SlideShare a Scribd company logo

Basic Security Chapter 1

Download as PPT, PDF
AfiqEfendy Zaen
AfiqEfendy Zaen

This document discusses basic security concepts, including definitions of security, assets, and the principle of easiest penetration. It describes three classifications of protection: prevention, detection, and reaction. Examples are given for physical and cyber security. The goals of security are defined as integrity, confidentiality, and availability. Common security threats are interruption, interception, modification, and fabrication. Vulnerabilities in computing systems can occur in data, software, hardware, and exposed assets. Methods of defense include encryption, software/hardware controls, policies, and physical controls. System access control and data access control are important methods for making systems secure using identification, authentication, and access authorization.

1 of 26
TOPIC 1TOPIC 1 Basic Security ConceptsBasic Security Concepts
INTRODUCTIONINTRODUCTION  What is security?What is security? Security is about the protection of assets.Security is about the protection of assets. - Computer-related assets.- Computer-related assets. Computing system :- hardware, software,Computing system :- hardware, software, storage media, data and people.storage media, data and people.  Principle of Easiest PenetrationPrinciple of Easiest Penetration Intruder must be expected to use allIntruder must be expected to use all available means of penetration. Use theavailable means of penetration. Use the ‘weakest point’.‘weakest point’.
INTRODUCTIONINTRODUCTION  There are 3 classification of protection:There are 3 classification of protection: – PreventionPrevention: take measures that prevent your: take measures that prevent your assets from being damaged.assets from being damaged. – DetectionDetection: take measures that allow you to: take measures that allow you to detect when an asset has been damageddetect when an asset has been damaged – ReactionReaction: take measures that allow you to: take measures that allow you to recover your assets or to recover from damagerecover your assets or to recover from damage to your assets.to your assets.
 Example from physical world:Example from physical world: – PreventionPrevention: locks at the door or window bars,: locks at the door or window bars, wall around the propertywall around the property – DetectionDetection: you detect when something has been: you detect when something has been stolen if it is no longer there, a burglar alarmstolen if it is no longer there, a burglar alarm goes on when break-in occurs, cctv providegoes on when break-in occurs, cctv provide information that allows you to identify intrudersinformation that allows you to identify intruders – ReactionReaction: you can call the police or you may: you can call the police or you may decide to replace the stolen itemdecide to replace the stolen item INTRODUCTIONINTRODUCTION
INTRODUCTIONINTRODUCTION  Example from cyber world: consider credit card fraudExample from cyber world: consider credit card fraud cases.cases. – PreventionPrevention: use encryption when placing an order,: use encryption when placing an order, rely on the merchant to perform some checks on therely on the merchant to perform some checks on the caller before accepting a credit card order or don’tcaller before accepting a credit card order or don’t use credit card number on the Internet.use credit card number on the Internet. – DetectionDetection: a transaction that you had not authorized: a transaction that you had not authorized appears on your credit card statements.appears on your credit card statements. – ReactionReaction: you can ask for new credit card number,: you can ask for new credit card number, the cost of the fraudulent may be recovered by thethe cost of the fraudulent may be recovered by the card holder or the merchant where the fraudster hadcard holder or the merchant where the fraudster had made the purchase or the credit card issuer.made the purchase or the credit card issuer.
SECURITY GOALS SECURITY GOALS INTEGRITY: An assets can be modified only by authorized or only in authorized ways. CONFIDENTIALITY: an assets of computing systems are available only by authorized parties (also known as secrecy). AVAILABILITY : An assets are accessible to authorized parties when needed without any delay.
SECURITY THREATS INTERRUPTION: An asset of the system is destroyed or become unavailable or unusable – attack on AVAILABILTY INTERCEPTION: An unauthorized party (program, person, computer) gains access to an asset – attack on CONFIDENTIALITY MODIFICATION: An unauthorized party not only gain access to but tampers with an assets – attack on INTEGRITY FABRICATION: An unauthorized party insert counterfeit objects into the system – an attack on AUTHENTICITY
Information source Information destination INTERRUPTION Information source Information destination MODIFICATION Information source Information destination INTERCEPTION Information source Information destination FABRICATION Middle man Middle man Middle man SECURITY THREATS
Examples of security threats/attacks:Examples of security threats/attacks: Interruption ~ destruction of piece of hardware (hard disk) ~ cutting of communication line or ~ disabling of the file management system Interception ~ wiretapping ~ illicit copy of files or programs Modification ~ changing values in data file, ~ altering a program so that it performs differently, ~ modifying the content of messages being transmitted in a network. Fabrication ~ addition of records to a file, ~ insertion of spurious messages in a network
VulnerabilitiesVulnerabilities VulnerabilitiesVulnerabilities : a weaknesses in the: a weaknesses in the securitysecurity systemsystem that might be exploited to causethat might be exploited to cause loss or harm.loss or harm.
DATADATASOFTWARESOFTWARE HARDWAREHARDWARE Interception (Theft) Interruption (Denial of service) Interruption (Deletion) Interception (piracy) Modification Interruption (Loss) Interception Modification Fabrication Vulnerabilities in Computing Systems
VulnerabilitiesVulnerabilities Threats to Hardware • involuntary machine-slaughter: accidental acts not intended to do serious damage. • voluntary machine-slaughter: intended to do harm Threats to Software • deletion • modification – trojan horse, virus, trapdoor, logic bomb • theft - piracy
VulnerabilitiesVulnerabilities Threats to Data • loss of data •interception • modification • fabrication Threats to other exposed assets • storage media – consider backups • networks – very expose medium, access from distant • access – steal computer time, denial of service • key people – disgruntled employees
