SlideShare a Scribd company logo

chapter 1 security.ppt

Download as PPT, PDF
G
girmawodajo

Computer security for computer science students

Technology
1 of 47
Computer security (Itec… 3CrHr) Department of Computer Science Admas university Mekanisa campus Set by: HabtamuB.
Computer Security and Privacy “The most secure computers are those not connected to the Internet and shielded from any interference”
Computer Security and Privacy Computer security is about provisions and policies adopted to protect information and property from theft, corruption, or natural disaster while allowing the information and property to remain accessible and productive to its intended users.
Computer Security and Privacy Network security on the other hand deals with provisions and policies adopted to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network- accessible resources. Internet Not Sufficient!!
Computer Security and Privacy Elements of Security Integrity Confidentiality Availaibility
Spoofing Attack Brut Force Attack: Malware Attack: Virus/Worm Attack SMURF Attack: SYN Attack Trojan Horse Logic Bomb Ping of Death Packet Sniffing Eavesdropping Cracking Session Hijacking War Dialing DoS/DDoS Blackout/ Brownout Serge/Spike Traffic Analysis Wire Tapping Assignment: • Form a group of Three. • Read about these security attack related keywords and write a five page (maximum) summary of your findings including any recorded history of significant damages created by these attacks. • Send your report by email in word format after two weeks (Use your names as the file name:shew.admas2010@gmail.com). • Bonus: While reading, if you find keywords other than these, send them on the second page of your report. • Finally prepare for presentation. Computer Security and Privacy
Course Outline 1.Fundamentals of computer security & privacy  Overview: history, vulnerabilities, countermeasures, physical security 2.Computer security attacks/threats  Viruses, Worms, Trojan horses, Crackers, Spy-wares … 3.Cryptography and Encryption Techniques 4.Network security concepts and mechanisms  Transport and Application layer security, IP security, … 5.Security mechanisms and techniques  Authentication, access control, firewall, … 6.Secure system planning and administration  Analysing risks, planning, policies and procedures 7.Information Security  Legal, ethical and policy issues
References 1. Computer security basics, D. Russel and G. Gangemi 2. Security Complete, BPB Publications 3. Computer Security Fundamentals, Chuck Easttom 4. Network Security Essentials, W. Stallings 5. Effective Physical Security, Lawrence Fennelly 6. Information Security Policies and Procedures, Thomas R. Peltier 7. Physical Security for IT, Erbschloe Michael 8. Computer Security: Art and Science, Matt Bishop 9. Computer Security, Dicter Gouman, John Wiley & Sons 10. Computer Security: Art and Science, Mathew Bishop, Addison-Wesley 11. Principles of Information Security, Whitman, Thomson. 12. Network security, Kaufman, Perl man and Speciner, Pearson Education. 13. Cryptography and Network Security, 5th Edition William Stallings, Pearson Education 14. Introduction to Cryptography, Buchmann, Springer.
Computer Security and Privacy/ Overview Security: The prevention and protection of computer assets from unauthorized access, use, alteration, degradation, destruction, and other threats. Privacy: The right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information. Security/Privacy Threat: Any person, act, or object that poses a danger to computer security/privacy. Definitions
Computer Security and Privacy/Attacks Prevention oTo prevent someone from violating a security policy Detection: oTo detect activities in violation of a security policy oVerify the efficacy of the prevention mechanism Recovery oStop policy violations (attacks) oAssess and repair damage oEnsure availability in presence of an ongoing attack oFix vulnerabilities for preventing future attack. oRetaliation against the attacker Goals of Security
Computer Security and Privacy/Attacks Interruption: An attack on availability  E.g. DOS Attack Interception: An attack on confidentiality  E.g. Eyes dropper Modification: An attack on integrity  E.g. Hacker Fabrication: An attack on authenticity  E.g. Man in the middle (MITM) Repudiation of origin: False denial that an entity created something. Categories of Attacks(Common security attacks)
Computer Security and Privacy/Attacks Disclosure: Disclosure: unauthorized access to information oSpoofing Deception: acceptance of false data. oModification, masquerading/spoofing, repudiation of origin, denial of receipt. oModification Disruption: interruption/prevention of correct interruption/prevention of correct operation oModification Usurpation: Usurpation: unauthorized control of a system unauthorized control of a system component oModification, masquerading/spoofing, delay, denial of service Classes of Threats (Shirley)
Computer Security and Privacy/Attacks Categories of Attacks/Threats (W. Stallings) Normal flow of information Interruption Interception Modification Fabrication Source Destination Attack
Computer Security and Privacy/Vulnerabilities Physical vulnerabilities (Ex. Buildings) Natural vulnerabilities (Ex. Earthquake) Hardware and Software vulnerabilities (Ex. Failures) Media vulnerabilities (Ex. Disks can be stolen) Communication vulnerabilities (Ex. Wires can be tapped) Human vulnerabilities (Ex. Insiders) Types of Vulnerabilities
