Introduction to Computer Security Lecture PDF

Summary

This document is a lecture on computer security. It introduces fundamental computer security concepts, including threats, attacks, and the principles of confidentiality, integrity, and availability. This document also describes the different types of attacks and strategies for handling them.

Full Transcript

Introduction to Computer Security by Dr. Mohamed Abdel Hameed Computer Science Dept. Lecture 1 Lecture Rules Course contents  Part 1: Introduction  Computer Security Concepts  Threats, Attacks and Assets.  Security Functional Requirement...

Introduction to Computer Security by Dr. Mohamed Abdel Hameed Computer Science Dept. Lecture 1 Lecture Rules Course contents  Part 1: Introduction  Computer Security Concepts  Threats, Attacks and Assets.  Security Functional Requirements  Fundamental Security Design Principles  Attack Surfaces and Attack Trees  Computer Security Strategy Course contents  Part 2: Computer Security Technology and Principles  Cryptographic Tools  User Authentication  Access Control  Database and Cloud Security  Malicious Software  Denial-of-Service Attacks  Intrusion Detection  Firewalls and Intrusion Prevention Systems  Part 3: Software Security and Trusted Systems.  Part 4: Management Issues Objectives The focus of this chapter on three fundamental questions: - What assets do we need to protect? - How are those assets threatened? - What can we do to counter those threats? What is Computer Security? This definition introduces three key objectives that are at the heart of computer security: Confidentiality: This term covers two related concepts: — Data confidentiality. — Privacy Integrity: This term covers two related concepts: — Dataintegrity — System integrity. Availability: Ensuring timely and reliable access to use the information. What is Computer Security? The protection afforded to an automated information system to achieve objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications). Computer Security Concepts Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and secure information. - A loss of confidentiality is the unauthorized disclosure(detection) of information. Integrity: A loss of integrity is the unauthorized modification or destruction of information. Availability: Ensuring timely and reliable access to use the information. Computer Security Concepts Computer Security Challenges 1. Not simple- easy to get it wrong. 2. Must consider potential attacks. 3. Involve algorithms and secret info. 4. Must decide where to deploy mechanisms. 5. Battle of wits between attacker / admin. 6. Requires regular monitoring. Aspects of Security  Consider 3 aspects of information security:  security attack.  security mechanism (control).  security service.  Note terms  Threat – a possibility for infraction of security.  Vulnerability – a way by which loss of data can be happened.  Attack – involves an attempt to obtain, alter, destroy, remove or reveal important information without authorized access or permission. Passive Attack: Interception Passive Attack: Traffic Analysis Observe traffic pattern Active Attack: Interruption Block delivery of message Active Attack: Fabrication Fabricate message Active Attack: Replay Active Attack: Modification Modify message Handling Attacks  Passive attacks – focus on Prevention Easy to stop Hard to detect  Active attacks – focus on Detection and Recovery Hard to stop Easy to detect Vulnerabilities and Attacks System resource vulnerabilities may - be corrupted (loss of integrity) - become leaky (loss of confidentiality) - become unavailable (loss of availability) Attacks are threats carried out and may be - passive - active - insider - outsider Attacks Attack is a threat that is carried out. We can distinguish two type of attacks: Active attack: attempts to alter system resources or affect their operation Passive attack: attempts to learn or make use of information from the system but does not affect system resources We can also classify attacks based on the origin of the attack: - Inside attack: Initiated by an entity inside the security perimeter (an "insider) - Outside attack: Initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an "outsider"). Countermeasures Countermeasures: is used to deal with security attacks. - prevent - detect - recover May result in new vulnerabilities. Will have residual vulnerability. Goal is to minimize risk given constraints. Network Security Attacks Classify as passive or active. Passive attacks are eavesdropping. - release of message contents - traffic analysis - hard to detect, so the aim to prevent. Active attacks modify/fake data. - masquerade - replay - modification - denial of service - hard to prevent, so the aim to detect. Passive and Active Attacks Passive Attack Active Attack Attempts to learn or make use Attempts to alter system of information from the resources or affect their system but does not affect operation system resources Involve some modification of the Eavesdropping on, or data stream or the creation of a false stream monitoring of, transmissions Four categories: Goal of attacker is to obtain - Replay information that is being transmitted - Masquerade - Modification of messages Two types: - Denial of service - Release of message contents - Traffic analysis Active Attacks Active attacks involve modification of data stream or creation of false data: - Masquerade - when one entity pretends to be another. - Replay passive capture of data and subsequent retransmission. - Modification of messages a legitimate message is altered, delayed or reordered. - Denial of service (DoS) prevents or inhibits the normal use or management of communications facilities, or the disruption of an entire network. Active attacks present the opposite characteristics of passive attacks. Computer and Network Assets, with Examples of Threats Availability Confidentiality Integrity Equipment is stolen or An unencrypted CD- Hardware disabled, thus denying ROM or DVD is stolen. service. A working program is modified, either to Programs are deleted, An unauthorized copy cause it to fail during Software denying access to users. of software is made. execution or to cause it to do some unintended task. An unauthorized read of data is performed. Existing files are Files are deleted, Data An analysis of modified or new files denying access to users. statistical data reveals are fabricated. underlying data. Messages are destroyed Messages are modified, Communication or deleted. Messages are read. The delayed, reordered, or Lines and Communication lines traffic pattern of duplicated. False Networks or networks are messages is observed. messages are rendered unavailable. fabricated. Security Functional Requirements Technical measures: - access control; identification & authentication; system & communication protection; system & information integrity Management controls and procedures: - awareness & training; audit & accountability; certification, accreditation, & security assessments; contingency planning; maintenance; physical & environmental protection; planning; personnel security; risk assessment; systems & services acquisition Overlapping technical and management: - configuration management; incident response; media protection Security Technologies Used Computer Security Strategy Computer Security Strategy Cont. Specification/policy - what is the security scheme supposed to do? - codify in policy and procedures Implementation/mechanisms - how does it do it? - prevention, detection, response, recovery Correctness/assurance - does it really work? - assurance, evaluation Evaluation - Process of examining a computer product or system with respect to certain criteria Model for Network Security Model for Network Access Security Model for Network Security Cont.  Using this model requires us to: 1. Design a suitable algorithm for the security transformation. 2. Generate the secret information (keys) used by the algorithm. 3. Develop methods to distribute and share the secret information. 4. Specify a protocol enabling the principals to use the transformation and secret information for a security service. 33

Use Quizgecko on...
Browser
Browser