SD
Uploaded bySachin Darekar
PPT, PDF2,962 views

Information security and Attacks

This document discusses information security and system security. It defines information, information security, and the goals of security including confidentiality, integrity and availability. It describes different types of attacks such as interruption, interception, modification and fabrication. It explains passive attacks like eavesdropping and traffic analysis, as well as active attacks including masquerade, replay, message modification, and denial of service. The document outlines why computer security is needed and covers topics like vulnerabilities, threats, and controls to protect against various security risks.

Embed presentation

Downloaded 50 times
Information Security 7/16/2021 1 System Security
7/16/2021 System Security 2
7/16/2021 System Security 3
7/16/2021 System Security 4 Data + context = Information Information + Rules = Knowledge
Information  Information is a form of knowledge that we acquire through education,communication,Practical experience , Research and Analysis.  It consists of Data, Facts and conclusions. 7/16/2021 System Security 5
Information can be  Created  Modified  Stored  Destroyed  Processed  Used (for proper and improper purposes)  Transmitted  Corrupted  Lost  stolen 7/16/2021 System Security 6
Information can be  Printed or written on paper  Stored electronically  Transmitted by post or using electronic means  Shown on corporate videos  Displayed and published on the web  Verbal or spoken in conversations 7/16/2021 System Security 7
Information Security  Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information  Information security in today’s enterprise is “well informed sense of assurance that the information risks and control are in balance  Security is a non functional requirement assumes that the system is correctly implemented according to functional requirement.  Security is a process not a product 7/16/2021 System Security 8
Various Securities  Data security  Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled.  Computer Security  The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, Malware: malicious software  includes computer viruses, worms, Trojan horses,, Network Security  protect the network and the network-accessible resources from unauthorized access, consistent and continuous monitoring and measurement of its effectiveness 9 7/16/2021 System Security
10 The Need for Computer Security  Why the need for Computer Security?  The value of computer assets and services  What is the new IT environment?  Networks and distributed applications/services  Electronic Commerce (E-commerce, E-business) 7/16/2021 System Security
11 Why need security?
Vulnerability threat and attack Vulnerabilities : i) Weakness in a security system. ii) “Vulnerability" refers to the security flaws in a system that allow an attack to be successful. crack in wall or wall is short in height. Threats : i) Set of circumstances that might exploit vulnerability ii) "threat" refers to the source and means of a particular type of attack Overflow of water, wall may be break Attacks : i) When weakness is exploited Actually breaking of wall. 7/16/2021 System Security 12
7/16/2021 System Security 13
7/16/2021 System Security 14
Security Goals. Security Goals Confidentiality Integrity Availability 7/16/2021 15 System Security
16
17 Threats, Vulnerabilities, and Controls A vulnerability is a weakness in the security system, for example, in procedures, design, or implementation, that might be exploited to cause loss or harm. A threat to a computing system is a set of circumstances that has the potential to cause loss or harm. A threat is blocked by control of a vulnerability.
18 Security of Data Data Confidentiality Data Integrity Data Availability Secure Data Data 7/16/2021 System Security
7/16/2021 System Security 19 "Ensures that only authorized users (confidentiality) have access to accurate and complete information (integrity) when required (availability)
16.20 Attacks The three goals of security—confidentiality, integrity and availability—can be threatened by security attacks. Figure 16.2 relates the taxonomy of attack types to security goals. Figure 16.2 Taxonomy of attacks with relation to security goals
21 Computer Security Requirements  Confidentiality(Secrecy)  Integrity  Availability  Authenticity  Non-repudiation 7/16/2021 System Security
22 Secrecy (Confidentiality)  Secrecy requires that the information in a computer system only be accessible for reading by authorized parties.  This type of access includes:  Printing  Displaying  Other forms of disclosure, 7/16/2021 System Security
23 Integrity  Integrity requires that the computer system asset can be modified only by authorized parties.  Modification includes:  Writing  Changing  Changing status  Deleting and  Creating 7/16/2021 System Security
24 Availability  Availability requires that computer system assets are available to authorized parties.  Availability is a requirement intended to assure that systems work promptly and service is not denied to authorized users. 7/16/2021 System Security
25 Authenticity  Authenticity means that parties in a information services can ascertain the identity of parties trying to access information services.  Also means that the origin of the message is certain.  Receiver should be ensure about sender’s identity, that false sender(imposter) should has not sent the message 7/16/2021 System Security
26 Non-repudiation  Originator of communications can’t deny it later.  Without non-repudiation you could place an order for 1 million dollars of equipment online and then simply deny it later.  Or you could send an email inviting a friend to the dinner and then disclaim it later.  Non-repudiation associates the identity of the originator with the transaction in a non-deniable way. 7/16/2021 System Security