Methods of DefenseMethods of Defense Encryption provides ~ confidentiality for data ~ integrity ~ basis for protocol SOFTWARE/HARDWARE CONTROLSENCRYPTION POLICIES Software controls: ~ Internal program controls ~ Operating system controls ~ Development controls Hardware controls: ~ hardware devices : - smartcard (encryption) - circuit board ctrl disk drives in PCs~ frequent changes of password ~ training Legal and ethical controls ~ codes of ethics ~ locks of doors ~ backup copies of important s/w and data ~ physical site planning (reduce natural disasters) PHYSICAL CONTROLS METHODS OF DEFENSE METHODS OF DEFENSE
Who are the people?Who are the people?  AmateursAmateurs:: not career criminal but normal people who observe a flaw in a security system – have access to something valuable.  Crackers: may be university or high school students who attempt to access computing facilities for which they have not been authorized.  Career criminal: understands the targets of computer crime, international groups, electronic spies, information brokers.  Hackers: someone with deep knowledge and interest in operating systems or multiple OS. Do not attempt to intentionally break any system (non- malicious).
How to makes a systemHow to makes a system secure?secure? There are four methods how computer security provideThere are four methods how computer security provide protection:protection: (1)(1) System Access ControlSystem Access Control : ensuring that unauthorized: ensuring that unauthorized users don’t get into the system.users don’t get into the system. (2)(2) Data Access ControlData Access Control : monitoring who can access: monitoring who can access what data and for what purposes.what data and for what purposes. (3)(3) System and Security AdministrationSystem and Security Administration : performing: performing certain procedures (system administrator’s responsibilities orcertain procedures (system administrator’s responsibilities or training users appropriately)training users appropriately) (4)(4) System DesignSystem Design: Taking advantage of basic hardware: Taking advantage of basic hardware and software security characteristics.and software security characteristics.
System Access ControlSystem Access Control  The first way in which system provides computerThe first way in which system provides computer security is by controlling access to that system:security is by controlling access to that system: – Who’s allowed to log in?Who’s allowed to log in? – How does the system decide whether a user is legitimate?How does the system decide whether a user is legitimate?  Identification and authentication provides theIdentification and authentication provides the above.above.
Identification & AutheticationIdentification & Authetication  IdentificationIdentification tells the system who you aretells the system who you are  AuthenticationAuthentication proves to the system that you areproves to the system that you are who you are.who you are.  There are 3 ways to prove ourselves:There are 3 ways to prove ourselves: – Something you knowSomething you know – Something you haveSomething you have – Something you areSomething you are System Access ControlSystem Access Control
e.g.: password ~ you know the password, you the owner IDENTIFICATION & AUTHENTICATION IDENTIFICATION & AUTHENTICATION SOMETHING YOU HAVE SOMETHING YOU KNOW SOMETHING YOU ARE e.g.: tokens, keys & smart cards ~ you have the key, you must be the owner of it e.g: fingerprints, retina pattern, handprint etc.
Username and PasswordUsername and Password  Typical first line of defenseTypical first line of defense  User name (Login ID) – identificationUser name (Login ID) – identification  Password – authenticationPassword – authentication  Login will succeed if you entered a valid user nameLogin will succeed if you entered a valid user name and corresponding password.and corresponding password. System Access ControlSystem Access Control
 User plays an important role inUser plays an important role in password protection – authenticationpassword protection – authentication is compromised when you gave awayis compromised when you gave away your own password by telling others.your own password by telling others. Common threats on password:Common threats on password: – Password guessing: exhaustive searchPassword guessing: exhaustive search and intelligent searchand intelligent search – Password spoofingPassword spoofing – Compromise of the password fileCompromise of the password file System Access ControlSystem Access Control
 How we can defend password security:How we can defend password security: – Compulsory to set a passwordCompulsory to set a password – Change default passwordChange default password – Password lengthPassword length – Password formatPassword format – Avoid obvious passwordsAvoid obvious passwords  How system help to improve password security:How system help to improve password security: – Password checkersPassword checkers – Password generationPassword generation – Password ageingPassword ageing – Limit login attemptsLimit login attempts – Inform usersInform users System Access ControlSystem Access Control
Data Access ControlData Access Control  On the most elementary level, a subjectOn the most elementary level, a subject may observe an object or alter an object,may observe an object or alter an object, therefore the common access modes aretherefore the common access modes are defined as below:defined as below: – Observe: look at the contents of an objectObserve: look at the contents of an object – Change: change the contents of an objectChange: change the contents of an object
Data Access ControlData Access Control Observe Change execute append read write √ √ √ √ Access rights in the Bell-LaPadula model {execute, read, write} Alice Bill bill.doc edit.exe fun.com {read, write} {execute} {execute} {execute, read} - An access control matrix
Effectiveness of ControlsEffectiveness of Controls  Awareness of ProblemsAwareness of Problems : people will cooperate: people will cooperate with security requirements only if they understandwith security requirements only if they understand why security is appropriate in each specificwhy security is appropriate in each specific situation.situation.  Likelihood of useLikelihood of use : controls must be used to be: controls must be used to be effective – therefore it must be easy to use andeffective – therefore it must be easy to use and appropriate.appropriate.  Overlapping controlsOverlapping controls : combinations of control: combinations of control on one exposure.on one exposure.  Periodic reviewPeriodic review: ongoing task in judging the: ongoing task in judging the effectiveness of a control.effectiveness of a control.
The EndThe End

