Uploaded bypakpra733
PPT, PDF16 views

SecurityBasics.ppt a good thing by pakiza

A b c d

Embed presentation

Download to read offline
1 Security Basics Security Basics Pakiza Arshad IISAT UNIVERSITY
2 Introduction … teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. —The Art of War, Sun Tzu
3 Outline Outline • Background • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs
4 Background Background • Information Security requirements have changed in recent times – Traditionally provided by physical and administrative mechanisms – Many daily activities have been shifted from physical world to cyber space • Use of computers – Protect files and other stored information • Use of networks and communications links – Protect data during transmission • The focus of many funding agencies in US – DOD, NSF, DHS, etc. – ONR: game theory for cyber security
5 Definitions Definitions • Computer Security – Generic name for the collection of tools designed to protect data and to thwart hackers • Network Security – Measures to protect data during their transmission • Internet Security (our focus!) – Measures to protect data during their transmission over a collection of interconnected networks
6 Security Trends Security Trends
7 3 Aspects of Info Security 3 Aspects of Info Security • Security Attack – Any action that compromises the security of information. • Security Mechanism – A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service – A service that enhances the security of data processing systems and information transfers. • Makes use of one or more security mechanisms.
8 Security Attack Security Attacks s • Threat & attack – Often used equivalently • There are a wide range of attacks – Two generic types of attacks • Passive • Active
9 Security Attack Security Attack Classification Classification
10 Security Attacks Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity
11 3 Primary 3 Primary Security Goals Security Goals Integrity Confidentiality Availability
12
13 Security Services Security Services X.800 – A service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files
14 Security Mechanism Security Mechanism • Features designed to detect, prevent, or recover from a security attack • No single mechanism that will support all services required • One particular element underlies many of the security mechanisms in use: – Cryptographic techniques – Hence we will focus on this topic first
15 Model for Network Security Model for Network Security
16 Model for Network Security Model for Network Security Using this model requires us to: 1. design a suitable algorithm for the security transformation (message de/encryption) 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information (keys) 4. specify a protocol enabling the principals to use the transformation and secret information for a security service (e.g. ssh)
17 Model for Network Access Security Model for Network Access Security
18 Model for Network Access Security Model for Network Access Security Using this model requires us to implement: 1. Authentication  select appropriate gatekeeper functions to identify users 2. Authorization  implement security controls to ensure only authorized users access designated information or resources Trusted computer systems may be useful to help implement this model
19 Methods of Defense Methods of Defense • Encryption • Software Controls – Limit access in a database or in operating systems – Protect each user from other users • Hardware Controls – Smartcard (ICC, used for digital signature and secure identification) • Policies – Frequent changes of passwords – Recent study shows controversial arguments • Physical Controls
20 Internet standards and RFCs Internet standards and RFCs • Three organizations in the Internet society – Internet Architecture Board (IAB) • Defining overall Internet architecture • Providing guidance to IETF – Internet Engineering Task Force (IETF) • Actual development of protocols and standards – Internet Engineering Steering Group (IESG) • Technical management of IETF activities and Internet standards process
21 Internet RFC Publication Internet RFC Publication Standardization Standardization Process Process

