رقم1.pdf

Full Transcript

Information Security

2nd Level/1st Semester: CYS Program

3nd Level/1st Semester: CS & IS Program
Course Goals
primary goals to this course, a student able to:
 Describe and classify security issues, tools and
techniques, including:
− Security goals, threats,
− Attackers and attack types, and countermeasures,
− identification & authentication,
− access controls, and cryptography.
 Identify security and privacy issues in various aspects of
computing, including:
− Programs
− Operating systems
− Networks
− Internet applications
 use this ability to design systems that are more
protective of security and privacy.
Course Topicss & Textbook
Course Topics:
 Introduction;
 Security Policy Concept;
 Toolbox: Authentication, Access Control, and
Cryptography;
 Programs and Programming;
 The Web—User Side (may be);
 Operating Systems;
 Networks;
Textbook:
Charles P. Pfleeger, etc., 2024, “Security in
Computing”, 6th Ed., Pearson Education, Inc.
 Information Security

Chapter 1:

Introduction

Charles P. Pfleeger
Overview
Early, the bank robberies are more;
 Kept large amount of cash, gold & silver, which could
not be traced easily,
 Communication & transportation facilities it might be;
― hours before to were informed of a robbery,
― days before they could arrives at the scene of the crime.
 A single guard for the night was only marginally
effective.
Today; many factors work against the potential
criminal;
 Very sophisticated alarm systems and camera systems
silently protect secure places, Ex.; banks.
 The techniques of criminal investigation have
become very effective;
 a person can be identified by;
― Composite sketch, ballistics evidence,
― Fingerprint, voice recognition, retinal patterns, and
― genetic material (DNA), for examples.
Overview
The security differences between
computing systems and banks;
 Size and portability:
― the physical devices in computing are so small or
large,
 Ability to avoid physical contact:
― Electronic funds transfer account for most transfer
of money between banks,
 Value of assets:
― Variable; from very high to very low,
― an information stored in a computer is also high;
 Confidentiality information; About a person’s
taxes, investments, medical history, or education,
 Very sensitive information; About new product
lines, sales figures, marketing strategy,
 Military information; military targets, troop
movements, weapons capabilities.
Importance of Information Security
The importance of information security:
 The rapid development of information and
communication technology (ICT).
 Increased using of ICT in public and private sectors.
 Increases needing to create and use a safety of an
electronically environment that serve the public and
private sectors, for examples:
 Military, security, manufacturing and economic sectors
which dependent on the accuracy and truly information.
 Need of companies and organizations to deal with other
companies and organizations locally or globally.
 Individual needing to kept an information integrity,
confidentiality and privacy.
 Increasing impacts of attacks and e-crimes within
growth of using and development of an ICT.
 The needing to protect an infrastructure of information
systems, network systems and web sites from e-crimes.
Information Security & Cybersecurity;
Computer security, Network security, Information
security, Cybersecurity:
 All of these terms are used to describe the protection
of information assets [ISAC 2015],
In current discussions of security;
 both terms of “cybersecurity” and “information
security”, are often used interchangeably,
− but in reality cybersecurity is a part of information
security.
 Marketing, vendors and analysts often use the term
“cyber” too broadly;
‒ due to the increasingly complex nature of information in
the digital age.
 Additionally, the interconnected nature of critical
infrastructure systems has introduced a host of new
vulnerabilities with far-reaching implications.
 All of these factors have influenced the shift from
information security to cybersecurity.
Definition of Information Security;
Information Security defined as;
 protecting information and information systems from
unauthorized access, use, disclosure, disruption,
modification, or destruction in order to provide integrity,
confidentiality and availability.
 is the protection of information and its critical elements,
including the systems and HW that use, store, and
transmit that information.
− information security includes the broad areas of:
 information security management,
 computer and data security, and network security.
Cybersecurity can be defined as:
 the protection of information assets by
addressing threats to information processed,
stored and transported by internetworked
information systems.
Information Security vs Cybersecurity;
Information security:
 deals with information, regardless of its format-it
encompasses paper documents, digital and
intellectual property in people’s minds, and verbal or
visual communications.
Cybersecurity:
 is concerned with protecting digital assets-everything
from networks to hardware and information that is
processed, stored or transported by internetworked
information systems.
 Additionally, concepts such as:
− nation-state-sponsored attacks and
− advanced persistent threats (APTs) belong almost
exclusively to cybersecurity.
 Characteristics of Computer Intrusion
Any part of a computing system can be the
target of a crime;
 For instance, the most valuable property in a
bank is the cash, gold, or silver in the vault;
―in fact the customer information in the bank's
computer may be far more valuable;
Stored on paper,
recorded on a storage medium,
resident in memory, or
transmitted over telephone lines or satellite
links.
―this information can be used in myriad ways to
make money illicitly, How?
Characteristics of Computer Intrusion
Ex:
 A robber intent on stealing something from
your house will not attempt to penetrate a
two-inch-thick metal door if a window gives
easier access.
The weakest point is the most serious
vulnerability;
A Principle of Easiest Penetration:
‘An intruder must be expected to use
any available means of penetration’
 What Is Computer Security?
Computer security is the protection of the
items you value, called the assets of a
computer or computer system;
 A computing system is a collection of HW,
SW, storage media, data, and person that an
organization uses to do computing tasks.
 A computer assets, involving;
 HW, SW, data, people, processes,
or combinations of these.

FIGURE 1-2: Computer Objects of Value
 What Is Computer Security?
Values of Assets;
To determine what to protect, we must;
 first identify what has value and to whom.
 After identifying the assets to protect, we next
determine their value;
The value of an asset depends on;
 the asset owner’s or user’s
perspective, and
 it may be independent of
monetary cost.
Assets’ values are
personal, time dependent,
and often imprecise;

FIGURE 1-3: Values of Assets.
What Is Computer Security?
The Vulnerability–Threat–Control Paradigm;
The goal of computer security is protecting
valuable assets;
 To study different ways of protection, we use a
framework that describes;
 how assets may be harmed, and;
 how to counter or mitigate that harm.