Recommended

Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
Dushyant Singh
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
afaque jaya
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Innocent Korie
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 

Recommended

Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
Dushyant Singh
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
afaque jaya
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Innocent Korie
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Chapter 2 Presentation
Chapter 2 PresentationChapter 2 Presentation
Chapter 2 Presentation
Amy McMullin
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Network security
Network securityNetwork security
Network security
Nkosinathi Lungu
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Information security principles an understanding
Information security principles an understandingInformation security principles an understanding
Information security principles an understanding
HelpWithAssignment.com
 
IT Security
IT SecurityIT Security
IT Security
Mohsin Laiq
 
Network security
Network securityNetwork security
Network security
mena kaheel
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
stollen_fusion
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Internet Security Basics
Internet Security BasicsInternet Security Basics
Internet Security Basics
Bipin Jethwani
 

More Related Content

What's hot

Chapter 2 Presentation
Chapter 2 PresentationChapter 2 Presentation
Chapter 2 Presentation
Amy McMullin
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Network security
Network securityNetwork security
Network security
Nkosinathi Lungu
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Information security principles an understanding
Information security principles an understandingInformation security principles an understanding
Information security principles an understanding
HelpWithAssignment.com
 
IT Security
IT SecurityIT Security
IT Security
Mohsin Laiq
 
Network security
Network securityNetwork security
Network security
mena kaheel
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
stollen_fusion
 

What's hot (20)

Chapter 2 Presentation
Chapter 2 PresentationChapter 2 Presentation
Chapter 2 Presentation
 
Information security
Information securityInformation security
Information security
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Network security
Network securityNetwork security
Network security
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Information security principles an understanding
Information security principles an understandingInformation security principles an understanding
Information security principles an understanding
 
IT Security
IT SecurityIT Security
IT Security
 
Network security
Network securityNetwork security
Network security
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 

