Computer threats, Attacks and Assets upasana pandit 411165 T.E comp.

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Cryptography and Network Security Sixth Edition by William Stallings.
Chapter 18: Computer and Network Security Threats
Cryptography and Network Security Chapter 1
Chapter 1 This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet.
Lecture 1: Overview modified from slides of Lawrie Brown.
Introduction to network security
Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.
Chapter 14 Computer Security Threats
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
CSA 223 network and web security Chapter one
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Introducing Computer and Network Security
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)
Introduction (Pendahuluan)  Information Security.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Cryptography and Network Security
BUSINESS B1 Information Security.
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
Lecture 1: Overview modified from slides of Lawrie Brown.
Wireless Network Security. What is a Wireless Network Wireless networks serve as the transport mechanism between devices and among devices and the traditional.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
Protection & Security Introduction to Operating Systems: Module 16.
1 Introduction to Network Security Spring Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.
1 Introduction to Information Security Spring 2012.
INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Information Security By:-H.M.Patel. Information security There are three aspects of information security Security service Security mechanism Security.
Computer and Network Security Rabie A. Ramadan. Organization of the Course (Cont.) 2 Textbooks William Stallings, “Cryptography and Network Security,”
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
CONTROLLING INFORMATION SYSTEMS
Network Security Introduction
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
Copyright © 2013 – Curt Hill Computer Security An Overview.
CST 312 Pablo Breuer. measures to deter, prevent, detect, and correct security violations that involve the transmission of information.
Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Threats, Attacks And Assets… By: Rachael L. Fernandes Roll no:
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel:
Network Security Overview
Copyright © – Curt Hill Computer Security An Introduction.
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
Cryptography and Network Security
Computer and Network Security
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Data & Network Security
Introduction to Information Security
CNET334 - Network Security
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
BINF 711 Amr El Mougy Sherif Ismail.
Computer and Network Security
Faculty of Science IT Department By Raz Dara MA.
Computer Security By: Muhammed Anwar.
Introduction to Cryptography
Security Attacks, Mechanisms, and Services
Security Attacks Network Security.
Presentation transcript:

Computer threats, Attacks and Assets upasana pandit T.E comp

Threats and attacks There are four kinds of threat consequences and there are different kinds of attacks that result in each consequence.  UNAUTHORIZED DISCLOSURE  DECEPTION  DISRUPTION  USURPATION

Unauthorized disclosure  Unauthorized disclosure is a threat to confidentiality. The following types of attacks can result in this threat consequence:  Exposure : an insider intentionally releases sensitive information, such as credit card numbers, to an outsider.  It can also be the result of a human, hardware, or software error, which results in an entity gaining unauthorized knowledge of sensitive data.  Internet, a determined hacker can gain access to traffic and other data transfers.

 Interception : An unauthorized entity directly accesses sensitive data travelling between authorized sources and destinations.  On the Internet, a determined hacker can gain access to traffic and other data transfers.  Inference : A threat action whereby an unauthorized entity indirectly accesses sensitive data by reasoning from characteristics or by products of communications.  example : traffic analysis, in which an adversary is able to gain information from observing the pattern of traffic on a network, such as the amount of traffic between particular pairs of hosts on the network.

 Intrusion: Intrusion is an adversary gaining unauthorized access to sensitive data by overcoming the system’s access control protections.

Deception  Threat to either system integrity or data integrity.  Attacks that can result in this threat consequence:  Masquerade : It is an attempt by an unauthorized user to gain access to a system by posing as an authorized user, this could happen if the unauthorized user has learned another user’s logon ID and password.  Falsification : This refers to the altering or replacing of valid data or the introduction of false data into a file or database.

 For example, a student may alter his or her grades on a school database.  Repudiation : In this case, a user either denies sending data or a user denies receiving or possessing the data.

Disruption  Disruption is a threat to availability or system integrity.  Attacks that can result in this threat consequence:  Incapacitation : This is an attack on system availability.  This could occur as a result of physical destruction of or damage to system hardware.  Malicious software, such as Trojan horses, viruses, or worms, could operate in such a way as to disable a system or some of its services.

 Corruption : This is an attack on system integrity.  Malicious software causes system resources or services function in an unintended manner. Or a user could gain unauthorized access to a system and modify some of its functions.  Obstruction : One way to obstruct system operation is to interfere with communications by disabling communication links or altering communication control information.  Another way is to overload the system by placing excess burden on communication traffic or processing resources.

Usurpation  Usurpation is a threat to system integrity.  The following types of attacks can result in this threat consequence:  Misappropriation : include theft of service.  An example is an a distributed denial of service attack, when malicious software is installed on a number of hosts to be used as platforms to launch traffic at a target host. In this case, the malicious software makes unauthorized use of processor and operating system resources.

 Misuse : Misuse can occur either by means of malicious logic or a hacker that has gained unauthorized access to a system. In either case, security functions can be disabled.

Threats and assets 4 assets of a computer system :  Hardware  Software  Data  Communication lines and networks We relate these assets to the concepts of integrity, confidentiality, and availability.

Assets

Hardware  A major threat to computer system hardware is the threat to availability.  Hardware is the most vulnerable to attack and the least susceptible to automated controls.  Threats include accidental and deliberate damage to equipment as well as theft.  Theft of CD-ROMs and DVDs can lead to loss of confidentiality.

Software  Software includes the operating system, utilities, and application programs.  A key threat to software is an attack on availability.  Software, especially application software, is often easy to delete.  Software can also be altered or damaged to render it useless.  software modification results in a program that still functions but behaves differently than before, which is a threat to integrity/authenticity.  A final problem is protection against software piracy.

Data  A much more widespread problem is data security, which involves files and other forms of data controlled by individuals, groups, and business organizations.  In the case of availability, the concern is with the destruction of data files, which can occur either accidentally or maliciously.  The obvious concern with confidentiality is the unauthorized reading of data files or databases.  Modifications to data files can have consequences ranging from minor to disastrous.

Communication lines and networks  Network security attacks can be classified as passive attacks and active attacks.  Passive attack  A passive attack makes use of information from the system but does not affect system resources.  Two types of passive attacks are :  1)release of message contents  2)traffic analysis.  Passive attacks are very difficult to detect because they do not involve any alteration of the data.

Passive Attacks Release of message contents - a telephone conversation, an electronic mail message, a transferred file, etc. Traffic analysis - encryption can mask the contents but message size, transmission frequency, location and id of communicating hosts can still be extracted

Active attack  An active attack attempts to alter system resources or affect their operation.  four categories:  1)replay, 2)masquerade, 3)modification of messages, and 4)denial of service.  Replay : data is captured and retransmission to produce an unauthorized effect.  A masquerade takes place when one entity pretends to be a different entity.  Modification of messages :message is altered, delayed or reordered, to produce an unauthorized effect.  The denial of service prevents the normal use or management of communications facilities.

Active Attacks Replay : passive capture of a data unit and its retransmission to produce an unauthorized effect Masquerade : one entity pretends to be a different entity (e.g. try to login as someone else) Modification of messages some portion of a legitimate message is altered, or messages are delayed or reordered Denial of service prevents or inhibits the normal use or management of communications facilities (Disable or overload with messages)

Disadvantages of FCFS  FCFS performs better for long processes than short ones.  It favors processor bound processes over I/O bound processes.  Not an attractive alternative for uniprocessor system.

BOOKS REFERENCED: OPERATING SYSTEMS BY WILLIAM STALLINGS Pg

Questions  1)Explain the various categories of attack. (6mks)  2)explain various types of security threats. (4 mks)

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.