SlideShare a Scribd company logo

Security

Download as PPT, PDF
S
santhypp
EducationTechnologyNews & Politics
1 of 23
Chapter 1 Introduction: Computer and Network Security //Modified by Prof. M. Singhal// Henric Johnson Blekinge Institute of Technology, Sweden www.its.bth.se/staff/hjo/ henric.johnson@bth.se Henric Johnson +46 708 250375 1
Outline • Information security • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs Henric Johnson 2
Information Security “Protection of data”. Has gone two major changes: 1. Computer Security: oTimesharing systems: multiple users share the H/W and S/W resources on a computer. o Remote login is allowed over phone lines. “Measures and tools to protect data and thwart hackers is called Computer Security”. Henric Johnson 3
Information Security… 2. Network Security: Computer networks are widely used to connect computers at distant locations. Raises additional security problems: o Data in transmission must be protected. o Network connectivity exposes each computer to more vulnerabilities. Henric Johnson 4
Attacks, Services and Mechanisms Three aspects of Information Security: • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. Henric Johnson 5
Security Attacks Henric Johnson 6
Security Attacks Interruption: An asset of the system is destroyed or becomes unavailable or unusable. • This is an attack on availability. Examples: • Destroying some H/W (disk or wire). • Disabling file system. • Swamping a computer with jobs or communication link with packets. Henric Johnson 7
Security Attacks Interception: An unauthorized party gains access to an asset. O This is an attack on confidentiality. Examples: >Wiretapping to capture data in a network. >Illicitly copying data or programs. Henric Johnson 8
Security Attacks Modification: An unauthorized party gains access and tampers an asset. oThis is an attack on integrity. Examples: • Changing data files. • Altering a program. • Altering the contents of a message. Henric Johnson 9
Security Attacks Fabrication: An unauthorized party inserts a counterfeit object into the system. O This is an attack on authenticity. Examples: > Insertion of records in data files. > Insertion of spurious messages in a network. (message replay). Henric Johnson 10
Passive vs. Active Attacks 1. Passive Attacks: o Eavesdropping on information without modifying it. (difficult to detect ). 2. Active Attacks: o Involve modification or creation of info. Henric Johnson 11
Henric Johnson 12
Passive Threats • Release of a message contents: Contents of a message are read. > A message may be carrying sensitive or confidential data. • Traffic analysis: An intruder makes inferences by observing message patterns. > Can be done even if messages are encrypted. > Inferences: location and identity of hosts. Henric Johnson 13
Active Threats • Masquerade: An entity pretends to be some other entity. Example: An entity captures an authentication sequence and replays it later to impersonate the original entity. • Replay: Involves capture of a data unit and its retransmission to produce an unauthorized effect. Henric Johnson 14
Active Threats • Modification of messages: A portion of a legitimate message has been altered to produce an undesirable effect. • Denial of service: Inhibits normal use of computer and communications resources. > Flooding of computer network. >Swamping of CPU or a server. Henric Johnson 15
Security Services A classification of security services: • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files Henric Johnson 16
Security Goals Confidentiality Integrity Avalaibility Henric Johnson 17
Henric Johnson 18
Henric Johnson 19
Methods of Defence • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smartcard) • Policies (frequent changes of passwords) • Physical Controls Henric Johnson 20
Internet standards and RFCs • The Internet society – Internet Architecture Board (IAB) – Internet Engineering Task Force (IETF) – Internet Engineering Steering Group (IESG) Henric Johnson 21
Internet RFC Publication Process Henric Johnson 22
Recommended Reading • Pfleeger, C. Security in Computing. Prentice Hall, 1997. • Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001. Henric Johnson 23

Recommended

Chapter 1
Chapter 1Chapter 1
Chapter 1rajjani
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cftoamma
 
Network security
Network securityNetwork security
Network securityhajra azam
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Network security
Network securityNetwork security
Network securityJasleen Kaur (Chandigarh University)
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityShafaan Khaliq Bhatti
 
Lecture1 Introduction
Lecture1 Introduction Lecture1 Introduction
Lecture1 Introduction rajakhurram
 

Recommended

Chapter 1
Chapter 1Chapter 1
Chapter 1rajjani
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cftoamma
 
Network security
Network securityNetwork security
Network securityhajra azam
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Network security
Network securityNetwork security
Network securityJasleen Kaur (Chandigarh University)
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityShafaan Khaliq Bhatti
 
