SlideShare a Scribd company logo

Introduction to Computer Security Concepts

Attaporn Ninsuwan
Attaporn Ninsuwan

This document discusses the need for computer security and provides an introduction to key concepts. It explains that security is necessary to protect vital information, provide authentication and access control, and ensure availability of resources. The document then outlines common security threats like firewall exploits, software bugs, and denial of service attacks. It also discusses basic security components of confidentiality, integrity, and availability as well as goals of preventing attacks, detecting violations, and enabling recovery.

Education
1 of 7
Download to read offline
1 241-427-SV-2-2553-COE-PSU 1 241-427 Computer Security Chapter I: Introduction Dr. Sangsuree Vasupongayya 241-427-SV-2-2553-COE-PSU 2 A Brief History of the World 241-427-SV-2-2553-COE-PSU 3 Why do we need security? Protect vital information while still allowing access to those who need it Trade secrets, medical records, etc. Provide authentication and access control for resources Ex: AFS Guarantee availability of resources Ex: 5 9’s (99.999% reliability)
2 241-427-SV-2-2553-COE-PSU 4 Who is vulnerable? Financial institutions and banks Internet service providers Pharmaceutical companies Government and defense agencies Contractors to various government agencies Multinational corporations ANYONE ON THE NETWORK 241-427-SV-2-2553-COE-PSU 5 Common security attacks Finding a way into the network Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems Denial of Service Ingress filtering, IDS TCP hijacking IPSec Packet sniffing Encryption (SSH, SSL, HTTPS) Social problems Education 241-427-SV-2-2553-COE-PSU 6 Basic Components Confidentiality Keeping data and resources hidden Integrity Data integrity (integrity) Origin integrity (authentication) Availability Enabling access to data and resources
3 241-427-SV-2-2553-COE-PSU 7 Goals of Security Prevention Prevent attackers from violating security policy Detection Detect attackers’ violation of security policy Recovery Stop attack, assess and repair damage Continue to function correctly even if attack succeeds 241-427-SV-2-2553-COE-PSU 8 Trust and Assumptions Underlie all aspects of security Policies Unambiguously partition system states Correctly capture security requirements Mechanisms Assumed to enforce policy Support mechanisms work correctly 241-427-SV-2-2553-COE-PSU 9 Assurance Specification Requirements analysis Statement of desired functionality Design How system will meet specification Implementation Programs/systems that carry out design
4 241-427-SV-2-2553-COE-PSU 10 Security standards ISO ISO 17799, ISO 27002, ISO 27001 NIST NIST SP 800-12, NIST SP 800-14, NIST SP 800-18, NIST SP 800-26, NIST SP 800-30 In Thailand http://www.mict.go.th/ พ.ร.บ.วาดวยการกระทําผิดเกี่ยวกับคอมพิวเตอร พ.ศ. 2550 พ.ร.บ. วาดวยธุรกรรมทางอิเล็กทรอนิกส พ.ศ. 2554 (on going) 241-427-SV-2-2553-COE-PSU 11 Operational Issues Cost-Benefit Analysis Is it cheaper to prevent or recover? Risk Analysis Should we protect something? How much should we protect this thing? Laws and Customs Are desired security measures illegal? Will people do them? 241-427-SV-2-2553-COE-PSU 12 Human Issues Organizational Problems Power and responsibility Financial benefits People problems Outsiders and insiders Social engineering
5 241-427-SV-2-2553-COE-PSU 13 Key Points Policy defines security, and mechanisms enforce security Confidentiality Integrity Availability Trust and knowing assumptions Importance of assurance The human factor 241-427-SV-2-2553-COE-PSU 14 Client-side Security Doesn’t Work Client-side: a computer that the user has control over and can do whatever he/she like with it Client-side security: some sort of security mechanism that is being enforced solely on the client Problem: a person has absolute control over it E.g., a software package that tries to limit its use in some way Debuggers, disassembles, hex editors, operating system modification, monitoring systems, unlimited copies of the software Conclusion: cannot maintain trusted software running on an untrusted machine 241-427-SV-2-2553-COE-PSU 15 Viruses and Trojans Viruses and Trojans cannot be 100 percent protected against Virus replicates and requires other programs to attach to Trojan horse pretend to be something else Usually attached to a program you wanted, or arrived on media you inserted How does antivirus software work? Before program execution can take place, the antivirus software will scan the program or media for “bad things” “bad things” based on signature files that are hopefully unique to a particular virus or trojan Usually signature files can be produced based on a seen virus or trojan Delay in getting new virus information
6 241-427-SV-2-2553-COE-PSU 16 Firewalls Firewalls cannot protect you 100% from attack Sits between internal network and the rest of the network and attempts to prevent bad things from happening without preventing food things from happening allow some kinds of traffic, while stopping others Difficulties The firewall administrators can’t very easily limit traffic to exactly the type they would like Attacks Social engineering via email (e.g., Melissa virus) Attack the firewall directly 241-427-SV-2-2553-COE-PSU 17 241-427-SV-2-2553-COE-PSU 18 Spam Statistics Email considered Spam 40% of all email Daily Spam emails sent 12.4 billion Daily Spam received per person 6 Annual Spam received per person 2,200 Spam cost to all non-corp. Internet users $255 million Spam cost to all U.S. Corporations in 2002 $8.9 billion Email address changes due to Spam 16% Estimated Spam increase by 2007 63% Annual Spam in 1,000 employee company 2.1 million Users who reply to Spam email 28% Users who purchased from Spam email 8% Corporate email that is considered Spam 15-20% Wasted corporate time per Spam email 4-5 seconds http://spam-filter-review.toptenreviews.com/spam-statistics.html
7 241-427-SV-2-2553-COE-PSU 19 Open Problems in Security Definition of metrics to assess the security of a system or protocol. Formal methods to verify the security of a system. Realistic models of adversaries. Emergency preparedness and response. Development of secure protocols and systems. (Scalability and efficiency.) Need to bridge the huge gap between cryptographers and systems designers/developers. Scarcity of professionals in the area. Lack of basic training in the area of security. 241-427-SV-2-2553-COE-PSU 20 References Justin Weisz, “Network Security”, Lecture slides, Fall 2002. Matt Bishop, “Introduction to Computer Security”, 2004.

