Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Advertisements

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Introduction to network security
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Blekinge Institute of Technology, Sweden
1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
CPE 5002 Network security. Look at the surroundings before you leap.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security
Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Storage Security and Management: Security Framework
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
What does “secure” mean? Protecting Valuables
Wireless Network Security. What is a Wireless Network Wireless networks serve as the transport mechanism between devices and among devices and the traditional.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
Computer & Network Security
Network Security CSC332. Dr. Munam Ali Shah PhD: University of Bedfordshire MS: University of Surrey M.Sc: University of Peshawar Serving COMSATS since.
Network security Network security. Look at the surroundings before you leap.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Information Security By:-H.M.Patel. Information security There are three aspects of information security Security service Security mechanism Security.
Computer and Network Security Rabie A. Ramadan. Organization of the Course (Cont.) 2 Textbooks William Stallings, “Cryptography and Network Security,”
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
Henric Johnson1 Network Security Henric Johnson Blekinge Institute of Technology, Sweden
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
Chapter 2 Securing Network Server and User Workstations.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Chap1: Is there a Security Problem in Computing?.
Network Security Introduction
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
Copyright © 2013 – Curt Hill Computer Security An Overview.
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
Threats, Attacks And Assets… By: Rachael L. Fernandes Roll no:
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel:
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
Cryptography and Network Security
CS457 Introduction to Information Security Systems
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Information System and Network Security
CNET334 - Network Security
Cybersecurity: Threat Matrix
Information and Network Security
Cryptography and Network Security Chapter 1
Lecture 1: Foundation of Network Security
Cryptography and Network Security
Cryptography and Network Security Chapter 1
Cryptography and Network Security
Presentation transcript:

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University

Course Overview Lesson Objectives Read and understand the course syllabus Summarize the CIA security model Recall some basic security mechanisms Express the fundamental security principles Learn the importance of computer security

Read and Understand the Course Syllabus e/CPSC665/Spring2001/index.html

Summarize the CIA Security Model

Computer Security – Definition What is computer security? –Protection of an organizations assets from accidental or intentional disclosure, modification, destruction, or use –Alternately, it is the combination of administrative procedures, physical security measures, and systems security measures that are intended to protect computer assets

CIA Model of Security Computer security consists of maintaining three primary characteristics: –Confidentiality –Integrity –Availability

CIA Model Definitions - Confidentiality Confidentiality means that the information in a computer system (or in transit between systems) is accessible only by authorized parties. Authorized access includes printing, displaying, reading, or knowledge that information even exists.

CIA Model Definitions - Integrity Integrity means that information can only be modified by authorized parties or in authorized ways. Modification includes writing, changing, deleting, creating, delaying, or replaying information.

CIA Model Definitions - Availability Availability means that information is accessible to authorized parties when needed. An authorized party should not be prevented from accessing information to which they have legitimate access. Denial of service is the opposite of availability.

CIA Model Illustrated The 3 goals of confidentiality, integrity, and availability often overlap and can also conflict with one another. For example, strong confidentiality can severely limit availability. ConfidentialityIntegrity Availability

CIA Illustration 1 Consider the following: –User A transmits a file containing sensitive information to User B. User C, who is not authorized to read this file, is able to monitor the transmission of the file and obtain a copy. This is called an interception and is an attack on confidentiality. User A User B User C

CIA Illustration 2 Consider the following: –User B has requested information that he is authorized to have from User A. User C has disabled some component of the network which prevents information flow. This is called an interruption and is an attack on availability. It is also called a denial of service attack. User A User B User C

CIA Illustration 3 Consider the following: –User A transmits a file containing sensitive information to User B. User C, who is not authorized to read this file, gains access to the file during transmission, captures it, modifies it, and sends it on the User B. This is called a modification and is an attack on integrity. User A User B User C

Recall Some Basic Security Mechanisms

Controls Various controls and countermeasures have been developed to strengthen system security –Cryptography –Software controls –Hardware controls –Physical controls –Policies

Controls - Cryptography Cryptography is an important tool that can enhance system security by providing: –Confidentiality, in that it prevents unauthorized parties from reading protected information –Integrity, because information that cannot be read cannot be easily altered in a useful way Cryptography will be covered thoroughly in future lessons.

Controls – Software Controls Programs themselves must be robust and secure from outside attack. Some examples where program controls are especially important are: –Operating system software –Software development tools –Access control software

Controls - Hardware Hardware devices can help support system security. Some examples include: –Smart cards –Secure circuit boards –Removable media

Controls - Physical Physical controls used to bolster computer security include many of the same controls used to secure other facilities, such as banks and government buildings: –Door locks –Backups –Sentries –Alarms –Shredders

Controls - Policies Policies aim to describe how an organization will posture itself with regard to security: –User awareness & training –What to audit and when –Etc.

Express the Fundamental Security Principles

Basic Security Principles In order to design effective security mechanisms we will refer to some general security principles. For example: 1.Principle of least privilege : Give a user or process only those privileges needed to perform task at hand -- no more, no less. 2.Minimize the amount of trusted components : Identify what components of the system need to be trusted and aim to keep those small and simple. 3.Do not aim for perfection : Total security is basically impossible. Instead be prepared to detect problems, to design countermeasures and to recover from attacks.

Learn the Importance of Computer Security

Course Overview Glossary Availability Computer security Confidentiality Denial of service Integrity Interception Interruption Modification

References Pfleeger, Charles, Security in Computing, 2 nd Ed., 1997, Prentice-Hall. Stallings, William, Network and Internetwork Security: Principles and Practice, 1995, Prentice-Hall.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.