27 Type of Attacks/Threats in Computer Systems  A threat is a danger which could affect the security (confidentiality, integrity, availability) of assets, leading to a potential loss or damage. Hacker using computer is a subject of an attack remote system that is the object of an attack  Interruption  Interception  Modification  Fabrication 7/16/2021 System Security
Security attacks
29
30 • In an interruption, an asset of the system becomes lost, unavailable, or unusable. • If an unauthorized party not only accesses but tampers with an asset, the threat is a modification. • Finally, an unauthorized party might create a fabrication of counterfeit objects on a computing system. Types of Threats • An interception means that some unauthorized party has gained access to an asset.
31 Information Transferring Normal Flow 7/16/2021 System Security
32 Network Security Model Trusted Third Party Principal (sender) Principal (receiver) Security transformation Security transformation attacker 7/16/2021 System Security
33 Attack: Interruption Cut wire lines, Jam wireless signals, Drop packets, • Attack on availability 7/16/2021 System Security
34 Attack: Interruption  An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on the availability.  Examples include destruction of a piece of hardware, such as a hard disk, the cutting of a communication link, or the disabling of the file management system.  DOS - Denial of Service Attacks have become very well known. 7/16/2021 System Security
35 Attack: Interception Wiring, eavesdrop • Attack on confidentiality 7/16/2021 System Security
36 Attack: Interception  Information disclosure/information leakage  An unauthorized party gains access to an asset.  This is an attack on confidentiality.  The unauthorized party could be a person, a program, or a computer.  Examples include:  wiretapping to capture data in a network  the illicit copying of files or programs 7/16/2021 System Security
37 Attack: Modification intercept Replaced info • Attack on integrity 7/16/2021 System Security
38 Attack: Modification  Modification is integrity violation.  An unauthorized party not only gains access to but tampers with an asset.  This is an attack on the integrity.  Examples include changing values in a data file, altering a program so that it performs differently, and modifying the content of a message being transmitted in a network. 7/16/2021 System Security
39 Attack: Fabrication Also called impersonation Ali: this is … Ali: this is … • Attack on authenticity 7/16/2021 System Security
40 Attack: Fabrication  An unauthorized party inserts counterfeit objects into the system. This is an attack on the authenticity. 7/16/2021 System Security
41 Classification of Attacks  Computer Security attacks can be classified into two broad categories:  Passive Attacks can only observe communications or data.  Active Attacks can actively modify communications or data. Often difficult to perform, but very powerful. Examples include  Mail forgery/modification 7/16/2021 System Security
Passive and active attacks  Passive attacks  No modification of content or fabrication  Eavesdropping to learn contents or other information (transfer patterns, traffic flows etc.)  Active attacks  Modification of content and/or participation in communication to  Impersonate legitimate parties  Modify the content in transit  Launch denial of service attacks
43 Passive Attacks and Active Attacks 7/16/2021 System Security
44 Passive Attacks and Active Attacks 7/16/2021 System Security
45 Passive Attacks  Eavesdropping on or monitoring of transmission.  The goal of the opponent is to obtain information that is being transmitted.  Two types:  Release-of-message contents  Traffic Analysis 7/16/2021 System Security
46 Release-of-message Contents  Opponent finds out the contents or the actual messages being transmitted. 7/16/2021 System Security
Passive Attacks
Eavesdropping on a Dialog Client PC Bob Server Alice Dialog Attacker (Eve) intercepts and reads messages Hello Hello
49 Traffic Analysis  More subtle than release-of-message contents.  The opponent figures out information being carried by the messages based on the frequency and timings of the message. 7/16/2021 System Security
Passive Attacks
51 Passive Attacks Problems  Difficult to detect because there is no modification of data.  Protection approach should be based on prevention rather than detection. 7/16/2021 System Security
52 Active Attacks  Active attacks involve some sort of modification of the data stream or the creation of a false stream.  Four sub-categories:  Masquerade  Replay  Modification of Messages  Denial of service 7/16/2021 System Security
53 Masquerade  An entity pretends to be another.  For the purpose of doing some other form of attack.  Example a system claims its IP address to be what it is not, IP spoofing. 7/16/2021 System Security
Active Attacks
55 Replay  First passive capture of data and then its retransmission to produce an unauthorized effect.  Could be disastrous in case of critical messages such as authentication sequences, even if the password were encrypted. 7/16/2021 System Security
Active Attacks
57 Modification of Messages  Some portion of a legitimate message is altered or messages are delayed or reordered to produce an unauthorized effect. 7/16/2021 System Security
Message Alteration Client PC Bob Server Alice Dialog Attacker (Eve) intercepts and alters messages Balance = $1 Balance = $1 Balance = $1,000,000 Balance = $1,000,000
59 Denial of Service - DOS  Prevents the normal use or management of communication facilities.  Such attacks have become very common on the Internet especially against web servers. 7/16/2021 System Security
Denial-of-Service (DoS) Flooding Attack Message Flood Server Overloaded By Message Flood Attacker
7/16/2021 System Security 61

