SlideShare a Scribd company logo

Ia 124 1621324143 ia_124_lecture_01

Download as PPT, PDF
I
ITNet

This document provides an overview of key concepts in information security from a lecture on security concepts. It defines security as keeping the possibility of threats low, and discusses specialized security areas like physical, personal, communications, network, and data security. It also defines computer security as protecting computer systems, hardware, software, data and information from threats. The document then examines common security vulnerabilities, threats, and the vulnerability-threat-control paradigm. It discusses goals of security like confidentiality, integrity and availability.

Technology
1 of 38
IA 124: INTRODUCTION TO IT SECURITY LECTURE 01 SECURITY CONCEPTS 1 7/27/2021
INTRODUCTION What is a Security? 2 What do you think?
WHAT IS SECURITY? Security: A state of well-being of information and infrastructure in which the possibility of theft, tempering, and disruption of information and services is kept low or tolerable.  “Security” is the quality or state of being secure--to be free from danger. 3 7/27/2021
Specialized Areas of Security 7/27/2021 4 Physical security: Protect the physical items, objects, or areas of an organization from unauthorized access and misuse. Personal security: Protect the individual or group of individuals who are authorized to access the organization and its operations. Communications security: Protect an organization’s communications media, technology, and content.
Specialized Areas of Security 7/27/2021 5 Network Security: Protect the network and the network-accessible resources from unauthorized access, consistent and continuous monitoring and measurement of its effectiveness. Data security: Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled.
Computer Security 7/27/2021 6 “….Protection of computers hardware, software, data, information and other related computer devices, from theft, corruption, or natural disaster destruction….”. Computer security is concern with protecting a computer system’s information assets, as well as the computer systems themselves. Asset = item of value Assets include: Hardware, Software, Data
The Vulnerability – Threat – Control Paradigm  A major goal of information security as a discipline and as a profession is to protect valuable assets  To study methods of asset protection, we use vulnerability – threat – control framework:  Vulnerability  Is a weakness in an information system or its components that might be exploited to compromise the security of the system.  Attack is the deliberate act that exploits vulnerability. Is the actual attempt to violate security.  Threat  A set of circumstances or events that has the potential to course loss or harm an information system by destroying it, disclosing the information stored on the system, adversely modifying data, or making the system unavailable.  Control  An action, device, procedure, or technique that eliminates or reduces a vulnerability  Also called a countermeasure 7/27/2021 7
The Vulnerability – Threat – Control Paradigm  A threat is blocked by control of a vulnerability. 7/27/2021 8  Example: The finger of the man can control a water leak.
Security VULNERABILITIES 7/27/2021 9 1. Poor system management: If managers at all levels don't make security, their number one priority, then the threats to an information system is easily to become real. 2. Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker to have the tools or knowledge to exploit the weakness. 3. Poor System Design: If the System Analyst did not consider the security aspect, during system design process then creates a loop hole for an attacker to damage a system. WHY Information systems are vulnerable?
Security VULNERABILITIES 7/27/2021 10 3. Poor Password management: The computer users stores the password on the computer or open place where an attacker can access it. 5. Unchecked user input: The programmers assumes that all user input is safe, but there programs that do not check user input which allow unintended direct execution of commands. 6. Default configuration: of the OS and Network Operating System (NOS), network devices firewalls and encryption weaknesses. WHY Information systems are vulnerable?
Threats and C-I-A Threats can apply to the confidentiality, integrity, or availability (C-I-A) of a system Confidentiality: Assurance that the information is accessible only to those authorized to have access. Integrity: The trustworthiness of data of resources in terms of preventing improper and unauthorized changes. Availability: Assurance that the systems are accessible when required by the authorized users. 7/27/2021 11  C-I-A = The security Triad  C-I-A = The Goals/Objectives of Information Security
SECURITY GOALS 7/27/2021 12 CONFIDENTIALIT Y AVAILABILIT Y INTEGRITY
CIA Triad 7/27/2021 13
Additional Pillars of Information Security Aside from C-I-A, authentication, nonreputiation, and auditability are also desirable system properties Authentication: The ability of a system to confirm the identity of a sender. Nonrepudiation: The ability of a system to confirm that a sender cannot convincingly deny having sent a message. Auditability: The ability of a system to trace all actions related to a given asset. Determine who did what and when in order to ensure that responsible parties are held account. 7/27/2021 14
Threats to Information Systems 7/27/2021 15
Threats to Information Systems 7/27/2021 16
Threats to Information Systems 7/27/2021 17 Includes acts done without malicious intent Caused by: Inexperience Improper training Incorrect assumptions Other circumstances Employees are greatest threats to information security They are closest to the organizational data Example: Acts of Human Error or Failure
Threats to Information Systems 7/27/2021 18 Employee mistakes can easily lead to the following: Revelation of classified data Entry of erroneous data Accidental deletion or modification of data Storage of data in unprotected areas Failure to protect information Example: Acts of Human Error or Failure Many of these threats can be prevented with controls Control: Is an action, procedure or technique that removes or reduces the vulnerabilities.
