Chapter 1   Introduction: Computer and        Network Security    //Modified by Prof. M. Singhal//             Henric John...
Outline•   Information security•   Attacks, services and mechanisms•   Security attacks•   Security services•   Methods of...
Information Security          “Protection of data”.Has gone two major changes:1. Computer Security: oTimesharing systems: ...
Information Security…2. Network Security:  Computer networks are widely used to  connect computers at distant locations.Ra...
Attacks, Services and          Mechanisms Three aspects of Information Security:• Security Attack: Any action that  compro...
Security Attacks   Henric Johnson   6
Security AttacksInterruption: An asset of the system is  destroyed or becomes unavailable or  unusable.• This is an attack...
Security AttacksInterception: An unauthorized party  gains access to an asset.O This is an attack on confidentiality.Examp...
Security AttacksModification: An unauthorized party  gains access and tampers an asset.oThis is an attack on integrity.Exa...
Security AttacksFabrication: An unauthorized party  inserts a counterfeit object into the  system.O This is an attack on a...
Passive vs. Active Attacks1. Passive Attacks:  o Eavesdropping on information without    modifying it.    (difficult to de...
Henric Johnson   12
Passive Threats• Release of a message contents:  Contents of a message are read.> A message may be carrying sensitive or  ...
Active Threats• Masquerade: An entity pretends to be some other entity. Example: An entity captures an authentication  seq...
Active Threats• Modification of messages:A portion of a legitimate message has been  altered to produce an undesirable eff...
Security ServicesA classification of security services:• Confidentiality (privacy)• Authentication (who created or sent th...
Security Goals            ConfidentialityIntegrity               Avalaibility       Henric Johnson           17
Henric Johnson   18
Henric Johnson   19
Methods of Defence• Encryption• Software Controls (access limitations  in a data base, in operating system  protect each u...
Internet standards and            RFCs• The Internet society  – Internet Architecture Board (IAB)  – Internet Engineering ...
Internet RFC Publication        Process       Henric Johnson   22
Recommended Reading• Pfleeger, C. Security in Computing.  Prentice Hall, 1997.• Mel, H.X. Baker, D. Cryptography  Decrypte...
Upcoming SlideShare
Loading in...5
×

Security

472

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
472
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security

  1. 1. Chapter 1 Introduction: Computer and Network Security //Modified by Prof. M. Singhal// Henric JohnsonBlekinge Institute of Technology, Sweden www.its.bth.se/staff/hjo/ henric.johnson@bth.se Henric Johnson +46 708 250375 1
  2. 2. Outline• Information security• Attacks, services and mechanisms• Security attacks• Security services• Methods of Defense• A model for Internetwork Security• Internet standards and RFCs Henric Johnson 2
  3. 3. Information Security “Protection of data”.Has gone two major changes:1. Computer Security: oTimesharing systems: multiple users share the H/W and S/W resources on a computer. o Remote login is allowed over phone lines.“Measures and tools to protect data and thwarthackers is called Computer Security”. Henric Johnson 3
  4. 4. Information Security…2. Network Security: Computer networks are widely used to connect computers at distant locations.Raises additional security problems:o Data in transmission must be protected.o Network connectivity exposes each computer to more vulnerabilities. Henric Johnson 4
  5. 5. Attacks, Services and Mechanisms Three aspects of Information Security:• Security Attack: Any action that compromises the security of information.• Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.• Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. Henric Johnson 5
  6. 6. Security Attacks Henric Johnson 6
  7. 7. Security AttacksInterruption: An asset of the system is destroyed or becomes unavailable or unusable.• This is an attack on availability.Examples:• Destroying some H/W (disk or wire).• Disabling file system.• Swamping a computer with jobs or communication link with packets. Henric Johnson 7
  8. 8. Security AttacksInterception: An unauthorized party gains access to an asset.O This is an attack on confidentiality.Examples:>Wiretapping to capture data in a network.>Illicitly copying data or programs. Henric Johnson 8
  9. 9. Security AttacksModification: An unauthorized party gains access and tampers an asset.oThis is an attack on integrity.Examples:• Changing data files.• Altering a program.• Altering the contents of a message. Henric Johnson 9
  10. 10. Security AttacksFabrication: An unauthorized party inserts a counterfeit object into the system.O This is an attack on authenticity.Examples:> Insertion of records in data files.> Insertion of spurious messages in a network. (message replay). Henric Johnson 10
  11. 11. Passive vs. Active Attacks1. Passive Attacks: o Eavesdropping on information without modifying it. (difficult to detect ).2. Active Attacks: o Involve modification or creation of info. Henric Johnson 11
  12. 12. Henric Johnson 12
  13. 13. Passive Threats• Release of a message contents: Contents of a message are read.> A message may be carrying sensitive or confidential data.• Traffic analysis: An intruder makes inferences by observing message patterns.> Can be done even if messages are encrypted.> Inferences: location and identity of hosts. Henric Johnson 13
  14. 14. Active Threats• Masquerade: An entity pretends to be some other entity. Example: An entity captures an authentication sequence and replays it later to impersonate the original entity.• Replay:Involves capture of a data unit and its retransmission to produce an unauthorized effect. Henric Johnson 14
  15. 15. Active Threats• Modification of messages:A portion of a legitimate message has been altered to produce an undesirable effect.• Denial of service:Inhibits normal use of computer and communications resources.> Flooding of computer network.>Swamping of CPU or a server. Henric Johnson 15
  16. 16. Security ServicesA classification of security services:• Confidentiality (privacy)• Authentication (who created or sent the data)• Integrity (has not been altered)• Non-repudiation (the order is final)• Access control (prevent misuse of resources)• Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files Henric Johnson 16
  17. 17. Security Goals ConfidentialityIntegrity Avalaibility Henric Johnson 17
  18. 18. Henric Johnson 18
  19. 19. Henric Johnson 19
  20. 20. Methods of Defence• Encryption• Software Controls (access limitations in a data base, in operating system protect each user from other users)• Hardware Controls (smartcard)• Policies (frequent changes of passwords)• Physical Controls Henric Johnson 20
  21. 21. Internet standards and RFCs• The Internet society – Internet Architecture Board (IAB) – Internet Engineering Task Force (IETF) – Internet Engineering Steering Group (IESG) Henric Johnson 21
  22. 22. Internet RFC Publication Process Henric Johnson 22
  23. 23. Recommended Reading• Pfleeger, C. Security in Computing. Prentice Hall, 1997.• Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001. Henric Johnson 23
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×