More Related Content

PPT
Information Security
byDhilsath Fathima
 
PPT
Basics of Information System Security
bychauhankapil
 
PPT
Information security
byrazendar79
 
PPTX
Introduction to information security
byjayashri kolekar
 
PPT
Basic Security Chapter 1
byAfiqEfendy Zaen
 
PPT
Basic Concepts of information security.ppt
byZaheer720515
 
PPT
Information System Security(lecture 1)
byAli Habeeb
 
PPT
Information security in todays world
bySibghatullah Khattak
 
Information Security
byDhilsath Fathima
 
Basics of Information System Security
bychauhankapil
 
Information security
byrazendar79
 
Introduction to information security
byjayashri kolekar
 
Basic Security Chapter 1
byAfiqEfendy Zaen
 
Basic Concepts of information security.ppt
byZaheer720515
 
Information System Security(lecture 1)
byAli Habeeb
 
Information security in todays world
bySibghatullah Khattak
 

What's hot

PPTX
Introduction to Network Security
byJohn Ely Masculino
 
PPT
Computer security overview
byCAS
 
PDF
Information Security Lecture Notes
byFellowBuddy.com
 
PDF
Network Security Fundamentals
byRahmat Suhatman
 
PPTX
Network security
byEstiak Khan
 
PPTX
Introduction to Information Security
byShreedevi Tharanidharan
 
PPTX
Basic concepts in computer security
byArzath Areeff
 
PPT
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
PPTX
Law and Ethics in Information Security.pptx
byEdFeranil
 
PDF
Introduction to Cybersecurity
byKrutarth Vasavada
 
PPTX
cyber security presentation.pptx
bykishore golla
 
PPT
chapter 1. Introduction to Information Security
byelmuhammadmuhammad
 
PPTX
Network security
byMadhumithah Ilango
 
PPTX
Intrusion detection
byCAS
 
PPTX
Data security
byAbdulBasit938
 
PPT
Security policy
byDhani Ahmad
 
PPT
Information security
byLJ PROJECTS
 
PPTX
Introduction to penetration testing
byNezar Alazzabi
 
PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
PPTX
Network defenses
byPrachi Gulihar
 
Introduction to Network Security
byJohn Ely Masculino
 
Computer security overview
byCAS
 
Information Security Lecture Notes
byFellowBuddy.com
 
Network Security Fundamentals
byRahmat Suhatman
 
Network security
byEstiak Khan
 
Introduction to Information Security
byShreedevi Tharanidharan
 
Basic concepts in computer security
byArzath Areeff
 
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
Law and Ethics in Information Security.pptx
byEdFeranil
 
Introduction to Cybersecurity
byKrutarth Vasavada
 
cyber security presentation.pptx
bykishore golla
 
chapter 1. Introduction to Information Security
byelmuhammadmuhammad
 
Network security
byMadhumithah Ilango
 
Intrusion detection
byCAS
 
Data security
byAbdulBasit938
 
Security policy
byDhani Ahmad
 
Information security
byLJ PROJECTS
 
Introduction to penetration testing
byNezar Alazzabi
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
Network defenses
byPrachi Gulihar
 