7/27/2021 19
Harmful Acts  Harm to information systems can be affected on four different ways 1. Interruption: This is an attack on availability 2. Interception: This is an attack on confidentiality 3. Modification: This is an attack on integrity 4. Fabrication: This is an attack on authenticity 20
21 Information source Information destination Normal Flow
Interruption Interruption: This is an attack on availability Approach: Destruction of hardware, physical damages to communication links, Disrupting traffic (introduction to noise), erase of a program or a file, DoS attacks. 22 Information source Information destination
Interception Interception: This is an attack on confidentiality Approach: Eavesdropping over a communication line, Link monitoring, packet capturing, system compromisation. 23 Information source Information destination
Modification Modification: This is an attack on integrity Approach: Corrupting transmitted data or tampering with it before it reaches its destination. E.g. Changing a record in database. 24 Information source Information destination
Fabrication Fabrication: This is an attack on authenticity Approach: Faking data as if it were created by a legitimate and authentic party. E.g. Adding a new record to a database, insertion of new network packet. 25 Information source Information destination
Types of attackers Amateurs Opportunistic attackers  Use a password that he or she found  Script kiddies Hackers: Non-malicious Crackers: Malicious Career criminals Organized crime syndicates Cyber terrorists State-supported spies and information warriors 7/27/2021 26
Method – Opportunity - Motive  Attackers need MOM Method Skills, knowledge, tools, etc. with which to attempt an attack Opportunity Time and access to attempt an attack Motive A reason to attempt an attack 7/27/2021 27
Method of Defense  Six approaches to defense of computing systems 1. Prevent attack  Block attack / close vulnerability 2. Deter attack  Make attack harder (if we can’t make it impossible) 3. Deflect attack  Make another target more attractive than this target 4. Mitigate attack  Make the impact of an attack less severe 5. Detect attack  during or after 6. Recover from attack 7/27/2021 28
Importance of Computer Security 7/27/2021 29 1. To protect organization's valuable resources, such as information, hardware, and software, through the selection of appropriate techniques. 2. Security helps the organization's mission of protecting its.  Physical and financial resources.  Gaining reputation and legal position from employees, and customers trust.
Importance of Computer Security 7/27/2021 30 3. Preserving, Integrity, Confidentiality and Availability of information system resources that includes.  Organization’s data.  Customer’s information.  Organization’s hardware and software etc. 4. To protect the organizations’ information from criminal, natural hazards and other threats.
Importance of Computer Security 7/27/2021 31 5. To protect the organization from hackers, crackers and terrorists.  Hacker: Intelligent individual with excellent computer skills, with the ability to create and explore or exploits weaknesses in computer systems and network.  Cracker: System intruder/destroyer who Breaching security on software or systems.  Virus: Is a program that reproduces its own code by attaching itself to other executable files in such a way that the virus code is executed when the infected executable file is executed.  Is a program designed and to cause problems to computers or computer network systems.
SECURITY MEASURES 7/27/2021 32 The following measures can be used to protect your computer from security threats and attacks: 1. Locking your computer with a password. 2. Installing Anti-Virus software and ensure it is up- to-date. 3. Using up-to-date software (operating systems and user applications) 4. Logging off or shutting down your computer when going away. Protecting Computers
SECURITY MEASURES 7/27/2021 33 5. Make a backup of your important documents and data. 6. Protect your files with passwords 7. Before clicking on any e-mail attachment, make sure that the attachment is scanned even if you know the source. 8. Before using media given to you by someone else, scan it to remove viruses Protecting Computers…
SECURITY MEASURES 7/27/2021 34 The following measures can be used to protect your network from security threats and attacks 1. Firewalls: A firewall defines a single choke point of control and monitoring that keeps unauthorized users out of the protected network. 2. Intrusion Detection System (IDS) Protecting Computers Networks
SYMPTOMS OF INFECTED COMPUTER 7/27/2021 35 It is difficult to prove if your computer has been affected with a virus. However, one can suspects that a computer is infected with a virus, by considering some primary indicators that are; 1. The computer runs slower than usual. 2. The computer stops responding, or it locks up frequently. 3. The computer crashes, and then it restarts every few minutes. 4. Your computer has much less memory or hard drive space is unavailable.
SYMPTOMS OF INFECTED COMPUTER… 7/27/2021 36 5. Applications programs on the computers do not work correctly. 6. Disks or flash disk drives are inaccessible. 7. You cannot print soft copy to hardcopy correctly or PC prints bogus information. 8. You see unusual error messages. 9. There is a double extension on an attachment that you recently opened, such as a .jpg, .gif, or .exe. extension. 10. An antivirus program is disabled for no reason and sometimes it cannot be restarted.
SYMPTOMS OF INFECTED COMPUTER… 7/27/2021 37 11. An antivirus program cannot be installed on the computer, or the antivirus program will not run. 12. New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs. 13. There are error messages popping out on a regular basis. 14. Your files and folders are getting deleted automatically. 15. Abnormal sound.
38 IA 124 LECTURE 01 END 7/27/2021