Computer Security and Privacy/ Countermeasures Computer security controls Authentication (Password, Cards, Biometrics) (What we know, have, are!) Encryption Auditing Administrative procedures Standards Certifications Physical Security Laws
Computer Security and Privacy/ The Human Factor The human factor is an important component of computer security Some organizations view technical solutions as “their solutions” for computer security. However:  Technology is fallible (imperfect)  Ex. UNIX holes that opened the door for Morris worm  The technology may not be appropriate  Ex. It is difficult to define all the security requirements and find a solution that satisfies those requirements  Technical solutions are usually (very) expensive  Ex. Antivirus purchased by ETC to protect its Internet services  Given all these, someone, a human, has to implement the solution
Computer Security and Privacy/ The Human Factor Competence of the security staff Ex. Crackers may know more than the security team Understanding and support of management Ex. Management does not want to spend money on security Staff’s discipline to follow procedures Ex. Staff members choose simple passwords Staff members may not be trustworthy Ex. Bank theft
Computer Security and Privacy/ Physical Security “The most robustly secured computer that is left sitting unattended in an unlocked room is not at all secure !!” [Chuck Easttom]
Computer Security and Privacy/ Physical Security Physical security protects your physical computer facility (your building, your computer room, your computer, your disks and other media) [Chuck Easttom]. Physical security is the use of physical controls to protect premises, site, facility, building or other physical asset of an organization [Lawrence Fennelly]
Computer Security and Privacy/ Physical Security In the early days of computing physical security was simple because computers were big, standalone, expensive machines It is almost impossible to move them (not portable) They were very few and it is affordable to spend on physical security for them Management was willing to spend money Everybody understands and accepts that there is restriction
Computer Security and Privacy/ Physical Security => Physical security is much more difficult to achieve today than some decades ago
Computer Security and Privacy/ Physical Security Natural Disasters  Fire and smoke  Fire can occur anywhere  Solution – Minimize risk Good policies: NO SMOKING, etc.. Fire extinguisher, good procedure and training Fireproof cases (and other techniques) for backup tapes Fireproof doors  Climate  Heat  Direct sun  Humidity Threats and vulnerabilities
Computer Security and Privacy/ Physical Security Natural Disasters …  Hurricane, storm, cyclone  Earthquakes  Water  Flooding can occur even when a water tab is not properly closed  Electric supply  Voltage fluctuation Solution: Voltage regulator  Lightning Threats and vulnerabilities … Solution  Avoid having servers in areas often hit by Natural Disasters!
Computer Security and Privacy/ Physical Security People Intruders Internal Thieves  Thieves  People who have been given access unintentionally by the insiders  Employees, contractors, etc. who have access to the facilities External thieves  Portable computing devices can be stolen outside the organization’s premises Loss of a computing device Mainly laptop Threats and vulnerabilities …
Computer Security and Privacy/ Physical Security Safe area Safe area often is a locked place where only authorized personnel can have access Organizations usually have safe area for keeping computers and related devices
Computer Security and Privacy/ Physical Security Is the area inaccessible through other openings (window, roof-ceilings, ventilation hole, etc.)? Design of the building with security in mind Know the architecture of your building Safe area … Challenges During opening hours, is it always possible to detect when unauthorized person tries to get to the safe area? Surveillance/guards, video-surveillance, automatic- doors with security code locks, alarms, etc. Put signs so that everybody sees the safe area
Computer Security and Privacy/ Physical Security Are the locks reliable?  The effectiveness of locks depends on the design, manufacture, installation and maintenance of the keys!  Among the attacks on locks are:  Illicit keys Duplicate keys Avoid access to the key by unauthorized persons even for a few seconds Change locks/keys frequently Key management procedure Lost keys Notify responsible person when a key is lost There should be no label on keys  Circumventing of the internal barriers of the lock Directly operating the bolt completely bypassing the locking mechanism which remains locked  Forceful attacks: Punching, Drilling, Hammering, etc. Safe area…Locks
Computer Security and Privacy/ Physical Security Surveillance with guards The most common in Ethiopia Not always the most reliable since it adds a lot of human factor Not always practical for users (employees don’t like to be questioned by guards wherever they go) Safe area… Surveillance
