SlideShare a Scribd company logo

ch1-1.ppt

Download as PPT, PDF
N
NayyabMirTahir

Information Security notes

Technology
1 of 46
1 Computer and Information Security Chapter 1 Introduction
Overview • Security Goals • The need for security • OSI Security Architecture • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs
Security Goals Integrity Confidentiality Avalaibility
Security Goals • Confidentiality – Concealment of information or resources – protecting precious business data from unauthorized persons • Integrity – Trustworthiness of data or resources • Availability – Ability to use information or resources
Confidentiality • prevents unauthorized users from accessing information to protect the privacy of information content. Confidentiality is maintained through access restrictions. • Access mechanisms, such as cryptography, support confidentiality – Example: encrypting income tax return
Integrity • Ensures the authenticity and accuracy of information. Integrity is maintained by restricting permissions for editing or the ability to modify information. • Include prevention mechanisms and detection mechanisms • Includes both correctness and trustworthiness
Availability • Ensures that authorized users can reliably access information. • Availability is maintained through continuity of access procedures, backup or duplication of information, and maintenance of hardware and network connections. • Attempts to block availability, called denial of service attacks are difficult to detect.
The Need for Security • Computer Security - the collection of tools designed – to protect data and – to thwart hackers • Network security or internet security- security measures needed to protect data during their transmission
Security • Motivation: Why do we need security? • Increased reliance on Information technology with or with out the use of networks • The use of IT has changed our lives drastically. • We depend on E-mail, Internet banking, and several other governmental activities that use IT • Increased use of E-Commerce and the World wide web on the Internet as a vast repository of various kinds of information (immigration databases, flight tickets, stock markets etc.)
Security Concerns • Damage to any IT-based system or activity can result in severe disruption of services and losses • Systems connected by networks are more prone to attacks and also suffer more as a result of the attacks than stand-alone systems (Reasons?) • Concerns such as the following are common – How do I know the party I am talking on the network is really the one I want to talk? – How can I be assured that no one else is listening and learning the data that I send over a network – Can I ever stay relaxed that no hacker can enter my network and play havoc?
Concerns continued… • Is the web site I am downloading information from a legitimate one, or a fake? • How do I ensure that the person I just did a financial transaction denies having done it tomorrow or at a later time? • I want to buy some thing online, but I don’t want to let them charge my credit card before they deliver the product to me
That is why… • ..we need security – To safeguard the confidentiality, integrity, authenticity and availability of data transmitted over insecure networks – Internet is not the only insecure network in this world – Many internal networks in organizations are prone to insider attacks – In fact, insider attacks are greater both in terms of likelihood of happening and damage caused
7 Layer Model Layer Functions 7 Application How application uses network 6 Presentatio n How to represent & display data 5 Session How to establish communication 4 Transport How to provide reliable delivery (error checking, sequencing, etc.) 3 Network How addresses are assigned and packets are forwarded 2 Data Link How to organize data into frames & transmit 1 Physical How to transmit “bits”
Security Architecture • OSI Security architecture focuses on :- • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms
Security Attacks • A security attack is an unauthorized attempt to steal, damage, or expose data from an information system such as your websiteThe security attacks aim to compromise the five major security goals for network security:- • Confidentiality, • Availability, • Authentication, • Integrity and Nonrepudiation
Security Attacks
Security Attacks • Interruption: This is an attack on availability – Disrupting traffic – Physically breaking communication line • Interception: This is an attack on confidentiality – Overhearing, eavesdropping over a communication line
Security Attacks (continued) • Modification: This is an attack on integrity – Corrupting transmitted data or tampering with it before it reaches its destination • Fabrication: This is an attack on authenticity – Faking data as if it were created by a legitimate and authentic party
Threats and Attacks • Threat - is a condition/circumstance which can cause damage to the system/asset. • A potential for violation of security or a possible danger that might exploit a vulnerability • A vulnerability is a weakness in a system that can be easily exploited if found by an attacker. • Attack - is an intended action to cause damage to system/asset • An attack on system security- an intelligent act that is a deliberate attempt to avoid security services and violate the security policy of a system. • Attack (or exploit). An action taken to harm an asset
Threats • Disclosure – unauthorized access to information • Deception – acceptance of false data • Disruption- interruption or prevention of correct operation • Usurpation- unauthorized control of some part of a system