Similar to Information security and Attacks

PPT
Ia 124 1621324143 ia_124_lecture_01
byITNet
 
PDF
IA 124 Lecture 01 2022 -23-1.pdf hahahah
byflyinimohamed
 
PPTX
Information Security lecture no 1, bs Information technology.pptx
bymahabatool112
 
PPTX
security system by desu star chapter 1.pptx
bydesalewminale
 
PPTX
1. Introduction to Information Security.pptx
bynoura53269
 
PPTX
CS PPT CHP 1 PART 1-Types of attacks and basics of computer security.pptx
byShreyaChavan28
 
PPTX
Lecture1-InforSec-Computer and Internet security.pptx
bymarkhorid1
 
PPTX
Introduction to Computer Security
byKamal Acharya
 
PPT
ch1-1.ppt
byNayyabMirTahir
 
PPTX
informations_security_presentations.pptx
byFAKHARZAMANPROUD
 
PPTX
CYBER LAW & ETHICS (PART OF THE JNTUH SYLLABUS
bydeepthikamidi
 
PDF
Sec0001 .pdf
bymah902110
 
PPT
1 network securityIntroduction - MSC.ppt
bybilqesahmed608
 
PDF
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
byvkarthi314
 
PPTX
SECURITY INVESTIGATION in the world on 10th
bygallanandhini
 
PPT
Intro
byJustineJohn3
 
PPT
Network Security
byVipul Mosaic
 
PDF
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
bykarthikasivakumar3
 
PPTX
_________*****my________unit1******_________s.pptx
bymariajenova158
 
PPT
cryptographic security
byPriyamvada Singh
 
Ia 124 1621324143 ia_124_lecture_01
byITNet
 
IA 124 Lecture 01 2022 -23-1.pdf hahahah
byflyinimohamed
 
Information Security lecture no 1, bs Information technology.pptx
bymahabatool112
 
security system by desu star chapter 1.pptx
bydesalewminale
 
1. Introduction to Information Security.pptx
bynoura53269
 
CS PPT CHP 1 PART 1-Types of attacks and basics of computer security.pptx
byShreyaChavan28
 
Lecture1-InforSec-Computer and Internet security.pptx
bymarkhorid1
 
Introduction to Computer Security
byKamal Acharya
 
ch1-1.ppt
byNayyabMirTahir
 
informations_security_presentations.pptx
byFAKHARZAMANPROUD
 
CYBER LAW & ETHICS (PART OF THE JNTUH SYLLABUS
bydeepthikamidi
 
Sec0001 .pdf
bymah902110
 
1 network securityIntroduction - MSC.ppt
bybilqesahmed608
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
byvkarthi314
 
SECURITY INVESTIGATION in the world on 10th
bygallanandhini
 
Intro
byJustineJohn3
 
Network Security
byVipul Mosaic
 
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
bykarthikasivakumar3
 
_________*****my________unit1******_________s.pptx
bymariajenova158
 
cryptographic security
byPriyamvada Singh
 

Recently uploaded

PDF
A Newbie’s Journey: Hidden MySQL Pain Points That Vitess Quietly Solves
byIgor Donchovski
 
PDF
2025-12-06 Overview of Lifting and Hoisting related Standards by Cranes for Y...
byCranes For You B.V.
 
PDF
CME397 SURFACE ENGINEERING UNIT 1 FULL NOTES
bykarthi keyan
 
PDF
(en/zhTW)All_Roads_Lead_to_IPC_DannyJiang
byDanny Jiang
 
PDF
Chip Designer's Code - Linux Terminal Part 6 - Text Viewers
byAmr Adel
 
PDF
ERTMS-conference-WS8_Presentations_v0.pdf
byEduardo147194
 
PPTX
What TPM Looks Like When You’re Short-Staffed and Still Make It Work | Lean T...
byMaintWiz Technologies Private Limited
 
PDF
Formality - Logic Equivalence Checking - Part 1
byAmr Adel
 
PDF
Chip Designer's Code - Linux Terminal Part 7.1 - Text Processing
byAmr Adel
 
PPT
DAA-unit 1.ppt Basics of Algorithm, Algorithm Analysis, Asymptotic Notations ...
byPreethiRavikumar5
 
PPT
Introduction to Concord Decorator by Stolle.ppt
bymorachatgpt123
 
PPTX
TRICKLING FILTER PROCESS FOR WASTEWATER TREATMENT.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PPTX
Speech to Text with Tone Correction.pptx
bysurajkanojiya13
 