Recommended

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Data security
Data securityData security
Data securityForeSolutions
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Network security
Network securityNetwork security
Network securityNandini Raj
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Network security
Network securityNetwork security
Network securitymena kaheel
 

Recommended

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Data security
Data securityData security
Data securityForeSolutions
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Network security
Network securityNetwork security
Network securityNandini Raj
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Data Security
Data SecurityData Security
Data SecurityAkNirojan
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Data security
Data securityData security
Data securityAbdulBasit938
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network securityIGZ Software house
 
Data security
Data securityData security
Data securityTapan Khilar
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityNebiyeLioul
 
Cybercrime 1
Cybercrime 1Cybercrime 1
Cybercrime 1nayakslideshare
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
WhatsApp security
WhatsApp securityWhatsApp security
WhatsApp securityJavi Hurtado
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
system Security
system Security system Security
system Security Gaurav Mishra
 
Computer Security PowerPoint Presentation Slides
Computer Security PowerPoint Presentation SlidesComputer Security PowerPoint Presentation Slides
Computer Security PowerPoint Presentation SlidesSlideTeam
 
Network security ppt
Network security pptNetwork security ppt
Network security pptOECLIB Odisha Electronics Control Library
 
IA 124 Lecture 01 2022 -23-1.pdf hahahah
IA 124 Lecture 01 2022 -23-1.pdf hahahahIA 124 Lecture 01 2022 -23-1.pdf hahahah
IA 124 Lecture 01 2022 -23-1.pdf hahahahflyinimohamed
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 

More Related Content

What's hot

Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Data Security
Data SecurityData Security
Data SecurityAkNirojan
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Computer Security PowerPoint Presentation Slides
Computer Security PowerPoint Presentation SlidesComputer Security PowerPoint Presentation Slides
Computer Security PowerPoint Presentation SlidesSlideTeam
 

What's hot (20)

Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 
Network Security
Network SecurityNetwork Security
Network Security
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
 
Data Security
Data SecurityData Security
Data Security
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 
Data security
Data securityData security
Data security
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
 
Data security
Data securityData security
Data security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cybercrime 1
Cybercrime 1Cybercrime 1
Cybercrime 1
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical Infrastructure
 
