SlideShare a Scribd company logo

Network Security Ch 1

Sayed Zia Ashna
Sayed Zia Ashna

Understanding Security Goals Confidentiality Integrity Availability Safety Layered Security/Defense in Depth Introduction to Basic Risk Concepts Comparing Authentication Factors Dual-Factor and Multifactor Authentication

Technology
1 of 26
Download to read offline
Lecturer by: Sayed Zia Ashna Department of Computer Science, Jahan University Email: zia.ashna@hotmail.com 1 NETWORKSecurityConcept
Course Objectives After successfully completing this course, you will be able to: › Mastering Security Goals › Exploring Control Types and Methods › Securing your Networks › Securing Hosts and Data › Understanding Malware and Social Engineering › Identifying Advanced Attacks › Managing Risk › Preparing for Business Continuity › Understanding Cryptography › Exploring Operational Security 2 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Course Outline › Mastering Security Goals › Exploring Control Types and Methods › Securing your Networks › Securing Hosts and Data › Understanding Malware and Social Engineering › Identifying Advanced Attacks › Managing Risk › Preparing for Business Continuity › Understanding Cryptography › Exploring Operational Security 3 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Text Books to Follow › CompTia Security + Get Certified Get Ahead Sy0-401 Study Guide by Darill Gibson 4 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Introduction about Mastering Security Goals NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA 5 CHAPTER ONE
Lecture Outline › Understanding Security Goals – Confidentiality – Integrity – Availability › Safety › Layered Security/Defense in Depth › Introduction to Basic Risk Concepts › Comparing Authentication Factors › Dual-Factor and Multifactor Authentication 6 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Understanding Security Goals › Security starts with several principles that organizations include as core security goals. These principles drive many security- related decisions at multiple levels. Understanding these basic concepts help to give us a solid foundation in security › Confidentiality, integrity, and availability together form the security trait. Each element is important to address in any security program. 7 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
› Confidentiality use to Prevents an unauthorized disclosure of data Authorized Users can access the data, but the unauthorized user cannot access the data. › Confidentiality implement by following methods: 1. Encryption 2. Access Control A. Identification B. Authentication C. Authorization 3. Steganography 8 Confidentiality NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Confidentiality -Encryption › Scrambles data to make it unreadable by the unauthorized users. Authorized users can decrypt data to access it, but the encryption techniques make it extremely hard for the unauthorized personnel to access encrypted data. 9 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Confidentiality -Access Control › Identification, Authentication and Authorization combined provide access controls and help ensure that only authorized personnel can access data. › Following are the key elements of the access controls. – Identification – Authentication – Authorization 10 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Confidentiality -Access Control 11 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA Identification Users claim an identity with a unique username. To have access the service Authentication Users prove their identity with authentication, such as with a password. Authorization We can grant or restrict access to the resources using an authorization method, such as permissions
Confidentiality - Steganography › Third method that we can use for confidentiality is steganography. › steganography is a practice of hiding data within data. Many people refer to it as hiding data in plain sight 12 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Integrity › Integrity provides assurances that data has not changed. This includes ensuring that no one has modified, tampered with, or corrupted the data. Ideally, only authorized users modify data. › However there are times when unauthorized or unintended changes occur. This can be from unauthorized users, from malicious software (malware), an through system and human errors. When this occurs, the data has lost the integrity. 13 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Availability › Availability Indicates that data and services are available when needed. › For some organizations, this simply means that data and services must be available between 8:00 am and 5:00 pm, Saturday through Thursday. For other organizations, this means they must be available 24 hours a day, 7 days a week, and 365 days a year. › Organizations commonly implement redundancy and fault-tolerant methods to ensure high levels of availability for key systems. 14
Availability – Redundancy and Fault Tolerance › Redundancy adds duplication to critical systems and provides fault tolerance. If a critical component has a fault, the duplication provided by the redundancy allows the service to continue without interruption. In other words, a system with fault tolerance can suffer a fault, but tolerate it and continue to operate 15 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Availability – Patching › Another method of ensuring system stays available is with patching. › Software bugs cause a wide range of problems, including security issues and even random crashes. › When software vendors discover the bugs, they develop and release code that patches or resolves these problems. › Organizations commonly implement patch management programs to ensure that systems stay up to date with current patches 16 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Safety › Another common goal of security is safety. › It refers to the safety of both individuals and an organization’s assets can always replace things, but cannot replace people, so safety of people should always be a top priority › The following identify to consider safety for both people and assets – Safety of people – Safety of assets 17 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Layered Security/Defense in Depth › Layered Security/defense in depth refers to the security of implementing several layers of protection › We can’t simply take a single action, such as implementing a firewall or installing antivirus software, and consider yourself protected › You must implement security at several different layers. This way, if one layer fails, you still have additional layers to protect you. 18 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Risk Concepts › A threat is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability. › A vulnerability is a weakness. It can be a weakness in the hardware, the software, the configuration, or even the users operating the system. › Threats can come from inside an organization, such as from a disgruntled employee, or from the outside the organization, such as from an attacker who could be located anywhere on the internet. › Threats can be natural, such as hurricanes, tsunamis, or tornadoes, or man- man, such as malware written by a criminal. › Reducing risk is also known as risk mitigation. Risk mitigation reduces the chances that a threat will exploit a vulnerability 19 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Authentication Factors › As an introduction, authentication factors are – Something you know – Something you have – Something you are 20 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Authentication Factors – Something you know › This authentication factor typically refers to a shared secret, such as a password or even a PIN. This factor is the least secure form of authentication. However, security can be increased by following some simple guidelines – Use Strong password – Change passwords regularly – Verify a user’s identity before resetting a password – Change default passwords – Do not write passwords down – Do not share passwords 21 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Authentication Factors – Something you have › It refers to something you can physically hold. › Common items in this factor are as follows – Smart Cards – Tokens or Key Fobs 22 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Authentication Factors – Something you are › This factor uses biometrics for the authentication › Biometric methods are the strongest form of authentication because they are the most difficult for an attacker to falsify › Biometric uses a physical characteristics, such as: – Fingerprint and Thumbprint – Handprint – Palm – Retina – Iris 23 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Dual-Factor and Multifactor Authentication › It uses two different factors of authentication such as something you have and something you know. › Dual-factor authentication often uses a smart card and a PIN, a USB token and a PIN, or combining a smart card or hardware token with a password › Multifactor uses two or more factors of authentication 24 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
Summary › Understanding Security Goals › Integrity › Availability › Safety › Layered Security/Defense in Depth › Introduction to Basic Risk Concepts › Comparing Authentication Factors › Dual-Factor and Multifactor Authentication 25 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA 26 THANKSSecurity is best part of Organization

