Threats, Attacks And Assets… By: Rachael L. Fernandes Roll no:411111.

Slides:



Advertisements
Similar presentations
Network Security Chapter 1 - Introduction.
Advertisements

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Cryptography and Network Security Sixth Edition by William Stallings.
Chapter 18: Computer and Network Security Threats
Cryptography and Network Security Chapter 1
Chapter 1 This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet.
Lecture 1: Overview modified from slides of Lawrie Brown.
Introduction to network security
Chapter 14 Computer Security Threats
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
CSA 223 network and web security Chapter one
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)
Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Cryptography and Network Security
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Lecture 1: Overview modified from slides of Lawrie Brown.
Wireless Network Security. What is a Wireless Network Wireless networks serve as the transport mechanism between devices and among devices and the traditional.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
Introduction to Computer and Network Security
1 Introduction to Network Security Spring Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.
1 Introduction to Information Security Spring 2012.
Network security Network security. Look at the surroundings before you leap.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Information Security By:-H.M.Patel. Information security There are three aspects of information security Security service Security mechanism Security.
Computer and Network Security Rabie A. Ramadan. Organization of the Course (Cont.) 2 Textbooks William Stallings, “Cryptography and Network Security,”
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 5: Basic Security.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Network Security Introduction
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
McLean HIGHER COMPUTER NETWORKING Lesson 12 Network Security Requirements Description of computer and network security requirements (confidentiality,
Copyright © 2013 – Curt Hill Computer Security An Overview.
CST 312 Pablo Breuer. measures to deter, prevent, detect, and correct security violations that involve the transmission of information.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel:
Network Security Overview
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
Manajemen Jaringan, Sukiswo ST, MT 1 Network Control Sukiswo
Cryptography and Network Security
Computer and Network Security
CS 395: Topics in Computer Security
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Security
Data & Network Security
Introduction to Information Security
CNET334 - Network Security
BINF 711 Amr El Mougy Sherif Ismail.
Information and Network Security
Faculty of Science IT Department By Raz Dara MA.
Cryptography : Introduction
Introduction to Cryptography
Mohammad Alauthman Computer Security Mohammad Alauthman
Security Attacks, Mechanisms, and Services
Security Attacks Network Security.
Presentation transcript:

Threats, Attacks And Assets… By: Rachael L. Fernandes Roll no:411111

Threats and attacks Threat action(attacks) Threats consequence Exposure: Sensitive data are directly released to an unauthorised entity. E.g.: a person giving his/her credit card numbers, to an outsider. Interception: An unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations. E.g.: On a shared LAN, such as wireless LAN or a broadcast Ethernet, any device attached to the LAN can receive a copy of packets intended for another device. Inference: A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or by-products of communications. E.g.: Traffic analysis, in which an adversary is able to gain info from observing the pattern of traffic on the network. Intrusion: An unauthorized entity gains access to sensitive data by overcoming a system’s security protections. Unauthorised disclosure: A circumstances or event whereby an entity gains access to data for which the entity is not authorised.

Masquerade: An unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity. E.g.: This can happen if an unauthorized user has learned another user’s logon ID and password. Another e.g. is malicious logic, such as a Trojan horse, that appears to perform a useful or desirable function but actually gains unauthorized access to the system resources or tricks a user into executing other malicious logic. Falsification: This refers to the altering or replacing of valid data or the introduction of false data into a file or database. E.g.: A student may alter his/her grades on a school database. Repudiation: In this case, a user either denies sending data or a user denies receiving or possessing the data. Deception: A circumstance or event that may result in an authorized entity receiving false data and believing it to be true. It is a threat to either system integrity or data integrity. Cont...