Examples of Threats • Snooping intercepting information (“passive”) • Modification or alteration of information by “active” • Masquerading or spoofing • Repudiation of origin • Delay or denial of service
Safeguards and Vulnerabilities • A Safeguard is a countermeasure to protect against a threat • A weakness in a safeguard is called a vulnerability
Passive and active attacks • Passive attacks – No modification of content or fabrication – Eavesdropping to learn contents or other information (transfer patterns, traffic flows etc.) • Active attacks – Modification of content and/or participation in communication to • Impersonate legitimate parties • Modify the content in transit • Launch denial of service attacks
Passive Attacks
Passive Attacks
Active Attacks
Active Attacks
Two types of threats • Information access threats – Intercept or modify data on behalf of users who should not have access to that data. – E.g. corruption of data by injecting malicious code • Service threats – Exploit service flaws in computers to inhibit use by legitimate uses. – E.g. disabling authentication
Fundamental threats [McGibney04] • Information leakage – Disclosure to unauthorized parties – Prince Charles mobile phone calls, 1993 • Integrity violation – Corruption of data or loss of data – Coca-Cola website defaced with slogans, 1997 • Denial of service – Unavailability of system/service/network Illegitimate use – Morris Internet worm spread to 5% of machines on the Internet, 1988
Services and Mechanisms • A security policy is a statement of what is and what is not allowed. • A security service is a measure to address a threat – E.g. authenticate individuals to prevent unauthorized access • A security mechanism is a means to provide a service – E.g. encryption, cryptographic protocols
Security Services • A security service is a service provided by the protocol layer of a communicating system (X.800) • Security services implement security policies are implemented by security mechanisms. • X.800 divides these services into 5 Categories – Authentication – Access Control – Data confidentiality – Data Integrity – Nonrepudiation (and Availability)
Authentication • The authentication service is concerning with assuring that a communication is authentic: • The recipient of the message should be sure that the message came from the source that it claims to be • All communicating parties should be sure that the connection is not interfered with by unauthorized party. Example: consider a person, using online banking service. Both the user and the bank should be assured in identities of each other
Access control • This service controls • who can have access to a resource; • under what conditions access can occur; • what those accessing are allowing to do. Example: in online banking a user may be allowed to see his balance, but not allowed to make any transactions for some of his accounts.
Data confidentiality • The protection of data from unauthorized disclosure (from passive attacks). • Connection confidentiality • Connectionless confidentiality • Selective field confidentiality • Traffic-Flow Confidentiality
Data Integrity • The assurance that data received are exactly as sent by an authorized entity, i.e. contain • no modification • no insertion • no deletion • no replay • Protection from active attacks It may be • integrity with recovery, or • Integrity without recovery (detection only)
Nonrepudiation • Protection against denial by one of the entities involved in a communication of having participated in the communication. Nonrepudiation can be related to • Origin: proof that the message was sent by the specified party • Destination: proof that the message was received by the specified party • Example: Imagine a user of online banking who has made a transaction, but later denied that. How the bank can protect itself in a such situation?
Availability service • Protects a system to ensure its availability • Particularly, it addresses denial-of- service attacks • Depends on other security services: access control, authentication, etc
Security Mechanisms • Security mechanisms are technical tools and techniques that are used to implement security services. A mechanism might operate by itself, or with others, to provide a particular service.
Security Mechanisms Examples • Two types – Specific mechanisms existing to provide certain security services • E.g. encryption used for authentication – Pervasive mechanisms which are general mechanisms incorporated into the system and not specific to a service • E.g. security audit trail
Model for Network Security • Basic tasks – Design an algorithm that opponent cannot defeat – Generate the secret information to be used with the algorithm – Develop methods for distributing secret information – Specify a protocol to be used • May need a trusted third part to assist
Model for Network Access Security • using this model requires us to: 1. select appropriate gatekeeper functions to identify users 2. implement security controls to ensure only authorised users access designated information or resources • trusted computer systems may be useful to help implement this model
Methods of Defense • Encryption • Software Controls – (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls – (smartcard) • Policies – (frequent changes of passwords) • Physical Controls
Internet standards and RFCs • The Internet society – Internet Architecture Board (IAB) – Internet Engineering Task Force (IETF) – Internet Engineering Steering Group (IESG)