WhatsApp security
WhatsApp securityWhatsApp security
WhatsApp security
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
system Security
system Security system Security
system Security
 
Computer Security PowerPoint Presentation Slides
Computer Security PowerPoint Presentation SlidesComputer Security PowerPoint Presentation Slides
Computer Security PowerPoint Presentation Slides
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 

Similar to Ia 124 1621324143 ia_124_lecture_01

IA 124 Lecture 01 2022 -23-1.pdf hahahah
IA 124 Lecture 01 2022 -23-1.pdf hahahahIA 124 Lecture 01 2022 -23-1.pdf hahahah
IA 124 Lecture 01 2022 -23-1.pdf hahahahflyinimohamed
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1Temesgen Berhanu
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPiBits
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptxams1ams11
 
Introduction to Computer Security
Introduction to Computer SecurityIntroduction to Computer Security
Introduction to Computer SecurityKamal Acharya
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxdesalewminale
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and securitySomesh Kumar
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptRamaNingaiah
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIan Dave Balatbat
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.pptssuser6c59cb
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptshahadd2021
 
20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdfShyma Jugesh
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdfdeepakbharathi16
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
databasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdfdatabasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdfAnSHiKa187943
 

Similar to Ia 124 1621324143 ia_124_lecture_01 (20)

IA 124 Lecture 01 2022 -23-1.pdf hahahah
IA 124 Lecture 01 2022 -23-1.pdf hahahahIA 124 Lecture 01 2022 -23-1.pdf hahahah
IA 124 Lecture 01 2022 -23-1.pdf hahahah
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
 
Introduction to Computer Security
Introduction to Computer SecurityIntroduction to Computer Security
Introduction to Computer Security
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptx
 
Security Ch-1.pptx
Security Ch-1.pptxSecurity Ch-1.pptx
Security Ch-1.pptx
 
Security information for internet and security
Security information for internet and securitySecurity information for internet and security
Security information for internet and security
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
IT-Security-20210426203847.ppt
IT-Security-20210426203847.pptIT-Security-20210426203847.ppt
IT-Security-20210426203847.ppt
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
 
20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
 
databasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdfdatabasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdf
 

More from ITNet

lecture 8 b main memory
lecture 8 b main memorylecture 8 b main memory
lecture 8 b main memoryITNet
 
lecture 9.pptx
lecture 9.pptxlecture 9.pptx
lecture 9.pptxITNet
 
lecture 10.pptx
lecture 10.pptxlecture 10.pptx
lecture 10.pptxITNet
 
lecture 11.pptx
lecture 11.pptxlecture 11.pptx
lecture 11.pptxITNet
 
lecture 12.pptx
lecture 12.pptxlecture 12.pptx
lecture 12.pptxITNet
 
lecture 13.pptx
lecture 13.pptxlecture 13.pptx
lecture 13.pptxITNet
 
lecture 15.pptx
lecture 15.pptxlecture 15.pptx
lecture 15.pptxITNet
 
kandegeeee.pdf
kandegeeee.pdfkandegeeee.pdf
kandegeeee.pdfITNet
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02ITNet
 
Cp 121 lecture 01
Cp 121 lecture 01Cp 121 lecture 01
Cp 121 lecture 01ITNet
 
Cp 111 5 week
Cp 111 5 weekCp 111 5 week
Cp 111 5 weekITNet
 
Teofilo kisanji university mbeya (TEKU) ambassador 2020
Teofilo kisanji university mbeya (TEKU) ambassador 2020Teofilo kisanji university mbeya (TEKU) ambassador 2020
Teofilo kisanji university mbeya (TEKU) ambassador 2020ITNet
 
Tn 110 lecture 8
Tn 110 lecture 8Tn 110 lecture 8
Tn 110 lecture 8ITNet
 
Tn 110 lecture 2 logic
Tn 110 lecture 2 logicTn 110 lecture 2 logic
Tn 110 lecture 2 logicITNet
 
Tn 110 lecture 1 logic
Tn 110 lecture 1 logicTn 110 lecture 1 logic
Tn 110 lecture 1 logicITNet
 
internet
internetinternet
internetITNet
 
Im 111 lecture 1
Im 111 lecture 1Im 111 lecture 1
Im 111 lecture 1ITNet
 
development study perspective full
development study perspective fulldevelopment study perspective full
development study perspective fullITNet
 