Recommended

WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)ChristopherAntonius
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
3rd party information security assessment guideline
3rd party information security assessment guideline3rd party information security assessment guideline
3rd party information security assessment guidelinePriyanka Aash
 
3rd Party Outsourcing Information Security Assessment Questionnaire
3rd Party Outsourcing Information Security Assessment Questionnaire3rd Party Outsourcing Information Security Assessment Questionnaire
3rd Party Outsourcing Information Security Assessment QuestionnairePriyanka Aash
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnairePriyanka Aash
 
Azstec cyber-security-workbook
Azstec cyber-security-workbookAzstec cyber-security-workbook
Azstec cyber-security-workbookYulia Dianova
 
NASA OIG Report
NASA OIG ReportNASA OIG Report
NASA OIG ReportPriyanka Aash
 

Recommended

WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)ChristopherAntonius
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
3rd party information security assessment guideline
3rd party information security assessment guideline3rd party information security assessment guideline
3rd party information security assessment guidelinePriyanka Aash
 
3rd Party Outsourcing Information Security Assessment Questionnaire
3rd Party Outsourcing Information Security Assessment Questionnaire3rd Party Outsourcing Information Security Assessment Questionnaire
3rd Party Outsourcing Information Security Assessment QuestionnairePriyanka Aash
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnairePriyanka Aash
 
Azstec cyber-security-workbook
Azstec cyber-security-workbookAzstec cyber-security-workbook
Azstec cyber-security-workbookYulia Dianova
 
