interruption: an asset of the system becomes lost, unavailable, or unusable. An example is destroy hardware (cutting fiber) or software, erasure of a program or data file, or malfunction of an operating system file manager so that it cannot find a particular disk file. • Denial of service (DoS): • Crashing the server

  9. Interception • An interception means that some unauthorized party has gained access to an asset. An examples are Illicit copying of files and programs and packet sniffers and wiretapping.

  10. Modification • Modification: If an unauthorized party not only accesses but tampers with an asset. • Stop the flow of the message • Delay and modify the message • Release the message again

  11. Fabrication • Unauthorized assumption of other’s identity • Generate and distribute objects under this identity

  12. Security Attack • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is n attack on authenticity

  13. Security attacks classification • Passive Attacks • The attacker eavesdrops and read/record messages in transit. • Active Attacks • The attacker may transmit new messages, replay old messages, modify/delete messages on transit.

  14. Virus, Worms, and Trojan Horses • Trojan horse: instructions hidden inside an otherwise useful program that do bad things • Virus: a set of instructions that, when executed, inserts copies of itself into other programs. • Worm: a program that replicates itself by installing copies of itself on other machines across a network. • Trapdoor: an undocumented entry point, which can be exploited as a security flaw • Zombie: malicious instructions installed on a system that can be remotely triggered to carry out some attack with les traceability because the attack comes from another victim.

More Related