Presentation is loading. Please wait.

Presentation is loading. Please wait.

Keselamatan Komputer (Computer Security)

Published byJohn Hawkins Modified over 5 years ago

Similar presentations

Presentation on theme: "Keselamatan Komputer (Computer Security)"— Presentation transcript:

1 Keselamatan Komputer (Computer Security)
Lecture by: Izwan Suhadak Ishak Assistant Lecturer Faculty of Industrial Information Technology Universiti Industri Selangor ITD2323 Lesson 1 – Chapter 1

2 ITD2323 - Keselamatan Komputer
Trust no one Things to do first Group yourself in 4 persons per group Give the names of group members to your lecturer You are given only 5 minutes to do so. Why? Later you will know. 2/28/2019 ITD Keselamatan Komputer

3 ITD2323 - Keselamatan Komputer
Trust no one Lessons to be learnt Risks involved in computing Goals of secure computing (CIA) Threats to computing (IIMF) Controls to address threats 2/28/2019 ITD Keselamatan Komputer

4 Questions to be answered……
Trust no one Questions to be answered…… What does “secure” mean to you (in general)? Discuss and present What are the things considered valuable? What is computing system? Answer Which part of the computing system is valuable? Are they all ‘secure’? Why do you say that? 2/28/2019 ITD Keselamatan Komputer

5 Things to think about…….
Trust no one Things to think about……. Which one is more valuable: Cash, gold, customer information? People can spend with cash and gold but customer information??? 2/28/2019 ITD Keselamatan Komputer

6 ITD2323 - Keselamatan Komputer
Trust no one Attacks When testing a hardware or software, testers are usually trying to find faults in order to make the system stronger by improving the fault In security sense, tests are done to look for malfunctions to the system so that the system’s value and other assets are kept intact 2/28/2019 ITD Keselamatan Komputer

7 Threats, Vulnerability and Control
Trust no one Threats, Vulnerability and Control Vulnerability – Weakness in the security system that may be exploited to cause loss or harm Threat – A set of circumstances that has a potential to cause loss or harm Control – A protective measure (what?) An action, device, procedure or technique to remove or reduce vulnerability 2/28/2019 ITD Keselamatan Komputer

8 ITD2323 - Keselamatan Komputer
Trust no one Picture this! Vulnerability Body of Water Man THREAT CONTROL Cracked wall Which one is considered as THREAT, VULNERABILITY and CONTROL? “A threat is blocked by a control of vulnerability” 2/28/2019 ITD Keselamatan Komputer

9 ITD2323 - Keselamatan Komputer
Trust no one Types of Threats Interception Unauthorized party gained access to an asset Interruption When an asset becomes lost, unavailable or unusable 2/28/2019 ITD Keselamatan Komputer

10 ITD2323 - Keselamatan Komputer
Trust no one Types of Threats Modification When an unauthorized party not only accesses but also tampers with an asset Fabrication When an unauthorized party creates a counterfeit objects on a computing system 2/28/2019 ITD Keselamatan Komputer

11 ITD2323 - Keselamatan Komputer
Trust no one When MOM is a bad word Malicious attackers usually have these characteristics: Method Skills, knowledge, tools and other things to pull off an attack Opportunity Time and access to accomplish the attack Motive Reason to perform attack against a system 2/28/2019 ITD Keselamatan Komputer

12 ITD2323 - Keselamatan Komputer
Trust no one Computer Security Address THREE (3) main aspects: Confidentiality Assets accessed only by authorized parties Also known as secrecy or privacy Integrity Assets can only be modified by authorized parties in authorized way Includes writing, changing, deleting, creating Availability Assets are accessible to authorized parties at appropriate times Antonym: Denial of Service 2/28/2019 ITD Keselamatan Komputer

13 ITD2323 - Keselamatan Komputer
Trust no one Relationship Confidentiality Secure Integrity Availability 2/28/2019 ITD Keselamatan Komputer

14 Vulnerabilities of Computing System
Trust no one Vulnerabilities of Computing System Interruption (Denial of Service) Interception (Theft) Hardware Modification Fabrication (Substitution) Interruption (Deletion) Fabrication Interruption (Loss) Software Interception Data Interception Modification Fabrication Modification 2/28/2019 ITD Keselamatan Komputer

15 ITD2323 - Keselamatan Komputer
Trust no one Other Exposed Assets Network Specialized collections of hardware, software & data Confront communication problems Easily multiply the problems of computer security Lack of physical proximity, insecure shared media, inability to identify remote users 2/28/2019 ITD Keselamatan Komputer

16 ITD2323 - Keselamatan Komputer
Trust no one …continued Access Leads to three types of vulnerabilities Intruder might steal computer time to do something that does not attack the integrity of system Eg. Someone using an insecure wireless connection of another Malicious access – destroy software or data Deny service to legitimate user should the system is very much depending on availability 2/28/2019 ITD Keselamatan Komputer

17 ITD2323 - Keselamatan Komputer
Trust no one …continued Key people Crucial weak points in security Should have more than one person who knows how to use the system Disgruntled employee can cause serious damage by using inside knowledge of the system and could manipulate data Key people should be carefully selected to man the system 2/28/2019 ITD Keselamatan Komputer

18 ITD2323 - Keselamatan Komputer
Trust no one Computer Criminals You can never know! These people can be wearing business suits, highly-educated, very smart Could be high school or university students Could be people with First Class Honors Could be middle-aged business executives Could be mentally deranged, hostile, committed to a cause (political maybe?) Tempted by profit, revenge, challenge, advancement, job security 2/28/2019 ITD Keselamatan Komputer