Computer Security and Privacy/ Physical Security Safe area… Surveillance Surveillance with video  Uses Closed Circuit Television (CCTV)  Started in the 1960s  Become more and more popular with the worldwide increase of theft and terrorism  Advantages  A single person can monitor more than one location  The intruder doesn’t see the security personnel  It is cheaper after the initial investment  It can be recorded and be used for investigation  Since it can be recorded the security personnel is more careful  Today’s digital video-surveillance can use advanced techniques such as face recognition to detect terrorists, wanted people, etc.  Drawback  Privacy concerns
Computer Security and Privacy/ Physical Security Choose employees carefully Personal integrity should be as important a factor in the hiring process as technical skills Create an atmosphere in which the levels of employee loyalty, morale, and job satisfaction are high Remind employees, on a regular basis, of their continuous responsibilities to protect the organization’s information Internal Human factor - Personnel
Computer security/ Attacks & Threats A computer security threat is any person, act, or object that poses a danger to computer security Computer world is full of threats! … refer to the first assignment… And so is the real world! Thieves, pick-pockets, burglars, murderers, drunk drivers, …
Computer security/ Attacks & Threats What is the right attitude?  To do what you do in real life What do you do in real life?  You learn about the threats  What are the threats  How can these threats affect you  What is the risk for you to be attacked by these threats  How you can protect yourself from these risks  How much does the protection cost  What you can do to limit the damage in case you are attacked  How you can recover in case you are attacked  Then, you protect yourself in order to limit the risk but to continue to live your life You need to do exactly the same thing with computers!
Computer security/ Attacks & Threats Types of Threats/Attacks … (Chuck Eastom) Hacking Attack: Any attempt to gain unauthorized access to your system Denial of Service (DoS) Attack Blocking access from legitimate users Physical Attack: Stealing, breaking or damaging of computing devices
Computer security/ Attacks & Threats Malware Attack: A generic term for software that has malicious purpose Examples Viruses Trojan horses Spy-wares New ones: Spam/scam, identity theft, e-payment frauds, etc. Types of Threats/Attacks (Chuck Eastom)
Computer security/Threats Viruses “A small program that replicates and hides itself inside other programs usually without your knowledge.” Symantec Similar to biological virus: Replicates and Spreads Malware Attack: Worms An independent program that reproduces by copying itself from one computer to another It can do as much harm as a virus It often creates denial of service
Computer security/Threats Trojan horses (Ancient Greek tale of the city of Troy and the wooden horse) - ?? Secretly downloading a virus or some other type of mal- ware on to your computers. Spy-wares “A software that literally spies on what you do on your computer.” Example: Simple Cookies and Key Loggers Malware Attack…
Computer security/Threats Infection mechanisms First, the virus should search for and detect objects to infect Installation into the infectable object Writing on the boot sector Add some code to executable programs Add some code to initialization/auto-executable programs … Most software based attacks are commonly called Viruses: How do viruses work?
Computer security/Threats Trigger mechanism Date Number of infections First use How do viruses work? … Effects: It can be anything A message Deleting files Formatting disk Overloading processor/memory Etc.
Computer security/Threats Adolescents Ethically normal and of average/above average intelligence. Tended to understand the difference between what is right and wrong Typically do not accept any responsibility for problems caused Who Writes Virus
Computer security/Threats The College Student Ethically normal Are not typically concerned about the results of their actions related to their virus writing Who Writes Virus … The Adult (smallest category) Ethically abnormal
Computer security/Threats Three categories Scanners Activity monitors Change detection software Anti-Virus There are Generic solutions Ex. Integrity checking Virus specific solution Ex. Looking for known viruses
Types of Antivirus 1. AVG(Anti Virus Garden) the first most popular anti virus software It can download freely from internet 2. MacAfee the second most popular anti virus software 3. Norton the third most popular anti virus software and it cheeks and delete virus from a computer
Computer security/Threats Functions of anti-viruses Identification of known viruses Detection of suspected viruses Blocking of possible viruses Disinfection of infected objects Deletion and overwriting of infected objects Anti-Virus …
Computer security/Threats Hacking: is any attempt to intrude or gain unauthorized access to your system either via some operating system flaw or other means. The purpose may or may not be for malicious purposes. Hackers/Intrusion Attack: Cracking: is hacking conducted for malicious purposes.
Computer security/Threats DoS Attack: is blocking access of legitimate users to a service. Denial of Service (DoS) Attack: Distributed DoS Attack: is accomplished by tricking routers into attacking a target or using Zumbie hosts to simultaneously attack a given target with large number of packets.
Computer security/Threats Simple illustration of DoS attack (from Easttom) C:>Ping <address of X> -l 65000 –w 0 -t Ping Ping Ping Ping Web Server X Legitimate User
chapter 1 security.ppt

Recommended

Security - Chapter 1.ppt
Security - Chapter 1.pptSecurity - Chapter 1.ppt
Security - Chapter 1.pptWorknehEdimealem
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.pptabrahamermias1
 
Chapter 1 a
Chapter 1 aChapter 1 a
Chapter 1 akibrutry
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssutRAVIKUMAR Digital Signal Processing
 
Introduction to Computer Security.ppt
Introduction to Computer Security.pptIntroduction to Computer Security.ppt
Introduction to Computer Security.pptKojaSb
 
hel1.ppt
hel1.ppthel1.ppt
hel1.pptsheela631571
 
hel1.ppt
hel1.ppthel1.ppt
hel1.pptssuserfdf7272
 

Recommended

Security - Chapter 1.ppt
Security - Chapter 1.pptSecurity - Chapter 1.ppt
Security - Chapter 1.pptWorknehEdimealem
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.pptabrahamermias1
 
Chapter 1 a
Chapter 1 aChapter 1 a
Chapter 1 akibrutry
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssutRAVIKUMAR Digital Signal Processing
 
Introduction to Computer Security.ppt
Introduction to Computer Security.pptIntroduction to Computer Security.ppt
Introduction to Computer Security.pptKojaSb
 
hel1.ppt
hel1.ppthel1.ppt
hel1.pptsheela631571
 
hel1.ppt
hel1.ppthel1.ppt
hel1.pptssuserfdf7272
 
hel1.ppt
hel1.ppthel1.ppt
hel1.pptFauziRahmanWiratmadj
 
hel1.ppt
hel1.ppthel1.ppt
hel1.pptThontadharya H.J.
 
hel1.ppt
hel1.ppthel1.ppt
hel1.pptSharudinBoriak1
 
hel1 (1).ppt
hel1 (1).ppthel1 (1).ppt
hel1 (1).pptSameer Ali
 
hel1.ppt
hel1.ppthel1.ppt
hel1.pptLakshmiPrasadGutta
 
Computer security power point prsentation.ppt
Computer security power point prsentation.pptComputer security power point prsentation.ppt
Computer security power point prsentation.pptpihadar269
 
hel1.ppt
hel1.ppthel1.ppt
hel1.pptUsmanSafdar21
 
hel1.ppt
hel1.ppthel1.ppt
hel1.pptSaiyed Shahab Ahmad
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Information security
Information securityInformation security
Information securityYogeshwari M Yogi
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1123aleena
 
Chapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdfChapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdfEthioDotNetDeveloper
 
ICT-security-Lesson-4.pdf
ICT-security-Lesson-4.pdfICT-security-Lesson-4.pdf
ICT-security-Lesson-4.pdfasdfg hjkl
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)Rohana K Amarakoon
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxdesalewminale
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)Rohana K Amarakoon
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Computer Threat.pdf
Computer Threat.pdfComputer Threat.pdf
Computer Threat.pdfZaraFatima29
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPiBits
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

More Related Content

Similar to chapter 1 security.ppt

Computer security power point prsentation.ppt
Computer security power point prsentation.pptComputer security power point prsentation.ppt
Computer security power point prsentation.pptpihadar269
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1123aleena
 
ICT-security-Lesson-4.pdf
ICT-security-Lesson-4.pdfICT-security-Lesson-4.pdf
ICT-security-Lesson-4.pdfasdfg hjkl
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)Rohana K Amarakoon
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxdesalewminale
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)Rohana K Amarakoon
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Computer Threat.pdf
Computer Threat.pdfComputer Threat.pdf
Computer Threat.pdfZaraFatima29
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPiBits
 

Similar to chapter 1 security.ppt (20)

hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1 (1).ppt
hel1 (1).ppthel1 (1).ppt
hel1 (1).ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
Computer security power point prsentation.ppt
Computer security power point prsentation.pptComputer security power point prsentation.ppt
Computer security power point prsentation.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
hel1.ppt
hel1.ppthel1.ppt
hel1.ppt
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
 
Information security
Information securityInformation security
Information security
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
 
Chapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdfChapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdf
 
ICT-security-Lesson-4.pdf
ICT-security-Lesson-4.pdfICT-security-Lesson-4.pdf
ICT-security-Lesson-4.pdf
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptx
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
Computer Threat.pdf
Computer Threat.pdfComputer Threat.pdf
Computer Threat.pdf
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
 

