Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Published byBernard Clark Modified over 8 years ago

Similar presentations

Presentation on theme: "Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?"— Presentation transcript:

1 Ingredients of Information Security

2 - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

3 What assets need to be secured?

4 Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical Completeness of the hardware and software implementing the protection mechanisms; and the consistency of the data structures and occurrence of stored data.† † Definition from National Information Systems Security

5 Assurance that information is not disclosed to unauthorized persons, processes, or devices.† † Definition from National Information Systems Security

6 Timely, reliable access to data and information serviced for authorized users.† † Definition from National Information Systems Security

7  spoofing  playback (replay) attack  man in the middle attack  dumpster diving  password cracking  denial of service (DoS) attack  shoulder surfing  network infrastructure attack  network scanning  buffer overflow  syn flood

8 Asset Security System Attack Proper Access

9 At the root of all security is trust. What don ’ t you (or shouldn ’ t you) trust?? Since we obviously can ’ t trust everything, we need to develop and implement security policy...

10 A security _________ defines what needs to be done. A security ______________ defines how to do it. All passwords must be updated on a regular basis and every one must include at least one embedded non-alphabetic symbol. example security policy corresponding security mechanisms

11 Asset Security System Security is about building barriers to protect assets. What complicates security is the necessity for barrier penetration. Attack Proper Access To be secure the barrier holes must be guarded.

12 Basic Concepts in Barrier Penetration Control - Can you prove it? - That which you are permitted to do. - You should be held responsible. - Who are you?

13 Security systems need to be able to distinguish the “ white hats ” from the “ black hats ”. This all begins with identity. What are some common identifiers used in our world? What is the problem with using people ’ s names as identifiers?

14 Access privileges granted to a user, program, or process.† † Definition from National Information Systems Security Common authorization tokens:

15 Security measure designed to establish the validity of a transmission, message, or originator,or a means of verifying an individual ’ s authorization to receive specific categories of information.† † Definition from National Information Systems Security

16 Authentication... is a basis for trust Password -- the most common means of authentication Passwords are vulnerable to attacks. Why? Uses challenge - reponse protocol RESPONSE password:  CHALLENGE  (Encryption required) Challenge-response systems fail when responses are efficiently discovered.

17 Give password cracking software a challenge. The conventional wisdom is as follows...  Use first letters from some phrase you can remember. TtlsH1wwya  Don ’ t use short passwords (at least 12 symbols).  Include both lowercase and uppercase and digits.  Bracket the password with non-alphanumerics. #TtlsH1wwya&  Bracket the password with non-alphanumerics.  #TtlsH1wwya&  Alt - 0181 cracker algorithm == repeatedly

18 token -- small device carried by user (often includes microprocessor, keypad and/or real-time clock) Challenge-Response Token 1)System displays random number which user enters on keypad. 2)Card uses keypad input to calculate and display number. 3)User enters number in computer which system verifies by same computation. Time-Based Token 1)Card uses internal real-time clock value to calculate and display number. 2)User enters number in computer which system verifies with its clock. HHAD - Hand Held Authentication Device

19 biometric -- requires special devices to read human features

20 digital certificate -- a certificate authority performs a security check on a user and grants an electronic certificate (essentially encryption keys) smartcard -- physically requires reader, contains full microprocessor with cryptographic calculations performed onboard. Smartcards can store... Tampering with a smartcard typically renders it useless.

21 ...what you _______ (password)...what you _______ (key, token, smartcard)...what you _____ (biometrics - fingerprints, retinal scan)..._______ you are (in secure location, at some terminal)

22 Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender ’ s identity, so neither can later deny having processed the data.† † Definition from National Information Systems Security Access Attacker User

Download ppt "Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?"

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
Authentication Chapter 2. Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand.

Authentication Chapter 2. Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
第十章 1 Chapter 10 Authentication of People. 第十章 2 Introduction This chapter deals with password-related issues like how to force users to choose unguessable.

第十章 1 Chapter 10 Authentication of People. 第十章 2 Introduction This chapter deals with password-related issues like how to force users to choose unguessable.
Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.

Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,

Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Similar presentations

Ads by Google