The document discusses information and network security, focusing on the definitions of threats and attacks as well as their implications. It highlights three key aspects of information security: security attacks, security mechanisms, and security services, detailing how they interact and the challenges posed by modern security threats. The document also emphasizes the need for organizations to adopt scalable, multi-layered cloud security solutions in response to evolving vulnerabilities and attacks.

1. Information and Network Security:
Prof Neeraj Bhargava
Vaibhav Khanna
Department of Computer Science
School of Engineering and Systems Sciences
Maharshi Dayanand Saraswati University Ajmer

2. Threat
• In the literature, the terms threat and attack are commonly used
to mean more or less the same thing. Table 1.1 provides
definitions taken from RFC 2828, Internet Security Glossary.
• Threat - A potential for violation of security, which exists when
there is a circumstance, capability, action, or event that could
breach security and cause harm. That is, a threat is a possible
danger that might exploit a vulnerability.

3. Attack
• Attack - An assault on system security that derives from an
intelligent threat; that is, an intelligent act that is a deliberate
attempt (especially in the sense of a method or technique) to
evade security services and violate the security policy of a
system.

4. Aspects of Security
• consider 3 aspects of information security:
• security attack
• security mechanism
• security service
• note terms
• threat – a potential for violation of security
• attack – an assault on system security, a deliberate attempt to evade security
services

5. Security attack
• The OSI security architecture focuses on security attacks, mechanisms, and services.
These can be defined briefly as follows:
• • Security attack: Any action that compromises the security of information owned by an
organization.
• Network security attacks are unauthorized actions against private, corporate or
governmental IT assets in order to destroy them, modify them or steal sensitive data.
• As more enterprises invite employees to access data from mobile devices, networks
become vulnerable to data theft or total destruction of the data or network.

6. Security mechanism
• • Security mechanism: A process (or a device incorporating
such a process) that is designed to detect, prevent, or recover
from a security attack.
• • Previously, organizations would attempt to prevent network
attacks by using network security tools such as firewalls or
intrusion detection systems. While these still have their place,
they are no match for modern day security attacks,

7. Security mechanism
• for example modern Distributed Denial of Service (DDoS)
attacks, as these attack on a much deeper level.
• These traditional perimeter-based solutions rely on a “castle
and moat” method whereby anybody who manages to penetrate
the network is automatically trusted, rather than authenticated
before entering. These may introduce new threats due to
improper configuration is sub-standard patching.

8. Security mechanism
• Enterprises may also carry out vulnerability management and
penetration testing. These help to meet compliance
requirements and help to address gaps in information security,
but they are very resource consuming. For a fully scalable,
multi-layered defense solution, companies should invest in
cloud security solutions.

9. Security service
• Security service: A processing or communication service that
enhances the security of the data processing systems and the
information transfers of an organization. The services are
intended to counter security attacks, and they make use of one
or more security mechanisms to provide the service.

10. Assignment
• Explain the 3 aspects of information security security attack, security
mechanism and security service