Computer Security Lecture Slides - King Saud University

COMPUTER SECURITY 2021- Computer Science and Health 2022 Informatics Objectives  Explain the three cornerstones of information security.  Describe the three types of authentication credentials.  Define the categories of malware.  List the types of security attacks.  Define cryptography. PRESENTATION TITLE 2 Information Security  information security, the set of techniques and policies enforced by an organization or individual to ensure proper access to protected data. Information security makes certain that data cannot be read or modified by anyone without the proper authorization, and that the data will be available when needed to those who do.  Information security is technically distinct from cyber security, which is the ability to protect or defend the use of cyberspace (resources accessible on the Internet) from attack.  However, because most Information is stored electronically on devices that are accessible via the Internet, the two concepts overlap significantly, and the terms are sometimes used interchangeably. PRESENTATION TITLE 3 The three cornerstones of information security  Information security can be described as the synthesis of confidentiality, integrity, and availability—the so- called CIA triad  Any good solution to the information security problem must adequately address each of these issues. PRESENTATION TITLE 4 CIA Confidentiality is ensuring that key data remains protected from unauthorized access. For example, you don’t want just anyone to be able to learn how much money you have in your savings account. PRESENTATION TITLE 5 CIA Integrity is ensuring that data can be modified only by appropriate mechanisms. It defines the level of trust you can have in the information. You don’t want a hacker to be able to modify your bank balance, of course, but you also don’t want a teller (who has authorized access) to modify your balance in inappropriate ways and without your approval. PRESENTATION TITLE 6 CIA Availability is the degree to which authorized users can access appropriate information for legitimate purposes when needed. Even if data is protected, it isn’t useful if you can’t get to it. For example , a hacker could launch an attack that “floods” a network with useless transmissions, and thereby keep legitimate users from connecting to remote systems. PRESENTATION TITLE 7 Preventing Unauthorized Access  One of the most obvious security issues from the user’s perspective is keeping other people from accessing your accounts and information.  User authentication: The process of verifying the credentials of a particular user of a computer or software system  Authentication credentials : Information users provide to identify themselves.  There are three general types of authentication credentials 1. Something a user knows (user authentication), such as a username and password, a personal identification number (PIN), or a combination of these items. PRESENTATION TITLE 8 Preventing Unauthorized Access 2.Something the user has, such as an identification card with a magnetic strip or a smart card that contains an embedded memory chip. This approach is more complex to administer, and often requires special hardware, but is generally considered more secure than the first. PRESENTATION TITLE 9 Preventing Unauthorized Access  3. Something based on the user biometrics, which are related to what a person is physiologically. Examples of biometrics include the analysis of fingerprints, retina pattern, or voice pattern. This approach is the most expensive to implement PRESENTATION TITLE 10 Other authentication techniques  CAPTCHA software is designed to present a problem easy enough for all humans to solve but difficult for an automated program to complete  Most modern CAPTCHA techniques involve presenting the user with an image of a word, phrase, or string of characters and then asking the user to type them in. The image of the word is theoretically easy to decipher by a human but distorted in various ways to make it difficult for a program to “read” the word PRESENTATION TITLE 11 Malicious Code  Malicious code (malware) is any program that attempts to bypass appropriate authorization safeguards and/or perform unauthorized functions.  Such code is transferred to a computer across a network or from removable media such as USB memory sticks.  Malicious code may cause serious damage, such as the destruction of data, or it may merely create a nuisance, such as popping up unwanted messages. PRESENTATION TITLE 12 Categories of malware  There are many categories of malicious code 1.Virus : is a program that embeds a copy of itself in another program. This “infected” file is referred to as the virus host. When the host is executed, the virus code runs as well. a virus tends to cause problems on a particular computer by corrupting or deleting files 2. Worm is self-replicating, like a virus, but does not require a host program to infect. The worm runs as a stand-alone program. A worm tends to cause problems on the networks it uses to send copies of itself to other systems, often by consuming bandwidth.. PRESENTATION TITLE 13 categories of malware. 3. Trojan horse is a program that appears to be helpful in some way, but actually causes some kind of problem when executed. Even while the program is running, it may appear to the user as a reliable resource, which makes it difficult to track down.  Like a worm, a Trojan horse is a stand-alone program.  Like a virus, it tends to cause problems on the computer on which it is executing. 4. logic bomb, which is malicious code that executes when a specific system-oriented event occurs. It is often set to execute on a certain date and time, such as Friday the 13th, but it could be triggered by many kinds of events. PRESENTATION TITLE 14 security attacks 1. Password guessing An attempt to gain access to a computer system by methodically trying to determine a user’s password 2. Phishing is a technique that uses a web page that looks like an official part of some trusted environment, but is actually a page designed to collect key information such as usernames and passwords. 3. Spoofing An attack on a computer system in which a malicious user masquerades as an PRESENTATION TITLE 15 authorized user security attacks 4. Back door A program feature that gives special and unauthorized access to a software system to anyone who knows it exists 5. Denial of service An attack on a network resource that prevents authorized users from accessing the system 6. A man in-the-middle is an attack occurs when someone has access to the communication path at some point in the network and “listens,” usually with the help of a program, to the traffic as it goes by. The goal is to intercept key information, such as a password being transmitted as part of an email message. PRESENTATION TITLE 16 Cryptography.  Cryptography The field of study related to encoded information  Encryption is the process of converting plain text into a form that is unreadable, called ciphertext.  Decryption reverses this process, translating ciphertext into plaintext.  A cipher is an algorithm used to perform a particular type of encryption and decryption. PRESENTATION TITLE 17 Question In each WhatsApp conversation, you see the following “ messages and calls are end to end encrypted. No one outside of this chat can read or listen to them” which security attack of the following is prevented using this technique? A. Phishing B. Man in the middle C. Denials of service D. CAPTCHA Which of the following is correct on regard to virus and worm? E. Virus is a standalone program while worm is not F. Worm is a standalone program while virus is not G. Virus tends to cause problems in the network H. Worm tends to cause problems in the infected computer only PRESENTATION TITLE 18 PRESENTATION TITLE 19

Computer Security Lecture Slides - King Saud University

Document Details

Tags

Related

Summary

Full Transcript