Viewers also liked

System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Internet Security Basics
Internet Security BasicsInternet Security Basics
Internet Security Basics
Bipin Jethwani
 
1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance
AfiqEfendy Zaen
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
Information Security Awareness Group
 
SYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introductionSYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introduction
Afna Crcs
 
Network basic security
Network basic securityNetwork basic security
Network basic security
Mohamed Radji
 
Protocols and Practices in Using Encryption Chapter 4
Protocols and Practices in Using Encryption Chapter 4Protocols and Practices in Using Encryption Chapter 4
Protocols and Practices in Using Encryption Chapter 4
AfiqEfendy Zaen
 
Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2
AfiqEfendy Zaen
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6
AfiqEfendy Zaen
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
Vamsee Krishna Kiran
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security Requirements
Steven Cahill
 
Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2
AfiqEfendy Zaen
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
File Management
File ManagementFile Management
File Management
Mike Cummins
 
Motivational Slides
Motivational SlidesMotivational Slides
Motivational Slides
saimpaki
 
How to study well
How to study wellHow to study well
How to study well
Kolufu Geraldine
 
Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6
HCL Technologies
 
Memory and file system concepts
Memory and file system conceptsMemory and file system concepts
Memory and file system concepts
Satyendra Mohan
 

Viewers also liked (20)

System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Internet Security Basics
Internet Security BasicsInternet Security Basics
Internet Security Basics
 
1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance1. chapter 1 introduction of Finance
1. chapter 1 introduction of Finance
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
SYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introductionSYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introduction
 
Network basic security
Network basic securityNetwork basic security
Network basic security
 
Protocols and Practices in Using Encryption Chapter 4
Protocols and Practices in Using Encryption Chapter 4Protocols and Practices in Using Encryption Chapter 4
Protocols and Practices in Using Encryption Chapter 4
 
Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security Requirements
 
Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
 
File Management
File ManagementFile Management
File Management
 
Motivational Slides
Motivational SlidesMotivational Slides
Motivational Slides
 
How to study well
How to study wellHow to study well
How to study well
 
Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6
 
Flip Flop
Flip FlopFlip Flop
Flip Flop
 
Memory and file system concepts
Memory and file system conceptsMemory and file system concepts
Memory and file system concepts
 

Similar to Basic Security Chapter 1

Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpage
nakomuri
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
Ali Habeeb
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1
Ali Habeeb
 
Network Security
Network Security Network Security
Network Security
Vipul Mosaic
 
Intro
IntroIntro
Intro
JustineJohn3
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
123aleena
 
informations_security_presentations.pptx
informations_security_presentations.pptxinformations_security_presentations.pptx
informations_security_presentations.pptx
FAKHARZAMANPROUD
 
Unit v
Unit vUnit v
Unit v
bharatnaruka90
 
information security importance and use.ppt
information security importance and use.pptinformation security importance and use.ppt
information security importance and use.ppt
MuhammadAbdullah311866
 
Lecture15.ppt
Lecture15.pptLecture15.ppt
Lecture15.ppt
RamaNingaiah
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and Privacy
Jan Wong
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdf
satonaka3
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
LAVANYAsrietacin
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
deepakbharathi16
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
Haseeb Ahmed Awan
 
Computer security
Computer securityComputer security
Computer security
RoshanMaharjan13
 
Cyber Security Briefing
Cyber Security BriefingCyber Security Briefing
Cyber Security Briefing
Marshall Frett Jr.
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
EndAlk15
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
lbcollins18
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
Kimarie Brown
 

Similar to Basic Security Chapter 1 (20)

Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpage
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
 
Iss lecture 1
Iss lecture 1Iss lecture 1
Iss lecture 1
 
Network Security
Network Security Network Security
Network Security
 
Intro
IntroIntro
Intro
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
 
informations_security_presentations.pptx
informations_security_presentations.pptxinformations_security_presentations.pptx
informations_security_presentations.pptx
 
Unit v
Unit vUnit v
Unit v
 
information security importance and use.ppt
information security importance and use.pptinformation security importance and use.ppt
information security importance and use.ppt
 
Lecture15.ppt
Lecture15.pptLecture15.ppt
Lecture15.ppt
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and Privacy
 
chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdf
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
Computer security
Computer securityComputer security
Computer security
 
