Computer fundamentals Computer fundamentals Security www Assignment Point

  • Slides: 21
Download presentation
Computer fundamentals Computer fundamentals Security www. Assignment. Point. com

Computer fundamentals Computer fundamentals Security www. Assignment. Point. com

Objectives Computer fundamentals Computer fundamentals • Cover the fundamental issues in Computer, Data and

Objectives Computer fundamentals Computer fundamentals • Cover the fundamental issues in Computer, Data and Network Security www. Assignment. Point. com

Computer fundamentals Computer fundamentals • Discuss – Overview of computer security – Introduction to

Computer fundamentals Computer fundamentals • Discuss – Overview of computer security – Introduction to cryptography www. Assignment. Point. com

Information Systems Security Computer fundamentals Computer fundamentals • Deals with. . ØSecurity of end

Information Systems Security Computer fundamentals Computer fundamentals • Deals with. . ØSecurity of end systems Examples: Operating system, files in a host, records, databases, accounting information, logs, etc. ØSecurity of information in transit over a network Examples: e-commerce transactions, online banking, confidential e-mails, file transfers, record transfers, authorization messages, etc. www. Assignment. Point. com

Principles of computer security Computer fundamentals Computer fundamentals • Principle of easiest penetration: An

Principles of computer security Computer fundamentals Computer fundamentals • Principle of easiest penetration: An intruder must be expected to use any available means of penetration. The penetration may not necessarily be by the most obvious means, nor is it necessarily the one against which the most solid defense has been installed. • Principle of adequate protection: Computer items must be protected only until they lost their value. www. Assignment. Point. com

Some terminologies Computer fundamentals Computer fundamentals • Threat Ø Set of circumstances that has

Some terminologies Computer fundamentals Computer fundamentals • Threat Ø Set of circumstances that has the potential to cause loss or harm • Vulnerability Ø a weakness in the security system(in procedures, design and implementation) • Control Ø Some protective measures www. Assignment. Point. com

Computer fundamentals Computer fundamentals “A threat is blocked by control of vulnerabilities” www. Assignment.

Computer fundamentals Computer fundamentals “A threat is blocked by control of vulnerabilities” www. Assignment. Point. com

Types of threats Computer fundamentals Computer fundamentals • Interception v Un-authorized party gained access

Types of threats Computer fundamentals Computer fundamentals • Interception v Un-authorized party gained access to an asset. • For example, v Illegal copying of program or data. v Wiretapping to obtain data in a network. www. Assignment. Point. com

Types of threats Computer fundamentals Computer fundamentals • Interruption – an asset of the

Types of threats Computer fundamentals Computer fundamentals • Interruption – an asset of the system become lost, unavailable or unusable. For example, • Hardware failure • Operating system malfunction • Erasure of a program or data file www. Assignment. Point. com

Types of threats Computer fundamentals Computer fundamentals • Modification: Not only an-authorized access, but

Types of threats Computer fundamentals Computer fundamentals • Modification: Not only an-authorized access, but tampers with an asset. For example, Ø Alteration of data www. Assignment. Point. com

Types of threats Computer fundamentals Computer fundamentals • Fabrication: – Addition of imaginary in

Types of threats Computer fundamentals Computer fundamentals • Fabrication: – Addition of imaginary in information to a system by an un authorized party. For example, Ø addition of a record to an existing database www. Assignment. Point. com

MOM Computer fundamentals Computer fundamentals • What does an attacker have? ü Method—sufficient skill,

MOM Computer fundamentals Computer fundamentals • What does an attacker have? ü Method—sufficient skill, tools and knowledge to initiate an attack ü Opportunity– Time and access to accomplish the attack ü Motive– Why he wants to do that? Must have a reason. www. Assignment. Point. com

Security goals(CIA) Computer fundamentals Computer fundamentals • Confidentiality: Ø Keeping data and resources secret

Security goals(CIA) Computer fundamentals Computer fundamentals • Confidentiality: Ø Keeping data and resources secret or hidden. (secrecy or privacy) Ø Only authorized party can access information. Ø access does not mean write but allows to read, view or print information. www. Assignment. Point. com

Security goals(CIA) Computer fundamentals Computer fundamentals q Integrity: v Assets can be modified only

Security goals(CIA) Computer fundamentals Computer fundamentals q Integrity: v Assets can be modified only by authorized parties or only in authorized ways. v Modification includes writing, deleting, creating, changing etc. q Availability: v Ensuring authorized access to data and resources when desired www. Assignment. Point. com

Security goals(additional) Computer fundamentals Computer fundamentals • Authenticity : Ø ensures that the sender

Security goals(additional) Computer fundamentals Computer fundamentals • Authenticity : Ø ensures that the sender of a message is correctly identified, with an assurance that the identity is not false. • Non-repudiation: Ø ensures that neither the sender nor the receiver of a message can deny afterwards that it was not he, who send or receive the message. Ø So, Non-repudiation services provide unforgivable evidence that a specific action has occurred www. Assignment. Point. com

Vulnerabilities Computer fundamentals Computer fundamentals • Always look for the vulnerabilities that can be

Vulnerabilities Computer fundamentals Computer fundamentals • Always look for the vulnerabilities that can be the obstacles to reach the security goals • Exist in all three major categories of system resources… – Hardware vulnerabilities – Software vulnerabilities – Data vulnerabilities www. Assignment. Point. com

Hardware vulnerabilities Computer fundamentals Computer fundamentals • Hardware always exposed • Very easy to

Hardware vulnerabilities Computer fundamentals Computer fundamentals • Hardware always exposed • Very easy to occurs Examples. . Ø add/remove devices Ø physically drenched with water Ø dust and ash from cigarette smoke Ø voluntary machine slaughter www. Assignment. Point. com

Software vulnerabilities Computer fundamentals Computer fundamentals • Software can be replaced, destroys maliciously, changed,

Software vulnerabilities Computer fundamentals Computer fundamentals • Software can be replaced, destroys maliciously, changed, modified, deleted, because of its vulnerabilities. Example—In a banking software, monthly interest on an account is calculated as $14. 5467. But, software credits it as $14. 54 and ignores $. 0067. what can be the result if an attacker modifies this software? www. Assignment. Point. com

Software vulnerabilities Computer fundamentals Computer fundamentals q Software deletion: Ø Easy to delete Ø

Software vulnerabilities Computer fundamentals Computer fundamentals q Software deletion: Ø Easy to delete Ø Accidental erasure of a file q Software modification : Ø modifications cause software to fail or do unintended task Ø Various categories of software modification includes Logic bomb, Trojan horse, virus, trapdoor etc. q Software theft : Ø piracy www. Assignment. Point. com

Data vulnerabilities Computer fundamentals Computer fundamentals • Confidentiality • Integrity • Availability www. Assignment.

Data vulnerabilities Computer fundamentals Computer fundamentals • Confidentiality • Integrity • Availability www. Assignment. Point. com

What is cyber law? Computer fundamentals Computer fundamentals • Cyber law encompasses a wide

What is cyber law? Computer fundamentals Computer fundamentals • Cyber law encompasses a wide legal issues related to the communications technology, property, privacy, freedom jurisdiction. variety of political and Internet and other including intellectual of expression, and www. Assignment. Point. com