NASA OIG Report
NASA OIG ReportNASA OIG Report
NASA OIG ReportPriyanka Aash
 
Paper4
Paper4Paper4
Paper4Kestone
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
gas_company_PT
gas_company_PTgas_company_PT
gas_company_PTStanislav Breslavskyi
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Third party datasecurity assurance questionnaire
Third party datasecurity assurance questionnaireThird party datasecurity assurance questionnaire
Third party datasecurity assurance questionnairePriyanka Aash
 
Trackment
TrackmentTrackment
Trackmentmeaannn
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019Ivanti
 
Are You Prepared For More High-Impact Vulnerabilties?
Are You Prepared For More High-Impact Vulnerabilties?Are You Prepared For More High-Impact Vulnerabilties?
Are You Prepared For More High-Impact Vulnerabilties?Tripwire
 
Thinking of choosing Sophos?
Thinking of choosing Sophos?Thinking of choosing Sophos?
Thinking of choosing Sophos?Symantec
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417James W. De Rienzo
 
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118Erik Ginalick
 
Patch management policy_final
Patch management policy_finalPatch management policy_final
Patch management policy_finalAyubu Churi
 
Network Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for EnterprisesNetwork Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for EnterprisesSandeep Yadav
 
OPERATING SYSTEM
OPERATING SYSTEMOPERATING SYSTEM
OPERATING SYSTEMrenukarenuka9
 
operating system
operating systemoperating system
operating systemrenukarenuka9
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
Power station monitoring and cyber security
Power station monitoring and cyber securityPower station monitoring and cyber security
Power station monitoring and cyber securityThames Global Consultants
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Jack Shaffer
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxmalbert5
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 

More Related Content

What's hot

Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Third party datasecurity assurance questionnaire
Third party datasecurity assurance questionnaireThird party datasecurity assurance questionnaire
Third party datasecurity assurance questionnairePriyanka Aash
 
Trackment
TrackmentTrackment
Trackmentmeaannn
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019Ivanti
 
Are You Prepared For More High-Impact Vulnerabilties?
Are You Prepared For More High-Impact Vulnerabilties?Are You Prepared For More High-Impact Vulnerabilties?
Are You Prepared For More High-Impact Vulnerabilties?Tripwire
 
Thinking of choosing Sophos?
Thinking of choosing Sophos?Thinking of choosing Sophos?
Thinking of choosing Sophos?Symantec
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417James W. De Rienzo
 
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118Erik Ginalick
 
Patch management policy_final
Patch management policy_finalPatch management policy_final
Patch management policy_finalAyubu Churi
 
Network Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for EnterprisesNetwork Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for EnterprisesSandeep Yadav
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 

What's hot (16)

Paper4
Paper4Paper4
Paper4
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.com
 
gas_company_PT
gas_company_PTgas_company_PT
gas_company_PT
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
Third party datasecurity assurance questionnaire
Third party datasecurity assurance questionnaireThird party datasecurity assurance questionnaire
Third party datasecurity assurance questionnaire
 
Trackment
TrackmentTrackment
Trackment
 
Patch Management Best Practices 2019
Patch Management Best Practices 2019Patch Management Best Practices 2019
Patch Management Best Practices 2019
 
Are You Prepared For More High-Impact Vulnerabilties?
Are You Prepared For More High-Impact Vulnerabilties?Are You Prepared For More High-Impact Vulnerabilties?
Are You Prepared For More High-Impact Vulnerabilties?
 
Thinking of choosing Sophos?
Thinking of choosing Sophos?Thinking of choosing Sophos?
Thinking of choosing Sophos?
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
 
Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118Healthcare It Security Necessity Wp101118
Healthcare It Security Necessity Wp101118
 
Patch management policy_final
Patch management policy_finalPatch management policy_final
Patch management policy_final
 
Network Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for EnterprisesNetwork Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for Enterprises
 
OPERATING SYSTEM
OPERATING SYSTEMOPERATING SYSTEM
OPERATING SYSTEM
 
operating system
operating systemoperating system
operating system
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 

Similar to Introduction to Computer Security Concepts

The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Jack Shaffer
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxmalbert5
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfssuserc1c354
 
Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsEMMAIntl
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 
Get to zero stealth natural gas_executive_overview_ch
Get to zero stealth natural gas_executive_overview_chGet to zero stealth natural gas_executive_overview_ch
Get to zero stealth natural gas_executive_overview_chSherid444
 
security and ethical challenges
security and ethical challengessecurity and ethical challenges
security and ethical challengesVineet Dubey
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environmentsamiable_indian
 
Csec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comCsec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comamaranthbeg72
 
Csec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comCsec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comamaranthbeg92
 
Csec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comCsec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comamaranthbeg112
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data LeakagePatty Buckley
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Report on Software Vulnerabilities in the financial industry
Report on Software Vulnerabilities in the financial industryReport on Software Vulnerabilities in the financial industry
Report on Software Vulnerabilities in the financial industryChandrak Trivedi
 

Similar to Introduction to Computer Security Concepts (20)

The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16
 
Power station monitoring and cyber security
Power station monitoring and cyber securityPower station monitoring and cyber security
Power station monitoring and cyber security
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdf
 
Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and Applications
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 
Get to zero stealth natural gas_executive_overview_ch
Get to zero stealth natural gas_executive_overview_chGet to zero stealth natural gas_executive_overview_ch
Get to zero stealth natural gas_executive_overview_ch
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
security and ethical challenges
security and ethical challengessecurity and ethical challenges
security and ethical challenges
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
Csec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comCsec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.com
 
Csec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comCsec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.com
 
Csec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comCsec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.com
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
 
Report on Software Vulnerabilities in the financial industry
Report on Software Vulnerabilities in the financial industryReport on Software Vulnerabilities in the financial industry
Report on Software Vulnerabilities in the financial industry
 

More from Attaporn Ninsuwan

Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsAttaporn Ninsuwan
 
Techniques for data hiding p
Techniques for data hiding pTechniques for data hiding p
Techniques for data hiding pAttaporn Ninsuwan
 
Stop badware infected_sites_report_062408
Stop badware infected_sites_report_062408Stop badware infected_sites_report_062408
Stop badware infected_sites_report_062408Attaporn Ninsuwan
 
Steganography past-present-future 552
Steganography past-present-future 552Steganography past-present-future 552
Steganography past-present-future 552Attaporn Ninsuwan
 
Chapter5 - The Discrete-Time Fourier Transform
Chapter5 - The Discrete-Time Fourier TransformChapter5 - The Discrete-Time Fourier Transform
Chapter5 - The Discrete-Time Fourier TransformAttaporn Ninsuwan
 
Chapter4 - The Continuous-Time Fourier Transform
Chapter4 - The Continuous-Time Fourier TransformChapter4 - The Continuous-Time Fourier Transform
Chapter4 - The Continuous-Time Fourier TransformAttaporn Ninsuwan
 
Chapter3 - Fourier Series Representation of Periodic Signals
Chapter3 - Fourier Series Representation of Periodic SignalsChapter3 - Fourier Series Representation of Periodic Signals
Chapter3 - Fourier Series Representation of Periodic SignalsAttaporn Ninsuwan
 
Chapter2 - Linear Time-Invariant System
Chapter2 - Linear Time-Invariant SystemChapter2 - Linear Time-Invariant System
Chapter2 - Linear Time-Invariant SystemAttaporn Ninsuwan
 

More from Attaporn Ninsuwan (20)

J query fundamentals
J query fundamentalsJ query fundamentals
J query fundamentals
 
Jquery enlightenment
Jquery enlightenmentJquery enlightenment
Jquery enlightenment
 
Jquery-Begining
Jquery-BeginingJquery-Begining
Jquery-Begining
 
Br ainfocom94
Br ainfocom94Br ainfocom94
Br ainfocom94
 
Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer Forensics
 
Techniques for data hiding p
Techniques for data hiding pTechniques for data hiding p
Techniques for data hiding p
 
Stop badware infected_sites_report_062408
Stop badware infected_sites_report_062408Stop badware infected_sites_report_062408
Stop badware infected_sites_report_062408
 