Cyber Security Briefing
Cyber Security BriefingCyber Security Briefing
Cyber Security Briefing
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
 

More from AfiqEfendy Zaen

Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
AfiqEfendy Zaen
 
10. cash flow in capital budgeting
10. cash flow in capital budgeting10. cash flow in capital budgeting
10. cash flow in capital budgeting
AfiqEfendy Zaen
 
10. short term financial planning
10. short term financial planning10. short term financial planning
10. short term financial planning
AfiqEfendy Zaen
 
9. cost of capital
9. cost of capital9. cost of capital
9. cost of capital
AfiqEfendy Zaen
 
8. stock valuation
8. stock valuation8. stock valuation
8. stock valuation
AfiqEfendy Zaen
 
6. risk return
6. risk return6. risk return
6. risk return
AfiqEfendy Zaen
 
6. bond valuation
6. bond valuation6. bond valuation
6. bond valuation
AfiqEfendy Zaen
 
4. time value of money
4. time value of money4. time value of money
4. time value of money
AfiqEfendy Zaen
 
3 financial ratio
3 financial ratio3 financial ratio
3 financial ratio
AfiqEfendy Zaen
 
2. financial statement cash flow
2. financial statement cash flow2. financial statement cash flow
2. financial statement cash flow
AfiqEfendy Zaen
 

More from AfiqEfendy Zaen (10)

Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 
10. cash flow in capital budgeting
10. cash flow in capital budgeting10. cash flow in capital budgeting
10. cash flow in capital budgeting
 
10. short term financial planning
10. short term financial planning10. short term financial planning
10. short term financial planning
 
9. cost of capital
9. cost of capital9. cost of capital
9. cost of capital
 
8. stock valuation
8. stock valuation8. stock valuation
8. stock valuation
 
6. risk return
6. risk return6. risk return
6. risk return
 
6. bond valuation
6. bond valuation6. bond valuation
6. bond valuation
 
4. time value of money
4. time value of money4. time value of money
4. time value of money
 
3 financial ratio
3 financial ratio3 financial ratio
3 financial ratio
 
2. financial statement cash flow
2. financial statement cash flow2. financial statement cash flow
2. financial statement cash flow
 

Recently uploaded

The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
heathfieldcps1
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
Nguyen Thanh Tu Collection
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching AptitudeUGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
S. Raj Kumar
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
Celine George
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
Dr. Shivangi Singh Parihar
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxBeyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
EduSkills OECD
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
Dr. Mulla Adam Ali
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
GeorgeMilliken2
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
paigestewart1632
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
mulvey2
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
Celine George
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
haiqairshad
 

Recently uploaded (20)

The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
 
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching AptitudeUGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxBeyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
 