19 ITD2323 - Keselamatan Komputer
Computer Crime Any crime involving a computer or aided by the use of a computer Companies usually do not report computer crimes for fear of damaged reputation, ashamed that their system allows to be compromised 2/28/2019 ITD Keselamatan Komputer

20 ITD2323 - Keselamatan Komputer
Whodunnit? Amateurs Committed most computer crimes reported People who observe weaknesses in a security system that allows access to cash and other Crackers People who tried to gain access into unauthorized area Perception that nobody is hurt or endangered if peeked into what’s in the system Enjoy the simple challenge of trying to log in Out of curiosity, for personal gain, self-satisfaction Enjoy the chaos caused, loss or harm done (SINISTER!) 2/28/2019 ITD Keselamatan Komputer

21 ITD2323 - Keselamatan Komputer
Trust no one …continued Career Criminals Understands the targets of crimes Begins as computer professionals, but found out the lucrative payoff from their crafts, so they opted to become full-time criminals 2/28/2019 ITD Keselamatan Komputer

22 ITD2323 - Keselamatan Komputer
Trust no one Methods of Defense Harm occurs when threat is realized against vulnerability Possibility of harm to occur is RISK How to deal with it? Prevent (by blocking attack or close the vulnerability) Deter (making attack harder, but not impossible) Deflect (making another target more attractive) Detect (when it happens or some other time) Recover (from the effects) 2/28/2019 ITD Keselamatan Komputer

23 ITD2323 - Keselamatan Komputer
Trust no one Controls Ways to handle vulnerabilities Encryption Formal name for scrambling process Normal, unscrambled state = plaintext, cleartext Transformed state = enciphered text, ciphertext Addresses the needs for data confidentiality and integrity Does not solve all computer security problems 2/28/2019 ITD Keselamatan Komputer

24 ITD2323 - Keselamatan Komputer
Trust no one …continued Software Controls Internal program controls – parts of program enforce security restriction, eg. access limitations in DBMS Operating system & network system controls – limitations enforced by OS/network to protect each user from all other users Independent control programs – application program (password checker, intrusion detection, virus scanners Development control – quality standards when designing a program, coded, tested, maintained to prevent faults from being exploited 2/28/2019 ITD Keselamatan Komputer

25 ITD2323 - Keselamatan Komputer
Trust no one …continued Hardware Control Hardware, smart card implementation Locks or cables limiting access or deterring theft Devices to verify users’ identity Firewalls Intrusion-detection system Circuit boards to control access to storage media 2/28/2019 ITD Keselamatan Komputer

26 ITD2323 - Keselamatan Komputer
Trust no one …continued Policies and Procedures Frequent changes of password Training and administration of policies Physical Controls Locks on doors, guards at entry points, backup copies of important software and data 2/28/2019 ITD Keselamatan Komputer

27 ITD2323 - Keselamatan Komputer
Trust no one The End Assignment: Interview our PICT personnel about security control that they have on the physical and software security at UNISEL This is a group assignment Due: One week from now Report length: Not more than 3 pages. 2/28/2019 ITD Keselamatan Komputer

28 ITD2323 - Keselamatan Komputer
Trust no one Computing System Collection of hardware, software, storage media, data and people to perform computing tasks 2/28/2019 ITD Keselamatan Komputer

29 Hardware Vulnerabilities
Trust no one Hardware Vulnerabilities Physical attack Drenched with water, burned, frozen, gassed, electrocuted Spilled on with drinks, ketchup, food Mice chewed cables Particles like ash Kicked at, slapped, bumped, punched All of the above can be accidental = involuntary machine slaughter 2/28/2019 ITD Keselamatan Komputer

30 ITD2323 - Keselamatan Komputer
Trust no one …continued More serious – voluntary machine slaughter = machinicide Shot with guns, stabbed with knives, bombs, fires, collisions Pens, screwdrivers used to short circuits boards Theft 2/28/2019 ITD Keselamatan Komputer

31 Software Vulnerabilities
Trust no one Software Vulnerabilities Software Deletion Use Change Management to retain integrity Software Modification Maliciously done using: Logic Bomb – program modified to fail at a certain condition Trojan Horse – overtly doing something, covertly doing something else Virus – specific Trojan Horse used to spread infection from one computer to another Trapdoor – program with secret entry point Information leaks – program code that gives out information to unauthorized people or other programs 2/28/2019 ITD Keselamatan Komputer

32 ITD2323 - Keselamatan Komputer
Trust no one …continued Software Theft Unauthorized copying of software Legal system still grappling with difficulties of interpreting paper-based copyright laws for electronic media 2/28/2019 ITD Keselamatan Komputer

33 ITD2323 - Keselamatan Komputer
Trust no one Data Vulnerabilities Data attack is more widespread and considered as a serious problem than hardware or software attack Data has greater public value – people know how to use or interpret data 2/28/2019 ITD Keselamatan Komputer

34 ITD2323 - Keselamatan Komputer
Trust no one See You Next Week 2/28/2019 ITD Keselamatan Komputer

Download ppt "Keselamatan Komputer (Computer Security)"

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
The University of Adelaide, School of Computer Science

The University of Adelaide, School of Computer Science
Introduction to Security in Computing 01204427 Computer and Network Security Semester 1, 2011 Lecture #01.

Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Introducing Computer and Network Security

Introducing Computer and Network Security
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CPSC 6126 Computer Security Information Assurance.

CPSC 6126 Computer Security Information Assurance.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Computer Crime and Information Technology Security

Computer Crime and Information Technology Security
What does “secure” mean? Protecting Valuables

What does “secure” mean? Protecting Valuables
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Similar presentations

Ads by Google