Recommended

Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityShafaan Khaliq Bhatti
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptxSubhadipDutta36
 
2.Types of Attacks.pptx
2.Types of Attacks.pptx2.Types of Attacks.pptx
2.Types of Attacks.pptxNISARSHAIKH57
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyUmangThakkar26
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityAparnaSunil24
 
ch01.pdf
ch01.pdfch01.pdf
ch01.pdfSamtech6
 
abc.pptx
abc.pptxabc.pptx
abc.pptxBhargaviGorde1
 

Recommended

Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityShafaan Khaliq Bhatti
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptxSubhadipDutta36
 
2.Types of Attacks.pptx
2.Types of Attacks.pptx2.Types of Attacks.pptx
2.Types of Attacks.pptxNISARSHAIKH57
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyUmangThakkar26
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityAparnaSunil24
 
ch01.pdf
ch01.pdfch01.pdf
ch01.pdfSamtech6
 
abc.pptx
abc.pptxabc.pptx
abc.pptxBhargaviGorde1
 
Ch01 NetSec5e.pdf
Ch01 NetSec5e.pdfCh01 NetSec5e.pdf
Ch01 NetSec5e.pdfMohammadAbusaa3
 
Ch01 NetSec5e.pptx
Ch01 NetSec5e.pptxCh01 NetSec5e.pptx
Ch01 NetSec5e.pptxAwais725629
 
information security.pptx
information security.pptxinformation security.pptx
information security.pptxAwais725629
 
Introduction of network security
Introduction of network securityIntroduction of network security
Introduction of network securitysneha padhiar
 
basic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.pptbasic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.pptPawachMetharattanara
 
Cryptography Network Security Introduction
Cryptography Network Security IntroductionCryptography Network Security Introduction
Cryptography Network Security IntroductionAlwyn Rajiv
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdfsurajthakur474818
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptxCH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptxsangeeta borde
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...NISHASOMSCS113
 
informations_security_presentations.pptx
informations_security_presentations.pptxinformations_security_presentations.pptx
informations_security_presentations.pptxFAKHARZAMANPROUD
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introductionDr.Florence Dayana
 
Chapter-I introduction
Chapter-I introductionChapter-I introduction
Chapter-I introductionDr.Florence Dayana
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 introKhawar Nehal khawar.nehal@atrc.net.pk
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
CNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxCNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxRizwanBasha12
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdfdeepakbharathi16
 
HR Strategy and work force diversity.pptx
HR Strategy and work force diversity.pptxHR Strategy and work force diversity.pptx
HR Strategy and work force diversity.pptxNayyabMirTahir
 
Group 5 HRM PRESENTATION.pptx
Group 5 HRM PRESENTATION.pptxGroup 5 HRM PRESENTATION.pptx
Group 5 HRM PRESENTATION.pptxNayyabMirTahir
 

More Related Content

Similar to ch1-1.ppt

Ch01 NetSec5e.pptx
Ch01 NetSec5e.pptxCh01 NetSec5e.pptx
Ch01 NetSec5e.pptxAwais725629
 
information security.pptx
information security.pptxinformation security.pptx
information security.pptxAwais725629
 
