Download presentation
Presentation is loading. Please wait.
Published byTimothy Cameron Modified over 8 years ago
1
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1
2
Computer Security Concepts The OSI Security Architecture Security Attacks Security Services Security Mechanisms 2
3
Open Systems Interconnection (OSI) security architecture: systematic framework defines security attacks, mechanisms, and services Security attacks: 1. Passive attacks (unauthorized reading of a message of file and traffic analysis) 2. Active attacks (modification of messages or files, and denial of service) 3
4
Security mechanism: any process (or a device incorporating such a process) designed to detect, prevent, or recover from a security attack Examples 1. Encryption Algorithm 2. Digital Signature 4
5
Security services: 1. Authentication 2. Access control 3. Data confidentiality 4. Data integrity 5. Nonrepudiation 6. Availability 5
6
NIST defines the term computer security Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) 6 NIST: National Institute of Standards and Technology is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government
7
NIST standard FIPS 199 lists: Confidentiality 1. Data confidentiality 2. Privacy Integrity 1. Data integrity 2. System integrity Availability: Assures that service is not denied to authorized users 7 FIPS 199: Standards for Security Categorization of Federal Information and Information Systems
8
Security Requirements Triad 8
9
Authenticity Accountability 9
10
10 Confidentiality Authenticity Accountability Integrity Availability
11
Low: loss of confidentiality, integrity, or availability might cause i. minor damage to organizational assets ii. minor financial loss iii. minor harm to individuals Moderate: loss of confidentiality, integrity, or availability might cause i. significant damage to organizational assets ii. significant financial loss iii. significant harm to individuals 11 FIPS PUB 199 standards: Levels of impact on organizations or individuals
12
High: loss of confidentiality, integrity, or availability might cause i. major damage to organizational assets ii. major financial loss iii. major harm to individuals 12
13
OSI Security AttackSecurity MechanismSecurity Service 13 OSI: Open System Interconnection ITU-T: International Telecommunication Union (ITU) Telecommunication Standardization Sector is a United Nations-sponsored agency that develops standards, called Recommendations, relating to telecommunications and to OSI
14
What is difference between Threat and Attack? 14 RFC 2828: Internet Security Glossary Threat: A potential for violation of security, is a possible danger that exploit a vulnerability Attack: An assault on system from an intelligent threat
15
15
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.