Lecture1 Introduction
Lecture1 Introduction Lecture1 Introduction
Lecture1 Introduction rajakhurram
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewMohamed Loey
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
BAIT1103 Course Overview
BAIT1103 Course OverviewBAIT1103 Course Overview
BAIT1103 Course Overviewlimsh
 
Network security
Network securityNetwork security
Network securityEshrak Rahman
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Network Security
Network SecurityNetwork Security
Network SecuritySayantan Sur
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...Stefano Maria De' Rossi
 
Dos attack
Dos attackDos attack
Dos attackManjushree Mashal
 
cryptographic security
cryptographic securitycryptographic security
cryptographic securityPriyamvada Singh
 
Computer Networking
Computer NetworkingComputer Networking
Computer NetworkingShahMDGolamRahmanNay
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityRubal Sagwal
 
Ppt.1
Ppt.1Ppt.1
Ppt.1veeresh35
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Information and network security 6 security attacks
Information and network security 6 security attacksInformation and network security 6 security attacks
Information and network security 6 security attacksVaibhav Khanna
 
Dos unit 5
Dos unit 5Dos unit 5
Dos unit 5JebasheelaSJ
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security STS
 
Module 8 security and ethical challenges
Module 8 security and ethical challengesModule 8 security and ethical challenges
Module 8 security and ethical challengesCRM
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensicsalrawes
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Information security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityInformation security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityNeha Raju k
 
Chapter 1
Chapter 1Chapter 1
Chapter 1shivz3
 
Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1shivz3
 

More Related Content

What's hot

Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewMohamed Loey
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
BAIT1103 Course Overview
BAIT1103 Course OverviewBAIT1103 Course Overview
BAIT1103 Course Overviewlimsh
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...Stefano Maria De' Rossi
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityRubal Sagwal
 
Information and network security 6 security attacks
Information and network security 6 security attacksInformation and network security 6 security attacks
Information and network security 6 security attacksVaibhav Khanna
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security STS
 
Module 8 security and ethical challenges
Module 8 security and ethical challengesModule 8 security and ethical challenges
Module 8 security and ethical challengesCRM
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensicsalrawes
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Information security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityInformation security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityNeha Raju k
 

What's hot (20)

Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
BAIT1103 Course Overview
BAIT1103 Course OverviewBAIT1103 Course Overview
BAIT1103 Course Overview
 
Network security
Network securityNetwork security
Network security
 
Network security
Network securityNetwork security
Network security
 
Network Security
Network SecurityNetwork Security
Network Security
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
 
Dos attack
Dos attackDos attack
Dos attack
 
cryptographic security
cryptographic securitycryptographic security
cryptographic security
 
Computer Networking
Computer NetworkingComputer Networking
Computer Networking
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Information and network security 6 security attacks
Information and network security 6 security attacksInformation and network security 6 security attacks
Information and network security 6 security attacks
 
Dos unit 5
Dos unit 5Dos unit 5
Dos unit 5
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
 
Module 8 security and ethical challenges
Module 8 security and ethical challengesModule 8 security and ethical challenges
Module 8 security and ethical challenges
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
 
Information security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityInformation security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information security
 

Similar to Security

Chapter 1
Chapter 1Chapter 1
Chapter 1shivz3
 
Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1shivz3
 
Network Security
Network SecurityNetwork Security
Network Securitykoti7575
 
Network Security introduction.pdf
Network Security introduction.pdfNetwork Security introduction.pdf
Network Security introduction.pdfssuser3e6464
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptshahadd2021
 
A survey in privacy security in IOT
A survey in privacy security in IOT A survey in privacy security in IOT
A survey in privacy security in IOT ssk
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture ACMDLearning
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
Iot security problems and solutions
Iot security problems and solutionsIot security problems and solutions
Iot security problems and solutionsPurvesh kachhiya
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
KCS074_CGNS_L1_PPT1.pptx
KCS074_CGNS_L1_PPT1.pptxKCS074_CGNS_L1_PPT1.pptx
KCS074_CGNS_L1_PPT1.pptxjohn942994
 

Similar to Security (20)

Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1
 
Network Security
Network SecurityNetwork Security
Network Security
 
Network Security introduction.pdf
Network Security introduction.pdfNetwork Security introduction.pdf
Network Security introduction.pdf
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
A survey in privacy security in IOT
A survey in privacy security in IOT A survey in privacy security in IOT
A survey in privacy security in IOT
 
