SlideShare a Scribd company logo

Security - Chapter 1.ppt

Download as PPT, PDF
W
WorknehEdimealem

Better for security

Education
1 of 34
Computer Security (week - 1) (CoSc4171 – 3CrHr/5ECTS) Semester I – 2015 E.C Shegaw M. (ethioprogramming1@gmail.com)
Computer Security “The most secure computers are those not connected to the Internet and shielded from any interference”
Computer Security Computer security is about provisions and policies adopted to protect information and property from theft, corruption, or natural disaster while allowing the information and property to remain accessible and productive to its intended users. Computer security is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).
Computer Security Network security deals with provisions and policies adopted to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network accessible resources. Internet
Computer Security/Goals Security Goals Integrity Confidentiality Availaibility
Computer Security/ Goals Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information. Integrity: Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.
Computer Security/ Overview Security: The prevention and protection of an assets from unauthorized access, use, alteration, degradation, destruction, and other threats. Privacy: The right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information. Security/Privacy Threat: Any person, act, or object that poses a danger to computer security/privacy. Threat is a possible danger that might exploit a vulnerability. Attack is an assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.
Computer Security/ Overview Countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. Risk An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. Security Policy is a set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources. Vulnerability - A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.
Computer Security and Privacy/ Attacks Interruption: An attack on availability Interception: An attack on confidentiality Modification: An attack on integrity Fabrication: An attack on authenticity Categories of Attacks
Computer Security and Privacy/Attacks Categories of Attacks/Threats (W. Stallings) Normal flow of information Interruption Interception Modification Fabrication Source Destination Attack
Computer Security and Privacy/ Vulnerabilities Physical vulnerabilities (Ex. Buildings) Natural vulnerabilities (Ex. Earthquake) Hardware and Software vulnerabilities (Ex. Failures) Media vulnerabilities (Ex. Disks can be stolen) Communication vulnerabilities (Ex. Wires can be tapped) Human vulnerabilities (Ex. Insiders) Types of Vulnerabilities
Computer Security and Privacy/ Countermeasures Computer security controls  Authentication (Password, Cards, Biometrics)  Encryption  Auditing  Administrative procedures  Standards  Certifications  Physical Security  Laws
Computer Security and Privacy Physical Security
Computer Security and Privacy/ Physical Security Physical security is the use of physical controls to protect premises, site, facility, building or other physical asset of an organization [Lawrence Fennelly] Physical security protects your physical computer facility (your building, your computer room, your computer, your disks and other media) [Chuck Easttom].
Computer Security and Privacy/ Physical Security In the early days of computing physical security was simple because computers were big, standalone, expensive machines ₯ It is almost impossible to move them (not portable) ₯ They were very few and it is affordable to spend on physical security for them ₯ Management was willing to spend money ₯ Everybody understands and accepts that there is restriction
Computer Security and Privacy/ Physical Security Today ₯ Computers are more and more portable (PC, laptop, PDA, Smartphone) ₯ There are too many of them to have good physical security for each of them ₯ They are not “too expensive” to justify spending more money on physical security until a major crisis occurs ₯ Users don’t accept restrictions easily ₯ Accessories (ex. Network components) are not considered as important for security until there is a problem ₯ Access to a single computer may endanger many more computers connected through a network
Computer Security and Privacy/ Physical Security Natural Disasters  Fire and smoke  Fire can occur anywhere  Solution – Minimize risk Good policies: NO SMOKING, etc.. Fire extinguisher, good procedure and training Fireproof cases (and other techniques) for backup tapes Fireproof doors  Climate  Heat  Direct sun  Humidity Threats and vulnerabilities
Computer Security and Privacy/ Physical Security Natural Disasters …  Hurricane, storm, cyclone  Earthquakes  Water  Flooding can occur even when a water tab is not properly closed  Electric supply  Voltage fluctuation Solution: Voltage regulator  Lightning Threats and vulnerabilities … Solution  Avoid having servers in areas often hit by Natural Disasters!
Computer Security and Privacy/ Physical Security People Intruders  Thieves  People who have been given access unintentionally by the insiders  Employees, contractors, etc. who have access to the facilities  External thieves  Portable computing devices can be stolen outside the organization’s premises Loss of a computing device Mainly laptop Threats and vulnerabilities …