Recommended

Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Cybersecurity Hands-On Training
Cybersecurity Hands-On TrainingCybersecurity Hands-On Training
Cybersecurity Hands-On TrainingTonex
 
Cyber Ethics: Cyber Security Services | VAPT and WAPT
Cyber Ethics: Cyber Security Services | VAPT and WAPT Cyber Ethics: Cyber Security Services | VAPT and WAPT
Cyber Ethics: Cyber Security Services | VAPT and WAPTSaeelRelekar
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security ChecklistMobeen Khan
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 

Recommended

Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Cybersecurity Hands-On Training
Cybersecurity Hands-On TrainingCybersecurity Hands-On Training
Cybersecurity Hands-On TrainingTonex
 
Cyber Ethics: Cyber Security Services | VAPT and WAPT
Cyber Ethics: Cyber Security Services | VAPT and WAPT Cyber Ethics: Cyber Security Services | VAPT and WAPT
Cyber Ethics: Cyber Security Services | VAPT and WAPTSaeelRelekar
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security ChecklistMobeen Khan
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless NetworkingGulshanAra14
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetInnovation Network Technologies: InNet
 
Certified Information Systems Security Professional (cissp) Domain “access co...
Certified Information Systems Security Professional (cissp) Domain “access co...Certified Information Systems Security Professional (cissp) Domain “access co...
Certified Information Systems Security Professional (cissp) Domain “access co...master student
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityUmairFirdous
 
SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...
SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...
SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanAsad Zaman
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Twinkle Sebastian
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development SecurityAlfred Ouyang
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 

More Related Content

What's hot

Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless NetworkingGulshanAra14
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
Certified Information Systems Security Professional (cissp) Domain “access co...
Certified Information Systems Security Professional (cissp) Domain “access co...Certified Information Systems Security Professional (cissp) Domain “access co...
Certified Information Systems Security Professional (cissp) Domain “access co...master student
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanAsad Zaman
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Twinkle Sebastian
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development SecurityAlfred Ouyang
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 