Recently uploaded

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

chapter 1 security.ppt

  • 1. Computer security (Itec… 3CrHr) Department of Computer Science Admas university Mekanisa campus Set by: HabtamuB.
  • 2. Computer Security and Privacy “The most secure computers are those not connected to the Internet and shielded from any interference”
  • 3. Computer Security and Privacy Computer security is about provisions and policies adopted to protect information and property from theft, corruption, or natural disaster while allowing the information and property to remain accessible and productive to its intended users.
  • 4. Computer Security and Privacy Network security on the other hand deals with provisions and policies adopted to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network- accessible resources. Internet Not Sufficient!!
  • 5. Computer Security and Privacy Elements of Security Integrity Confidentiality Availaibility
  • 6. Spoofing Attack Brut Force Attack: Malware Attack: Virus/Worm Attack SMURF Attack: SYN Attack Trojan Horse Logic Bomb Ping of Death Packet Sniffing Eavesdropping Cracking Session Hijacking War Dialing DoS/DDoS Blackout/ Brownout Serge/Spike Traffic Analysis Wire Tapping Assignment: • Form a group of Three. • Read about these security attack related keywords and write a five page (maximum) summary of your findings including any recorded history of significant damages created by these attacks. • Send your report by email in word format after two weeks (Use your names as the file name:shew.admas2010@gmail.com). • Bonus: While reading, if you find keywords other than these, send them on the second page of your report. • Finally prepare for presentation. Computer Security and Privacy
  • 7. Course Outline 1.Fundamentals of computer security & privacy  Overview: history, vulnerabilities, countermeasures, physical security 2.Computer security attacks/threats  Viruses, Worms, Trojan horses, Crackers, Spy-wares … 3.Cryptography and Encryption Techniques 4.Network security concepts and mechanisms  Transport and Application layer security, IP security, … 5.Security mechanisms and techniques  Authentication, access control, firewall, … 6.Secure system planning and administration  Analysing risks, planning, policies and procedures 7.Information Security  Legal, ethical and policy issues
  • 8. References 1. Computer security basics, D. Russel and G. Gangemi 2. Security Complete, BPB Publications 3. Computer Security Fundamentals, Chuck Easttom 4. Network Security Essentials, W. Stallings 5. Effective Physical Security, Lawrence Fennelly 6. Information Security Policies and Procedures, Thomas R. Peltier 7. Physical Security for IT, Erbschloe Michael 8. Computer Security: Art and Science, Matt Bishop 9. Computer Security, Dicter Gouman, John Wiley & Sons 10. Computer Security: Art and Science, Mathew Bishop, Addison-Wesley 11. Principles of Information Security, Whitman, Thomson. 12. Network security, Kaufman, Perl man and Speciner, Pearson Education. 13. Cryptography and Network Security, 5th Edition William Stallings, Pearson Education 14. Introduction to Cryptography, Buchmann, Springer.
  • 9. Computer Security and Privacy/ Overview Security: The prevention and protection of computer assets from unauthorized access, use, alteration, degradation, destruction, and other threats. Privacy: The right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information. Security/Privacy Threat: Any person, act, or object that poses a danger to computer security/privacy. Definitions
  • 10. Computer Security and Privacy/Attacks Prevention oTo prevent someone from violating a security policy Detection: oTo detect activities in violation of a security policy oVerify the efficacy of the prevention mechanism Recovery oStop policy violations (attacks) oAssess and repair damage oEnsure availability in presence of an ongoing attack oFix vulnerabilities for preventing future attack. oRetaliation against the attacker Goals of Security
  • 11. Computer Security and Privacy/Attacks Interruption: An attack on availability  E.g. DOS Attack Interception: An attack on confidentiality  E.g. Eyes dropper Modification: An attack on integrity  E.g. Hacker Fabrication: An attack on authenticity  E.g. Man in the middle (MITM) Repudiation of origin: False denial that an entity created something. Categories of Attacks(Common security attacks)
  • 12. Computer Security and Privacy/Attacks Disclosure: Disclosure: unauthorized access to information oSpoofing Deception: acceptance of false data. oModification, masquerading/spoofing, repudiation of origin, denial of receipt. oModification Disruption: interruption/prevention of correct interruption/prevention of correct operation oModification Usurpation: Usurpation: unauthorized control of a system unauthorized control of a system component oModification, masquerading/spoofing, delay, denial of service Classes of Threats (Shirley)
  • 13. Computer Security and Privacy/Attacks Categories of Attacks/Threats (W. Stallings) Normal flow of information Interruption Interception Modification Fabrication Source Destination Attack
  • 14. Computer Security and Privacy/Vulnerabilities Physical vulnerabilities (Ex. Buildings) Natural vulnerabilities (Ex. Earthquake) Hardware and Software vulnerabilities (Ex. Failures) Media vulnerabilities (Ex. Disks can be stolen) Communication vulnerabilities (Ex. Wires can be tapped) Human vulnerabilities (Ex. Insiders) Types of Vulnerabilities
