1 / 17

Computer Security

Computer Security. Instructor: Dr. Bo Sun. Course Objectives. Understand basic issues, concepts, principles, and mechanisms in computer network security Basic security concept Cryptography Authentication Standards Network Security. Course Outline. Basic Security Concepts:

royi
Télécharger la présentation

Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security Instructor: Dr. Bo Sun

  2. Course Objectives • Understand basic issues, concepts, principles, and mechanisms in computer network security • Basic security concept • Cryptography • Authentication • Standards • Network Security

  3. Course Outline • Basic Security Concepts: • Confidentiality, integrity, availability • others • Cryptography • Secret Key Cryptography: DES, IDEA, AES, etc. • Public Key Cryptography: RSA, Diffi-Hellman, Digital signature, Elliptic Curve, etc. • Modes of Operation: ECB, CBC etc. • Hashes and Message Digests: MD5, SHA-1 etc. • Authentication • Basic concepts of Authentication Systems • Password Authentication • Security handshake pitfalls

  4. Course Outline cont’d • Network and Distributed Systems • Kerberos • Public Key Infrastructure • IPsec • SSL/TLS • Email security • Firewall

  5. Introduction

  6. Security Attacks

  7. Security Attacks

  8. Classify Security Attacks as • passive attacks - eavesdropping on, or monitoring of, transmissions to: • obtain message contents, or • monitor traffic flows • active attacks – modification of data stream to: • masquerade of one entity as some other: man-in-the-middle • replay previous messages • modify messages in transit • denial of service

  9. Information Security Concerns • DDoS • Worm Attacks (e.g. code red) • Exploitation of software bugs (e.g. buffer overflow) • Monitoring and capture of network traffic • Masquerade of authorized users • ……. • http://www.cert.org/

  10. Contributing Factors • Lack of awareness of threats and risks of information systems • Wide-open network policies • Many Internet sites allow wide-open Internet access • Vast majority of network traffic is unencrypted • Lack of security in TCP/IP • Complexity of security management and administration • Exploitation of software bugs: e.g. Sendmail bugs • Cracker skills keep improving

  11. Security Objectives Confidentiality (Secrecy): Prevent/Detect/Deter improper disclosure of information Availability:Prevent/Detect/Deter improper denial of access to services provided by the system Integrity:Prevent/Detect/Deter improper modification of information

  12. Security Mechanisms Access Control

  13. Security Services • Confidentiality: protection of any information from being exposed to unintended entities. • Information content • Parties involved • Where they are, how they communicate, how often, etc. • Authentication: assurance that an entity of concern or the origin of a communication is authentic - it’s what it claims to be or from • Integrity: assurance that the information has not been tampered with

  14. Security Services • Non-repudiation: offer of evidence that a party is indeed the sender or a receiver of certain information • Access control: facilities to determine and enforce who is allowed access to what resources, hosts, software, network connections • Security management: facilities for coordinating users’ service requirements and mechanism implementations throughout the enterprise network and across the internet – Trust model – Trust communication protocol – Trust management infrastructure

  15. OSI of ISO Internet Stack Application Presentation Upper Layers Session Transport Transport Network Internet Data Link Data Link Physical Physical TheInternet

  16. Layered Store-and-forward User A User B Application Transport Network Link

  17. Virus, Worms, and Trojan Horses • Trojan horse: instructions hidden inside an otherwise useful program that do bad things • Virus: a set of instructions that, when executed, inserts copies of itself into other programs. • Worm: a program that replicates itself by installing copies of itself on other machines across a network. • Trapdoor: an undocumented entry point, which can be exploited as a security flaw • Zombie: malicious instructions installed on a system that can be remotely triggered to carry out some attack with les traceability because the attack comes from another victim. • ….

More Related