Introduction of network security
Introduction of network securityIntroduction of network security
Introduction of network securitysneha padhiar
 
basic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.pptbasic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.pptPawachMetharattanara
 
Cryptography Network Security Introduction
Cryptography Network Security IntroductionCryptography Network Security Introduction
Cryptography Network Security IntroductionAlwyn Rajiv
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdfsurajthakur474818
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptxCH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptxsangeeta borde
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...NISHASOMSCS113
 
informations_security_presentations.pptx
informations_security_presentations.pptxinformations_security_presentations.pptx
informations_security_presentations.pptxFAKHARZAMANPROUD
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
CNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxCNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxRizwanBasha12
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdfdeepakbharathi16
 

Similar to ch1-1.ppt (20)

Ch01 NetSec5e.pdf
Ch01 NetSec5e.pdfCh01 NetSec5e.pdf
Ch01 NetSec5e.pdf
 
Ch01 NetSec5e.pptx
Ch01 NetSec5e.pptxCh01 NetSec5e.pptx
Ch01 NetSec5e.pptx
 
information security.pptx
information security.pptxinformation security.pptx
information security.pptx
 
Introduction of network security
Introduction of network securityIntroduction of network security
Introduction of network security
 
basic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.pptbasic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.ppt
 
Cryptography Network Security Introduction
Cryptography Network Security IntroductionCryptography Network Security Introduction
Cryptography Network Security Introduction
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdf
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commerce
 
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptxCH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
 
informations_security_presentations.pptx
informations_security_presentations.pptxinformations_security_presentations.pptx
informations_security_presentations.pptx
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
 
Chapter-I introduction
Chapter-I introductionChapter-I introduction
Chapter-I introduction
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
CNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxCNS new ppt unit 1.pptx
CNS new ppt unit 1.pptx
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 

More from NayyabMirTahir

HR Strategy and work force diversity.pptx
HR Strategy and work force diversity.pptxHR Strategy and work force diversity.pptx
HR Strategy and work force diversity.pptxNayyabMirTahir
 
Group 5 HRM PRESENTATION.pptx
Group 5 HRM PRESENTATION.pptxGroup 5 HRM PRESENTATION.pptx
Group 5 HRM PRESENTATION.pptxNayyabMirTahir
 
Sources of recruitment.pptx
Sources of recruitment.pptxSources of recruitment.pptx
Sources of recruitment.pptxNayyabMirTahir
 
Past Papers (Compiler Construction).pdf
Past Papers (Compiler Construction).pdfPast Papers (Compiler Construction).pdf
Past Papers (Compiler Construction).pdfNayyabMirTahir
 
Organizational Structure, do's and dont's.ppt
Organizational Structure, do's and dont's.pptOrganizational Structure, do's and dont's.ppt
Organizational Structure, do's and dont's.pptNayyabMirTahir
 
Nayyab Mir 1922110025.pdf
Nayyab Mir 1922110025.pdfNayyab Mir 1922110025.pdf
Nayyab Mir 1922110025.pdfNayyabMirTahir
 
computing standards.pdf
computing standards.pdfcomputing standards.pdf
computing standards.pdfNayyabMirTahir
 
Statement of Cash Flows - CR.pdf
Statement of Cash Flows - CR.pdfStatement of Cash Flows - CR.pdf
Statement of Cash Flows - CR.pdfNayyabMirTahir
 
OOAD t1 short questions.pdf
OOAD t1 short questions.pdfOOAD t1 short questions.pdf
OOAD t1 short questions.pdfNayyabMirTahir
 
past papers solved.pdf
past papers solved.pdfpast papers solved.pdf
past papers solved.pdfNayyabMirTahir
 
income statement and journal .pdf
income statement and journal .pdfincome statement and journal .pdf
income statement and journal .pdfNayyabMirTahir
 