Computer Security and Privacy/ Physical Security Safe area Safe area often is a locked place where only authorized personnel can have access using Surveillance/guards, video-surveillance, automatic-doors with security code locks, alarms, etc. Organizations usually have safe area for keeping computers and related devices
Computer Security and Privacy/ Attacks & Threats Computer Security - Attacks and Threats
Computer security/ Attacks & Threats A computer security threat is any person, act, or object that poses a danger to computer security Computer world is full of threats! And so is the real world! Thieves, pick-pockets, burglars, murderers, drunk drivers, …
Computer security/ Attacks & Threats What do you do in real life?  You learn about the threats  What are the threats  How can these threats affect you  What is the risk for you to be attacked by these threats  How you can protect yourself from these risks  How much does the protection cost  What you can do to limit the damage in case you are attacked  How you can recover in case you are attacked  Then, you protect yourself in order to limit the risk but to continue to live your life You need to do exactly the same thing with computers!
Computer security/ Types of Attacks & Threats Hacking Attack:  Any attempt to gain unauthorized access to your system. Denial of Service (DoS) Attack  Blocking access from legitimate users Physical Attack:  Stealing, breaking or damaging of computing devices Malware Attack:  A generic term for software that has malicious purpose  Examples: Viruses, Trojan horses, Spy-wares, worm New ones: Spam/scam, identity theft, e-payment frauds, etc.
Computer security/ Types of Attacks & Threats Viruses  “A small program that replicates and hides itself inside other programs usually without your knowledge.” Symantec  Similar to biological virus: Replicates and Spreads Worms  An independent program that reproduces by copying itself from one computer to another  It can do as much harm as a virus  It often creates denial of service Trojan horses  Secretly downloading a virus or some other type of mal-ware on to your computers. Spy-wares  “A software that literally spies on what you do on your computer.”  Example: Simple Cookies and Key Loggers
Computer security/Threats Functions of anti-viruses ₯ Identification of known viruses ₯ Detection of suspected viruses ₯ Blocking of possible viruses ₯ Disinfection of infected objects ₯ Deletion and overwriting of infected objects Anti-Virus …
Computer Security/ OSI Security Architecture The OSI Security Architecture 1. Security attack: Any action that compromises the security of information owned by an organization. 2. Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. 3. Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization.
OSI Security Architecture/Security attacks A useful means of classifying security attacks is in terms of passive attacks and active attacks. A passive attack attempts to learn or make use of information from the system but does not affect system resources. ® Two types of passive attacks are the release of message contents and traffic analysis. 1. Release of message contents - e.g., from a telephone conversation, e-mail, transferred files, etc. 2. Traffic analysis - e.g., location and identity of communicating hosts, frequency and length of messages, the nature of messages.
OSI Security Architecture/Security attacks An active attack attempts to alter system resources or affect their operation. Active attacks can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service. © A masquerade takes place when one entity pretends to be a different entity. © Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. © Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. © The denial of service prevents or inhibits the normal use or management of communications facilities.
OSI Security Architecture/Security Services Security Services divides these services into five categories or services.
OSI Security Architecture/Security Services ₯ The function of the authentication service is to assure the recipient that the message is from the source that it claims to be from. ₡ the service assures that the two entities are authentic ₡ service must assure that the connection is not interfered This authentication service can be peer entity or data entity authentication. ₯ Access control is the ability to limit and control the access to host systems and applications via communications links. ₯ Confidentiality is the protection of transmitted data from passive attacks. ₯ Integrity can be connection-oriented or connectionless ₵ A connection-oriented integrity service deals with a stream of messages and assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays.
OSI Security Architecture/Security Services ₵ A connectionless integrity service deals with individual messages without regard to any larger context and generally provides protection against message modification only. ₯ Nonrepudiation prevents either sender or receiver from denying a transmitted message. A Prove the sent & received message B ₯ Availability to be the property of a system or a system resource being accessible and usable upon demand by an authorized system entity. ₵ This service addresses the security concerns raised by denial-of-service attacks.
OSI Security Architecture/Security Mechanism ₵ The mechanisms are divided into specific and pervasive security mechanisms:
Q & C What are the challenges of computer security?

