Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.

Similar presentations


Presentation on theme: "Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1."— Presentation transcript:

1 Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1

2  Computer Security Concepts  The OSI Security Architecture  Security Attacks  Security Services  Security Mechanisms 2

3  Open Systems Interconnection (OSI) security architecture: systematic framework defines security attacks, mechanisms, and services  Security attacks: 1. Passive attacks (unauthorized reading of a message of file and traffic analysis) 2. Active attacks (modification of messages or files, and denial of service) 3

4  Security mechanism: any process (or a device incorporating such a process) designed to detect, prevent, or recover from a security attack  Examples 1. Encryption Algorithm 2. Digital Signature 4

5  Security services: 1. Authentication 2. Access control 3. Data confidentiality 4. Data integrity 5. Nonrepudiation 6. Availability 5

6  NIST defines the term computer security Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) 6 NIST: National Institute of Standards and Technology is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government

7 NIST standard FIPS 199 lists:  Confidentiality 1. Data confidentiality 2. Privacy  Integrity 1. Data integrity 2. System integrity  Availability: Assures that service is not denied to authorized users 7 FIPS 199: Standards for Security Categorization of Federal Information and Information Systems

8 Security Requirements Triad 8

9  Authenticity  Accountability 9

10 10 Confidentiality Authenticity Accountability Integrity Availability

11  Low: loss of confidentiality, integrity, or availability might cause i. minor damage to organizational assets ii. minor financial loss iii. minor harm to individuals  Moderate: loss of confidentiality, integrity, or availability might cause i. significant damage to organizational assets ii. significant financial loss iii. significant harm to individuals 11 FIPS PUB 199 standards: Levels of impact on organizations or individuals

12  High: loss of confidentiality, integrity, or availability might cause i. major damage to organizational assets ii. major financial loss iii. major harm to individuals 12

13 OSI Security AttackSecurity MechanismSecurity Service 13 OSI: Open System Interconnection ITU-T: International Telecommunication Union (ITU) Telecommunication Standardization Sector is a United Nations-sponsored agency that develops standards, called Recommendations, relating to telecommunications and to OSI

14 What is difference between Threat and Attack? 14 RFC 2828: Internet Security Glossary  Threat: A potential for violation of security, is a possible danger that exploit a vulnerability  Attack: An assault on system from an intelligent threat

15 15


Download ppt "Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1."

Similar presentations


Ads by Google