Download presentation
Presentation is loading. Please wait.
Published byLewis Parrish Modified over 7 years ago
1
Security Protecting information data confidentiality
- protect unauthorized reads data integrity - protect unauthorized writes (change) removes or additions system availability - prevent denial of service (DoS) Policy, OS flaws
2
Security Intruders - read info (email, trade secrets,
confidential data) - or make changes (change grades or salary) - DoS - elite hackers - script kiddies
3
Security Need a backup policy as part of security policy.
- accidental data loss (hardware, software, human error) - malicious destruction - multiple copies at another location (earthquake, fire, terrorists)
4
Cryptography Encrypt data for confidentiality and
integrity. Also use for authentication. Key Plaintext Encrypt Alg Ciphertext Ciphertext Decryption Alg Plaintext Key
5
Cryptography Use known, strong algorithms with a good key.
Avoid relying on security by obscurity. Mono alphabetic substitutions are fairly easy to break cryptograms. Symmetric encryption – one key Asymmetric encryption – two keys - also called public key
6
Symmetric Encryption Uses the same key for encryption and decryption.
Usually used to provide confidentiality. Key must be shared by two parties. Algorithms: DES, 3DES, AES Blowfish and others Key length is important. Keeping the key private is important.
7
Asymmetric Encryption
Uses two keys (public and private) The two keys are related. One can be used for encryption with the other for decryption. Based on mathematics – factoring large numbers. Often used for key exchange, and crypto signatures. Slower than symmetric. Algorithms: RSA, DSA
8
Digital fingerprints - hashes
Take a message and produce a hash of it. MD5, SHA-1, others Hope the hash is unique. If message is changed will generate a different hash. Combine with public key for signatures.
9
Crypto applications SSH – Secure shell - confidentiality
- authentication/integrity SSL/TLS – https and other protocols - confidentiality, auth/integrity PGP/GPG – for files and
10
More security topics User authentication – username/password
Cracking passwords – choose good ones Smartcards, biometrics Sniffing – why encryption important open ports – finding vulnerabilities Trojan Horses, worms, virus Buffer Overflows Firewalls, IDS, IPS
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.