What's hot (20)

Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networking
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
 
Certified Information Systems Security Professional (cissp) Domain “access co...
Certified Information Systems Security Professional (cissp) Domain “access co...Certified Information Systems Security Professional (cissp) Domain “access co...
Certified Information Systems Security Professional (cissp) Domain “access co...
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...
SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...
SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomware
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development Security
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 

Similar to Network Security Ch 1

Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Exploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdfExploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdfAmeliaJonas2
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured WorldJennifer Mary
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyMohammad Febri
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - IdealwareIdealware
 
Cloud computing risks
Cloud computing risksCloud computing risks
Cloud computing riskssripriya78
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyJan Wong
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
Management Information Systems
Management Information SystemsManagement Information Systems
Management Information Systemsmsd11
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsKimarie Brown
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...Alisha Henderson
 

Similar to Network Security Ch 1 (20)

Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Exploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdfExploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdf
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured World
 
CC ss.pptx
CC ss.pptxCC ss.pptx
CC ss.pptx
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
 
Cloud computing
Cloud computing Cloud computing
Cloud computing
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management Technology
 
Infosec
InfosecInfosec
Infosec
 
Infosec
InfosecInfosec
Infosec
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - Idealware
 
Cloud computing risks
Cloud computing risksCloud computing risks
Cloud computing risks
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and Privacy
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Management Information Systems
Management Information SystemsManagement Information Systems
Management Information Systems
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
 
CyberSecurity Study Jam
CyberSecurity Study JamCyberSecurity Study Jam
CyberSecurity Study Jam
 