Basic Security Chapter 1

  • 1. TOPIC 1TOPIC 1 Basic Security ConceptsBasic Security Concepts
  • 2. INTRODUCTIONINTRODUCTION  What is security?What is security? Security is about the protection of assets.Security is about the protection of assets. - Computer-related assets.- Computer-related assets. Computing system :- hardware, software,Computing system :- hardware, software, storage media, data and people.storage media, data and people.  Principle of Easiest PenetrationPrinciple of Easiest Penetration Intruder must be expected to use allIntruder must be expected to use all available means of penetration. Use theavailable means of penetration. Use the ‘weakest point’.‘weakest point’.
  • 3. INTRODUCTIONINTRODUCTION  There are 3 classification of protection:There are 3 classification of protection: – PreventionPrevention: take measures that prevent your: take measures that prevent your assets from being damaged.assets from being damaged. – DetectionDetection: take measures that allow you to: take measures that allow you to detect when an asset has been damageddetect when an asset has been damaged – ReactionReaction: take measures that allow you to: take measures that allow you to recover your assets or to recover from damagerecover your assets or to recover from damage to your assets.to your assets.
  • 4.  Example from physical world:Example from physical world: – PreventionPrevention: locks at the door or window bars,: locks at the door or window bars, wall around the propertywall around the property – DetectionDetection: you detect when something has been: you detect when something has been stolen if it is no longer there, a burglar alarmstolen if it is no longer there, a burglar alarm goes on when break-in occurs, cctv providegoes on when break-in occurs, cctv provide information that allows you to identify intrudersinformation that allows you to identify intruders – ReactionReaction: you can call the police or you may: you can call the police or you may decide to replace the stolen itemdecide to replace the stolen item INTRODUCTIONINTRODUCTION
  • 5. INTRODUCTIONINTRODUCTION  Example from cyber world: consider credit card fraudExample from cyber world: consider credit card fraud cases.cases. – PreventionPrevention: use encryption when placing an order,: use encryption when placing an order, rely on the merchant to perform some checks on therely on the merchant to perform some checks on the caller before accepting a credit card order or don’tcaller before accepting a credit card order or don’t use credit card number on the Internet.use credit card number on the Internet. – DetectionDetection: a transaction that you had not authorized: a transaction that you had not authorized appears on your credit card statements.appears on your credit card statements. – ReactionReaction: you can ask for new credit card number,: you can ask for new credit card number, the cost of the fraudulent may be recovered by thethe cost of the fraudulent may be recovered by the card holder or the merchant where the fraudster hadcard holder or the merchant where the fraudster had made the purchase or the credit card issuer.made the purchase or the credit card issuer.
  • 6. SECURITY GOALS SECURITY GOALS INTEGRITY: An assets can be modified only by authorized or only in authorized ways. CONFIDENTIALITY: an assets of computing systems are available only by authorized parties (also known as secrecy). AVAILABILITY : An assets are accessible to authorized parties when needed without any delay.
  • 7. SECURITY THREATS INTERRUPTION: An asset of the system is destroyed or become unavailable or unusable – attack on AVAILABILTY INTERCEPTION: An unauthorized party (program, person, computer) gains access to an asset – attack on CONFIDENTIALITY MODIFICATION: An unauthorized party not only gain access to but tampers with an assets – attack on INTEGRITY FABRICATION: An unauthorized party insert counterfeit objects into the system – an attack on AUTHENTICITY
  • 9. Examples of security threats/attacks:Examples of security threats/attacks: Interruption ~ destruction of piece of hardware (hard disk) ~ cutting of communication line or ~ disabling of the file management system Interception ~ wiretapping ~ illicit copy of files or programs Modification ~ changing values in data file, ~ altering a program so that it performs differently, ~ modifying the content of messages being transmitted in a network. Fabrication ~ addition of records to a file, ~ insertion of spurious messages in a network
  • 10. VulnerabilitiesVulnerabilities VulnerabilitiesVulnerabilities : a weaknesses in the: a weaknesses in the securitysecurity systemsystem that might be exploited to causethat might be exploited to cause loss or harm.loss or harm.
  • 12. VulnerabilitiesVulnerabilities Threats to Hardware • involuntary machine-slaughter: accidental acts not intended to do serious damage. • voluntary machine-slaughter: intended to do harm Threats to Software • deletion • modification – trojan horse, virus, trapdoor, logic bomb • theft - piracy
  • 13. VulnerabilitiesVulnerabilities Threats to Data • loss of data •interception • modification • fabrication Threats to other exposed assets • storage media – consider backups • networks – very expose medium, access from distant • access – steal computer time, denial of service • key people – disgruntled employees
  • 14. Methods of DefenseMethods of Defense Encryption provides ~ confidentiality for data ~ integrity ~ basis for protocol SOFTWARE/HARDWARE CONTROLSENCRYPTION POLICIES Software controls: ~ Internal program controls ~ Operating system controls ~ Development controls Hardware controls: ~ hardware devices : - smartcard (encryption) - circuit board ctrl disk drives in PCs~ frequent changes of password ~ training Legal and ethical controls ~ codes of ethics ~ locks of doors ~ backup copies of important s/w and data ~ physical site planning (reduce natural disasters) PHYSICAL CONTROLS METHODS OF DEFENSE METHODS OF DEFENSE
