Computer Security and Reliability (Botho University)
Document Details
Uploaded by RealisticMesa
Botho University
null
null
Tags
Summary
This presentation provides an overview of computer security and reliability, covering concepts like the CIA triad, various attack methods, security mechanisms, reliability metrics, and best practices in both computer security and computer reliability. The presentation contains many examples.
Full Transcript
Welcome OBJECTIVES Recap on previous session Scope - CIA Triad Introduction Computer Security and Reliability Conclusion RECAP Computer crime is an act performed by a knowledgeable computer user, sometimes called a "hacker," who illegally brows...
Welcome OBJECTIVES Recap on previous session Scope - CIA Triad Introduction Computer Security and Reliability Conclusion RECAP Computer crime is an act performed by a knowledgeable computer user, sometimes called a "hacker," who illegally browses or steals a company's or individual's private information. Cybercrime is defined as crimes committed on the internet using the computer as either a tool or a targeted victim. RECAP Computer as a tool Computer as a target RECAP Cybercrimes can be basically divided into 3 major categories: 1. Cybercrimes against persons - Access of unauthorized data, Change, forgery and use of data with the intent to produce damage; 2. Cybercrimes against property - These crimes include computer vandalism (destruction of others’ property), transmission of harmful software. 3. Cybercrimes against government – cyber terrorism SCOPE Security is based on the what is called the CIA Triad Confidentiality Integrity Availability SCOPE INTRODUCTION Definitions: Computer Security: Measures and practices designed to protect computer systems and networks from threats, attacks, and unauthorized access. Computer Reliability: The ability of a computer system to consistently perform its required functions without failure over a specified period. INTRODUCTION Importance; Security: Protects sensitive data, ensures privacy, and maintains trust. Reliability: Ensures continuous operation and availability, critical for both everyday use and mission-critical applications. FUNDAMENTAL CONCEPTS IN COMPUTER SECURITY Threats and Vulnerabilities: Threats: Potential dangers that could exploit vulnerabilities (e.g., malware, phishing, insider threats). Vulnerabilities: Weaknesses in a system that can be exploited by threats (e.g., software bugs, unpatched systems). FUNDAMENTAL CONCEPTS IN COMPUTER SECURITY Attacks: An attack is an action taken by an individual or group to breach a system’s security controls with the intent of causing harm, stealing information, or gaining unauthorized access. Purpose: The intent behind an attack can vary from financial gain, political motives, or personal reasons to simply creating disruption or chaos. FUNDAMENTAL CONCEPTS IN COMPUTER SECURITY Types: Passive Attacks: a passive attack can monitor, observe, or develop the use of the system's data. However, it does not affect the system's resources, and the data remains unaffected. Because passive attacks are carried out in stealth, it is difficult for the victim to notice them. Examples; Eavesdropping, traffic analysis. FUNDAMENTAL CONCEPTS IN COMPUTER SECURITY Types: Active Attacks: An active attack might be a network exploit in which the attackers modify or alter the content and cause a system resource to be impacted. The victims will suffer harm as a result of it. The attackers might use passive attacks to gather information before launching a more aggressive strike. The attackers try to break into the system and cause it to lock. The victims can be alerted about the ongoing attack. Examples; Data modification, denial of service (DoS). Examples: SQL injection, cross-site scripting (XSS), ransomware. FUNDAMENTAL CONCEPTS IN COMPUTER SECURITY FUNDAMENTAL CONCEPTS IN COMPUTER SECURITY Man-in-the-Middle (MitM) Intercepting and potentially altering communications between two parties without their knowledge. Brute Force Attacks Attempting to guess passwords or encryption keys through exhaustive trial and error. Zero-Day Exploits Attacking a vulnerability that is unknown to the software vendor or security community, often before a patch is available COMPUTER SECURITY MECHANISMS Security Mechanisms: Authentication: Verifying the identity of users or systems (e.g., passwords, biometric systems). Authorization: Granting permissions to authenticated users (e.g., access control lists, role-based access control). Encryption: Protecting data by converting it into a secure format (e.g., AES, RSA). FUNDAMENTAL CONCEPTS IN COMPUTER RELIABILITY Reliability Metrics: Mean Time Between Failures (MTBF): Average time between system failures. Mean Time To Repair (MTTR): Average time required to repair a failed system. Availability: The proportion of time a system is operational and accessible. TECHNIQUES FOR ENHANCED RELIABILITY Redundancy: Using multiple components or systems to ensure continuous operation (e.g., RAID, failover systems). Error Detection and Correction: Identifying and fixing errors in data or processes (e.g., checksums, parity bits). Testing and Validation: Ensuring that systems are reliable through rigorous testing (e.g., unit tests). RELIABILITY ENGINEERING PRINCIPLES Fault Tolerance: Designing systems to withstand and recover from failures (e.g., redundant hardware, graceful degradation). Robustness: Building systems that handle unexpected conditions gracefully. Maintainability: Ensuring systems can be easily repaired and updated. SECURITY AND RELIABILITY CHALLENGES Security Challenges: Emerging Threats: Constantly evolving threats such as advanced persistent threats (APTs). Complex Systems: Increased complexity in systems can lead to security gaps. Human Factors: Errors and misconfigurations by users and administrators. SECURITY AND RELIABILITY CHALLENGES Reliability Challenges: Hardware Failures: Physical component failures that impact system operation. Software Bugs: Errors in code that can cause crashes or unexpected behavior. Environmental Factors: External conditions like power surges or natural disasters. BEST PRACTICES FOR ENHANCING SECURITY AND RELIABILITY Security Best Practices: Regular Updates: Apply patches and updates to fix vulnerabilities. Security Audits: Conduct regular security assessments and audits. User Training: Educate users about security best practices and threat awareness. BEST PRACTICES FOR ENHANCING SECURITY AND RELIABILITY Reliability Best Practices: Monitoring and Logging: Implement monitoring and logging to detect and diagnose issues. Backup and Recovery: Regularly back up data and test recovery processes. System Design: Design systems with reliability in mind, incorporating redundancy and fault tolerance. FUTURE TRENDS AND CONSIDERATIONS Emerging Technologies: AI and Machine Learning: Their impact on security and reliability (e.g., anomaly detection, predictive maintenance). Quantum Computing: Potential implications for encryption and security. FUTURE TRENDS AND CONSIDERATIONS Regulatory and Compliance Issues: Data Protection Regulations: GDPR, CCPA, and their impact on security practices. Industry Standards: Compliance with standards such as ISO/IEC 27001 for security and ISO 9001 for quality management. SUMMARY Security: Essential for protecting data and maintaining trust. Reliability: Critical for ensuring continuous operation and user satisfaction. Best Practices: Implementing best practices can significantly enhance both security and reliability. Thank You!
