Security Attacks PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document provides a detailed overview of security objectives, mechanisms, services, and types of attacks in information security. It covers passive and active attacks, authentication, and access control, along with online privacy concerns and threats to application privacy.
Full Transcript
Security Objectives- are goals and constraints that affect the CIA Information in Network Security (CIA) Confidentiality Integrity Authenticity Availability Accountability Security Mechanism- are technical tools and techniques that are used to implement security services Security Services- I...
Security Objectives- are goals and constraints that affect the CIA Information in Network Security (CIA) Confidentiality Integrity Authenticity Availability Accountability Security Mechanism- are technical tools and techniques that are used to implement security services Security Services- Is a processing communication service that enhances the security of data Security Attacks- are actions that compromises the security of information. Attempt to gain unauthorized access of information resources. Passive Attacks release of message content, analysis 2 types : Release of message content -- an attacker will monitor an unprotected communication like email Traffic Analysis -- an attackers monitors communication channels range information includes human and machine identities Active Attack involve some modification of stored or transmitted data / false data 4 types: Masquerade -- takes place when one entity pretends to be diff Replay -- involves a captore data unit and its subsequent transmission Data Modification -- simply means that some portion of a legitimate message is altered Denial of Service Attack -- prevents the normal use of communication facilities Security Services designed to protect information and communication systems by ensuring Confidentiality, Integrity, and Availability of data. 6 types: Authentication -- service is concerned with ensuring communication Access Control -- the ability to limit and control access Data Confidentiality -- the protection of transmitted data from passive attack Data Integrity -- ensures that messages are receive as sent w no duplication or modification Non Repudiation -- prevents either a sender or a receiver from denying a transmitted data Availability Service -- means that a system is accessible and usable upon demand Online Privacy -refers to privacy concerns related to user Interaction with Internet services through web servers and mobile application. -Collects Information through mean that are not obvious to consumers; such as cookie 3 types of Personal Data Ecosystem: Data Collectors -Internet, Public, Medical, Retail Data Brokers(Bridge) -Websites, Affiliates, List Brokers, Information Brokers Data Users -Individuals, Media, Banks, Marketer Challenges: Web are vulnerable on web servers over the internet Casual and untrained users are common client for web services. Webserver can be exploited as a launching pad into a corporation or agency entire computer complex. Mobile Eco-system -- refers to the interconnected network of technologies, software, services and participants that enable the operation, distribution and use of mobile devices and application Elements of mobile Eco system Cellular and WIFI infrastructure Public Application Stores Device and OS vendor Infrastructure Enterprise Mobility Management Systems (EMM) to protect mobile phone THREATS FROM APPLICATION PRIVACY: 2 areas of application: Web Application Privacy -Non transparent policies, term, and conditions -Outdated personal data -Sharing of data with a third party Mobile Application Privacy -Insecure network communication -Web browser Vulnerabilities -Vulnerabilities in third party libraries