ZN
Uploaded byZara Nawaz
PPTX, PDF110 views

Information security ist lecture

The document outlines fundamental concepts of information security, focusing on the importance of protecting organizational data through various security measures. It details network security practices, including access control, anti-malware, application security, and intrusion detection, emphasizing the goals of confidentiality, integrity, and availability in the CIA triad. Furthermore, the document describes types of security attacks—active and passive—and the necessary mechanisms for prevention and detection to safeguard information systems.

Embed presentation

Download to read offline
Information security Week: 1
Basic Concepts Of Security • Information security has become a continuing concern in all areas of an Information system. Security is neither a product nor a software; it is a discipline that needs to be taken into consideration in any organizational decision. It is indeed true that there is no such thing as a completely secure system. But it is also correct that by increasing the security measures that protect your assets, you are making your system a much more difficult target for intruders, which, in turn, reduces the chances of becoming a victim when the right security technologies are in place.
Network Security • Network security is the practice of preventing and protecting against unauthorized intrusion into corporate networks. • Network security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users, and programs to perform their permitted critical functions within a secure environment.
Network security consists of: • Protection: You should configure your systems and networks as correctly as possible • Detection: You must be able to identify when the configuration has changed or when some network traffic indicates a problem • Reaction: After identifying problems quickly, you must respond to them and return to a safe state as rapidly as possible
Network security methods • Access control: You should be able to block unauthorized users and devices from accessing your network. Users that are permitted network access should only be able to work with the limited set of resources for which they've been authorized. • Anti-malware: Viruses, worms, and trojans by definition attempt to spread across a network, and can lurk dormant on infected machines for days or weeks. Your security effort should do its best to prevent initial infection and also root out malware that does make its way onto your network. • Application security: Insecure applications are often the vectors by which attackers get access to your network. You need to employ hardware, software, and security processes to lock those apps down. • Behavioral analytics: You should know what normal network behavior looks like so that you can spot anomalies or breaches as they happen.
Network security methods(cont.) • Data loss prevention: Human beings are inevitably the weakest security link. You need to implement technologies and processes to ensure that staffers don't deliberately or inadvertently send sensitive data outside the network. • Email security: Phishing is one of the most common ways attackers gain access to a network. Email security tools can block both incoming attacks and outbound messages with sensitive data. • Firewalls: Perhaps the granddaddy of the network security world, they follow the rules you define to permit or deny traffic at the border between your network and the internet, establishing a barrier between your trusted zone and the wild west outside. They don't preclude the need for a defense-in-depth strategy, but they're still a must-have. • Intrusion detection and prevention: These systems scan network traffic to identify and block attacks, often by correlating network activity signatures with databases of known attack techniques. • Mobile device and wireless security: Wireless devices have all the potential security flaws of any other networked gadget — but also can connect to just about any wireless network anywhere, requiring extra scrutiny.
Network security methods(cont.) • Network segmentation: Software-defined segmentation puts network traffic into different classifications and makes enforcing security policies easier. • Security information and event management (SIEM): These products aim to automatically pull together information from a variety of network tools to provide data you need to identify and respond to threats. • VPN: A tool (typically based on IPsec or SSL) that authenticates the communication between a device and a secure network, creating a secure, encrypted "tunnel" across the open internet. • Web security: You need to be able to control internal staff's web use in order to block web-based threats from using browsers as a vector to infect your network.
Goals of security
Confidentiality • When information is read or copied by someone not authorized to do so, then it will be “loss of confidentiality”. For sensitive information, confidentiality is a very important criterion. Bank account statements, personal information, credit card numbers, trade secrets, government documents are some examples of sensitive information. This goal of the CIA triad emphasizes the need for information protection. For example, confidentiality is maintained for a computer file, if authorized users are able to view it, while unauthorized persons are blocked from seeing it.