A vulnerability:
 are a weaknesses in the system, for example, in
procedures, design, or implementation, that might be
exploited to cause loss or harm; Or;
 are weaknesses in products, systems, protocols,
algorithms, programs, interfaces, and designs.
 Examples;
─ The system may be vulnerable to unauthorized
data manipulation,
 the system does not verify a user's identity before
allowing data access.
What Is Computer Security?
The Vulnerability–Threat–Control Paradigm;
Threats: a threats to computing systems;
 are circumstances that have the potential to cause loss
or harm; Or;
 A threat is a condition that could exercise a vulnerability.
 Examples;
─ Human attacks, Natural disasters,
─ Inadvertent human errors; and
─ Internal HW or SW flaws.

Figure 1-4 illustrates a difference
between a threat and a vulnerability

FIGURE 1-4: Threat and Vulnerability
What Is Computer Security?
The Vulnerability–Threat–Control Paradigm;
A Control; is a protective measure- an action, a
device, a procedure, or a technique- that
removes or reduces a vulnerability;
Attacker: is a human who exploits a vulnerability
and perpetrates an attack on the system;
 An attack can also be launched by another system;
− Unauthorized disclosure of data,
− modification of data, or
− one system sends an overwhelming set of messages
to another system,
 virtually shutting down the second system's
ability to function.
 denial of legitimate access to computing.
How do we address these problems?
 We use a control or countermeasure as protection.
What Is Computer Security?
The Vulnerability–Threat–Control Paradigm;
There are many threats to a computer system,
including human-initiated and computer initiated
ones;
 We have all experienced, for example;
 the results of inadvertent human errors, HW design
flaws, and SW failures,
 natural disasters are threats, too;
 they can bring a system down when the computer
room is flooded or the data center collapses from an
earthquake.
In general, we can describe the relationship
among threats, controls, and vulnerabilities in
this way:
 A threat is blocked by control of a
vulnerability.
What makes your computer valuable to you;
Threats:
CIA Triad
We can consider potential harm to assets
in two ways: we can look at;
 what bad things can happen to assets, and;
 who or what can cause or allow those bad
things to happen.
− These two perspectives enable us to
determine how to protect assets;
A Computer security mean that we are
addressing three important properties
(goals) of any computer-related system;
 Confidentiality,
 Integrity, and
 Availability.
Threats:
CIA Triad
The security properties are;
 confidentiality: the ability of a system to ensure that an
asset is viewed only by authorized parties,
─ means that the assets of computing system are
accessible only by authorized parties,
 “read”-type access: reading, viewing, printing.
 integrity: the ability of a system to ensure that an asset
is modified only by authorized parties,
─ means that assets can be modified by authorized parties,
 writing, changing status, deleting, and creating.
 availability: the ability of a system to ensure that an
asset can be used by any authorized parties,
─ means that assets are accessible to authorized parties
at appropriate times, (denial of service).
These properties are called the C-I-A/security triad;
The privacy is the fourth leg of the three legs of the
CIA triad;
 Threats: reinforcement
CIA Triad
ISO 7498-2 adds to them two more properties that are
desirable, particularly in communication networks:
 authentication: the ability of a system to confirm the
identity of a sender,
 nonrepudiation or accountability: the ability of a system
to confirm that a sender cannot convincingly deny having
sent something.
 U.S. Department of Defense adds auditability:
 Auditability: the ability of a system to trace all actions related
to a given asset.
 Authorization: Determining whether a user/subject is
permitted certain services from an object;
 authorization makes sense only if the requesting
subject has been authenticated.
 checking that the user/subject has the rights to access C
the data or undertake the transaction requested.
The following figure illustrates the relationship Asset
between security C-I-A and how they apply to
every asset we protect; I A
Threats:
CIA Triad
The C-I-A triad can be viewed from a
different perspectives:
 the nature of the harm caused to assets;
 Harm can also be characterized by four acts:
‒ interception,
‒ interruption,
‒ modification, and
‒ fabrication.
From this point of view;
 confidentiality can suffer if someone intercepts
data,
 integrity can fail if someone or something modifies
data or fabricates false data, and
 availability is lost if someone or something
interrupts a flow of data or access to a computer.
Threats:
Harm acts
Interception;
 means that some unauthorized party has gained
access to an asset;
─ The outside party can be a person, a program, or
a computing system,
─ Example: illicit copying of program or data files; or
─ wiretapping to obtain data in network.
 a silent interceptor may leave no traces by which
the interception can be readily detected,
 Effect on confidentiality.
Interruption;
 an asset of the system becomes lost or unavailable
or unusable, Examples;
─ malicious destruction of a HW device,
─ Erasure of a program or data file, or
─ Malfunction or failure of an OS file manager.
 Effect on availability.
Threats
Harm acts
Modification;
 when an unauthorized party can be access and
tampers with an asset;
─ modify the values in a data base, Alter program, or
─ Modify data being transmitted electrically,
─ It is possible to modify HW.
 Some cases of modification can be detected with
simple measures, but other,
─ more subtle, changes may be almost impossible to
detect.
 Effect on integrity.
Fabrication;
 when an unauthorized party can be fabricates
counterfeit objects for a computing system;
─ The intruder may wish to;
add spurious transactions to a network
communication system,
add records to an existing data base.
 Effect on authenticity & integrity
Threats
Harm acts
The fig. illustrates the four acts to cause a
security harm;

FIGURE 1-5: Four Acts to Cause Security Harm