Recommended

chapter 1 security.ppt
chapter 1 security.pptchapter 1 security.ppt
chapter 1 security.pptgirmawodajo
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssutRAVIKUMAR Digital Signal Processing
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Computer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptxComputer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptxdagiabebe267
 
Cyber security
Cyber securityCyber security
Cyber securityNimesh Gajjar
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1123aleena
 

Recommended

chapter 1 security.ppt
chapter 1 security.pptchapter 1 security.ppt
chapter 1 security.pptgirmawodajo
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssutRAVIKUMAR Digital Signal Processing
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Computer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptxComputer security ppt for computer science student.pptx
Computer security ppt for computer science student.pptxdagiabebe267
 
Cyber security
Cyber securityCyber security
Cyber securityNimesh Gajjar
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1123aleena
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfsrtwgwfwwgw
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPiBits
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.pptabrahamermias1
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxdesalewminale
 
Computer Threat.pdf
Computer Threat.pdfComputer Threat.pdf
Computer Threat.pdfZaraFatima29
 
WK8.pptx
WK8.pptxWK8.pptx
WK8.pptxAlphaKoiSylvester
 
Computer security
Computer securityComputer security
Computer securityMerma Niña Callanta
 
Data security
Data securityData security
Data securitySoumen Mondal
 
computer security .ppt
computer security .pptcomputer security .ppt
computer security .pptMohamedNowfeek1
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security pptGryffin EJ
 
I0516064
I0516064I0516064
I0516064IOSR Journals
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Preventionijsrd.com
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Securityxsy
 
Beekman5 std ppt_12
Beekman5 std ppt_12Beekman5 std ppt_12
Beekman5 std ppt_12Department of Education - Philippines
 
Lecture 8 privacy, security, ergonomics and the environment
Lecture 8 privacy, security, ergonomics and the environment Lecture 8 privacy, security, ergonomics and the environment
Lecture 8 privacy, security, ergonomics and the environment Jenny Coloma
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
Intro
IntroIntro
IntroJustineJohn3
 
Network Security
Network Security Network Security
Network Security Vipul Mosaic
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 

More Related Content

Similar to Security - Chapter 1.ppt

Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfsrtwgwfwwgw
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPiBits
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxdesalewminale
 
Computer Threat.pdf
Computer Threat.pdfComputer Threat.pdf
Computer Threat.pdfZaraFatima29
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security pptGryffin EJ
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Preventionijsrd.com
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Securityxsy
 
Lecture 8 privacy, security, ergonomics and the environment
Lecture 8 privacy, security, ergonomics and the environment Lecture 8 privacy, security, ergonomics and the environment
Lecture 8 privacy, security, ergonomics and the environment Jenny Coloma
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 

Similar to Security - Chapter 1.ppt (20)

Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdf
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.ppt
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptx
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptx
 
Computer Threat.pdf
Computer Threat.pdfComputer Threat.pdf
Computer Threat.pdf
 
WK8.pptx
WK8.pptxWK8.pptx
WK8.pptx
 
Computer security
Computer securityComputer security
Computer security
 
Data security
Data securityData security
Data security
 
computer security .ppt
computer security .pptcomputer security .ppt
computer security .ppt
 
Information security / Cyber Security ppt
Information security / Cyber Security pptInformation security / Cyber Security ppt
Information security / Cyber Security ppt
 
I0516064
I0516064I0516064
I0516064
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Prevention
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Security
 
Beekman5 std ppt_12
Beekman5 std ppt_12Beekman5 std ppt_12
Beekman5 std ppt_12
 
Lecture 8 privacy, security, ergonomics and the environment
Lecture 8 privacy, security, ergonomics and the environment Lecture 8 privacy, security, ergonomics and the environment
Lecture 8 privacy, security, ergonomics and the environment
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Intro
IntroIntro
Intro
 