PDF
FPGA Fabric and Synthesis All Parts Combined
byAmr Adel
 
PDF
God series - Physics video office crossed
byjangidankit8781
 
PDF
EDIH TRAINING AI FOR COMPANIES: MODULE 4
byHristian Daskalov
 
PPTX
The Half-Life of Preventive Maintenance: Why PM Compliance Fails & How to Res...
byMaintWiz Technologies Private Limited
 
PPTX
We-Optimized-Everything-Except-Decision-Quality-Maintenance-MaintWiz.pptx
byMaintWiz Technologies Private Limited
 
PPTX
WOWVerse Workshop: Agentic AI & LLM Workshop
byram27belitkar
 
PPTX
Why Air Droppable Containers Are Critical for Modern Aerial Logistics
byNeometrix_Engineering_Pvt_Ltd
 
A Newbie’s Journey: Hidden MySQL Pain Points That Vitess Quietly Solves
byIgor Donchovski
 
2025-12-06 Overview of Lifting and Hoisting related Standards by Cranes for Y...
byCranes For You B.V.
 
CME397 SURFACE ENGINEERING UNIT 1 FULL NOTES
bykarthi keyan
 
(en/zhTW)All_Roads_Lead_to_IPC_DannyJiang
byDanny Jiang
 
Chip Designer's Code - Linux Terminal Part 6 - Text Viewers
byAmr Adel
 
ERTMS-conference-WS8_Presentations_v0.pdf
byEduardo147194
 
What TPM Looks Like When You’re Short-Staffed and Still Make It Work | Lean T...
byMaintWiz Technologies Private Limited
 
Formality - Logic Equivalence Checking - Part 1
byAmr Adel
 
Chip Designer's Code - Linux Terminal Part 7.1 - Text Processing
byAmr Adel
 
DAA-unit 1.ppt Basics of Algorithm, Algorithm Analysis, Asymptotic Notations ...
byPreethiRavikumar5
 
Introduction to Concord Decorator by Stolle.ppt
bymorachatgpt123
 
TRICKLING FILTER PROCESS FOR WASTEWATER TREATMENT.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
Speech to Text with Tone Correction.pptx
bysurajkanojiya13
 
FPGA Fabric and Synthesis All Parts Combined
byAmr Adel
 
God series - Physics video office crossed
byjangidankit8781
 
EDIH TRAINING AI FOR COMPANIES: MODULE 4
byHristian Daskalov
 
The Half-Life of Preventive Maintenance: Why PM Compliance Fails & How to Res...
byMaintWiz Technologies Private Limited
 
We-Optimized-Everything-Except-Decision-Quality-Maintenance-MaintWiz.pptx
byMaintWiz Technologies Private Limited
 
WOWVerse Workshop: Agentic AI & LLM Workshop
byram27belitkar
 
Why Air Droppable Containers Are Critical for Modern Aerial Logistics
byNeometrix_Engineering_Pvt_Ltd
 