Recently uploaded

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 

Recently uploaded (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

Network Security Ch 1

  • 1. Lecturer by: Sayed Zia Ashna Department of Computer Science, Jahan University Email: zia.ashna@hotmail.com 1 NETWORKSecurityConcept
  • 2. Course Objectives After successfully completing this course, you will be able to: › Mastering Security Goals › Exploring Control Types and Methods › Securing your Networks › Securing Hosts and Data › Understanding Malware and Social Engineering › Identifying Advanced Attacks › Managing Risk › Preparing for Business Continuity › Understanding Cryptography › Exploring Operational Security 2 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 3. Course Outline › Mastering Security Goals › Exploring Control Types and Methods › Securing your Networks › Securing Hosts and Data › Understanding Malware and Social Engineering › Identifying Advanced Attacks › Managing Risk › Preparing for Business Continuity › Understanding Cryptography › Exploring Operational Security 3 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 4. Text Books to Follow › CompTia Security + Get Certified Get Ahead Sy0-401 Study Guide by Darill Gibson 4 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 5. Introduction about Mastering Security Goals NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA 5 CHAPTER ONE
  • 6. Lecture Outline › Understanding Security Goals – Confidentiality – Integrity – Availability › Safety › Layered Security/Defense in Depth › Introduction to Basic Risk Concepts › Comparing Authentication Factors › Dual-Factor and Multifactor Authentication 6 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 7. Understanding Security Goals › Security starts with several principles that organizations include as core security goals. These principles drive many security- related decisions at multiple levels. Understanding these basic concepts help to give us a solid foundation in security › Confidentiality, integrity, and availability together form the security trait. Each element is important to address in any security program. 7 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 8. › Confidentiality use to Prevents an unauthorized disclosure of data Authorized Users can access the data, but the unauthorized user cannot access the data. › Confidentiality implement by following methods: 1. Encryption 2. Access Control A. Identification B. Authentication C. Authorization 3. Steganography 8 Confidentiality NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 9. Confidentiality -Encryption › Scrambles data to make it unreadable by the unauthorized users. Authorized users can decrypt data to access it, but the encryption techniques make it extremely hard for the unauthorized personnel to access encrypted data. 9 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 10. Confidentiality -Access Control › Identification, Authentication and Authorization combined provide access controls and help ensure that only authorized personnel can access data. › Following are the key elements of the access controls. – Identification – Authentication – Authorization 10 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 11. Confidentiality -Access Control 11 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA Identification Users claim an identity with a unique username. To have access the service Authentication Users prove their identity with authentication, such as with a password. Authorization We can grant or restrict access to the resources using an authorization method, such as permissions
  • 12. Confidentiality - Steganography › Third method that we can use for confidentiality is steganography. › steganography is a practice of hiding data within data. Many people refer to it as hiding data in plain sight 12 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 13. Integrity › Integrity provides assurances that data has not changed. This includes ensuring that no one has modified, tampered with, or corrupted the data. Ideally, only authorized users modify data. › However there are times when unauthorized or unintended changes occur. This can be from unauthorized users, from malicious software (malware), an through system and human errors. When this occurs, the data has lost the integrity. 13 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 14. Availability › Availability Indicates that data and services are available when needed. › For some organizations, this simply means that data and services must be available between 8:00 am and 5:00 pm, Saturday through Thursday. For other organizations, this means they must be available 24 hours a day, 7 days a week, and 365 days a year. › Organizations commonly implement redundancy and fault-tolerant methods to ensure high levels of availability for key systems. 14
  • 15. Availability – Redundancy and Fault Tolerance › Redundancy adds duplication to critical systems and provides fault tolerance. If a critical component has a fault, the duplication provided by the redundancy allows the service to continue without interruption. In other words, a system with fault tolerance can suffer a fault, but tolerate it and continue to operate 15 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 16. Availability – Patching › Another method of ensuring system stays available is with patching. › Software bugs cause a wide range of problems, including security issues and even random crashes. › When software vendors discover the bugs, they develop and release code that patches or resolves these problems. › Organizations commonly implement patch management programs to ensure that systems stay up to date with current patches 16 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 17. Safety › Another common goal of security is safety. › It refers to the safety of both individuals and an organization’s assets can always replace things, but cannot replace people, so safety of people should always be a top priority › The following identify to consider safety for both people and assets – Safety of people – Safety of assets 17 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 18. Layered Security/Defense in Depth › Layered Security/defense in depth refers to the security of implementing several layers of protection › We can’t simply take a single action, such as implementing a firewall or installing antivirus software, and consider yourself protected › You must implement security at several different layers. This way, if one layer fails, you still have additional layers to protect you. 18 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 19. Risk Concepts › A threat is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability. › A vulnerability is a weakness. It can be a weakness in the hardware, the software, the configuration, or even the users operating the system. › Threats can come from inside an organization, such as from a disgruntled employee, or from the outside the organization, such as from an attacker who could be located anywhere on the internet. › Threats can be natural, such as hurricanes, tsunamis, or tornadoes, or man- man, such as malware written by a criminal. › Reducing risk is also known as risk mitigation. Risk mitigation reduces the chances that a threat will exploit a vulnerability 19 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 20. Authentication Factors › As an introduction, authentication factors are – Something you know – Something you have – Something you are 20 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 21. Authentication Factors – Something you know › This authentication factor typically refers to a shared secret, such as a password or even a PIN. This factor is the least secure form of authentication. However, security can be increased by following some simple guidelines – Use Strong password – Change passwords regularly – Verify a user’s identity before resetting a password – Change default passwords – Do not write passwords down – Do not share passwords 21 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 22. Authentication Factors – Something you have › It refers to something you can physically hold. › Common items in this factor are as follows – Smart Cards – Tokens or Key Fobs 22 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 23. Authentication Factors – Something you are › This factor uses biometrics for the authentication › Biometric methods are the strongest form of authentication because they are the most difficult for an attacker to falsify › Biometric uses a physical characteristics, such as: – Fingerprint and Thumbprint – Handprint – Palm – Retina – Iris 23 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 24. Dual-Factor and Multifactor Authentication › It uses two different factors of authentication such as something you have and something you know. › Dual-factor authentication often uses a smart card and a PIN, a USB token and a PIN, or combining a smart card or hardware token with a password › Multifactor uses two or more factors of authentication 24 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 25. Summary › Understanding Security Goals › Integrity › Availability › Safety › Layered Security/Defense in Depth › Introduction to Basic Risk Concepts › Comparing Authentication Factors › Dual-Factor and Multifactor Authentication 25 NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA
  • 26. NETWORK SECURITY (JAHAN UNIVERSITY, BCS), SAYED ZIA ASHNA 26 THANKSSecurity is best part of Organization