Steganography past-present-future 552
Steganography past-present-future 552Steganography past-present-future 552
Steganography past-present-future 552
 
Ch03-Computer Security
Ch03-Computer SecurityCh03-Computer Security
Ch03-Computer Security
 
Ch02-Computer Security
Ch02-Computer SecurityCh02-Computer Security
Ch02-Computer Security
 
Ch8-Computer Security
Ch8-Computer SecurityCh8-Computer Security
Ch8-Computer Security
 
Ch7-Computer Security
Ch7-Computer SecurityCh7-Computer Security
Ch7-Computer Security
 
Ch6-Computer Security
Ch6-Computer SecurityCh6-Computer Security
Ch6-Computer Security
 
Ch06b-Computer Security
Ch06b-Computer SecurityCh06b-Computer Security
Ch06b-Computer Security
 
Ch5-Computer Security
Ch5-Computer SecurityCh5-Computer Security
Ch5-Computer Security
 
Ch04-Computer Security
Ch04-Computer SecurityCh04-Computer Security
Ch04-Computer Security
 
Chapter5 - The Discrete-Time Fourier Transform
Chapter5 - The Discrete-Time Fourier TransformChapter5 - The Discrete-Time Fourier Transform
Chapter5 - The Discrete-Time Fourier Transform
 
Chapter4 - The Continuous-Time Fourier Transform
Chapter4 - The Continuous-Time Fourier TransformChapter4 - The Continuous-Time Fourier Transform
Chapter4 - The Continuous-Time Fourier Transform
 
Chapter3 - Fourier Series Representation of Periodic Signals
Chapter3 - Fourier Series Representation of Periodic SignalsChapter3 - Fourier Series Representation of Periodic Signals
Chapter3 - Fourier Series Representation of Periodic Signals
 
Chapter2 - Linear Time-Invariant System
Chapter2 - Linear Time-Invariant SystemChapter2 - Linear Time-Invariant System
Chapter2 - Linear Time-Invariant System
 

Recently uploaded

EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.arsicmarija21
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 

Recently uploaded (20)

ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 

Introduction to Computer Security Concepts

  • 1. 1 241-427-SV-2-2553-COE-PSU 1 241-427 Computer Security Chapter I: Introduction Dr. Sangsuree Vasupongayya 241-427-SV-2-2553-COE-PSU 2 A Brief History of the World 241-427-SV-2-2553-COE-PSU 3 Why do we need security? Protect vital information while still allowing access to those who need it Trade secrets, medical records, etc. Provide authentication and access control for resources Ex: AFS Guarantee availability of resources Ex: 5 9’s (99.999% reliability)
  • 2. 2 241-427-SV-2-2553-COE-PSU 4 Who is vulnerable? Financial institutions and banks Internet service providers Pharmaceutical companies Government and defense agencies Contractors to various government agencies Multinational corporations ANYONE ON THE NETWORK 241-427-SV-2-2553-COE-PSU 5 Common security attacks Finding a way into the network Firewalls Exploiting software bugs, buffer overflows Intrusion Detection Systems Denial of Service Ingress filtering, IDS TCP hijacking IPSec Packet sniffing Encryption (SSH, SSL, HTTPS) Social problems Education 241-427-SV-2-2553-COE-PSU 6 Basic Components Confidentiality Keeping data and resources hidden Integrity Data integrity (integrity) Origin integrity (authentication) Availability Enabling access to data and resources
  • 3. 3 241-427-SV-2-2553-COE-PSU 7 Goals of Security Prevention Prevent attackers from violating security policy Detection Detect attackers’ violation of security policy Recovery Stop attack, assess and repair damage Continue to function correctly even if attack succeeds 241-427-SV-2-2553-COE-PSU 8 Trust and Assumptions Underlie all aspects of security Policies Unambiguously partition system states Correctly capture security requirements Mechanisms Assumed to enforce policy Support mechanisms work correctly 241-427-SV-2-2553-COE-PSU 9 Assurance Specification Requirements analysis Statement of desired functionality Design How system will meet specification Implementation Programs/systems that carry out design
  • 4. 4 241-427-SV-2-2553-COE-PSU 10 Security standards ISO ISO 17799, ISO 27002, ISO 27001 NIST NIST SP 800-12, NIST SP 800-14, NIST SP 800-18, NIST SP 800-26, NIST SP 800-30 In Thailand http://www.mict.go.th/ พ.ร.บ.วาดวยการกระทําผิดเกี่ยวกับคอมพิวเตอร พ.ศ. 2550 พ.ร.บ. วาดวยธุรกรรมทางอิเล็กทรอนิกส พ.ศ. 2554 (on going) 241-427-SV-2-2553-COE-PSU 11 Operational Issues Cost-Benefit Analysis Is it cheaper to prevent or recover? Risk Analysis Should we protect something? How much should we protect this thing? Laws and Customs Are desired security measures illegal? Will people do them? 241-427-SV-2-2553-COE-PSU 12 Human Issues Organizational Problems Power and responsibility Financial benefits People problems Outsiders and insiders Social engineering
  • 5. 5 241-427-SV-2-2553-COE-PSU 13 Key Points Policy defines security, and mechanisms enforce security Confidentiality Integrity Availability Trust and knowing assumptions Importance of assurance The human factor 241-427-SV-2-2553-COE-PSU 14 Client-side Security Doesn’t Work Client-side: a computer that the user has control over and can do whatever he/she like with it Client-side security: some sort of security mechanism that is being enforced solely on the client Problem: a person has absolute control over it E.g., a software package that tries to limit its use in some way Debuggers, disassembles, hex editors, operating system modification, monitoring systems, unlimited copies of the software Conclusion: cannot maintain trusted software running on an untrusted machine 241-427-SV-2-2553-COE-PSU 15 Viruses and Trojans Viruses and Trojans cannot be 100 percent protected against Virus replicates and requires other programs to attach to Trojan horse pretend to be something else Usually attached to a program you wanted, or arrived on media you inserted How does antivirus software work? Before program execution can take place, the antivirus software will scan the program or media for “bad things” “bad things” based on signature files that are hopefully unique to a particular virus or trojan Usually signature files can be produced based on a seen virus or trojan Delay in getting new virus information
  • 6. 6 241-427-SV-2-2553-COE-PSU 16 Firewalls Firewalls cannot protect you 100% from attack Sits between internal network and the rest of the network and attempts to prevent bad things from happening without preventing food things from happening allow some kinds of traffic, while stopping others Difficulties The firewall administrators can’t very easily limit traffic to exactly the type they would like Attacks Social engineering via email (e.g., Melissa virus) Attack the firewall directly 241-427-SV-2-2553-COE-PSU 17 241-427-SV-2-2553-COE-PSU 18 Spam Statistics Email considered Spam 40% of all email Daily Spam emails sent 12.4 billion Daily Spam received per person 6 Annual Spam received per person 2,200 Spam cost to all non-corp. Internet users $255 million Spam cost to all U.S. Corporations in 2002 $8.9 billion Email address changes due to Spam 16% Estimated Spam increase by 2007 63% Annual Spam in 1,000 employee company 2.1 million Users who reply to Spam email 28% Users who purchased from Spam email 8% Corporate email that is considered Spam 15-20% Wasted corporate time per Spam email 4-5 seconds http://spam-filter-review.toptenreviews.com/spam-statistics.html
  • 7. 7 241-427-SV-2-2553-COE-PSU 19 Open Problems in Security Definition of metrics to assess the security of a system or protocol. Formal methods to verify the security of a system. Realistic models of adversaries. Emergency preparedness and response. Development of secure protocols and systems. (Scalability and efficiency.) Need to bridge the huge gap between cryptographers and systems designers/developers. Scarcity of professionals in the area. Lack of basic training in the area of security. 241-427-SV-2-2553-COE-PSU 20 References Justin Weisz, “Network Security”, Lecture slides, Fall 2002. Matt Bishop, “Introduction to Computer Security”, 2004.