  • 15. Computer Security and Privacy/ Countermeasures Computer security controls Authentication (Password, Cards, Biometrics) (What we know, have, are!) Encryption Auditing Administrative procedures Standards Certifications Physical Security Laws
  • 16. Computer Security and Privacy/ The Human Factor The human factor is an important component of computer security Some organizations view technical solutions as “their solutions” for computer security. However:  Technology is fallible (imperfect)  Ex. UNIX holes that opened the door for Morris worm  The technology may not be appropriate  Ex. It is difficult to define all the security requirements and find a solution that satisfies those requirements  Technical solutions are usually (very) expensive  Ex. Antivirus purchased by ETC to protect its Internet services  Given all these, someone, a human, has to implement the solution
  • 17. Computer Security and Privacy/ The Human Factor Competence of the security staff Ex. Crackers may know more than the security team Understanding and support of management Ex. Management does not want to spend money on security Staff’s discipline to follow procedures Ex. Staff members choose simple passwords Staff members may not be trustworthy Ex. Bank theft
  • 18. Computer Security and Privacy/ Physical Security “The most robustly secured computer that is left sitting unattended in an unlocked room is not at all secure !!” [Chuck Easttom]
  • 19. Computer Security and Privacy/ Physical Security Physical security protects your physical computer facility (your building, your computer room, your computer, your disks and other media) [Chuck Easttom]. Physical security is the use of physical controls to protect premises, site, facility, building or other physical asset of an organization [Lawrence Fennelly]
  • 20. Computer Security and Privacy/ Physical Security In the early days of computing physical security was simple because computers were big, standalone, expensive machines It is almost impossible to move them (not portable) They were very few and it is affordable to spend on physical security for them Management was willing to spend money Everybody understands and accepts that there is restriction
  • 21. Computer Security and Privacy/ Physical Security => Physical security is much more difficult to achieve today than some decades ago
  • 22. Computer Security and Privacy/ Physical Security Natural Disasters  Fire and smoke  Fire can occur anywhere  Solution – Minimize risk Good policies: NO SMOKING, etc.. Fire extinguisher, good procedure and training Fireproof cases (and other techniques) for backup tapes Fireproof doors  Climate  Heat  Direct sun  Humidity Threats and vulnerabilities
  • 23. Computer Security and Privacy/ Physical Security Natural Disasters …  Hurricane, storm, cyclone  Earthquakes  Water  Flooding can occur even when a water tab is not properly closed  Electric supply  Voltage fluctuation Solution: Voltage regulator  Lightning Threats and vulnerabilities … Solution  Avoid having servers in areas often hit by Natural Disasters!
  • 24. Computer Security and Privacy/ Physical Security People Intruders Internal Thieves  Thieves  People who have been given access unintentionally by the insiders  Employees, contractors, etc. who have access to the facilities External thieves  Portable computing devices can be stolen outside the organization’s premises Loss of a computing device Mainly laptop Threats and vulnerabilities …
  • 25. Computer Security and Privacy/ Physical Security Safe area Safe area often is a locked place where only authorized personnel can have access Organizations usually have safe area for keeping computers and related devices
  • 26. Computer Security and Privacy/ Physical Security Is the area inaccessible through other openings (window, roof-ceilings, ventilation hole, etc.)? Design of the building with security in mind Know the architecture of your building Safe area … Challenges During opening hours, is it always possible to detect when unauthorized person tries to get to the safe area? Surveillance/guards, video-surveillance, automatic- doors with security code locks, alarms, etc. Put signs so that everybody sees the safe area
  • 27. Computer Security and Privacy/ Physical Security Are the locks reliable?  The effectiveness of locks depends on the design, manufacture, installation and maintenance of the keys!  Among the attacks on locks are:  Illicit keys Duplicate keys Avoid access to the key by unauthorized persons even for a few seconds Change locks/keys frequently Key management procedure Lost keys Notify responsible person when a key is lost There should be no label on keys  Circumventing of the internal barriers of the lock Directly operating the bolt completely bypassing the locking mechanism which remains locked  Forceful attacks: Punching, Drilling, Hammering, etc. Safe area…Locks
  • 28. Computer Security and Privacy/ Physical Security Surveillance with guards The most common in Ethiopia Not always the most reliable since it adds a lot of human factor Not always practical for users (employees don’t like to be questioned by guards wherever they go) Safe area… Surveillance
  • 29. Computer Security and Privacy/ Physical Security Safe area… Surveillance Surveillance with video  Uses Closed Circuit Television (CCTV)  Started in the 1960s  Become more and more popular with the worldwide increase of theft and terrorism  Advantages  A single person can monitor more than one location  The intruder doesn’t see the security personnel  It is cheaper after the initial investment  It can be recorded and be used for investigation  Since it can be recorded the security personnel is more careful  Today’s digital video-surveillance can use advanced techniques such as face recognition to detect terrorists, wanted people, etc.  Drawback  Privacy concerns