More Related Content

PPT
Network Security , Security Basics.pptx
byabhishekdarade26
 
PPT
Introduction_to_Cyber_Security_Basics_Presentation.pptx
byaskrinku77
 
PPT
SecurityBasics including encryption and ids
bydanineba2018
 
PPTX
Network Security Essentials Chapter 1 Gu
byUmaraZahidLecturer
 
PPTX
Chapter 1: Overview of Network Security
byShafaan Khaliq Bhatti
 
PPT
ch01.ppt
byssuser4198c4
 
PPT
Ch01
byssusere796b3
 
PPT
Intoduction to Network Security NS1
bykoolkampus
 
Network Security , Security Basics.pptx
byabhishekdarade26
 
Introduction_to_Cyber_Security_Basics_Presentation.pptx
byaskrinku77
 
SecurityBasics including encryption and ids
bydanineba2018
 
Network Security Essentials Chapter 1 Gu
byUmaraZahidLecturer
 
Chapter 1: Overview of Network Security
byShafaan Khaliq Bhatti
 
ch01.ppt
byssuser4198c4
 
Ch01
byssusere796b3
 
Intoduction to Network Security NS1
bykoolkampus
 

Similar to SecurityBasics.ppt a good thing by pakiza

PPT
Ch01
byJoe Christensen
 
PDF
Chapter 1 Introduction of Cryptography and Network security
byDr. Kapil Gupta
 
PPT
Chapter 1.ppt
byTamer Nadeem
 
PPT
computer architecture.ppt
byPandiya Rajan
 
PPT
Network Security 1st Lecture
bybabak danyal
 
PPT
1 network securityIntroduction - MSC.ppt
bybilqesahmed608
 
PPT
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
bytahirnaquash2
 
PPT
ch01 cryptography1cryptography1cryptography1
bykavyams22
 
PPT
ch1-1.ppt
byNayyabMirTahir
 
PPT
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
byNISHASOMSCS113
 
PPTX
CHAPTER 1.pptx yujhhhhhhhhhhnnnnnnnhbbbhb
byStarLiner
 
PPTX
Cyber Security Part-I.pptx
byRavikumarVadana
 
PPTX
chapter 1 INTROoooooooooooooooooooo.pptx
bymailshivaiah
 
PDF
Network security - OSI Security Architecture
byBharathiKrishna6
 
PPT
ch01-4.ppt
byfaizalkhan673954
 
PPT
Nw sec
byshivz3
 
PPT
Information Security Introduction Unit 1
byLokeshSaiKumarDasari2
 
PPTX
LEC_1_Computer security concepts_First semester.pptx
bywafaaljack25
 
PPT
ch01 cryptographyand network security.ppt
byalwaseimostafa2
 
PPTX
information security.pptx
byAwais725629
 
Ch01
byJoe Christensen
 
Chapter 1 Introduction of Cryptography and Network security
byDr. Kapil Gupta
 
Chapter 1.ppt
byTamer Nadeem
 
computer architecture.ppt
byPandiya Rajan
 
Network Security 1st Lecture
bybabak danyal
 
1 network securityIntroduction - MSC.ppt
bybilqesahmed608
 
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
bytahirnaquash2
 
ch01 cryptography1cryptography1cryptography1
bykavyams22
 
ch1-1.ppt
byNayyabMirTahir
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
byNISHASOMSCS113
 
CHAPTER 1.pptx yujhhhhhhhhhhnnnnnnnhbbbhb
byStarLiner
 
Cyber Security Part-I.pptx
byRavikumarVadana
 
chapter 1 INTROoooooooooooooooooooo.pptx
bymailshivaiah
 
Network security - OSI Security Architecture
byBharathiKrishna6
 
ch01-4.ppt
byfaizalkhan673954
 
Nw sec
byshivz3
 
Information Security Introduction Unit 1
byLokeshSaiKumarDasari2
 
LEC_1_Computer security concepts_First semester.pptx
bywafaaljack25
 
ch01 cryptographyand network security.ppt
byalwaseimostafa2
 
information security.pptx
byAwais725629
 

Recently uploaded

PPTX
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
PPTX
Plato's Insight model teaching and learning.pptx
byNikhitaDS
 
PDF
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
PPTX
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anticonvulsant (Antiep...
bySandeshSul
 
PPTX
How to Manage & Publish Job Positions in Odoo 18 Recruitment
byCeline George
 
PDF
java full stack programming and interview questions
byrajuashokit
 
PDF
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
PPTX
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
PPTX
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
PDF
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
PPTX
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
PDF
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
PPTX
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
PPTX
How to Change Shipping Label Size in Odoo 18 Inventory
byCeline George
 