Gender issues in developement
Gender issues in developementGender issues in developement
Gender issues in developementITNet
 
Religion
ReligionReligion
ReligionITNet
 

More from ITNet (20)

lecture 8 b main memory
lecture 8 b main memorylecture 8 b main memory
lecture 8 b main memory
 
lecture 9.pptx
lecture 9.pptxlecture 9.pptx
lecture 9.pptx
 
lecture 10.pptx
lecture 10.pptxlecture 10.pptx
lecture 10.pptx
 
lecture 11.pptx
lecture 11.pptxlecture 11.pptx
lecture 11.pptx
 
lecture 12.pptx
lecture 12.pptxlecture 12.pptx
lecture 12.pptx
 
lecture 13.pptx
lecture 13.pptxlecture 13.pptx
lecture 13.pptx
 
lecture 15.pptx
lecture 15.pptxlecture 15.pptx
lecture 15.pptx
 
kandegeeee.pdf
kandegeeee.pdfkandegeeee.pdf
kandegeeee.pdf
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02
 
Cp 121 lecture 01
Cp 121 lecture 01Cp 121 lecture 01
Cp 121 lecture 01
 
Cp 111 5 week
Cp 111 5 weekCp 111 5 week
Cp 111 5 week
 
Teofilo kisanji university mbeya (TEKU) ambassador 2020
Teofilo kisanji university mbeya (TEKU) ambassador 2020Teofilo kisanji university mbeya (TEKU) ambassador 2020
Teofilo kisanji university mbeya (TEKU) ambassador 2020
 
Tn 110 lecture 8
Tn 110 lecture 8Tn 110 lecture 8
Tn 110 lecture 8
 
Tn 110 lecture 2 logic
Tn 110 lecture 2 logicTn 110 lecture 2 logic
Tn 110 lecture 2 logic
 
Tn 110 lecture 1 logic
Tn 110 lecture 1 logicTn 110 lecture 1 logic
Tn 110 lecture 1 logic
 
internet
internetinternet
internet
 
Im 111 lecture 1
Im 111 lecture 1Im 111 lecture 1
Im 111 lecture 1
 
development study perspective full
development study perspective fulldevelopment study perspective full
development study perspective full
 
Gender issues in developement
Gender issues in developementGender issues in developement
Gender issues in developement
 
Religion
ReligionReligion
Religion
 

Recently uploaded

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Ia 124 1621324143 ia_124_lecture_01

