Intro To Computing Lesson 5: Privacy and Security - PDF

Summary

This is a presentation on privacy and security concepts in computing, covering topics like computer security, different types of attacks like masquerades and denial of service, and the OSI security architecture.

Full Transcript

Lesson 5: Privacy
and Security
Topics
01 Computer Security

02 Privacy

03 Legal, Ethical, Health and
Environmental Issues in
Computing
Learning 1 2

Discuss the Comprehend the
Outcomes computer different types of
computer
security
attacks
concepts

3 4

Understand Recognize
the purpose of different types of
information malicious
privacy, and software and its
impact
1 Computer
Security

Computer Security is the protection afforded
to an automated information system in order to
attain the applicable objectives of preserving
the integrity, availability, and confidentiality of
information system resources including
hardware, software, firmware, information/data,
and telecommunications.
Three key objectives
Of Computer Security
1. Confidentiality
Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and
proprietary information. A loss of confidentiality is the unauthorized
disclosure of information. This term covers two related concepts.

a. Data confidentiality - Assures that private or confidential
information is not made available or disclosed to unauthorized individuals.
b. Privacy – Assures that individuals control or influence what
information related to them may be collected and stored and by whom
and to whom that information may be disclosed.
Three key objectives
Of Computer Security
2. Integrity
Guarding against improper information modification or destruction, including ensuring
information non-reputation and authenticity. A loss of integrity is the unauthorized
modification or destruction of information. This term covers two related concepts:

a. Data integrity. Assures that information (both stored and in transmitted packets)
and programs are changed only in a specified and authorized manner.

b. System integrity. Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized manipulation
of the system.
Three key objectives
Of Computer Security

3. Availability. Assures that systems work promptly and
services is not denied to authorized users. Ensuring timely
reliable access to and use of information. A loss of availability
is the disruption of access to or use of information or an
information system.
1. Authenticity. The property of being genuine and being able to verified and
trusted; confidence in the validity of a transmission, a message, or message
generator. This means verifying that users are who they say they are and that
each input arriving at the system came from a trusted source.

1. Accountability. The security goal that generates the requirement of actions of
an entity to be traced uniquely to that entity. This support non-repudiation,
deterrence, fault isolation, intrusion detection and prevention, and after-acting
recovery and legal action. Truly secure systems are not yet an achievable
goal, we must be able to trace a security breach to a responsible party.
The OSI Security
Architecture

The Open System Interconnect (OSI) security
architecture is used to assess effectively the security
needs of an organization and to evaluate and
choose various security products and policies.
The OSI Security
Architecture
The term THREATS AND ATTACKS are commonly used to mean
or less the same thing.

THREATS is a potential violation of security, which exists when
there is a circumstance, capability, action, or event that could
breach security and cause harm. a threat is a possible danger that
might exploit a vulnerability.

ATTACKS is an assault on system security that derives from an
intelligent threat; that is, an intelligent act that is a deliberate attempt
to evade security services and violate the security
 The OSI security architecture focuses on security attacks, security
mechanisms and security services.

1. SECURITY ATTACK Any action that compromises the security of
information owned by an organization. A useful means of classifying
security attacks is in terms of passive attacks and active attacks.

∙ Passive Attacks

A passive attack attempts to learn or make use of information from
the system but does not affect system resources. Passive attacks are in
the nature of spying on, or monitoring of, transmission. The goal of the
opponent is to obtain information that is being transmitted.
Two types of Passive attacks

A. Release of message contents. A telephone conversation, an
electronic mail message, and a transferred file may contain sensitive or
confidential information. We would like to prevent an opponent from
learning the contents of the transmissions. To easily understood look at
the image.
 Two types of Passive attacks

B. Traffic analysis. Supposed that we had a way of masking the contents of
messages or other information traffic so that opponents, even if they
captured the message, could not extract the information from the message.
Encryption is the common technique for masking contents. If we had
encryption protection, an opponent might still be able to observe the
pattern of the messages. The opponent could determine the location and
identify of communicating hosts and could observe the frequency and
length of messages being exchanged.
Two types of Passive attacks

2. ACTIVE ATTACKS Active attacks involve some modification of the
data stream of the creation of a false stream and can be subdivided into
four categories: masquerade, replay, modification of messages, and
denial of service.
Four Categories of Passive attacks

a. Masquarade - takes place when one entity pretends to be a
different entity. A masquerade attack usually includes one of the other
forms of active attack.
Two types of Passive attacks

2. ACTIVE ATTACKS Active attacks involve some modification of the
data stream of the creation of a false stream and can be subdivided into
four categories: masquerade, replay, modification of messages, and
denial of service.
Four Categories of Active attacks

a. Masquarade - This occurs when an attacker pretends to be an
authorized user or system by using a fake identity or by stealing
another user’s credentials. The attacker then gains access to
sensitive information or performs actions as if they were the
legitimate user.
Two types of Active attacks

2. ACTIVE ATTACKS Active attacks involve some modification of the
data stream of the creation of a false stream and can be subdivided into
four categories: masquerade, replay, modification of messages, and
denial of service.
Four Categories of Active attacks

b. Replay - In a replay attack, an attacker intercepts and then retransmits
a valid data transmission to deceive the recipient into believing it is
legitimate. This can be used to trick systems into performing actions
based on previous legitimate interactions.
 Four Categories of Active attacks

c. Modification of messages - This type of attack involves intercepting a
message and altering its content before sending it to the intended recipient.
This can be used to alter transactions, corrupt information, or cause the
recipient to take unintended actions..

d. Denial of Service (DoS): In a DoS attack, the attacker floods a network or
system with an overwhelming amount of traffic, making resources
unavailable to legitimate users. This can lead to a temporary or permanent
disruption of services.
THANK YOU
End of lesson 4