1 / 21

Security

Security. Objectives . Cover the fundamental issues in Computer, Data and Network Security. Discuss Overview of computer security Introduction to cryptography. Information Systems Security. Deals with. Security of end systems

dianne
Télécharger la présentation

Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security www.AssignmentPoint.com

  2. Objectives • Cover the fundamental issues in Computer, Data and Network Security www.AssignmentPoint.com

  3. Discuss • Overview of computer security • Introduction to cryptography www.AssignmentPoint.com

  4. Information Systems Security • Deals with.. • Security of end systems • Examples: Operating system, files in a host, records,databases, accounting information, logs, etc. • Security of information in transit over a network • Examples: e-commerce transactions, online banking,confidential e-mails, file transfers, record transfers,authorization messages, etc. www.AssignmentPoint.com

  5. Principles of computer security • Principle of easiest penetration: An intruder must be expected to use any available means of penetration.The penetration may not necessarily be by the most obvious means,nor is it necessarily the one against which the most solid defense has been installed. • Principle of adequate protection: Computer items must be protected only until they lost their value. www.AssignmentPoint.com

  6. Some terminologies • Threat • Set of circumstances that has the potential to cause loss or harm • Vulnerability • a weakness in the security system(in procedures,design and implementation) • Control • Some protective measures www.AssignmentPoint.com

  7. “A threat is blocked by controlof vulnerabilities” www.AssignmentPoint.com

  8. Types of threats • Interception • Un-authorized party gained access to an asset. • For example, • Illegal copying of program or data. • Wiretapping to obtain data in a network. www.AssignmentPoint.com

  9. Types of threats • Interruption • an asset of the system become lost, unavailable or unusable. For example, • Hardware failure • Operating system malfunction • Erasure of a program or data file www.AssignmentPoint.com

  10. Types of threats • Modification: Not only an-authorized access, but tampers with an asset. For example, • Alteration of data www.AssignmentPoint.com

  11. Types of threats • Fabrication: • Addition of imaginary in information to a system by an un authorized party. For example, • addition of a record to an existing database www.AssignmentPoint.com

  12. MOM • What does an attacker have? • Method—sufficient skill,tools and knowledge to initiate an attack • Opportunity– Time and access to accomplish the attack • Motive– Why he wants to do that? Must have a reason. www.AssignmentPoint.com

  13. Security goals(CIA) • Confidentiality: • Keeping data and resources secret or hidden.(secrecy or privacy) • Only authorized party can access information. • access does not mean write but allows to read, view or print information. www.AssignmentPoint.com

  14. Security goals(CIA) • Integrity: • Assets can be modified only by authorized parties or only in authorized ways. • Modification includes writing, deleting, creating, changing etc. • Availability: • Ensuring authorized access to data and resources when desired www.AssignmentPoint.com

  15. Security goals(additional) • Authenticity : • ensures that the sender of a message is correctly identified, with an assurance that the identity is not false. • Non-repudiation: • ensures that neither the sender nor the receiver of a message can deny afterwards that it was not he, who send or receive the message. • So, Non-repudiation services provide unforgivable evidence that a specific action has occurred www.AssignmentPoint.com

  16. Vulnerabilities • Always look for the vulnerabilities that can be the obstacles to reach the security goals • Exist in all three major categories of system resources… • Hardware vulnerabilities • Software vulnerabilities • Data vulnerabilities www.AssignmentPoint.com

  17. Hardware vulnerabilities • Hardware are always exposed • Very easy to occurs Examples.. • add/remove devices • physically drenched with water • dust and ash from cigarette smoke • voluntary machine slaughter www.AssignmentPoint.com

  18. Software vulnerabilities • Software can be replaced, destroys maliciously,changed, modified,deleted, because of its vulnerabilities. Example—In a banking software, monthly interest on an account is calculated as $14.5467. But,software credits it as $14.54 and ignores $.0067. what can be the result if an attacker modifies this software? www.AssignmentPoint.com

  19. Software vulnerabilities • Software deletion: • Easy to delete • Accidental erasure of a file • Software modification: • modifications cause software to fail or do unintended task • Various categories of software modification includes Logic bomb, Trojan horse,virus,trapdoor etc. • Software theft : • piracy www.AssignmentPoint.com

  20. Data vulnerabilities • Confidentiality • Integrity • Availability www.AssignmentPoint.com

  21. What is cyber law? • Cyber law encompasses a wide variety of political and legal issues related to the Internet and other communications technology, including intellectual property, privacy, freedom of expression, and jurisdiction. www.AssignmentPoint.com

More Related