Introduction To Computer Security Lecture 1 PDF

Introduction to Computer Security by Dr. Mohamed Abdel Hameed Computer Science Dept. Lecture 1 Lecture Rules Course contents  Part 1: Introduction  Computer Security Concepts  Threats, Attacks and Assets.  Security Functional Requirements  Fundamental Security Design Principles  Attack Surfaces and Attack Trees  Computer Security Strategy Course contents  Part 2: Computer Security Technology and Principles  Cryptographic Tools  User Authentication  Access Control  Database and Cloud Security  Malicious Software  Denial-of-Service Attacks  Intrusion Detection  Firewalls and Intrusion Prevention Systems  Part 3: Software Security and Trusted Systems.  Part 4: Management Issues Objectives The focus of this chapter on three fundamental questions: What assets do we need to protect? How are those assets threatened? What can we do to counter those threats? What is Computer Security? This definition introduces three key objectives that are at the heart of computer security: Confidentiality: This term covers two related concepts: — Data confidentiality. — Privacy Integrity: This term covers two related concepts: — Data integrity — System integrity. Availability: Ensuring timely and reliable access to use the information. What is Computer Security? Computer Security Concepts Computer Security Concepts Computer Security Challenges 1. Not simple- easy to get it wrong. 2. Must consider potential attacks. 3. Involve algorithms and secret info. 4. Must decide where to deploy mechanisms. 5. Battle of wits between attacker / admin. 6. Requires regular monitoring. Aspects of Security  Consider 3 aspects of information security:  security attack.  security mechanism (control).  security service.  Note terms  Threat – a possibility for infraction of security.  Vulnerability – a way by which loss of data can be happened.  Attack – involves an attempt to obtain, alter, destroy, remove or reveal important information without authorized access or permission. Passive Attack: Interception Passive Attack: Traffic Analysis Observe traffic pattern Active Attack: Interruption Block delivery of message Active Attack: Fabrication Fabricate message Active Attack: Replay Active Attack: Modification Modify message Handling Attacks  Passive attacks – focus on Prevention Easy to stop Hard to detect  Active attacks – focus on Detection and Recovery Hard to stop Easy to detect Vulnerabilities and Attacks System resource vulnerabilities may be corrupted (loss of integrity) become leaky (loss of confidentiality) become unavailable (loss of availability) Attacks are threats carried out and may be passive active insider outsider Attacks Attack is a threat that is carried out. We can distinguish two type of attacks: Active attack: attempts to alter system resources or affect their operation Passive attack: attempts to learn or make use of information from the system but does not affect system resources We can also classify attacks based on the origin of the attack: Inside attack: Initiated by an entity inside the security perimeter (an "insider) Outside attack: Initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an "outsider"). Countermeasures Countermeasures: is used to deal with security attacks. prevent detect recover May result in new vulnerabilities. Will have residual vulnerability. Goal is to minimize risk given constraints. Network Security Attacks Classify as passive or active. Passive attacks are eavesdropping. release of message contents traffic analysis hard to detect, so the aim to prevent. Active attacks modify/fake data. masquerade replay modification denial of service hard to prevent, so the aim to detect. Passive and Active Attacks Passive Attack Active Attack Attempts to learn or make use Attempts to alter system of information from the resources or affect their system but does not affect operation system resources Involve some modification of the data stream or the creation of a Eavesdropping on, or false stream monitoring of, transmissions Four categories: Goal of attacker is to obtain Replay information that is being Masquerade transmitted Modification of messages Two types: Denial of service Release of message contents Traffic analysis Active Attacks Active attacks involve modification of data stream or creation of false data: Masquerade - when one entity pretends to be another. Replay passive capture of data and subsequent retransmission. Modification of messages a legitimate message is altered, delayed or reordered. Denial of service (DoS) prevents or inhibits the normal use or management of communications facilities, or the disruption of an entire network. Active attacks present the opposite characteristics of passive attacks. Computer and Network Assets, with Examples of Threats Security Functional Requirements Technical measures: access control; identification & authentication; system & communication protection; system & information integrity Management controls and procedures: awareness & training; audit & accountability; certification, accreditation, & security assessments; contingency planning; maintenance; physical & environmental protection; planning; personnel security; risk assessment; systems & services acquisition Overlapping technical and management: configuration management; incident response; media protection Security Technologies Used Computer Security Strategy Computer Security Strategy Cont. Specification/policy what is the security scheme supposed to do? codify in policy and procedures Implementation/mechanisms how does it do it? prevention, detection, response, recovery Correctness/assurance does it really work? assurance, evaluation Evaluation Process of examining a computer product or system with respect to certain criteria Model for Network Security Model for Network Access Security Model for Network Security Cont.  Using this model requires us to: 1. Design a suitable algorithm for the security transformation. 2. Generate the secret information (keys) used by the algorithm. 3. Develop methods to distribute and share the secret information. 4. Specify a protocol enabling the principals to use the transformation and secret information for a security service. 33

Introduction To Computer Security Lecture 1 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue