Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

OCTAVESM Process 4 Create Threat Profiles
The University of Adelaide, School of Computer Science
Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
Cryptography and Network Security Chapter 1
1 Network Security Ola Flygt Växjö University
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction
Security+ Guide to Network Security Fundamentals
1 An Overview of Computer Security computer security.
Introducing Computer and Network Security
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
1 Security-Overview FM Brief Review of Security. 2 Security-Overview FM Acknowledgments u Annie Anton u Charles Pfleeger u E. Spafford.
Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.
Network Security PHILADELPHIA UNIVERSITY Ahmad Alghoul Module 1 Introduction: To Information & Security  Modified by :Ahmad Al Ghoul  Philadelphia.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CPSC 6126 Computer Security Information Assurance.
Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.
CIS/TCOM 551 Computer and Network Security Slide Set 2 Carl A. Gunter Spring 2004.
Defining Security Issues
What does “secure” mean? Protecting Valuables
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
C8- Securing Information Systems
Introduction to Computer Security1 Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st semester University of.
Security in Computer System 491 CS-G(172) By Manesh T
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
10/17/20151 Computer Security Introduction. 10/17/20152 Introduction What is the goal of Computer Security? A first definition: To prevent or detect unauthorized.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
Information Security What is Information Security?
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Introduction to Security CS432 – Security in Computing Copyright © 2005, 2009 by Scott Orr and the Trustees of Indiana University.
Introduction to Computer Security
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Computer threats, Attacks and Assets upasana pandit T.E comp.
1 TMK 264: COMPUTER SECURITY CHAPTER ONE: AN OVERVIEW OF COMPUTER SECURITY.
Is There a Security Problem in Computing?
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel:
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Security
CS 450/650 Fundamentals of Integrated Computer Security
Cyber Crimes Chunlian QU 9/18/2018.
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Networking for Home and Small Businesses – Chapter 8
Network Security Ola Flygt Växjö University
Security network management
Networking for Home and Small Businesses – Chapter 8
Security in Computing, Fifth Edition
Networking for Home and Small Businesses – Chapter 8
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

Note1 (Intr1) Security Problems in Computing

Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security Goals –Confidentiality, Integrity, Availability, … Vulnerabilities –Hardware, Software, Data, … Methods of Defense –Encryption, h/w control, s/w control, …

Overview of Computer Security3 Status of security in computing In terms of security, computing is very close to the wild west days. Some computing professionals & managers do not even recognize the value of the resources they use or control. In the event of a computing crime, some companies do not investigate or prosecute.

Overview of Computer Security4 Characteristics of Computer Intrusion A computing system: a collection of hardware, software, data, and people that an organization uses to do computing tasks Any piece of the computing system can become the target of a computing crime. The weakest point is the most serious vulnerability. The principle of easiest penetration

Overview of Computer Security5 Security Breaches - Terminology Exposure –a form of possible loss or harm Vulnerability –a weakness in the system Attack Threats –Human attacks, natural disasters, errors Control – a protective measure Assets – h/w, s/w, data

Overview of Computer Security6 Types of Security Breaches Interruption –Example: DOS (Denial of Service) Interception –Peeping eyes Modification –Change of existing data Fabrication –Addition of false or spurious data

Overview of Computer Security7 Security Goals Confidentiality –The assets are accessible only by authorized parties. Integrity –The assets are modified only by authorized parties, and only in authorized ways. Availability –Assets are accessible to authorized parties.

Overview of Computer Security8 Computing System Vulnerabilities Hardware vulnerabilities Software vulnerabilities Data vulnerabilities Human vulnerabilities ?

Overview of Computer Security9 Software Vulnerabilities Destroyed (deleted) software Stolen (pirated) software Altered (but still run) software –Logic bomb –Trojan horse –Virus –Trapdoor –Information leaks

Overview of Computer Security10 Data Security The principle of adequate protection Features –Confidentiality: preventing unauthorized access –Integrity: preventing unauthorized modification (e.g., salami attack) –Availability: preventing denial of authorized access

Overview of Computer Security11 Other Exposed Assets Storage media Networks Access Key people

Overview of Computer Security12 People Involved in Computer Crimes Amateurs Crackers Career Criminals

Overview of Computer Security13 Methods of Defense Encryption Software controls Hardware controls Policies Physical controls

Overview of Computer Security14 Encryption At the heart of all security methods Confidentiality of data Some protocols rely on encryption to ensure availability of resources. Encryption does not solve all computer security problems.

Overview of Computer Security15 Software controls Internal program controls OS controls Development controls Software controls are usually the 1 st aspects of computer security that come to mind.

Overview of Computer Security16 Policies Policy controls can be simple but effective –Example: frequent changes of passwords Legal and ethical controls –Gradually evolving and maturing

Overview of Computer Security17 Principle of Effectiveness Controls must be used to be effective. –Efficient Time, memory space, human activity, … –Easy to use –appropriate

Overview of Computer Security18 Overlapping Controls Several different controls may apply to one potential exposure. –H/w control –S/w control –Data control

Overview of Computer Security19 Summary A very high-level overview The principle of easiest penetration Effective control Overlapping control