Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Shmuel Wimer prepared and instructed by

Published byEarl Barber Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Shmuel Wimer prepared and instructed by"— Presentation transcript:

1 Security Shmuel Wimer prepared and instructed by
Eng. Faculty, Bar-Ilan University January 2017 Security

2 The Security Problem A system is secure if its resources are used and accessed as intended under all circumstances. Security violations can be accidental (easier to protect) or intentional (malicious) (harder to protect). Some accidental and malicious security violations are: Confidentiality breach, unauthorized data reading (info theft), credit-card info, identity info for identity theft. Integrity breach, unauthorized data modification, passing liability to innocent party, commercial application source code modification. January 2017 Security

3 Service theft, unauthorized use of resources.
Availability breach, unauthorized data destruction, website defacement. Service theft, unauthorized use of resources. Denial of service (DOS), prevent legitimate system use. In masquerading attack method one participant in a communication pretends to be someone else (another host or another person). Attackers breach authentication, the correctness of identification, gaining access they would not normally be allowed. January 2017 Security

4 Standard security attacks.
January 2017 Security

5 Security measures have four levels:
Replay attack is a malicious repeat of valid data transmission, e.g. transfer of money. In man-in-the-middle attacker sits in the data flow of a communication, masquerading as the sender to the receiver, and vice versa. Security measures have four levels: 1. Physical, e.g. machine rooms and the terminals or having access to the machines must be secured. 2. Human. Authorization must be done carefully to assure that only appropriate users have system access. January 2017 Security

6 3. Operating system, e.g. runaway process causing accidental denial-of-service attack, a query to a service could reveal passwords. 4. Network. Data interception of private leased lines, Internet, wireless connections, dial-up lines. OS cannot implement security measures or to run securely without ability to authorize users, processes, control their access, and log their activities. Hardware protection, e.g. memory protection, features are a must for overall protection scheme. January 2017 Security

7 Program Threats Processes, along with the kernel, are the only means of accomplishing work on a computer. Therefore, writing a program that creates a breach of security, or causing a normal process to change its behavior and create a breach, is a common goal of crackers. In fact, even most nonprogram security events have as their goal causing a program threat. For example, while it is useful to log in to a system without authorization, it is quite a lot more useful to leave behind a back-door daemon that provides information or allows easy access even if the original exploit is blocked. In this section, we describe common methods by which programs cause security breaches. Note that there is considerable variation in the naming conventions for security holes and that we use the most common or descriptive terms. January 2017 Security

Download ppt "Security Shmuel Wimer prepared and instructed by"

Similar presentations

Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Protection and Security CSCI 444/544 Operating Systems Fall 2008.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Information Security Rabie A. Ramadan GUC, Cairo Room C7 -310 Lecture 2.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
What does “secure” mean? Protecting Valuables

What does “secure” mean? Protecting Valuables
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Dimensions of E – Commerce Security

Dimensions of E – Commerce Security
Operating system Security By Murtaza K. Madraswala.

Operating system Security By Murtaza K. Madraswala.

Similar presentations

Ads by Google