3. What is security?What is security?
In information technology, security is the protection of
information assets through the use of technology, processes,
and training.
Security is about
Honest user (e.g., David, Jenny, Greg, …)
Dishonest Attacker
How the Attacker
Disrupts honest David’s use of the system (Integrity, Availability)
Learns information intended for David only (Confidentiality)
Information Technology Professionals must protect users from
these attackers.
Next Page
4. Properties of SecurityProperties of Security
Confidentiality
Information about system or its users cannot be learned by an
attacker
Integrity
The system continues to operate properly, only reaching states
that would occur if there were no attacker
Availability
Actions by an attacker do not prevent users from having access
to use of the system
Next Page
5. Application and OSApplication and OS
SecuritySecurity
Main Problem
OS Attacker Controls malicious files and applications
Content
Vulnerabilities: control hijacking attacks, fuzzing
Prevention: System design, robust coding, isolation
Project
Buffer overflow project
Next Page
6. Application security is the use of software, hardware, and
procedural methods to protect applications from external
threats.
Implications for the IT Professional:
Security measures built into applications
Sound application security routine
Use of hardware or software firewalls
Return to Home Additional Reading i
7. Web SecurityWeb Security
Main Problem
Web Attacker sets up malicious site visited by victim; no
control of network
Content
Browser policies, session mgmt, user authentication
HTTPS and web application security
Project
Web site attack and defenses project
Next Page
8. Web SecurityWeb Security
Web security is the separation or control of threats from
assets within or maintained by web-based services to protect
the integrity of the service, the confidentiality of the
communication, and the availability of the application.
Implications for the IT professional:
Security measures built into the applications
Sound application security routine
Use of hardware or software firewalls
Security measures built into the web service
9. Network SecurityNetwork Security
Main Problem:
Network Attacker: Intercepts and controls network
communication
Content:
Protocol designs, vulnerabilities, prevention
Malware, botnets, DDoS, network security testing
Project:
Network traceroute and packet filtering project
Next Page
11. Network SecurityNetwork Security
Network security is the protection of a computer network
and its services from unauthorized modification, destruction,
or disclosure.
Implications for IT professionals:
Security measures built into the network hardware and design
Control the flow to data in a network
Sound application security routine
Use of hardware or software firewalls
Security measures built into the web service
12. Computer SecurityComputer Security
Main Idea
Hacker gains controls of a computer, installs malicious files,
applications and access computer files.
Content
Cryptography (user perspective)
digital rights management
Project
Seminar
Next Page
13. Computer SecurityComputer Security
Computer security is the process of preventing and detecting
unauthorized use of your computer. The content of a computer is
vulnerable to few risks unless the computer is connected to other
computers on a network
Implications for IT professionals:
Use of applications such as antivirus, and firewalls
Security settings on local machines
Use of software firewalls
Create boot disks and backup data on a regular basis