More from NayyabMirTahir (20)

HR Strategy and work force diversity.pptx
HR Strategy and work force diversity.pptxHR Strategy and work force diversity.pptx
HR Strategy and work force diversity.pptx
 
Group 5 HRM PRESENTATION.pptx
Group 5 HRM PRESENTATION.pptxGroup 5 HRM PRESENTATION.pptx
Group 5 HRM PRESENTATION.pptx
 
group 4 week 7.pptx
group 4 week 7.pptxgroup 4 week 7.pptx
group 4 week 7.pptx
 
Sources of recruitment.pptx
Sources of recruitment.pptxSources of recruitment.pptx
Sources of recruitment.pptx
 
Past Papers (Compiler Construction).pdf
Past Papers (Compiler Construction).pdfPast Papers (Compiler Construction).pdf
Past Papers (Compiler Construction).pdf
 
Nayyab Mir 25.docx
Nayyab Mir 25.docxNayyab Mir 25.docx
Nayyab Mir 25.docx
 
Organizational Structure, do's and dont's.ppt
Organizational Structure, do's and dont's.pptOrganizational Structure, do's and dont's.ppt
Organizational Structure, do's and dont's.ppt
 
group..4 (1).pptx
group..4 (1).pptxgroup..4 (1).pptx
group..4 (1).pptx
 
MPI.pptx
MPI.pptxMPI.pptx
MPI.pptx
 
Nayyab Mir 1922110025.pdf
Nayyab Mir 1922110025.pdfNayyab Mir 1922110025.pdf
Nayyab Mir 1922110025.pdf
 
computing standards.pdf
computing standards.pdfcomputing standards.pdf
computing standards.pdf
 
Statement of Cash Flows - CR.pdf
Statement of Cash Flows - CR.pdfStatement of Cash Flows - CR.pdf
Statement of Cash Flows - CR.pdf
 
Spatial filters.pdf
Spatial filters.pdfSpatial filters.pdf
Spatial filters.pdf
 
OOAD t1 short questions.pdf
OOAD t1 short questions.pdfOOAD t1 short questions.pdf
OOAD t1 short questions.pdf
 
AI week 2.pdf
AI week 2.pdfAI week 2.pdf
AI week 2.pdf
 
past papers solved.pdf
past papers solved.pdfpast papers solved.pdf
past papers solved.pdf
 
Lecture 1 FA.docx
Lecture 1 FA.docxLecture 1 FA.docx
Lecture 1 FA.docx
 
income statement and journal .pdf
income statement and journal .pdfincome statement and journal .pdf
income statement and journal .pdf
 
accrual examples .pdf
accrual examples .pdfaccrual examples .pdf
accrual examples .pdf
 
Lecture 1 FA.pdf
Lecture 1 FA.pdfLecture 1 FA.pdf
Lecture 1 FA.pdf
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

