1. Inam Ul Haq
MS Computer Science (Sweden)
Inam.bth@gmail.com, mr.inam.ulhaq@ieee.org
Discussion forum: questions.computingcage.com
Member of IEEE, ACM, Movement Disorder Society, PDF, BossMedia,
Michealjfox, Association for Information Systems and Internet Society.
Network Security
1 Network Security, University of Okara
Lecture 2: Terminologies
4. Threat
Network Security, University of Okara4
A risk of attack, or, chance of getting attacked.
Attack: when a risk/treat is implemented.
Omini-Present Security: more or less all
systems have security aspects that need to be
discussed. So Security Engineering deals with
ALL aspects of security.
Example: ATM (placing metal to fool customers)
5. 4 Common Threats
Network Security, University of Okara5
Common threats in a computer setting include:
Spoofing: the attacker pretends to be somebody
else
Tampering with data: e.g. security settings are
changed to
give an attacker more privileges
Repudiation: a user denies having performed an
action like
mounting an attack
Denial-of-Service: DoS attacks can make for
instance web
sites temporarily unavailable
6. Risk Analysis
Network Security, University of Okara6
1.Identify the assets to protect
2.Find the threats for each asset
3.Prioritize each of these risks
(asset x vulnerability x threat)
4.Implement controls for each risk, or accept it
5.Monitor the effectiveness of these controls and
reiterate
9. Exercise
Network Security, University of Okara9
How to find a vulnerability?
How to remove a vulnerability?
Windows XP (in 2002) = 35M LOC
How to develop and exploit?
How to prevent against exploits?