This document defines key terms related to computer, network, and internet security. It discusses three main aspects of information security: security attacks, security mechanisms, and security services. Security attacks are any actions that compromise security, security mechanisms are used to detect, prevent, and recover from attacks, and security services enhance security of data processing and transfer. The document also classifies security attacks as either passive (like interception) or active (like modification), and presents a model for network access security using gatekeeper functions to identify users and controls to authorize access.
2. 2
Definitions
Computer Security - generic name for the
collection of tools designed to protect data
and to prevent hackers.
Network Security - measures to protect
data during transmission across the
network.
Internet Security - measures to protect
data during their transmission over a
collection of interconnected networks.
3. 3
Attacks, Mechanisms and Services
Need a systematic way to define
requirements for security and characterizing
the approaches to satisfy those requirements
Three aspects of information security:
security attack
security mechanism
security service
4. 4
Security Attacks: Any Action that compromises the security
of the information.
Security mechanism: the mechanism that be used to Detect,
prevent and recover from a security attack.
Security Services: the Services that Enhances the security of
data processing and transferring.
Attacks, Mechanisms and Services
6. 6
Security Mechanism
a mechanism that is designed to detect,
prevent, or recover from a security attack
no single mechanism that will support all
functions required
however one particular element underlies
many of the security mechanisms in use:
cryptographic techniques
10. 10
Classify Security Attacks as
Passive attacks – Difficult to detect, because
alteration of data is not involved
(Interception Attack)
Release of message contents
monitor traffic flows
Active attacks – Modification of data stream
(Interruption, modification, fabrication)
masquerade of one entity as some other
replay previous messages
modify messages on transit
denial of service
20. 20
Model for Network Access Security
using this model requires us to:
select appropriate gatekeeper functions to
identify users
Gatekeeping is the process through which
information is filtered for dissemination.
implement security controls to ensure only
authorised users access designated information
or resources
trusted computer systems can be used to
implement this model