2. Internet and Web Resource
oWeb Sites for This Book
oStudent Support
2
3. Definitions
oComputer Security - generic name for the
collection of tools designed to protect data and to
thwart hackers
oNetwork Security - measures to protect data during
their transmission
oInternet Security - measures to protect data during
their transmission over a collection of
interconnected networks
3
4. Aspects of Security
Consider 3 aspects of information security:
o Security attack
-Passive attacks, which include unauthorized reading of a
message of file and traffic analysis; and
-Active attacks is a modification of messages of files, and denial of
service
o Security mechanism
- Is any process that is designed to detect, prevent, or recover from a
security attack. Ex: encryption algorithms, digital signatures, and
authentication protocols.
o Security service
- A processing or communication service that enhances the security
of the data processing systems and the information transfers of an
organization. Ex: authentication, access control, data confidentiality
4
5. Security Attack
o Any action that compromises the security of information
owned by an organization
o Information security is about how to prevent attacks, or failing
that, to detect attacks on information-based systems
oCan focus of generic types of attacks
opassive
oactive
5
6. Passive Attacks
6
attempt to learn or
make use of
information from the
system but does not
affect system
resources.
8. Security Service
o Enhance security of data processing systems and
information transfers of an organization
o Intended to counter security attacks
o Using one or more security mechanisms
o Often replicates functions normally associated with physical
documents
o Which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction; be
notarized or witnessed; be recorded or licensed
8
9. Security Services
oX.800:
o A service provided by a protocol layer of communicating
open systems, which ensures adequate security of the
systems or of data transfers
oRFC 2828:
o A processing or communication service provided by a
system to give a specific kind of protection to system
resources
9
10. Security Services (X.800)
oAuthentication - assurance that the communicating
entity is the one claimed
oAccess Control - prevention of the unauthorized
use of a resource
oData Confidentiality –protection of data from
unauthorized disclosure
oData Integrity - assurance that data received is as
sent by an authorized entity
oNon-Repudiation - protection against denial by one
of the parties in a communication
10
14. Security Mechanism (X.800)
ofeatures designed to detect, prevent, or recover from a
security attack
o No single mechanism that will support all services required
o There security mechanism is categorized in two section
o Specific Security Mechanism
o Pervasive Security Mechanism
14
18. Model for Network Security
Using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by the
algorithm
3. develop methods to distribute and share the secret
information
4. specify a protocol enabling the principals to use the
transformation and secret information for a security
service
18