  • 1. IA 124: INTRODUCTION TO IT SECURITY LECTURE 01 SECURITY CONCEPTS 1 7/27/2021
  • 2. INTRODUCTION What is a Security? 2 What do you think?
  • 3. WHAT IS SECURITY? Security: A state of well-being of information and infrastructure in which the possibility of theft, tempering, and disruption of information and services is kept low or tolerable.  “Security” is the quality or state of being secure--to be free from danger. 3 7/27/2021
  • 4. Specialized Areas of Security 7/27/2021 4 Physical security: Protect the physical items, objects, or areas of an organization from unauthorized access and misuse. Personal security: Protect the individual or group of individuals who are authorized to access the organization and its operations. Communications security: Protect an organization’s communications media, technology, and content.
  • 5. Specialized Areas of Security 7/27/2021 5 Network Security: Protect the network and the network-accessible resources from unauthorized access, consistent and continuous monitoring and measurement of its effectiveness. Data security: Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled.
  • 6. Computer Security 7/27/2021 6 “….Protection of computers hardware, software, data, information and other related computer devices, from theft, corruption, or natural disaster destruction….”. Computer security is concern with protecting a computer system’s information assets, as well as the computer systems themselves. Asset = item of value Assets include: Hardware, Software, Data
  • 7. The Vulnerability – Threat – Control Paradigm  A major goal of information security as a discipline and as a profession is to protect valuable assets  To study methods of asset protection, we use vulnerability – threat – control framework:  Vulnerability  Is a weakness in an information system or its components that might be exploited to compromise the security of the system.  Attack is the deliberate act that exploits vulnerability. Is the actual attempt to violate security.  Threat  A set of circumstances or events that has the potential to course loss or harm an information system by destroying it, disclosing the information stored on the system, adversely modifying data, or making the system unavailable.  Control  An action, device, procedure, or technique that eliminates or reduces a vulnerability  Also called a countermeasure 7/27/2021 7
  • 8. The Vulnerability – Threat – Control Paradigm  A threat is blocked by control of a vulnerability. 7/27/2021 8  Example: The finger of the man can control a water leak.
  • 9. Security VULNERABILITIES 7/27/2021 9 1. Poor system management: If managers at all levels don't make security, their number one priority, then the threats to an information system is easily to become real. 2. Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker to have the tools or knowledge to exploit the weakness. 3. Poor System Design: If the System Analyst did not consider the security aspect, during system design process then creates a loop hole for an attacker to damage a system. WHY Information systems are vulnerable?
  • 10. Security VULNERABILITIES 7/27/2021 10 3. Poor Password management: The computer users stores the password on the computer or open place where an attacker can access it. 5. Unchecked user input: The programmers assumes that all user input is safe, but there programs that do not check user input which allow unintended direct execution of commands. 6. Default configuration: of the OS and Network Operating System (NOS), network devices firewalls and encryption weaknesses. WHY Information systems are vulnerable?
  • 11. Threats and C-I-A Threats can apply to the confidentiality, integrity, or availability (C-I-A) of a system Confidentiality: Assurance that the information is accessible only to those authorized to have access. Integrity: The trustworthiness of data of resources in terms of preventing improper and unauthorized changes. Availability: Assurance that the systems are accessible when required by the authorized users. 7/27/2021 11  C-I-A = The security Triad  C-I-A = The Goals/Objectives of Information Security
  • 14. Additional Pillars of Information Security Aside from C-I-A, authentication, nonreputiation, and auditability are also desirable system properties Authentication: The ability of a system to confirm the identity of a sender. Nonrepudiation: The ability of a system to confirm that a sender cannot convincingly deny having sent a message. Auditability: The ability of a system to trace all actions related to a given asset. Determine who did what and when in order to ensure that responsible parties are held account. 7/27/2021 14
  • 15. Threats to Information Systems 7/27/2021 15
  • 16. Threats to Information Systems 7/27/2021 16
  • 17. Threats to Information Systems 7/27/2021 17 Includes acts done without malicious intent Caused by: Inexperience Improper training Incorrect assumptions Other circumstances Employees are greatest threats to information security They are closest to the organizational data Example: Acts of Human Error or Failure
  • 18. Threats to Information Systems 7/27/2021 18 Employee mistakes can easily lead to the following: Revelation of classified data Entry of erroneous data Accidental deletion or modification of data Storage of data in unprotected areas Failure to protect information Example: Acts of Human Error or Failure Many of these threats can be prevented with controls Control: Is an action, procedure or technique that removes or reduces the vulnerabilities.
  • 20. Harmful Acts  Harm to information systems can be affected on four different ways 1. Interruption: This is an attack on availability 2. Interception: This is an attack on confidentiality 3. Modification: This is an attack on integrity 4. Fabrication: This is an attack on authenticity 20
