Isys20261 lecture 11


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Isys20261 lecture 11

  1. 1. Computer Security Management(ISYS20261)Lecture 11 –Methods of Defence Module Leader: Dr Xiaoqi Ma School of Science and Technology
  2. 2. Previously …• Computer security - protection of information related assets: – Data – Hardware – Software – People – Intangible assets• Information security requirements: – Confidentiality – Integrity – AvailabilityComputer Security ManagementPage 2
  3. 3. Definitions• Harm – Something happens to an asset that we do not want to happen• Threat – Possible source of harm• Attack – Threatening event (instance of a threat)• Attacker – Someone or something that mounts a threat• Vulnerability – Weakness in the system (asset) that makes an attack more likely to successes• Risk – Possibility that a threat will affect the business or organisationComputer Security ManagementPage 3
  4. 4. Harm and threats• Six basic types of harm: – Modification – Destruction – Disclosure – Interception – Interruption – Fabrication• A threat is a possible source of harm• Example: a virus formats the hard disk of a computer• Threats exploit vulnerabilities of systemsComputer Security ManagementPage 4
  5. 5. Vulnerabilities• Weaknesses in a system• Might arise from: – Poor design – Poor implementation – technological advances• Examples: – Password management flaws – Fundamental operating system design flaws – Software bugs – Unchecked user input – Social engineering – Etc.Computer Security ManagementPage 5
  6. 6. Basic types of attacks• Host-based Attacks – Malicious Code – Malicious Software• Network-based Attacks – Sniffing – IP address spoofing – Man-in-the-middle attack – Denial-of-service attack (DoS) – OS-based attacks – Web application attacks• Social Engineering – Pretexting – Phishing – Etc.Computer Security ManagementPage 6
  7. 7. Today ...• Protection against harm• Methods of defence (countermeasures)Computer Security ManagementPage 7
  8. 8. Defence• Protection against harm: – Prevent it by blocking attack or closing vulnerabilities – Deter it by making the attack harder (but not impossible!) – Deflect it by making another target more attractive – Detect it either as it happens or some time after – Recover from effects – Using any combination of the above• Methods of defence – Software controls – Encryption – Physical and hardware controlsComputer Security ManagementPage 8
  9. 9. Software• Software provides functionality in an information processing system – Weak link in the security chain• Three aspects: – Operating systems – Applications – Software development process• Each of these need to be controlledComputer Security ManagementPage 9
  10. 10. Operating system controls• Limitations need to be built into OSs to – Protect system against unauthorised users – protect each user from other users – Protect OS (from users)• Access control – authentication – authorisationComputer Security ManagementPage 10
  11. 11. Application controls• Internal to software applications• Limit access to – Program – data• Might check on computing environmentComputer Security ManagementPage 11
  12. 12. Software development controls• Aim: preventing vulnerabilities in the software• Using quality standards – ISO S9001 – Capability Maturity Model (CMM) – etc• Using established development methodologies – V model – Appropriate and Effective Guidance for Information Security (AEGIS) – Security Development Lifecycle (SDL) – Etc.• Use appropriate languages, libraries, architectures and patterns• Sophisticated testing, coding, and maintenanceComputer Security ManagementPage 12
  13. 13. Encryption• Transforming data (plain text) in a way so that it becomes meaningless for an observer (cipher text)• Done by using an encryption algorithm (cipher)• Encryption based on a key or pass phrase• Can be used to – Scramble messages – Scramble data base• If legitimate user wants to read the data (cipher text) it needs to be transformed back into plain text• Only the person doing the scrambling (and possibly another person receiving the message) can decrypt it, because the original encryption was done on an agreed set of keysComputer Security ManagementPage 13
  14. 14. Physical and hardware controls• Physical controls – Locks on doors – Guards at entry points – Physical site planning – Limited emissions (e.g. CRT radiation, power analysis, etc) – etc• Hardware controls – Hardware encryption systems – Locks or cables limiting access (or deterring from theft) – Devices to verify user’s identity – Firewalls – Intrusion detection systems – Trusted computer platform – etcComputer Security ManagementPage 14
  15. 15. SummaryToday we learned:• Protection against harm• Using countermeasures (controls) – Software controls – Encryption – Physical and hardware controlsComputer Security ManagementPage 15