Integrity • Information can be corrupted or manipulated if it’s available on an insecure network and is referred to as “loss of integrity.” This means that unauthorized changes are made to information, whether by human error or intentional tampering. Integrity is particularly important for critical safety and financial data used for activities such as electronic funds transfers, air traffic control, and financial accounting. For example, banks are more concerned about the integrity of financial records, with confidentiality having only second priority. Some bank account holders or depositors leave ATM receipts unchecked and hanging around after withdrawing cash. This shows that confidentiality does not have the highest priority. In the CIA triad, integrity is maintained when the information remains unchanged during storage, transmission, and usage not involving modification to the information. •
Availability • Information can be erased or become inaccessible, resulting in “loss of availability.” This means that people who are authorized to get information are restricted from accessing. Availability is often the most important attribute in service-oriented businesses that depend on information. Denying access to information has become a very common attack nowadays. Almost every week you can find news about high profile websites being taken down by Denial of Service attacks. The CIA triad goal of availability is the situation where information is available when and where it is rightly needed.
protecting the C-I-A triad • Authorization, Authentication, and Nonrepudiation processes and methods, which are some of the main controls aimed at protecting the C-I-A triad • To make information available or accessible/modifiable to those who need it and who can be trusted with it (for accessing and modification), organizations use authentication and authorization. Authentication is proving that a user is the person he or she claims to be. That proof may involve something the user knows (such as a password), something the user has (such as a “smartcard”), or something about the user that proves the person’s identity (such as a fingerprint). Authorization is the act of determining whether a particular user (or computer system) has the right to carry out a certain activity, such as reading a file or running a program. • Users must be authenticated before carrying out the activity they are authorized to perform. Security is strong when the means of authentication cannot later be refuted—the user cannot later deny that he or she performed the activity. This is known as non-repudiation.
THE OSI SECURITY ARCHITECTURE • The OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined briefly as • Security attack: Any action that compromises the security of information owned by an organization. • Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. • Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.
SECURITY ATTACKS • ACTIVE ATTACKS • PASSIVE ATTACKS
• A passive attack attempts to learn or make use of information from the system but does not affect system resources. An active attack attempts to alter system resources or affect their operation. Passive attacks are eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. • Two types of passive attacks are the release of message contents and traffic analysis.
Release of message Contents The release of message contents is easily understood . A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions.
traffic analysis • A second type of passive attack, traffic analysis, is subtler . Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message. • The common technique for masking contents is encryption. If we had encryption protection in place, an opponent still might be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place.
PASSIVE ATTACKS • Passive attacks are very difficult to detect, because they do not involve any alteration of the data. Typically, the message traffic is sent and received in an apparently normal fashion, and neither the sender nor the receiver is aware that a third party has read the messages or observed the traffic pattern. • However, it is feasible to prevent the success of these attacks, usually by means of encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than detection.
Active Attacks • Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: • Masquerade • replay • modification of messages • denial of service.
Masquerade • A masquerade takes place when one entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges.
replay • Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect
Modification of messages • Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. For example, a message meaning “Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”
denial of service • The denial of service prevents or inhibits the normal use or management of communications facilities. This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination (e.g., the security audit service). Another form of service denial is the disruption of an entire network—either by disabling the network or by overloading it with messages to degrade performance.
Active attacks • Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely because of the wide variety of potential physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them. If the detection has a deterrent effect, it also may contribute to prevention.