Network Security
Network Security Network Security
Network Security
 

Recently uploaded

Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 

Security - Chapter 1.ppt

  • 1. Computer Security (week - 1) (CoSc4171 – 3CrHr/5ECTS) Semester I – 2015 E.C Shegaw M. (ethioprogramming1@gmail.com)
  • 2. Computer Security “The most secure computers are those not connected to the Internet and shielded from any interference”
  • 3. Computer Security Computer security is about provisions and policies adopted to protect information and property from theft, corruption, or natural disaster while allowing the information and property to remain accessible and productive to its intended users. Computer security is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).
  • 4. Computer Security Network security deals with provisions and policies adopted to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network accessible resources. Internet
  • 6. Computer Security/ Goals Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information. Integrity: Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.
  • 7. Computer Security/ Overview Security: The prevention and protection of an assets from unauthorized access, use, alteration, degradation, destruction, and other threats. Privacy: The right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information. Security/Privacy Threat: Any person, act, or object that poses a danger to computer security/privacy. Threat is a possible danger that might exploit a vulnerability. Attack is an assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.
  • 8. Computer Security/ Overview Countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. Risk An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. Security Policy is a set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources. Vulnerability - A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.
  • 9. Computer Security and Privacy/ Attacks Interruption: An attack on availability Interception: An attack on confidentiality Modification: An attack on integrity Fabrication: An attack on authenticity Categories of Attacks
  • 10. Computer Security and Privacy/Attacks Categories of Attacks/Threats (W. Stallings) Normal flow of information Interruption Interception Modification Fabrication Source Destination Attack
  • 11. Computer Security and Privacy/ Vulnerabilities Physical vulnerabilities (Ex. Buildings) Natural vulnerabilities (Ex. Earthquake) Hardware and Software vulnerabilities (Ex. Failures) Media vulnerabilities (Ex. Disks can be stolen) Communication vulnerabilities (Ex. Wires can be tapped) Human vulnerabilities (Ex. Insiders) Types of Vulnerabilities
  • 12. Computer Security and Privacy/ Countermeasures Computer security controls  Authentication (Password, Cards, Biometrics)  Encryption  Auditing  Administrative procedures  Standards  Certifications  Physical Security  Laws
  • 13. Computer Security and Privacy Physical Security
  • 14. Computer Security and Privacy/ Physical Security Physical security is the use of physical controls to protect premises, site, facility, building or other physical asset of an organization [Lawrence Fennelly] Physical security protects your physical computer facility (your building, your computer room, your computer, your disks and other media) [Chuck Easttom].
  • 15. Computer Security and Privacy/ Physical Security In the early days of computing physical security was simple because computers were big, standalone, expensive machines ₯ It is almost impossible to move them (not portable) ₯ They were very few and it is affordable to spend on physical security for them ₯ Management was willing to spend money ₯ Everybody understands and accepts that there is restriction
  • 16. Computer Security and Privacy/ Physical Security Today ₯ Computers are more and more portable (PC, laptop, PDA, Smartphone) ₯ There are too many of them to have good physical security for each of them ₯ They are not “too expensive” to justify spending more money on physical security until a major crisis occurs ₯ Users don’t accept restrictions easily ₯ Accessories (ex. Network components) are not considered as important for security until there is a problem ₯ Access to a single computer may endanger many more computers connected through a network
  • 17. Computer Security and Privacy/ Physical Security Natural Disasters  Fire and smoke  Fire can occur anywhere  Solution – Minimize risk Good policies: NO SMOKING, etc.. Fire extinguisher, good procedure and training Fireproof cases (and other techniques) for backup tapes Fireproof doors  Climate  Heat  Direct sun  Humidity Threats and vulnerabilities
  • 18. Computer Security and Privacy/ Physical Security Natural Disasters …  Hurricane, storm, cyclone  Earthquakes  Water  Flooding can occur even when a water tab is not properly closed  Electric supply  Voltage fluctuation Solution: Voltage regulator  Lightning Threats and vulnerabilities … Solution  Avoid having servers in areas often hit by Natural Disasters!
  • 19. Computer Security and Privacy/ Physical Security People Intruders  Thieves  People who have been given access unintentionally by the insiders  Employees, contractors, etc. who have access to the facilities  External thieves  Portable computing devices can be stolen outside the organization’s premises Loss of a computing device Mainly laptop Threats and vulnerabilities …