  • 15. Who are the people?Who are the people?  AmateursAmateurs:: not career criminal but normal people who observe a flaw in a security system – have access to something valuable.  Crackers: may be university or high school students who attempt to access computing facilities for which they have not been authorized.  Career criminal: understands the targets of computer crime, international groups, electronic spies, information brokers.  Hackers: someone with deep knowledge and interest in operating systems or multiple OS. Do not attempt to intentionally break any system (non- malicious).
  • 16. How to makes a systemHow to makes a system secure?secure? There are four methods how computer security provideThere are four methods how computer security provide protection:protection: (1)(1) System Access ControlSystem Access Control : ensuring that unauthorized: ensuring that unauthorized users don’t get into the system.users don’t get into the system. (2)(2) Data Access ControlData Access Control : monitoring who can access: monitoring who can access what data and for what purposes.what data and for what purposes. (3)(3) System and Security AdministrationSystem and Security Administration : performing: performing certain procedures (system administrator’s responsibilities orcertain procedures (system administrator’s responsibilities or training users appropriately)training users appropriately) (4)(4) System DesignSystem Design: Taking advantage of basic hardware: Taking advantage of basic hardware and software security characteristics.and software security characteristics.
  • 17. System Access ControlSystem Access Control  The first way in which system provides computerThe first way in which system provides computer security is by controlling access to that system:security is by controlling access to that system: – Who’s allowed to log in?Who’s allowed to log in? – How does the system decide whether a user is legitimate?How does the system decide whether a user is legitimate?  Identification and authentication provides theIdentification and authentication provides the above.above.
  • 18. Identification & AutheticationIdentification & Authetication  IdentificationIdentification tells the system who you aretells the system who you are  AuthenticationAuthentication proves to the system that you areproves to the system that you are who you are.who you are.  There are 3 ways to prove ourselves:There are 3 ways to prove ourselves: – Something you knowSomething you know – Something you haveSomething you have – Something you areSomething you are System Access ControlSystem Access Control
  • 19. e.g.: password ~ you know the password, you the owner IDENTIFICATION & AUTHENTICATION IDENTIFICATION & AUTHENTICATION SOMETHING YOU HAVE SOMETHING YOU KNOW SOMETHING YOU ARE e.g.: tokens, keys & smart cards ~ you have the key, you must be the owner of it e.g: fingerprints, retina pattern, handprint etc.
  • 20. Username and PasswordUsername and Password  Typical first line of defenseTypical first line of defense  User name (Login ID) – identificationUser name (Login ID) – identification  Password – authenticationPassword – authentication  Login will succeed if you entered a valid user nameLogin will succeed if you entered a valid user name and corresponding password.and corresponding password. System Access ControlSystem Access Control
  • 21.  User plays an important role inUser plays an important role in password protection – authenticationpassword protection – authentication is compromised when you gave awayis compromised when you gave away your own password by telling others.your own password by telling others. Common threats on password:Common threats on password: – Password guessing: exhaustive searchPassword guessing: exhaustive search and intelligent searchand intelligent search – Password spoofingPassword spoofing – Compromise of the password fileCompromise of the password file System Access ControlSystem Access Control
  • 22.  How we can defend password security:How we can defend password security: – Compulsory to set a passwordCompulsory to set a password – Change default passwordChange default password – Password lengthPassword length – Password formatPassword format – Avoid obvious passwordsAvoid obvious passwords  How system help to improve password security:How system help to improve password security: – Password checkersPassword checkers – Password generationPassword generation – Password ageingPassword ageing – Limit login attemptsLimit login attempts – Inform usersInform users System Access ControlSystem Access Control
  • 23. Data Access ControlData Access Control  On the most elementary level, a subjectOn the most elementary level, a subject may observe an object or alter an object,may observe an object or alter an object, therefore the common access modes aretherefore the common access modes are defined as below:defined as below: – Observe: look at the contents of an objectObserve: look at the contents of an object – Change: change the contents of an objectChange: change the contents of an object
  • 24. Data Access ControlData Access Control Observe Change execute append read write √ √ √ √ Access rights in the Bell-LaPadula model {execute, read, write} Alice Bill bill.doc edit.exe fun.com {read, write} {execute} {execute} {execute, read} - An access control matrix
  • 25. Effectiveness of ControlsEffectiveness of Controls  Awareness of ProblemsAwareness of Problems : people will cooperate: people will cooperate with security requirements only if they understandwith security requirements only if they understand why security is appropriate in each specificwhy security is appropriate in each specific situation.situation.  Likelihood of useLikelihood of use : controls must be used to be: controls must be used to be effective – therefore it must be easy to use andeffective – therefore it must be easy to use and appropriate.appropriate.  Overlapping controlsOverlapping controls : combinations of control: combinations of control on one exposure.on one exposure.  Periodic reviewPeriodic review: ongoing task in judging the: ongoing task in judging the effectiveness of a control.effectiveness of a control.