Date post: | 03-Jun-2018 |
Category: |
Documents |
Upload: | jigar-patel |
View: | 224 times |
Download: | 0 times |
of 29
8/13/2019 17912 Information Security
1/29
Information security
CAP194
8/13/2019 17912 Information Security
2/29
CHAPTER-1
COMPUTER SECURITY CONCEPTS
8/13/2019 17912 Information Security
3/29
INTRODUCTION
We use computers for everything from banking and
investing to shopping and communicating with
others through email or chat programs.
Although you may not consider yourcommunications "top secret," you probably do not
want strangers reading your email, using your
computer to attack other systems, sending forged
email from your computer, or examining personal
information stored on your computer (such as
financial statements)
8/13/2019 17912 Information Security
4/29
Computer security is the process of preventing and
detecting unauthorized use of your computer.
Prevention measures help you to stop unauthorized
users (also known as "intruders") from accessing anypart of your computer system.
Detection helps you to determine whether or not
someone attempted to break into your system, if
they were successful, and what they may have done.
8/13/2019 17912 Information Security
5/29
Network and Internet security
measures to protect data during theirtransmission. (communication channel)
Consists of measures to deter, prevent, detect
and correct security violations that involvesthe transmission of information.
8/13/2019 17912 Information Security
6/29
Eg: User A transmits a file to user B.The file
contains sensitive information (e.g., payroll
records) that is to be protected from
disclosure. User C, who is not authorized to
read the file, is able to monitor the
transmission and capture a copy of the file
during its transmission
8/13/2019 17912 Information Security
7/29
Aim of course
our focus is on Internet Security
which consists of measures to deter, prevent,
detect, and correct security violations that
involve the transmission & storage of
information
8/13/2019 17912 Information Security
8/29
Computer security
The protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the
integrity, availability and confidentiality of
information system resources.
8/13/2019 17912 Information Security
9/29
Three key objectives of security
Also called CIA traids.
Confidentiality
Integrity
Availability
8/13/2019 17912 Information Security
10/29
Confidentiality (disclosure of information)
Data confidentiality
Privacy
Integrity (modification of information)
Data integrity
System integrity
Availability
Accountability
Authenticity
8/13/2019 17912 Information Security
11/29
OSI Security Architecture
defines a systematic way of defining and
providing security requirements
for us it provides a useful, if abstract, overview
of concepts we will study.
8/13/2019 17912 Information Security
12/29
Aspects of Security
consider 3 aspects of information security:
security attack
security mechanism
security service
8/13/2019 17912 Information Security
13/29
Security Attack
any action that compromises the security of
information owned by an organization
information security is about how to prevent attacks,
or failing that, to detect attacks on information-based systems
often threat& attackused to mean same thing
have a wide range of attacks can focus of generic types of attacks
passive
active
8/13/2019 17912 Information Security
14/29
Active Attack
Modification of data
Types
Masquerade (pretending to be someone else)
Replay (retransmission of messages)
Modification of messages( modification of
messages)
Denial of service (suppress all messages )
8/13/2019 17912 Information Security
15/29
Masquerade
8/13/2019 17912 Information Security
16/29
Replay
8/13/2019 17912 Information Security
17/29
Modification of messages
8/13/2019 17912 Information Security
18/29
Denial of service
8/13/2019 17912 Information Security
19/29
Passive Attacks
No alteration of data
Difficult to detect as there is no modification
of data.
Types
Release of message contents (reading the
contents)
Traffic analysis (data pattern)
For prevention , need to use encryption.
8/13/2019 17912 Information Security
20/29
8/13/2019 17912 Information Security
21/29
8/13/2019 17912 Information Security
22/29
8/13/2019 17912 Information Security
23/29
Services
Authentication
Access of control
Data confidentiality Data integrity
Non repudiation: means to ensure that a transferred messagehas been sent and received by the parties claiming to have sent and
received the message. Non-repudiation is a way to guarantee that thesender of a message cannot later deny having sent the message and that
the recipient cannot deny having received the message.
8/13/2019 17912 Information Security
24/29
Authentication
Peer entity authentication
Data origin authentication
Access Control
Data Confidentiality
Connection confidentiality
Connectionless confidentiality
Selective field Confidentiality
Traffic Flow Confidentiality
8/13/2019 17912 Information Security
25/29
Data Integrity
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation
Non repudiation,origin
Non repudiation, destination
8/13/2019 17912 Information Security
26/29
Security Mechanisms
A process that is designed to detect, prevent
or recover from security attack.
Types:
Specific security mechanisms
Pervasive security mechanisms
8/13/2019 17912 Information Security
27/29
Specific Security Mechanism
Encipherment
Digital Signature
Access control Data integrity
Authentication exchange
Traffic padding
Routing control
Notarization
8/13/2019 17912 Information Security
28/29
Pervasive security mechanism
Trusted functionality (certain criteria/policies)
Security label (trademarks/brands)
Event detection Security Audit trail
Security Recovery
8/13/2019 17912 Information Security
29/29
It is important to note the distinction between a
security service, i.e. what is provided for a system,
and a security mechanism, i.e. the means by which a
service is provided. Hence confidentialityis a service, whereas encryption
is a mechanism which can be used to provide
confidentiality. In fact encryption can be used to
provide other services, and data confidentiality canalso be provided by means other than encryption
(e.g. by physical protection of data).