Copyright © 2013 – Curt Hill Computer Security An Overview.

Slides:



Advertisements
Similar presentations
Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Cryptography and Network Security Sixth Edition by William Stallings.
Chapter 18: Computer and Network Security Threats
Cryptography and Network Security Chapter 1
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 1: Overview.
Lecture 1: Overview modified from slides of Lawrie Brown.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Editied by R. Newman.
“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)
Introduction (Pendahuluan)  Information Security.
C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza TE computer.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.
Cryptography and Network Security Chapter 1
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings.
Introduction (Based on Lecture slides by J. H. Wang)
Cryptography and Network Security
Network Security Essentials Chapter 1
Lecture 1: Overview modified from slides of Lawrie Brown.
Network Security Essentials Chapter 1 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
Network Security Essentials Chapter 1
Another perspective on Network Security Network Security Essentials: Applications and Standards, 4/E William Stallings ISBN-10: ISBN-13:
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
NETWORK SECURITY. TextBook William Stallings, Cryptography and Network Security: Principles and Practice, ? Edition.
1.1 Chapter 1 Introduction Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
CST 312 Pablo Breuer. measures to deter, prevent, detect, and correct security violations that involve the transmission of information.
UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,
COMPUTER SECURITY COMP424 1 ST LECTURE OVERVIEW AND TERMINOLOGIES Dr. Sarah Mustafa Eljack
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Threats, Attacks And Assets… By: Rachael L. Fernandes Roll no:
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Network Security Overview
Copyright © – Curt Hill Computer Security An Introduction.
Information Security Principles course “Cryptology” Based of: “Cryptography and network Security” by William Stalling, 5th edition. Eng. Mohamed Adam Isak.
Copyright © – Curt Hill Computer Security An Introduction.
CS457 Introduction to Information Security Systems
Computer and Network Security
Information System and Network Security
COMPUTER SECURITY CONCEPTS
Data & Network Security
CNET334 - Network Security
BINF 711 Amr El Mougy Sherif Ismail.
NET 311 Information Security
Computer and Network Security
Another perspective on Network Security
Chapter 1 Introduction Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 1.#
Introduction to Cryptography
Mohammad Alauthman Computer Security Mohammad Alauthman
Definition Of Computer Security
Presentation transcript:

Copyright © 2013 – Curt Hill Computer Security An Overview

Introduction We want to consider just the basics of security There are several questions that need answers: –What assets need protection? –What threats exist for these assets? –What counter measures exist for the threats? Security is a course of study all its own –All we do here is introduce the topic Copyright © 2013 – Curt Hill

NIST Definition National Institute of Standards and Technology defines computer security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data and telecommunications). Copyright © 2013 – Curt Hill

Audience Participation What does this definition tell us? What is: –Integrity? –Availability? –Confidentiality? Copyright © 2013 – Curt Hill

The Heart Computer security centers around these three concepts: –Integrity –Availability –Confidentiality These are also known as the CIA triangle –Not Central Intelligence Agency –Failures in one often leak into others Lets unpack this a little further Copyright © 2013 – Curt Hill

Integrity Guarding against improper modification or destruction of information System integrity is about software –System performs the functions it was designed to accomplish –We counter threats to the software itself Data integrity –Data is changed only be those authorized to do so and only in specified manners Both data and software are stored in similar ways, so there is overlap Copyright © 2013 – Curt Hill

Availability System is available to do the work it was purchased to do –Timely and reliable access It services authorized users and denies service to those who are not One of the problems is that additional security is overhead that reduces amount of work that can be done –Although not as extreme as the availability issues of attacks Copyright © 2013 – Curt Hill

Confidentiality Preserving authorized restrictions on information Data confidentiality –Private information is not disclosed to those who are not authorized to access it Privacy –The individuals to whom the data refers have some influence on how the data is used –Ability to correct errors in the data –Ability to limit who may use the data and for what reason Copyright © 2013 – Curt Hill

Triangle or Pentangle? Two more concepts that figure in frequently are Authenticity and Accountability Authenticity is about the verification process of users or system –Are they actually who they say they are? Accountability is about being able to track actions in an uncompromised way – often after a security breach –We need to be able to connect each action with the one who originated the action Copyright © 2013 – Curt Hill

Levels of Impact A failure is categorized into three levels: Low – limited adverse affect –Organization is able to perform its primary function with only minor financial loss Moderate – serious adverse affect –Loss of capability or effectiveness –Damage to assets and finances High – severe or catastrophic affect –Major damage to assets –Could involve life threatening injuries Copyright © 2013 – Curt Hill

Your turn In regards to VCSU, what would constitute failures of these magnitudes? –Low –Moderate –High Copyright © 2013 – Curt Hill

The problems Computer security is complex, what are some of the problems? The underlying software is complex – small error can be exploited in a large problem To succeed the developer has to plug all holes, failure comes from only finding one – a battle of wits Authentication requires the user to possess some secret fact – how can this be distributed? Copyright © 2013 – Curt Hill

More problems To most users this is an annoyance, thus they do not employ good practices Security is often an afterthought to system development – a porous surface is hard to plug Continual monitoring is required, this is a budget item that requires justification Thinking about threats requires an unusual mind set Copyright © 2013 – Curt Hill

Attack Classifications Active attack – an attempt to alter resources and operation Passive – an attempt to make use of information without altering any of it Inside – usually mounted by an employee or privileged person –They know about the system and have a starting point of some authorization Outside – not the above –Ranges from high school pranks to organized crime or even governments Copyright © 2013 – Curt Hill

Countermeasures Any attempt to thwart an attack Prevention – predict the attack and disable in advance Detection – look for suspicious activity and unauthorized accesses Recovery – an attempt to undo the effect of an attack Copyright © 2013 – Curt Hill

Threat Consequences Copyright © 2013 – Curt Hill ConsequenceAction or attack Disclosure Exposure – sensitive data is made available Interception – access to data in transit Inference – deduce information based on what was visible Intrusion – active gaining of access Deception Masquerade – Using other’s authorization Falsification – false data to deceive authorization Repudiation – denial of an unauthorized action Disruption Incapacitation – disabling a component to damage system Corruption – modify component to alter behavior Obstruction – interrupt delivery of system services Usurpation Misappropriation – entity gains unauthorized control Misuse – modification to perform another function

Assets and Example Threats Copyright © 2013 – Curt Hill AvailabilityConfidentialityIntegrity HardwareTheft SoftwareDeletion of pgms Unauthorized copy of pgms Pgms modified to fail or provide unauthorized functions DataDelete filesUnauthorized access Modification of files Communication lines Messages are destroyed or mangled Messages are intercepted Messages are falsified

Finally Security will continue to be an important topic for the foreseeable future We will continue to balance: –The danger of security threats versus the ease of use problems that security requires –Cost of security versus the cost of failure and recovery Security concerns are also business concerns Copyright © 2013 – Curt Hill

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.