Computer security ppt for computer science student.pptx
1. Computer security
Computer security, also known as cybersecurity or information security, is a broad field that
encompasses the practices, technologies, and measures designed to protect computer
systems, networks, and data from unauthorized access, attacks, damage, or theft. The goal of
computer security is to ensure the confidentiality, integrity, and availability of information and
computing resources.
Computer security, meaning safeguarding hardware, software and their physical locations,
The objectives- Protection of information from
• Theft,
• Corruption,
• Damage from disaster
security
2. Security and privacy
Security, in a broad sense, involves measures taken to ensure the
confidentiality,
integrity, and availability of information. It encompasses protection against a
wide range of threats, including unauthorized access, attacks, data breaches,
and disruptions to services.
Focus: Security focuses on safeguarding information and systems from
various risks and vulnerabilities. This includes implementing access controls,
encryption, firewalls, antivirus software, and other measures to prevent and
mitigate potential security incidents.
Examples: Installing a firewall to protect a network, using strong
authentication methods, and encrypting sensitive data are all examples of
security measures.
3. Cont’d….
Privacy:
Definition: Privacy is the right of individuals to control their personal information and to keep it confidential. It
involves protecting sensitive data from unauthorized access, use, or disclosure.
Focus: Privacy is concerned with the appropriate handling of personal information, ensuring that individuals have
control over who accesses their data and for what purposes. It often involves legal and ethical considerations
regarding the collection, storage, and processing of personal information.
Examples: Implementing data anonymization techniques, obtaining informed consent for data collection, and
complying with privacy regulations (e.g., GDPR, HIPAA) are examples of privacy measures.
• Any individual group, act, or object that poses a danger to computer security and privacy is known as threat
• The most secured manner->Either no computers or are those not connected to any Network or Internet and
protected from any intrusion
4. Cont’d….
•Most computer security measures involve data encryption and passwords.
•Data encryption is the translation of data into a form that can not be read
without a deciphering mechanism.
•A password is a secret word or phrase that gives a user access to a particular
program or system.
5. Cont’d…
The goals of computer security are to protect computer systems, networks, and data from a wide range of threats and ensure
the confidentiality, integrity, and availability of information. These goals collectively contribute to creating a secure and
reliable computing environment. Here are the primary goals of computer security:
Confidentiality:
Goal: Ensure that sensitive information is not disclosed to unauthorized individuals or entities.
Methods: Encryption, access controls, authentication mechanisms, and secure transmission protocols help maintain
the confidentiality of data.
Integrity:
Goal: Ensure the accuracy and trustworthiness of data by preventing unauthorized alterations or tampering.
Methods: Cryptographic hash functions, digital signatures, access controls, and regular data integrity checks
contribute to maintaining data integrity.
Availability:
Goal: Ensure that computer systems and resources are available and accessible to authorized users when needed.
Methods: Redundancy, fault tolerance, backup and recovery mechanisms, and distributed systems design contribute
to maintaining the availability of systems and services.
Authentication:
Goal: Verify the identity of users, systems, or entities to ensure that access is granted only to authorized individuals or
entities.
Methods: Passwords, biometrics, multi-factor authentication (MFA), and digital certificates are commonly used for
authentication.
Non-Repudiation:
Goal: Ensure that a party cannot deny the authenticity or origin of a message or transaction.
Methods: Digital signatures, timestamps, and legal frameworks contribute to establishing non-repudiation
6. aspect of security
1.security attack refers to any unauthorized or malicious attempt to disrupt, compromise, or gain
unauthorized access to computer systems, networks, or data.
• Security attacks are intentional actions by individuals or entities, often with malicious intent, to
exploit vulnerabilities and weaknesses in a system's defenses. These attacks can lead to a variety
of negative consequences, including data breaches, unauthorized access, data loss, financial
losses, and service disruptions.
• common types of security attack
• Malware Attacks:
• Definition: Malicious software (malware) attacks involve the introduction of harmful
software into a system with the intent of causing harm. This includes viruses, worms,
Trojans, ransomware, and spyware.
• Objective: Malware attacks can lead to data theft, system disruption, or unauthorized
control over a compromised system.
• Phishing Attacks:
• Definition: Phishing attacks involve tricking individuals into providing sensitive
information, such as usernames, passwords, or financial details, by posing as a trustworthy
entity through deceptive emails, messages, or websites.
• Denial-of-Service (DoS) Attacks:
• Definition: DoS attacks attempt to overwhelm or disable a computer system, network, or
service by flooding it with a high volume of traffic, requests, or malicious data.
• Objective: The goal is to make a service or system unavailable to legitimate users.
7. Cont’d….
• Brute Force Attacks:
• Definition: Brute force attacks involve systematically trying all possible
combinations of passwords or encryption keys to gain unauthorized
access.
• Objective: Attackers attempt to discover valid credentials or encryption
keys through exhaustive trial-and-error methods.
Generic types of attack
active attack and
passive attack
Attack-> attack is the actual attempt to exploit that risk.
- attacks are the actions taken to realize that potential harm
- Attacks are intentional, malicious activities carried out by
individuals or entities to exploit vulnerabilities and achieve a specific
objective, such as unauthorized access, data theft, or disruption of services.
Threat-> a threat represents a potential danger or risk.
--Threats are the conditions or events that have the potential to cause
harm
- Threats can be natural events, accidental occurrences, or
intentional actions by malicious actors
8. Cont’d….
2.security service refers to a specific function or capability provided by a system,
organization, or technology to enhance the security of information, systems, networks, or
assets.
• These services are designed to protect against various security threats and risks, ensuring
the confidentiality, integrity, and availability of data and resources. Security services play a
crucial role in maintaining a robust and comprehensive security posture.
Here are some common security services:
Authentication Services:
• Purpose: Verify the identity of users, systems, or entities to ensure that access is granted
only to authorized individuals.
• Methods: Password authentication, biometric authentication, multi-factor authentication
(MFA), and digital certificates are examples of authentication services
• Authentication - assurance that the communicating entity is the one claimed: Fabrication
• Access Control - prevention of the unauthorized use of a resource
• Data Confidentiality –protection of data from unauthorized disclosure: Interception
• Data Integrity - assurance that data received is as sent by an authorized entity: Modification
• Non-Repudiation - protection against denial by one of the parties in a communication
• Availability - ensure info delivery : Interruption