Information security and Attacks

  • 1.
  • 2.
  • 3.
  • 4.
    7/16/2021 System Security4 Data + context = Information Information + Rules = Knowledge
  • 5.
    Information  Information isa form of knowledge that we acquire through education,communication,Practical experience , Research and Analysis.  It consists of Data, Facts and conclusions. 7/16/2021 System Security 5
  • 6.
    Information can be Created  Modified  Stored  Destroyed  Processed  Used (for proper and improper purposes)  Transmitted  Corrupted  Lost  stolen 7/16/2021 System Security 6
  • 7.
    Information can be Printed or written on paper  Stored electronically  Transmitted by post or using electronic means  Shown on corporate videos  Displayed and published on the web  Verbal or spoken in conversations 7/16/2021 System Security 7
  • 8.
    Information Security  Informationsecurity, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information  Information security in today’s enterprise is “well informed sense of assurance that the information risks and control are in balance  Security is a non functional requirement assumes that the system is correctly implemented according to functional requirement.  Security is a process not a product 7/16/2021 System Security 8
  • 9.
    Various Securities  Datasecurity  Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled.  Computer Security  The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, Malware: malicious software  includes computer viruses, worms, Trojan horses,, Network Security  protect the network and the network-accessible resources from unauthorized access, consistent and continuous monitoring and measurement of its effectiveness 9 7/16/2021 System Security
  • 10.
    10 The Need forComputer Security  Why the need for Computer Security?  The value of computer assets and services  What is the new IT environment?  Networks and distributed applications/services  Electronic Commerce (E-commerce, E-business) 7/16/2021 System Security
  • 11.
  • 12.
    Vulnerability threat andattack Vulnerabilities : i) Weakness in a security system. ii) “Vulnerability" refers to the security flaws in a system that allow an attack to be successful. crack in wall or wall is short in height. Threats : i) Set of circumstances that might exploit vulnerability ii) "threat" refers to the source and means of a particular type of attack Overflow of water, wall may be break Attacks : i) When weakness is exploited Actually breaking of wall. 7/16/2021 System Security 12
  • 13.
  • 14.
  • 15.
    Security Goals. Security Goals ConfidentialityIntegrity Availability 7/16/2021 15 System Security
  • 16.
  • 17.
    17 Threats, Vulnerabilities, andControls A vulnerability is a weakness in the security system, for example, in procedures, design, or implementation, that might be exploited to cause loss or harm. A threat to a computing system is a set of circumstances that has the potential to cause loss or harm. A threat is blocked by control of a vulnerability.
  • 18.
  • 19.
    7/16/2021 System Security19 "Ensures that only authorized users (confidentiality) have access to accurate and complete information (integrity) when required (availability)
  • 20.
    16.20 Attacks The three goalsof security—confidentiality, integrity and availability—can be threatened by security attacks. Figure 16.2 relates the taxonomy of attack types to security goals. Figure 16.2 Taxonomy of attacks with relation to security goals
  • 21.
    21 Computer Security Requirements Confidentiality(Secrecy)  Integrity  Availability  Authenticity  Non-repudiation 7/16/2021 System Security
  • 22.
    22 Secrecy (Confidentiality)  Secrecyrequires that the information in a computer system only be accessible for reading by authorized parties.  This type of access includes:  Printing  Displaying  Other forms of disclosure, 7/16/2021 System Security
  • 23.
    23 Integrity  Integrity requiresthat the computer system asset can be modified only by authorized parties.  Modification includes:  Writing  Changing  Changing status  Deleting and  Creating 7/16/2021 System Security
  • 24.
    24 Availability  Availability requiresthat computer system assets are available to authorized parties.  Availability is a requirement intended to assure that systems work promptly and service is not denied to authorized users. 7/16/2021 System Security
  • 25.
    25 Authenticity  Authenticity meansthat parties in a information services can ascertain the identity of parties trying to access information services.  Also means that the origin of the message is certain.  Receiver should be ensure about sender’s identity, that false sender(imposter) should has not sent the message 7/16/2021 System Security
  • 26.
    26 Non-repudiation  Originator ofcommunications can’t deny it later.  Without non-repudiation you could place an order for 1 million dollars of equipment online and then simply deny it later.  Or you could send an email inviting a friend to the dinner and then disclaim it later.  Non-repudiation associates the identity of the originator with the transaction in a non-deniable way. 7/16/2021 System Security
  • 27.
    27 Type of Attacks/Threatsin Computer Systems  A threat is a danger which could affect the security (confidentiality, integrity, availability) of assets, leading to a potential loss or damage. Hacker using computer is a subject of an attack remote system that is the object of an attack  Interruption  Interception  Modification  Fabrication 7/16/2021 System Security
  • 28.
  • 29.
  • 30.