Incapacitation: Prevents or interrupts system operation by disabling a system component. This is an attack on system availability. This could occur as a result of physical destruction of or damage to system h/w. E.g.: Viruses, Trojan horses, or worms. Corruption: Undesirably alters system operation by adversely modifying system functions or data. It is an attack on system integrity. E.g.: Malicious s/w could operate in such a way that system resources or services function in an unintended manner. Obstruction: A threat action that interrupts delivery of system services by hindering system operation. One way to obstruct system operation is to interfere with communications by disabling communication links or altering communication control info. Disruption: A circumstance or event that interrupts or prevents the correct operation of system services and functions. It is a threat to availability or system integrity. Cont...

Misappropriation: An entity assumes unauthorized logical or physical control of a system resource. E.g.: A distributed denial of service attack, when malicious s/w is installed on a number of hosts to be used as platforms to launch traffic at a target host. In this case, the malicious s/w makes unauthorized use of processor and operating system resources. Misuse: Causes a system component to perform a function or service that is determined to system security. Misuse can occur either by means of malicious logic or a hacker that has gained unauthorized access to a system. Usurpation: A circumstance or event that results in control of system services or functions by an unauthorized entity. It is a threat to system integrity. Cont...

Threats and assets The assets of a computer system can be categorized as hardware, software, data, and communication lines and networks.

Scope of system Security

Hardware A major threat to computer system hardware is the threat to availability. Hardware is the most vulnerable to attack and the least susceptible to automated controls. Threats include accidental and deliberate damage to equipment as well as theft. The proliferation of personal computers and workstations and the widespread use of LANs increase the potential for losses in this area. Theft of CD-ROMs and DVDs can lead to loss of confidentiality. Physical and administrative security measures are needed to deal with these threats.

Software Software includes the operating system, utilities, and application programs. A key threat to software is an attack on availability. Software, especially application Software, is often easy to delete. Software can also be altered or damaged to render it useless. Careful software configuration management, which includes making backups of the most recent version of software, can maintain high availability. A more difficult problem to deal with is software modification that results in a program that still functions but that behaves differently than before, which is a threat to integrity/authenticity. Computer viruses and related attacks fall into this category. A final problem is protection against software piracy. Although certain countermeasures are available, by and large the problem of unauthorized copying of software has not been solved.

Data Data security, which involves files and other forms of data controlled by individuals, groups, and business organizations. Security concerns with respect to data are broad, encompassing availability, secrecy, and integrity. In the case of availability, the concern is with the destruction of data files, which can occur either accidentally or maliciously.

Communication Lines and Networks Network security attacks can be classified as passive attacks and active attacks. A passive attack attempts to learn or make use of information from the system but does not affect system resources. An active attack attempts to alter system resources or affect their operation.

Passive attacks Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the attacker is to obtain information that is being transmitted. Two types of passive attacks are release of message contents and traffic analysis. The release of message contents is easily understood. A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. A second type of passive attack is traffic analysis.

Disadvantage of passive attacks Passive attacks are very difficult to detect because they do not involve any alteration of the data. Typically, the message traffic is sent and received in an apparently normal fashion and neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern. However, it is feasible to prevent the success of these attacks, usually by means of encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than detection.

Active attacks Active attacks involve some modification of the data stream or the creation of a false stream. They can be subdivided into four categories: 1.replay, 2.masquerade, 3.modification of messages, and 4.denial of service.

1.Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. 2.A masquerade takes place when one entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attack. 3.Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. For example, a message stating “Allow John Smith to read confidential file accounts” is modified to say “Allow Fred Brown to read confidential file accounts.” Cont…

4. The denial of service prevents or inhibits the normal use or management of communications facilities.

Disadvantage of active attacks It is quite difficult to prevent active attacks absolutely, because to do so would require physical protection of all communications facilities and paths at all times. Instead, the goal is to detect them and to recover from any disruption or delays caused by them. Because the detection has a deterrent effect, it may also contribute to prevention.

References Textbook : Operating Systems by: William Stallings (Sixth Edition) Chapter 14. Computer Security Threats Page no:

Questions 1.What are intruders? (3mks) 2.Explain the various categories of attacks.(6mks)

THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.