Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security www.AssignmentPoint.com.

Published byJuliana Walton Modified over 6 years ago

Similar presentations

Presentation on theme: "Security www.AssignmentPoint.com."— Presentation transcript:

1 Security

2 Objectives Cover the fundamental issues in Computer, Data and Network Security

3 Overview of computer security Introduction to cryptography
Discuss Overview of computer security Introduction to cryptography

4 Information Systems Security
Deals with.. Security of end systems Examples: Operating system, files in a host, records,databases, accounting information, logs, etc. Security of information in transit over a network Examples: e-commerce transactions, online banking,confidential s, file transfers, record transfers,authorization messages, etc.

5 Principles of computer security
Principle of easiest penetration: An intruder must be expected to use any available means of penetration.The penetration may not necessarily be by the most obvious means,nor is it necessarily the one against which the most solid defense has been installed. Principle of adequate protection: Computer items must be protected only until they lost their value.

6 Some terminologies Threat Vulnerability
Set of circumstances that has the potential to cause loss or harm Vulnerability a weakness in the security system(in procedures,design and implementation) Control Some protective measures

7 “A threat is blocked by control of vulnerabilities”

8 Types of threats Interception
Un-authorized party gained access to an asset. For example, Illegal copying of program or data. Wiretapping to obtain data in a network.

9 Types of threats Interruption
an asset of the system become lost, unavailable or unusable. For example, Hardware failure Operating system malfunction Erasure of a program or data file

10 Types of threats Modification:
Not only an-authorized access, but tampers with an asset. For example, Alteration of data

11 Types of threats Fabrication:
Addition of imaginary in information to a system by an un authorized party. For example, addition of a record to an existing database

12 MOM What does an attacker have?
Method—sufficient skill,tools and knowledge to initiate an attack Opportunity– Time and access to accomplish the attack Motive– Why he wants to do that? Must have a reason.

13 Security goals(CIA) Confidentiality:
Keeping data and resources secret or hidden.(secrecy or privacy) Only authorized party can access information. access does not mean write but allows to read, view or print information.

14 Security goals(CIA) Integrity: Availability:
Assets can be modified only by authorized parties or only in authorized ways. Modification includes writing, deleting, creating, changing etc. Availability: Ensuring authorized access to data and resources when desired

15 Security goals(additional)
Authenticity : ensures that the sender of a message is correctly identified, with an assurance that the identity is not false. Non-repudiation: ensures that neither the sender nor the receiver of a message can deny afterwards that it was not he, who send or receive the message. So, Non-repudiation services provide unforgivable evidence that a specific action has occurred

16 Vulnerabilities Always look for the vulnerabilities that can be the obstacles to reach the security goals Exist in all three major categories of system resources… Hardware vulnerabilities Software vulnerabilities Data vulnerabilities

17 Hardware vulnerabilities
Hardware are always exposed Very easy to occurs Examples.. add/remove devices physically drenched with water dust and ash from cigarette smoke voluntary machine slaughter

18 Software vulnerabilities
Software can be replaced, destroys maliciously,changed, modified,deleted, because of its vulnerabilities. Example—In a banking software, monthly interest on an account is calculated as $ But,software credits it as $14.54 and ignores $.0067. what can be the result if an attacker modifies this software?

19 Software vulnerabilities
Software deletion: Easy to delete Accidental erasure of a file Software modification : modifications cause software to fail or do unintended task Various categories of software modification includes Logic bomb, Trojan horse,virus,trapdoor etc. Software theft : piracy

20 Data vulnerabilities Confidentiality Integrity Availability

21 What is cyber law? Cyber law encompasses a wide variety of political and legal issues related to the Internet and other communications technology, including intellectual property, privacy, freedom of expression, and jurisdiction.

Download ppt "Security www.AssignmentPoint.com."

Similar presentations

Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
CPSC 6126 Computer Security Information Assurance.

CPSC 6126 Computer Security Information Assurance.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
What does “secure” mean? Protecting Valuables

What does “secure” mean? Protecting Valuables
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Similar presentations

Ads by Google