PPTX
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
 
PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
PPTX
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
PDF
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
Plato's Insight model teaching and learning.pptx
byNikhitaDS
 
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
Chapter 05 Drugs Acting on the Central Nervous System: Anticonvulsant (Antiep...
bySandeshSul
 
How to Manage & Publish Job Positions in Odoo 18 Recruitment
byCeline George
 
java full stack programming and interview questions
byrajuashokit
 
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
How to Change Shipping Label Size in Odoo 18 Inventory
byCeline George
 
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 

SecurityBasics.ppt a good thing by pakiza

  • 1.
  • 2.
    2 Introduction … teaches usto rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. —The Art of War, Sun Tzu
  • 3.
    3 Outline Outline • Background • Attacks,services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs
  • 4.
    4 Background Background • Information Securityrequirements have changed in recent times – Traditionally provided by physical and administrative mechanisms – Many daily activities have been shifted from physical world to cyber space • Use of computers – Protect files and other stored information • Use of networks and communications links – Protect data during transmission • The focus of many funding agencies in US – DOD, NSF, DHS, etc. – ONR: game theory for cyber security
  • 5.
    5 Definitions Definitions • Computer Security –Generic name for the collection of tools designed to protect data and to thwart hackers • Network Security – Measures to protect data during their transmission • Internet Security (our focus!) – Measures to protect data during their transmission over a collection of interconnected networks
  • 6.
  • 7.
    7 3 Aspects ofInfo Security 3 Aspects of Info Security • Security Attack – Any action that compromises the security of information. • Security Mechanism – A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service – A service that enhances the security of data processing systems and information transfers. • Makes use of one or more security mechanisms.
  • 8.
    8 Security Attack Security Attacks s •Threat & attack – Often used equivalently • There are a wide range of attacks – Two generic types of attacks • Passive • Active
  • 9.
    9 Security Attack Security AttackClassification Classification
  • 10.
    10 Security Attacks Security Attacks •Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity
  • 11.
    11 3 Primary 3 PrimarySecurity Goals Security Goals Integrity Confidentiality Availability
  • 12.
  • 13.
    13 Security Services Security Services X.800 –A service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files
  • 14.
    14 Security Mechanism Security Mechanism •Features designed to detect, prevent, or recover from a security attack • No single mechanism that will support all services required • One particular element underlies many of the security mechanisms in use: – Cryptographic techniques – Hence we will focus on this topic first
  • 15.
    15 Model for NetworkSecurity Model for Network Security
  • 16.
    16 Model for NetworkSecurity Model for Network Security Using this model requires us to: 1. design a suitable algorithm for the security transformation (message de/encryption) 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information (keys) 4. specify a protocol enabling the principals to use the transformation and secret information for a security service (e.g. ssh)
  • 17.
    17 Model for NetworkAccess Security Model for Network Access Security
  • 18.
    18 Model for NetworkAccess Security Model for Network Access Security Using this model requires us to implement: 1. Authentication  select appropriate gatekeeper functions to identify users 2. Authorization  implement security controls to ensure only authorized users access designated information or resources Trusted computer systems may be useful to help implement this model
  • 19.
    19 Methods of Defense Methodsof Defense • Encryption • Software Controls – Limit access in a database or in operating systems – Protect each user from other users • Hardware Controls – Smartcard (ICC, used for digital signature and secure identification) • Policies – Frequent changes of passwords – Recent study shows controversial arguments • Physical Controls
  • 20.
    20 Internet standards andRFCs Internet standards and RFCs • Three organizations in the Internet society – Internet Architecture Board (IAB) • Defining overall Internet architecture • Providing guidance to IETF – Internet Engineering Task Force (IETF) • Actual development of protocols and standards – Internet Engineering Steering Group (IESG) • Technical management of IETF activities and Internet standards process
  • 21.
    21 Internet RFC Publication InternetRFC Publication Standardization Standardization Process Process