Network sec 1
Network sec 1Network sec 1
Network sec 1
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture A
 
sc.pptx
sc.pptxsc.pptx
sc.pptx
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
Iot security problems and solutions
Iot security problems and solutionsIot security problems and solutions
Iot security problems and solutions
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
CNS Unit-1.pptx
CNS Unit-1.pptxCNS Unit-1.pptx
CNS Unit-1.pptx
 
CNS - Chapter1
CNS - Chapter1CNS - Chapter1
CNS - Chapter1
 
KCS074_CGNS_L1_PPT1.pptx
KCS074_CGNS_L1_PPT1.pptxKCS074_CGNS_L1_PPT1.pptx
KCS074_CGNS_L1_PPT1.pptx
 

Recently uploaded

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 

Recently uploaded (20)

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 

Security

  • 1. Chapter 1 Introduction: Computer and Network Security //Modified by Prof. M. Singhal// Henric Johnson Blekinge Institute of Technology, Sweden www.its.bth.se/staff/hjo/ henric.johnson@bth.se Henric Johnson +46 708 250375 1
  • 2. Outline • Information security • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs Henric Johnson 2
  • 3. Information Security “Protection of data”. Has gone two major changes: 1. Computer Security: oTimesharing systems: multiple users share the H/W and S/W resources on a computer. o Remote login is allowed over phone lines. “Measures and tools to protect data and thwart hackers is called Computer Security”. Henric Johnson 3
  • 4. Information Security… 2. Network Security: Computer networks are widely used to connect computers at distant locations. Raises additional security problems: o Data in transmission must be protected. o Network connectivity exposes each computer to more vulnerabilities. Henric Johnson 4
  • 5. Attacks, Services and Mechanisms Three aspects of Information Security: • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. Henric Johnson 5
  • 6. Security Attacks Henric Johnson 6
  • 7. Security Attacks Interruption: An asset of the system is destroyed or becomes unavailable or unusable. • This is an attack on availability. Examples: • Destroying some H/W (disk or wire). • Disabling file system. • Swamping a computer with jobs or communication link with packets. Henric Johnson 7
  • 8. Security Attacks Interception: An unauthorized party gains access to an asset. O This is an attack on confidentiality. Examples: >Wiretapping to capture data in a network. >Illicitly copying data or programs. Henric Johnson 8
  • 9. Security Attacks Modification: An unauthorized party gains access and tampers an asset. oThis is an attack on integrity. Examples: • Changing data files. • Altering a program. • Altering the contents of a message. Henric Johnson 9
  • 10. Security Attacks Fabrication: An unauthorized party inserts a counterfeit object into the system. O This is an attack on authenticity. Examples: > Insertion of records in data files. > Insertion of spurious messages in a network. (message replay). Henric Johnson 10
  • 11. Passive vs. Active Attacks 1. Passive Attacks: o Eavesdropping on information without modifying it. (difficult to detect ). 2. Active Attacks: o Involve modification or creation of info. Henric Johnson 11
  • 13. Passive Threats • Release of a message contents: Contents of a message are read. > A message may be carrying sensitive or confidential data. • Traffic analysis: An intruder makes inferences by observing message patterns. > Can be done even if messages are encrypted. > Inferences: location and identity of hosts. Henric Johnson 13
  • 14. Active Threats • Masquerade: An entity pretends to be some other entity. Example: An entity captures an authentication sequence and replays it later to impersonate the original entity. • Replay: Involves capture of a data unit and its retransmission to produce an unauthorized effect. Henric Johnson 14
  • 15. Active Threats • Modification of messages: A portion of a legitimate message has been altered to produce an undesirable effect. • Denial of service: Inhibits normal use of computer and communications resources. > Flooding of computer network. >Swamping of CPU or a server. Henric Johnson 15
  • 16. Security Services A classification of security services: • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files Henric Johnson 16
  • 17. Security Goals Confidentiality Integrity Avalaibility Henric Johnson 17
  • 20. Methods of Defence • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smartcard) • Policies (frequent changes of passwords) • Physical Controls Henric Johnson 20
  • 21. Internet standards and RFCs • The Internet society – Internet Architecture Board (IAB) – Internet Engineering Task Force (IETF) – Internet Engineering Steering Group (IESG) Henric Johnson 21
  • 22. Internet RFC Publication Process Henric Johnson 22
  • 23. Recommended Reading • Pfleeger, C. Security in Computing. Prentice Hall, 1997. • Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001. Henric Johnson 23