2. Grading
Mid Term=
Assignments =
Quizzes =
Term Project/viva/presentation =
Final Term =
PU Gujranwala
3. The art of war teaches us to rely not
on the likelihood of the enemy's not
coming, but on our own readiness to
receive him; not on the chance of his
not attacking, but rather on the fact
that we have made our position
unassailable.
PU Gujranwala
—The Art of War, Sun Tzu
5. Information Security
Information Security is the name given to the
preventive steps we take to guard our
Information and Information System.
Measures adopted to prevent the
unauthorized access, misuse, modification,
disclosure or destruction.
PU Gujranwala
7. Confidentiality
Confidentiality is the property of preventing
disclosure of information to unauthorized individuals
or systems.
Information is available only to people with rightful
access.
Ensuring that only those with the rights and
privileges to access a particular set of information are
able to do so.
Methods:
Data Encryption
User IDs and Passwords
PU Gujranwala
8. Integrity
Information can only be changed by authorized
personnel.
The quality or state of being whole, complete and
uncorrupted is the integrity of information.
Integrity can be violated by a virus or a user.
Integrity check can be done through:
File size
Checksums for verification of data integrity
File hashing
PU Gujranwala
9. Availability
Enables users who need to access information to do
so without interference or obstruction and receive it
in required format.
The information is available only to the authorized
users all the time.
Backups and Recovery
RAID
Alternate Links
PU Gujranwala
10. Authenticity
Authenticity of information is the quality or state of
being genuine or original, rather than a reproduction
or fabrication.
PU Gujranwala
11. Privacy
Privacy-means different things to different people, is
the right to be left alone and right to be free of
unreasonable personal instructions.
Information privacy – The right to determine when
and up to what extent information about oneself can
be shared with others
Organizational privacy – Governments agencies,
corporations, and other organizations may desire to
keep their activities or secrets from being revealed to
other organizations or individuals.
PU Gujranwala
12. Components of an Information
System
Software
Hardware
Data
People
Procedures
PU Gujranwala
13. Software
Bugs, Weaknesses and Holes.
An error or defect in software or hardware that causes a
program to malfunction
Security Hole (something you need to fix now)
Security Warning ( something you need to fix soon)
Security Note (something you need to fix when you get
around to it, or just some information that you should
consider)
Patches and Service Packs.
A patch is a piece of software designed to fix problems or
update a computer program and its supporting data. This
includes fixing security vulnerabilities and other bugs.
A service pack (in short SP) is a collection of updates, fixes
and/or enhancements to a software program delivered in
the form of a single installable package.
PU Gujranwala
14. Hardware
It Houses and Executes a software.
Stores and carries the data.
Provides Interfaces for the entry and removal of
information from the system.
Physical security policies deal with the H/W.
PU Gujranwala
15. Data
The most important and valuable thing for any
organization.
Main object of intentional attacks.
Must be protected from unauthorized access.
PU Gujranwala
16. People
All that interact with the System.
Main threat to information security.
PU Gujranwala
17. Procedures
Procedures are written instructions for accomplishing
a specific task.
Mechanism adopted to achieve an objective.
PU Gujranwala
18. What is Network Security?
Network Security is the protection of networking
components, connections and contents.
Effort to create a secure computing platform, so
users or programs cannot perform actions that they
are not allowed to do.
PU Gujranwala
19. Network Security as a Continuous
Process
Network security is a continuous process built around a
security policy.
Step 1: Secure
Step 2: Monitor
Step 3: Test
Step 4: Improve
PU Gujranwala
20. Step 1: Secure the Network
Implement security solutions to prevent unauthorized
access and to protect information.
Authentication
Encryption
Firewalls
Vulnerability Patching
PU Gujranwala
21. Step 2: Monitor Security
Detects violations to the security policy
Involves system auditing and real-time intrusion
detection
Validates the security implementation in
Step 1
PU Gujranwala
22. Step 3: Test Security
Validates effectiveness of the security policy through
system auditing and network scanning
Whether the system fulfills the security requirements
or not.
PU Gujranwala
23. Step 4: Improve Security
Use information from the monitor and test phases to
make improvements to the security implementation.
Adjust the security policy as security holes and risks
are identified.
PU Gujranwala
24. Terms related to Security
Assets
Threats
Attack
Vulnerability
Risk Analysis
Countermeasures
Hacking
PU Gujranwala
25. Asset
An asset is the organizational resource that is being
protected.
It can be logical like website, information, data.
It can be physical like computer system or other
tangible object.
PU Gujranwala
26. Threat
A person, thing, event or idea which poses some danger to an
asset (in terms of confidentiality, integrity, availability or legitimate
use).
A possible means by which a security policy may be breached.
An attack
An assault against a computer system or network as a result of
deliberate, intelligent action; for example, denial of service attacks,
penetration and sabotage.
It is a realization of a threat.
Threats and Attack
PU Gujranwala
27. Vulnerability
A weakness in the system that can be exploited to cause loss or
harm
In computer security, the word vulnerability refers to a weakness in
a system allowing an attacker to violate the confidentiality,
integrity, availability ,access control, consistency or audit
mechanisms of the system or the data and applications it hosts
Control, Countermeasure, safeguard
An action, device, procedure or technique that removes or reduces
a vulnerability.
PU Gujranwala
Vulnerability and Countermeasure
28. Risk = Threat + Vulnerability
Threats without vulnerabilities pose no risk.
Likewise, vulnerabilities without threats pose no risk.
Risk is the probability that something can happen.
Risk analysis can be quantitative or qualitative.
PU Gujranwala
29. Cont…
Risk can be qualitatively defined in three levels:
Low- Action to remove the vulnerability should be taken if possible
Medium- Action to remove the vulnerability is advisable
High- Action should be taken immediately to remove this
vulnerability
PU Gujranwala
30. Hacking
Can be defined positively and negatively:
To write computer programs for enjoyment.
To gain access to a computer illegally.
A person who writes programs in assembly language or in system-
level languages, such as C. The term often refers to any
programmer, but its true meaning is someone with a strong
technical background who is "hacking away" at the bits and bytes.
During the 1990s, the term "hacker" became synonymous with
"cracker," which is a person who performs some form of computer
sabotage. The association is understandable. In order to be an
effective cracker, you had to be a good hacker, thus the terms got
intertwined, and hacker won out in the popular press.
PU Gujranwala
31. Summary
What we have studied:
What is Information Security?
What is Network Security?
Assets, Threats and Countermeasures.
PU Gujranwala
Editor's Notes
Twenty-Five Hundred years ago, Sun Tzu wrote this classic book of military strategy based on Chinese warfare and military thought. Since that time, all levels of military have used the teaching on Sun Tzu to warfare and civilization have adapted these teachings for use in politics, business and everyday life. The Art of War is a book which should be used to gain advantage of opponents in the boardroom and battlefield alike.