  • 22. Interruption Interruption: This is an attack on availability Approach: Destruction of hardware, physical damages to communication links, Disrupting traffic (introduction to noise), erase of a program or a file, DoS attacks. 22 Information source Information destination
  • 23. Interception Interception: This is an attack on confidentiality Approach: Eavesdropping over a communication line, Link monitoring, packet capturing, system compromisation. 23 Information source Information destination
  • 24. Modification Modification: This is an attack on integrity Approach: Corrupting transmitted data or tampering with it before it reaches its destination. E.g. Changing a record in database. 24 Information source Information destination
  • 25. Fabrication Fabrication: This is an attack on authenticity Approach: Faking data as if it were created by a legitimate and authentic party. E.g. Adding a new record to a database, insertion of new network packet. 25 Information source Information destination
  • 26. Types of attackers Amateurs Opportunistic attackers  Use a password that he or she found  Script kiddies Hackers: Non-malicious Crackers: Malicious Career criminals Organized crime syndicates Cyber terrorists State-supported spies and information warriors 7/27/2021 26
  • 27. Method – Opportunity - Motive  Attackers need MOM Method Skills, knowledge, tools, etc. with which to attempt an attack Opportunity Time and access to attempt an attack Motive A reason to attempt an attack 7/27/2021 27
  • 28. Method of Defense  Six approaches to defense of computing systems 1. Prevent attack  Block attack / close vulnerability 2. Deter attack  Make attack harder (if we can’t make it impossible) 3. Deflect attack  Make another target more attractive than this target 4. Mitigate attack  Make the impact of an attack less severe 5. Detect attack  during or after 6. Recover from attack 7/27/2021 28
  • 29. Importance of Computer Security 7/27/2021 29 1. To protect organization's valuable resources, such as information, hardware, and software, through the selection of appropriate techniques. 2. Security helps the organization's mission of protecting its.  Physical and financial resources.  Gaining reputation and legal position from employees, and customers trust.
  • 30. Importance of Computer Security 7/27/2021 30 3. Preserving, Integrity, Confidentiality and Availability of information system resources that includes.  Organization’s data.  Customer’s information.  Organization’s hardware and software etc. 4. To protect the organizations’ information from criminal, natural hazards and other threats.
  • 31. Importance of Computer Security 7/27/2021 31 5. To protect the organization from hackers, crackers and terrorists.  Hacker: Intelligent individual with excellent computer skills, with the ability to create and explore or exploits weaknesses in computer systems and network.  Cracker: System intruder/destroyer who Breaching security on software or systems.  Virus: Is a program that reproduces its own code by attaching itself to other executable files in such a way that the virus code is executed when the infected executable file is executed.  Is a program designed and to cause problems to computers or computer network systems.
  • 32. SECURITY MEASURES 7/27/2021 32 The following measures can be used to protect your computer from security threats and attacks: 1. Locking your computer with a password. 2. Installing Anti-Virus software and ensure it is up- to-date. 3. Using up-to-date software (operating systems and user applications) 4. Logging off or shutting down your computer when going away. Protecting Computers
  • 33. SECURITY MEASURES 7/27/2021 33 5. Make a backup of your important documents and data. 6. Protect your files with passwords 7. Before clicking on any e-mail attachment, make sure that the attachment is scanned even if you know the source. 8. Before using media given to you by someone else, scan it to remove viruses Protecting Computers…
  • 34. SECURITY MEASURES 7/27/2021 34 The following measures can be used to protect your network from security threats and attacks 1. Firewalls: A firewall defines a single choke point of control and monitoring that keeps unauthorized users out of the protected network. 2. Intrusion Detection System (IDS) Protecting Computers Networks
  • 35. SYMPTOMS OF INFECTED COMPUTER 7/27/2021 35 It is difficult to prove if your computer has been affected with a virus. However, one can suspects that a computer is infected with a virus, by considering some primary indicators that are; 1. The computer runs slower than usual. 2. The computer stops responding, or it locks up frequently. 3. The computer crashes, and then it restarts every few minutes. 4. Your computer has much less memory or hard drive space is unavailable.
  • 36. SYMPTOMS OF INFECTED COMPUTER… 7/27/2021 36 5. Applications programs on the computers do not work correctly. 6. Disks or flash disk drives are inaccessible. 7. You cannot print soft copy to hardcopy correctly or PC prints bogus information. 8. You see unusual error messages. 9. There is a double extension on an attachment that you recently opened, such as a .jpg, .gif, or .exe. extension. 10. An antivirus program is disabled for no reason and sometimes it cannot be restarted.
  • 37. SYMPTOMS OF INFECTED COMPUTER… 7/27/2021 37 11. An antivirus program cannot be installed on the computer, or the antivirus program will not run. 12. New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs. 13. There are error messages popping out on a regular basis. 14. Your files and folders are getting deleted automatically. 15. Abnormal sound.
  • 38. 38 IA 124 LECTURE 01 END 7/27/2021