    30 • In aninterruption, an asset of the system becomes lost, unavailable, or unusable. • If an unauthorized party not only accesses but tampers with an asset, the threat is a modification. • Finally, an unauthorized party might create a fabrication of counterfeit objects on a computing system. Types of Threats • An interception means that some unauthorized party has gained access to an asset.
  • 31.
  • 32.
    32 Network Security Model TrustedThird Party Principal (sender) Principal (receiver) Security transformation Security transformation attacker 7/16/2021 System Security
  • 33.
    33 Attack: Interruption Cut wirelines, Jam wireless signals, Drop packets, • Attack on availability 7/16/2021 System Security
  • 34.
    34 Attack: Interruption  Anasset of the system is destroyed or becomes unavailable or unusable. This is an attack on the availability.  Examples include destruction of a piece of hardware, such as a hard disk, the cutting of a communication link, or the disabling of the file management system.  DOS - Denial of Service Attacks have become very well known. 7/16/2021 System Security
  • 35.
    35 Attack: Interception Wiring, eavesdrop • Attackon confidentiality 7/16/2021 System Security
  • 36.
    36 Attack: Interception  Informationdisclosure/information leakage  An unauthorized party gains access to an asset.  This is an attack on confidentiality.  The unauthorized party could be a person, a program, or a computer.  Examples include:  wiretapping to capture data in a network  the illicit copying of files or programs 7/16/2021 System Security
  • 37.
    37 Attack: Modification intercept Replaced info •Attack on integrity 7/16/2021 System Security
  • 38.
    38 Attack: Modification  Modificationis integrity violation.  An unauthorized party not only gains access to but tampers with an asset.  This is an attack on the integrity.  Examples include changing values in a data file, altering a program so that it performs differently, and modifying the content of a message being transmitted in a network. 7/16/2021 System Security
  • 39.
    39 Attack: Fabrication Also calledimpersonation Ali: this is … Ali: this is … • Attack on authenticity 7/16/2021 System Security
  • 40.
    40 Attack: Fabrication  Anunauthorized party inserts counterfeit objects into the system. This is an attack on the authenticity. 7/16/2021 System Security
  • 41.
    41 Classification of Attacks Computer Security attacks can be classified into two broad categories:  Passive Attacks can only observe communications or data.  Active Attacks can actively modify communications or data. Often difficult to perform, but very powerful. Examples include  Mail forgery/modification 7/16/2021 System Security
  • 42.
    Passive and activeattacks  Passive attacks  No modification of content or fabrication  Eavesdropping to learn contents or other information (transfer patterns, traffic flows etc.)  Active attacks  Modification of content and/or participation in communication to  Impersonate legitimate parties  Modify the content in transit  Launch denial of service attacks
  • 43.
    43 Passive Attacks andActive Attacks 7/16/2021 System Security
  • 44.
    44 Passive Attacks and ActiveAttacks 7/16/2021 System Security
  • 45.
    45 Passive Attacks  Eavesdroppingon or monitoring of transmission.  The goal of the opponent is to obtain information that is being transmitted.  Two types:  Release-of-message contents  Traffic Analysis 7/16/2021 System Security
  • 46.
    46 Release-of-message Contents  Opponentfinds out the contents or the actual messages being transmitted. 7/16/2021 System Security
  • 47.
  • 48.
    Eavesdropping on aDialog Client PC Bob Server Alice Dialog Attacker (Eve) intercepts and reads messages Hello Hello
  • 49.
    49 Traffic Analysis  Moresubtle than release-of-message contents.  The opponent figures out information being carried by the messages based on the frequency and timings of the message. 7/16/2021 System Security
  • 50.
  • 51.
    51 Passive Attacks Problems Difficult to detect because there is no modification of data.  Protection approach should be based on prevention rather than detection. 7/16/2021 System Security
  • 52.
    52 Active Attacks  Activeattacks involve some sort of modification of the data stream or the creation of a false stream.  Four sub-categories:  Masquerade  Replay  Modification of Messages  Denial of service 7/16/2021 System Security
  • 53.
    53 Masquerade  An entitypretends to be another.  For the purpose of doing some other form of attack.  Example a system claims its IP address to be what it is not, IP spoofing. 7/16/2021 System Security
  • 54.
  • 55.
    55 Replay  First passivecapture of data and then its retransmission to produce an unauthorized effect.  Could be disastrous in case of critical messages such as authentication sequences, even if the password were encrypted. 7/16/2021 System Security
  • 56.
  • 57.
    57 Modification of Messages Some portion of a legitimate message is altered or messages are delayed or reordered to produce an unauthorized effect. 7/16/2021 System Security
  • 58.
    Message Alteration Client PC Bob Server Alice Dialog Attacker(Eve) intercepts and alters messages Balance = $1 Balance = $1 Balance = $1,000,000 Balance = $1,000,000
  • 59.
    59 Denial of Service- DOS  Prevents the normal use or management of communication facilities.  Such attacks have become very common on the Internet especially against web servers. 7/16/2021 System Security
  • 60.
    Denial-of-Service (DoS) Flooding Attack MessageFlood Server Overloaded By Message Flood Attacker
  • 61.