  • 20. Computer Security and Privacy/ Physical Security Safe area Safe area often is a locked place where only authorized personnel can have access using Surveillance/guards, video-surveillance, automatic-doors with security code locks, alarms, etc. Organizations usually have safe area for keeping computers and related devices
  • 21. Computer Security and Privacy/ Attacks & Threats Computer Security - Attacks and Threats
  • 22. Computer security/ Attacks & Threats A computer security threat is any person, act, or object that poses a danger to computer security Computer world is full of threats! And so is the real world! Thieves, pick-pockets, burglars, murderers, drunk drivers, …
  • 23. Computer security/ Attacks & Threats What do you do in real life?  You learn about the threats  What are the threats  How can these threats affect you  What is the risk for you to be attacked by these threats  How you can protect yourself from these risks  How much does the protection cost  What you can do to limit the damage in case you are attacked  How you can recover in case you are attacked  Then, you protect yourself in order to limit the risk but to continue to live your life You need to do exactly the same thing with computers!
  • 24. Computer security/ Types of Attacks & Threats Hacking Attack:  Any attempt to gain unauthorized access to your system. Denial of Service (DoS) Attack  Blocking access from legitimate users Physical Attack:  Stealing, breaking or damaging of computing devices Malware Attack:  A generic term for software that has malicious purpose  Examples: Viruses, Trojan horses, Spy-wares, worm New ones: Spam/scam, identity theft, e-payment frauds, etc.
  • 25. Computer security/ Types of Attacks & Threats Viruses  “A small program that replicates and hides itself inside other programs usually without your knowledge.” Symantec  Similar to biological virus: Replicates and Spreads Worms  An independent program that reproduces by copying itself from one computer to another  It can do as much harm as a virus  It often creates denial of service Trojan horses  Secretly downloading a virus or some other type of mal-ware on to your computers. Spy-wares  “A software that literally spies on what you do on your computer.”  Example: Simple Cookies and Key Loggers
  • 26. Computer security/Threats Functions of anti-viruses ₯ Identification of known viruses ₯ Detection of suspected viruses ₯ Blocking of possible viruses ₯ Disinfection of infected objects ₯ Deletion and overwriting of infected objects Anti-Virus …
  • 27. Computer Security/ OSI Security Architecture The OSI Security Architecture 1. Security attack: Any action that compromises the security of information owned by an organization. 2. Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. 3. Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization.
  • 28. OSI Security Architecture/Security attacks A useful means of classifying security attacks is in terms of passive attacks and active attacks. A passive attack attempts to learn or make use of information from the system but does not affect system resources. ® Two types of passive attacks are the release of message contents and traffic analysis. 1. Release of message contents - e.g., from a telephone conversation, e-mail, transferred files, etc. 2. Traffic analysis - e.g., location and identity of communicating hosts, frequency and length of messages, the nature of messages.
  • 29. OSI Security Architecture/Security attacks An active attack attempts to alter system resources or affect their operation. Active attacks can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service. © A masquerade takes place when one entity pretends to be a different entity. © Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. © Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. © The denial of service prevents or inhibits the normal use or management of communications facilities.
  • 30. OSI Security Architecture/Security Services Security Services divides these services into five categories or services.
  • 31. OSI Security Architecture/Security Services ₯ The function of the authentication service is to assure the recipient that the message is from the source that it claims to be from. ₡ the service assures that the two entities are authentic ₡ service must assure that the connection is not interfered This authentication service can be peer entity or data entity authentication. ₯ Access control is the ability to limit and control the access to host systems and applications via communications links. ₯ Confidentiality is the protection of transmitted data from passive attacks. ₯ Integrity can be connection-oriented or connectionless ₵ A connection-oriented integrity service deals with a stream of messages and assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays.
  • 32. OSI Security Architecture/Security Services ₵ A connectionless integrity service deals with individual messages without regard to any larger context and generally provides protection against message modification only. ₯ Nonrepudiation prevents either sender or receiver from denying a transmitted message. A Prove the sent & received message B ₯ Availability to be the property of a system or a system resource being accessible and usable upon demand by an authorized system entity. ₵ This service addresses the security concerns raised by denial-of-service attacks.
  • 33. OSI Security Architecture/Security Mechanism ₵ The mechanisms are divided into specific and pervasive security mechanisms:
  • 34. Q & C What are the challenges of computer security?