Download presentation
Presentation is loading. Please wait.
1
NET 311 Information Security
Networks and Communication Department Lecture 1: Introduction to Information Security
2
lecture contents: Computer Security Definition Security Services
Security threats and attacks Passive attack and Active attack Security Trinity 13-Nov-18 Networks and Communication Department
3
Computer Security Computer Security:
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications). 13-Nov-18 Networks and Communication Department
4
Security Services 1. Confidentiality/ privacy: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. 2. Integrity: Assures that information and programs are changed only in a specified and authorized manner. 3. Authentification: The receiver needs to be sure of the sender’s identity. 13-Nov-18 Networks and Communication Department
5
Security Services cont.
4.Nonrepudation : A sender must not be able to deny sending a message that he or she , in fact, did send. 5. Availability: Assures that systems work promptly and service is not denied to authorized users. 13-Nov-18 Networks and Communication Department
6
Security Threats Threat
A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. 13-Nov-18 Networks and Communication Department
7
Security attack Security attack is any action that comprises the security of information owned by an organization. 13-Nov-18 Networks and Communication Department
8
Passive Vs Active Attacks
Passive attack Active Attack Attempts to learn or make use of information from the system but does not affect system ressources. The goal is to obtain information that is being transmitted. Telephone converstaion, electronic message… This type of attack is difficult to detect (it does not involve any alteration in data). Attempts to involve some modification of the data stream or the creation of a false stream. This type of attack is easier to detect than passive attack. 13-Nov-18 Networks and Communication Department
9
Why is computer and network security important?
Protect company assests (hardware and software). Gain competive advantage: developping and maintaing effective security measures can provide an organization with a competive advantage over its competion. Keep your job: to secure one’s position within an organization and to ensure futur career, it is important to put into place measures that protect organizational assests. 13-Nov-18 Networks and Communication Department
10
Security Trinity Security is based on: prevention, detection, and response. Security trinity should be the foundation for all security policies. Security Detection Response Prevention 13-Nov-18 Networks and Communication Department
11
Security Trinity Prevention: In developping informaton security schemes, any organization should emphasize preventive measures over detection and response. It is more efficient and much more cost effective to prevent a security attack than to detect or respond to one. -Detection: once the preventive measures fail, procedures need to be put in place to detect immediatly to detect the araised attack. -Response: we need to develop a plan that identifies the appropriate response to a security atatck (who is responsable to execute some actions, what is the appropriate action ?) 13-Nov-18 Networks and Communication Department
12
Security Mechanisms Mechanisms Encipherment
The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys Digital Signature Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the recipient) Access Control A variety of mechanisms that enforce access rights to resources. Data Integrity A variety of mechanisms used to assure the integrity of a data unit or stream of data units. Traffic Padding The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. 13-Nov-18 Networks and Communication Department
13
References Cryptography and Network Security: Principles and practice’, William Stallings Fifth edition, 2011. 13-Nov-18 Networks and Communication Department
Similar presentations
![1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]](/18/6197093/big_thumb.jpg "1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]>")