ch1-1.ppt

  • 2. Overview • Security Goals • The need for security • OSI Security Architecture • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs
  • 4. Security Goals • Confidentiality – Concealment of information or resources – protecting precious business data from unauthorized persons • Integrity – Trustworthiness of data or resources • Availability – Ability to use information or resources
  • 5. Confidentiality • prevents unauthorized users from accessing information to protect the privacy of information content. Confidentiality is maintained through access restrictions. • Access mechanisms, such as cryptography, support confidentiality – Example: encrypting income tax return
  • 6. Integrity • Ensures the authenticity and accuracy of information. Integrity is maintained by restricting permissions for editing or the ability to modify information. • Include prevention mechanisms and detection mechanisms • Includes both correctness and trustworthiness
  • 7. Availability • Ensures that authorized users can reliably access information. • Availability is maintained through continuity of access procedures, backup or duplication of information, and maintenance of hardware and network connections. • Attempts to block availability, called denial of service attacks are difficult to detect.
  • 8. The Need for Security • Computer Security - the collection of tools designed – to protect data and – to thwart hackers • Network security or internet security- security measures needed to protect data during their transmission
  • 9. Security • Motivation: Why do we need security? • Increased reliance on Information technology with or with out the use of networks • The use of IT has changed our lives drastically. • We depend on E-mail, Internet banking, and several other governmental activities that use IT • Increased use of E-Commerce and the World wide web on the Internet as a vast repository of various kinds of information (immigration databases, flight tickets, stock markets etc.)
  • 10. Security Concerns • Damage to any IT-based system or activity can result in severe disruption of services and losses • Systems connected by networks are more prone to attacks and also suffer more as a result of the attacks than stand-alone systems (Reasons?) • Concerns such as the following are common – How do I know the party I am talking on the network is really the one I want to talk? – How can I be assured that no one else is listening and learning the data that I send over a network – Can I ever stay relaxed that no hacker can enter my network and play havoc?
  • 11. Concerns continued… • Is the web site I am downloading information from a legitimate one, or a fake? • How do I ensure that the person I just did a financial transaction denies having done it tomorrow or at a later time? • I want to buy some thing online, but I don’t want to let them charge my credit card before they deliver the product to me
  • 12. That is why… • ..we need security – To safeguard the confidentiality, integrity, authenticity and availability of data transmitted over insecure networks – Internet is not the only insecure network in this world – Many internal networks in organizations are prone to insider attacks – In fact, insider attacks are greater both in terms of likelihood of happening and damage caused
  • 13. 7 Layer Model Layer Functions 7 Application How application uses network 6 Presentatio n How to represent & display data 5 Session How to establish communication 4 Transport How to provide reliable delivery (error checking, sequencing, etc.) 3 Network How addresses are assigned and packets are forwarded 2 Data Link How to organize data into frames & transmit 1 Physical How to transmit “bits”
  • 14. Security Architecture • OSI Security architecture focuses on :- • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms
  • 15. Security Attacks • A security attack is an unauthorized attempt to steal, damage, or expose data from an information system such as your websiteThe security attacks aim to compromise the five major security goals for network security:- • Confidentiality, • Availability, • Authentication, • Integrity and Nonrepudiation
  • 17. Security Attacks • Interruption: This is an attack on availability – Disrupting traffic – Physically breaking communication line • Interception: This is an attack on confidentiality – Overhearing, eavesdropping over a communication line
  • 18. Security Attacks (continued) • Modification: This is an attack on integrity – Corrupting transmitted data or tampering with it before it reaches its destination • Fabrication: This is an attack on authenticity – Faking data as if it were created by a legitimate and authentic party
  • 19. Threats and Attacks • Threat - is a condition/circumstance which can cause damage to the system/asset. • A potential for violation of security or a possible danger that might exploit a vulnerability • A vulnerability is a weakness in a system that can be easily exploited if found by an attacker. • Attack - is an intended action to cause damage to system/asset • An attack on system security- an intelligent act that is a deliberate attempt to avoid security services and violate the security policy of a system. • Attack (or exploit). An action taken to harm an asset
  • 20. Threats • Disclosure – unauthorized access to information • Deception – acceptance of false data • Disruption- interruption or prevention of correct operation • Usurpation- unauthorized control of some part of a system