  • 30. Computer Security and Privacy/ Physical Security Choose employees carefully Personal integrity should be as important a factor in the hiring process as technical skills Create an atmosphere in which the levels of employee loyalty, morale, and job satisfaction are high Remind employees, on a regular basis, of their continuous responsibilities to protect the organization’s information Internal Human factor - Personnel
  • 31. Computer security/ Attacks & Threats A computer security threat is any person, act, or object that poses a danger to computer security Computer world is full of threats! … refer to the first assignment… And so is the real world! Thieves, pick-pockets, burglars, murderers, drunk drivers, …
  • 32. Computer security/ Attacks & Threats What is the right attitude?  To do what you do in real life What do you do in real life?  You learn about the threats  What are the threats  How can these threats affect you  What is the risk for you to be attacked by these threats  How you can protect yourself from these risks  How much does the protection cost  What you can do to limit the damage in case you are attacked  How you can recover in case you are attacked  Then, you protect yourself in order to limit the risk but to continue to live your life You need to do exactly the same thing with computers!
  • 33. Computer security/ Attacks & Threats Types of Threats/Attacks … (Chuck Eastom) Hacking Attack: Any attempt to gain unauthorized access to your system Denial of Service (DoS) Attack Blocking access from legitimate users Physical Attack: Stealing, breaking or damaging of computing devices
  • 34. Computer security/ Attacks & Threats Malware Attack: A generic term for software that has malicious purpose Examples Viruses Trojan horses Spy-wares New ones: Spam/scam, identity theft, e-payment frauds, etc. Types of Threats/Attacks (Chuck Eastom)
  • 35. Computer security/Threats Viruses “A small program that replicates and hides itself inside other programs usually without your knowledge.” Symantec Similar to biological virus: Replicates and Spreads Malware Attack: Worms An independent program that reproduces by copying itself from one computer to another It can do as much harm as a virus It often creates denial of service
  • 36. Computer security/Threats Trojan horses (Ancient Greek tale of the city of Troy and the wooden horse) - ?? Secretly downloading a virus or some other type of mal- ware on to your computers. Spy-wares “A software that literally spies on what you do on your computer.” Example: Simple Cookies and Key Loggers Malware Attack…
  • 37. Computer security/Threats Infection mechanisms First, the virus should search for and detect objects to infect Installation into the infectable object Writing on the boot sector Add some code to executable programs Add some code to initialization/auto-executable programs … Most software based attacks are commonly called Viruses: How do viruses work?
  • 38. Computer security/Threats Trigger mechanism Date Number of infections First use How do viruses work? … Effects: It can be anything A message Deleting files Formatting disk Overloading processor/memory Etc.
  • 39. Computer security/Threats Adolescents Ethically normal and of average/above average intelligence. Tended to understand the difference between what is right and wrong Typically do not accept any responsibility for problems caused Who Writes Virus
  • 40. Computer security/Threats The College Student Ethically normal Are not typically concerned about the results of their actions related to their virus writing Who Writes Virus … The Adult (smallest category) Ethically abnormal
  • 41. Computer security/Threats Three categories Scanners Activity monitors Change detection software Anti-Virus There are Generic solutions Ex. Integrity checking Virus specific solution Ex. Looking for known viruses
  • 42. Types of Antivirus 1. AVG(Anti Virus Garden) the first most popular anti virus software It can download freely from internet 2. MacAfee the second most popular anti virus software 3. Norton the third most popular anti virus software and it cheeks and delete virus from a computer
  • 43. Computer security/Threats Functions of anti-viruses Identification of known viruses Detection of suspected viruses Blocking of possible viruses Disinfection of infected objects Deletion and overwriting of infected objects Anti-Virus …
  • 44. Computer security/Threats Hacking: is any attempt to intrude or gain unauthorized access to your system either via some operating system flaw or other means. The purpose may or may not be for malicious purposes. Hackers/Intrusion Attack: Cracking: is hacking conducted for malicious purposes.
  • 45. Computer security/Threats DoS Attack: is blocking access of legitimate users to a service. Denial of Service (DoS) Attack: Distributed DoS Attack: is accomplished by tricking routers into attacking a target or using Zumbie hosts to simultaneously attack a given target with large number of packets.
  • 46. Computer security/Threats Simple illustration of DoS attack (from Easttom) C:>Ping <address of X> -l 65000 –w 0 -t Ping Ping Ping Ping Web Server X Legitimate User