Security Shmuel Wimer prepared and instructed by

Slides:

Advertisements

Similar presentations

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Advertisements

Cryptography and Network Security Chapter 1

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Applied Cryptography for Network Security

Web server security Dr Jim Briggs WEBP security1.

Introduction (Pendahuluan)  Information Security.

Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.

What does “secure” mean? Protecting Valuables

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Dimensions of E – Commerce Security

Operating system Security By Murtaza K. Madraswala.

1 Introduction to Information Security Spring 2012.

John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.

Information Security What is Information Security?

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 5: Basic Security.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Security.

Chap1: Is there a Security Problem in Computing?.

Ingredients of Security

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Computer threats, Attacks and Assets upasana pandit T.E comp.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel:

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

Network Security Overview

Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.

Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.

Manajemen Jaringan, Sukiswo ST, MT 1 Network Control Sukiswo

Network security Vlasov Illia

CS 395: Topics in Computer Security

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

Chapter 15: Security.

Information System and Network Security

Secure Software Confidentiality Integrity Data Security Authentication

Network security threats

Data & Network Security

Introduction to Information Security

Chapter 5 Electronic Commerce | Security

Operating system Security

CNET334 - Network Security

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Year 10 ICT ECDL/ICDL IT Security.

Security in Networking

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Chapter 5 Electronic Commerce | Security

Faculty of Science IT Department By Raz Dara MA.

Security network management

Operating System Concepts

Computer Security By: Muhammed Anwar.

Operating System Concepts

Security in SDR & cognitive radio

Introduction to Cryptography

Mohammad Alauthman Computer Security Mohammad Alauthman

Chapter Goals Discuss the CIA triad

Chapter 14: Protection.

Security Attacks Network Security.

Presentation transcript:

Security Shmuel Wimer prepared and instructed by Eng. Faculty, Bar-Ilan University January 2017 Security

The Security Problem A system is secure if its resources are used and accessed as intended under all circumstances. Security violations can be accidental (easier to protect) or intentional (malicious) (harder to protect). Some accidental and malicious security violations are: Confidentiality breach, unauthorized data reading (info theft), credit-card info, identity info for identity theft. Integrity breach, unauthorized data modification, passing liability to innocent party, commercial application source code modification. January 2017 Security

Service theft, unauthorized use of resources. Availability breach, unauthorized data destruction, website defacement. Service theft, unauthorized use of resources. Denial of service (DOS), prevent legitimate system use. In masquerading attack method one participant in a communication pretends to be someone else (another host or another person). Attackers breach authentication, the correctness of identification, gaining access they would not normally be allowed. January 2017 Security

Standard security attacks. January 2017 Security

Security measures have four levels: Replay attack is a malicious repeat of valid data transmission, e.g. transfer of money. In man-in-the-middle attacker sits in the data flow of a communication, masquerading as the sender to the receiver, and vice versa. Security measures have four levels: 1. Physical, e.g. machine rooms and the terminals or having access to the machines must be secured. 2. Human. Authorization must be done carefully to assure that only appropriate users have system access. January 2017 Security

3. Operating system, e.g. runaway process causing accidental denial-of-service attack, a query to a service could reveal passwords. 4. Network. Data interception of private leased lines, Internet, wireless connections, dial-up lines. OS cannot implement security measures or to run securely without ability to authorize users, processes, control their access, and log their activities. Hardware protection, e.g. memory protection, features are a must for overall protection scheme. January 2017 Security

Program Threats Processes, along with the kernel, are the only means of accomplishing work on a computer. Therefore, writing a program that creates a breach of security, or causing a normal process to change its behavior and create a breach, is a common goal of crackers. In fact, even most nonprogram security events have as their goal causing a program threat. For example, while it is useful to log in to a system without authorization, it is quite a lot more useful to leave behind a back-door daemon that provides information or allows easy access even if the original exploit is blocked. In this section, we describe common methods by which programs cause security breaches. Note that there is considerable variation in the naming conventions for security holes and that we use the most common or descriptive terms. January 2017 Security