  • 21. Examples of Threats • Snooping intercepting information (“passive”) • Modification or alteration of information by “active” • Masquerading or spoofing • Repudiation of origin • Delay or denial of service
  • 22. Safeguards and Vulnerabilities • A Safeguard is a countermeasure to protect against a threat • A weakness in a safeguard is called a vulnerability
  • 23. Passive and active attacks • Passive attacks – No modification of content or fabrication – Eavesdropping to learn contents or other information (transfer patterns, traffic flows etc.) • Active attacks – Modification of content and/or participation in communication to • Impersonate legitimate parties • Modify the content in transit • Launch denial of service attacks
  • 28.
  • 29. Two types of threats • Information access threats – Intercept or modify data on behalf of users who should not have access to that data. – E.g. corruption of data by injecting malicious code • Service threats – Exploit service flaws in computers to inhibit use by legitimate uses. – E.g. disabling authentication
  • 30. Fundamental threats [McGibney04] • Information leakage – Disclosure to unauthorized parties – Prince Charles mobile phone calls, 1993 • Integrity violation – Corruption of data or loss of data – Coca-Cola website defaced with slogans, 1997 • Denial of service – Unavailability of system/service/network Illegitimate use – Morris Internet worm spread to 5% of machines on the Internet, 1988
  • 31. Services and Mechanisms • A security policy is a statement of what is and what is not allowed. • A security service is a measure to address a threat – E.g. authenticate individuals to prevent unauthorized access • A security mechanism is a means to provide a service – E.g. encryption, cryptographic protocols
  • 32. Security Services • A security service is a service provided by the protocol layer of a communicating system (X.800) • Security services implement security policies are implemented by security mechanisms. • X.800 divides these services into 5 Categories – Authentication – Access Control – Data confidentiality – Data Integrity – Nonrepudiation (and Availability)
  • 33. Authentication • The authentication service is concerning with assuring that a communication is authentic: • The recipient of the message should be sure that the message came from the source that it claims to be • All communicating parties should be sure that the connection is not interfered with by unauthorized party. Example: consider a person, using online banking service. Both the user and the bank should be assured in identities of each other
  • 34. Access control • This service controls • who can have access to a resource; • under what conditions access can occur; • what those accessing are allowing to do. Example: in online banking a user may be allowed to see his balance, but not allowed to make any transactions for some of his accounts.
  • 35. Data confidentiality • The protection of data from unauthorized disclosure (from passive attacks). • Connection confidentiality • Connectionless confidentiality • Selective field confidentiality • Traffic-Flow Confidentiality
  • 36. Data Integrity • The assurance that data received are exactly as sent by an authorized entity, i.e. contain • no modification • no insertion • no deletion • no replay • Protection from active attacks It may be • integrity with recovery, or • Integrity without recovery (detection only)
  • 37. Nonrepudiation • Protection against denial by one of the entities involved in a communication of having participated in the communication. Nonrepudiation can be related to • Origin: proof that the message was sent by the specified party • Destination: proof that the message was received by the specified party • Example: Imagine a user of online banking who has made a transaction, but later denied that. How the bank can protect itself in a such situation?
  • 38. Availability service • Protects a system to ensure its availability • Particularly, it addresses denial-of- service attacks • Depends on other security services: access control, authentication, etc
  • 39. Security Mechanisms • Security mechanisms are technical tools and techniques that are used to implement security services. A mechanism might operate by itself, or with others, to provide a particular service.
  • 40. Security Mechanisms Examples • Two types – Specific mechanisms existing to provide certain security services • E.g. encryption used for authentication – Pervasive mechanisms which are general mechanisms incorporated into the system and not specific to a service • E.g. security audit trail
  • 41. Model for Network Security • Basic tasks – Design an algorithm that opponent cannot defeat – Generate the secret information to be used with the algorithm – Develop methods for distributing secret information – Specify a protocol to be used • May need a trusted third part to assist
  • 42.
  • 43.
  • 44. Model for Network Access Security • using this model requires us to: 1. select appropriate gatekeeper functions to identify users 2. implement security controls to ensure only authorised users access designated information or resources • trusted computer systems may be useful to help implement this model
  • 45. Methods of Defense • Encryption • Software Controls – (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls – (smartcard) • Policies – (frequent changes of passwords) • Physical Controls
  • 46. Internet standards and RFCs • The Internet society – Internet Architecture Board (IAB) – Internet Engineering Task Force (IETF) – Internet Engineering Steering Group (IESG)