Security in Computing, 5th Edition Chapter 1: Introduction PDF

Summary

This document is chapter 1 of the 'Security in Computing' book's 5th edition, covering fundamental concepts in computer security. It introduces computer security terms, the CIA triad, and various types of threats and controls. The document provides an overview of security in computer systems.

Full Transcript

1

SECURITY IN
COMPUTING,
FIFTH EDITION
Chapter 1: Introduction

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 2

Objectives for Chapter 1
Define computer security as well as basic computer
security terms
Introduce the C-I-A Triad
Introduce basic access control terminology
Explain basic threats, vulnerabilities, and attacks
Show how controls map to threats

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 3

What Is Computer Security?
The protection of the assets of a computer
system
Hardware
Software
Data

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 4

Assets

Hardware: Software: Data:
Computer Operating system Documents
Devices (disk Utilities (antivirus) Photos
drives, memory, Commercial Music, videos
printer) applications (word Email
Network gear processing, photo Class projects
editing)
Individual applications
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 5

Values of Assets

Off the shelf;
easily replaceable

Hardware: Software: Data:
Computer Operating system Documents
Devices (disk Utilities (antivirus) Photos
drives, memory, Commercial Music, videos
printer) applications (word Email
Network gear processing, photo Class projects
editing)
Individual
Unique; irreplaceable
applications

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 6

Basic Terms
Vulnerability
Threat
Attack
Countermeasure or control

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 7

Threat and Vulnerability

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 8

C-I-A Triad
Confidentiality
Integrity
Availability
Sometimes two other desirable characteristics:
Authentication
Nonrepudiation

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 9

Access Control
Policy:
Who + What + How = Yes/No

Object
Mode of access (what)
Subject (how)
(who)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 10

Types of Threats
Threats

Natural Human
causes causes

Examples: Fire,
Benign Malicious
power failure
intent intent

Example:
Human error

Random Directed

Example: Malicious Example:
code on a general Impersonation
web site

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 11

Advanced Persistent Threat (APT)
Organized
Directed
Well financed
Patient
Silent

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 12

Types of Attackers
Terrorist

Criminal-
Hacker
for-hire

Loosely
Individual connected
group

Organized
crime member

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 13

Types of Harm

Interception Interruption

Modification Fabrication

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 14

Method—Opportunity--Motive
Opportunity

Motive

Method

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 15

Controls/Countermeasures
Kind of Threat

ot

ot
ot

/n

n
/n

us

d/
an

e
io

ct
um

ic

ire
al
H

D

Physical
M

Procedural
Confidentiality

Technical
Protects
Integrity

e
yp
Availability

lT
ro
nt
Co
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 16

Different Types of Controls
Preemption
System Perimeter

External Internal System
Prevention Prevention Resource

Detection

Intrusion OIIIO
Attempts IIOIO Response

Deflection

External Internal
Deterrence Deterrence Faux
Environment

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 17

Summary
Vulnerabilities are weaknesses in a system; threats
exploit those weaknesses; controls protect those
weaknesses from exploitation
Confidentiality, integrity, and availability are the three
basic security primitives
Different attackers pose different kinds of threats based
on their capabilities and motivations
Different controls address different threats; controls come
in many flavors and can exist at various points in the
system

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.