1 / 22

Security in Computer System 491 CS-G(172)

Security in Computer System 491 CS-G(172). By Manesh T maneshpadmayil@gmail.com. AGENDA. Overview of Security & Needs Concepts, Types of Viruses Different Types of Security Threats in Network Hacking, Ethical Hacking Attacks, services and mechanisms Security attacks-Types

trish
Télécharger la présentation

Security in Computer System 491 CS-G(172)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Computer System491 CS-G(172) By Manesh T maneshpadmayil@gmail.com

  2. AGENDA • Overview of Security & Needs • Concepts, Types of Viruses • Different Types of Security • Threats in Network • Hacking, Ethical Hacking • Attacks, services and mechanisms • Security attacks-Types • Security services • Methods of Defense • A model for Internetwork Security

  3. Overview • What is security? • Why do we need security? • Who is vulnerable?

  4. What is “Security” Security is state of having 1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear Definition: Security is the protection of assets. Three main aspects of security are • Protection • Detection • Reaction.

  5. Why do we need security? • Protect vital information while still allowing access to those who need it • Trade secrets, medical records, etc. • Provide authentication and access control for resources • Ex: Bank Identity Card, ATM Card • Guarantee availability of resources • Must be available all the time

  6. Need for Security • The Information Age- Internet Highway • Digital Assets- emails, documents • Static Assets- pictures, databases • Assets on Transit- emails(Comm. Networks)

  7. Who is vulnerable? • Financial institutions and banks • Internet service providers • Pharmaceutical companies • Government and defense agencies • Internet users • Multinational corporations • ANYONE ON THE NETWORK

  8. Different Types of Security-Definitions • Computer Security- generic name for the collection of tools designed to protect hardware or software modules. • Network Security- measures to protect data during their transmission • Internet Security- measures to protect data during their transmission over a collection of interconnected network • Information Security- All the three areas

  9. Basic Terminologies • Cryptography • Study of mathematical techniques related to aspects of information security (Set of techniques) • Cryptanalysis • The process of breaking the security policies • Cryptology - Cryptography + cryptanalysis • Cryptosystems are computer systems used to encrypt data for secure transmission and storage

  10. Types of Computer Virus 1.Time Bomb 2.Logical Bomb 3.Worm 4.Boot Sector Virus 5.Macros Virus 6.Trojan Horse

  11. Types of Viruses • Time Bomb – Active when time/date comes • Logical Bomb – Active when some action comes • Worm- Self replicating in networks • Boot Sector Virus- During system boot, boot sector virus is loaded into main memory and destroys data stored in hard disk • Micro Virus- It is associated with application software like word and excel • Trojan Horse- usually email virus

  12. Launching the attack Steps are • Vulnerability • Threat • Discovery of Vulnerability • Exploitation of Vulnerability • Attack

  13. Attacks, Services and Mechanisms • Security Attack:Any action that compromises the security of information. • Security Mechanism:A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service:A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.

  14. Different Types of Security Attacks

  15. Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity

  16. Security Goals

  17. Threats in Networks

  18. In This Section • What makes a network Vulnerable • Reasons for network attacks • Who Attacks Networks? • Who are the attackers? Why people attack? • Threats in Network transmission: Eavesdropping and Wiretapping • Different ways attackers attack a victim

  19. What Makes a Network Vulnerable • How network differ from a stand-alone environment: • Anonymity • Attacker can mount an attack from thousands of miles away; passes through many hosts • Many points of attack • Both targets and origins • An attack can come from any host to any host • Sharing • More users have the potential to access networked systems than on single computers

  20. What Makes a Network Vulnerable • How network differ from a stand-alone environment: • Complexity of System • Reliable security is difficult to obtain • Complex as many users do not know what their computers are doing at any moment • Unknown Perimeter • One host may be a node on two different networks • Causing uncontrolled groups of possibly malicious users • Unknown Path • Can have multiple paths from one host to another.

  21. Who Attacks Networks • Challenge – what would happen if I tried this approach or technique? Can I defeat this network? • Fame • Money and Espionage(Spy) • Organized Crime • Ideology • Hacktivism – breaking into a computer system with the intent of disrupting normal operations but not causing serious damage • Cyberterroism- more dangerous than hacktivism can cause grave harm such as loss of life or severe economic damage

  22. Reference • Asoke K Talukder, Manish Chaitanya, Architecting Secure Software System, Aeurbach Publication, 2008 • Howard M, Lipner S, The Security Development Lifecycle, Microsoft Press, 2006 • Frank Swiderski, Window Snyder, Threat Modeling, Microsoft Press, 2004 • John Viega, Gary McGraw, Building secure Software, How to Avoid Security problems in the Right Way, Addison-Wesley 2001 • Tom Gallagher, Bryan Jeffries, Lawrence Landauer, Hunting Security Bugs, Microsoft Press, 2006 • Ross Anderson, Security Engineering: A guide to Building dependable Distributed systems, John wiley, 2001.

More Related