More Related Content

PPTX
Introduction to Network Security
byJohn Ely Masculino
 
PPTX
Introduction to information security
byjayashri kolekar
 
PDF
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
byvkarthi314
 
PPT
2 Security And Internet Security
byAna Meskovska
 
PPT
Introduction to Information Security
byDr. Loganathan R
 
PPT
Introduction to information security
byKumawat Dharmpal
 
PPTX
Cia security model
byImran Ahmed
 
DOCX
Seguridad web -articulo completo- ingles
byisidro luna beltran
 
Introduction to Network Security
byJohn Ely Masculino
 
Introduction to information security
byjayashri kolekar
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
byvkarthi314
 
2 Security And Internet Security
byAna Meskovska
 
Introduction to Information Security
byDr. Loganathan R
 
Introduction to information security
byKumawat Dharmpal
 
Cia security model
byImran Ahmed
 
Seguridad web -articulo completo- ingles
byisidro luna beltran
 

What's hot

PPT
Chapter1 intro network_security_sunorganised
byBule Hora University
 
PPTX
Data protection and security
bynazar60
 
PPTX
Computer security concepts
byPrachi Gulihar
 
PPT
Ch1 cse
bybhaskard8
 
PPTX
Introduction to Information Security
byShreedevi Tharanidharan
 
PPTX
Data Network Security
byAtif Rehmat
 
PPTX
Security and management
byArtiSolanki5
 
PPTX
Data security
bySoumen Mondal
 
PDF
Chapter 4 vulnerability threat and attack
bynewbie2019
 
PPTX
Network security
byPooja Dewangan
 
PDF
Chapter 1 introduction(web security)
byKirti Ahirrao
 
PDF
Computer Network Security
bySachithra Gayan
 
PPTX
5 Security Tips to Protect Your Login Credentials and More
byCommunity IT Innovators
 
PPT
Information security
byrazendar79
 
PPT
Chapter2 the need to security
byDhani Ahmad
 
PPTX
06. security concept
byMuhammad Ahad
 
PPTX
security of information systems
by♥♛❁Sukla♥❀njoyng Breath♥
 
PPTX
Introduction to information security
byKATHEESKUMAR S
 
PPT
22 need-for-security
byAl Balqa Applied University
 
PPSX
Mobile security
byEng Hasan Shamroukh CISCO Exams Author
 
Chapter1 intro network_security_sunorganised
byBule Hora University
 
Data protection and security
bynazar60
 
Computer security concepts
byPrachi Gulihar
 
Ch1 cse
bybhaskard8
 
Introduction to Information Security
byShreedevi Tharanidharan
 
Data Network Security
byAtif Rehmat
 
Security and management
byArtiSolanki5
 
Data security
bySoumen Mondal
 
Chapter 4 vulnerability threat and attack
bynewbie2019
 
Network security
byPooja Dewangan
 
Chapter 1 introduction(web security)
byKirti Ahirrao
 
Computer Network Security
bySachithra Gayan
 
5 Security Tips to Protect Your Login Credentials and More
byCommunity IT Innovators
 
Information security
byrazendar79
 
Chapter2 the need to security
byDhani Ahmad
 
06. security concept
byMuhammad Ahad
 
security of information systems
by♥♛❁Sukla♥❀njoyng Breath♥
 
Introduction to information security
byKATHEESKUMAR S
 
22 need-for-security
byAl Balqa Applied University
 
Mobile security
byEng Hasan Shamroukh CISCO Exams Author
 

Similar to Information security ist lecture

PPTX
Unit 1 Network Fundamentals and Security .pptx
byGuna Dhondwad
 
PPTX
ISM-CS5750-01.pptx
byRashidSahito1
 
PPTX
Chapter- I introduction
byDr.Florence Dayana
 
PPTX
Cyber-Security-Unit-1.pptx
byTikdiPatel
 
PPTX
SECURITY INVESTIGATION in the world on 10th
bygallanandhini
 
PPTX
Security Ch-1.pptx
byKeenboonAsaffaa
 
PPTX
Foundation of the information securiety
byALIZAIB KHAN
 
PPTX
BCA-601N_final_1-1Finalsem6metworks.pptx
byPareshLimbad1
 
PDF
BAIT1103 Chapter 1
bylimsh
 
PPT
ch1-1.ppt
byNayyabMirTahir
 
PDF
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
bykarthikasivakumar3
 
PDF
Chapter-I introduction
byDr.Florence Dayana
 
PDF
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
byJenna Murray
 
PPTX
Security & Risk Mgmt_WK1.pptx
bydotco
 
PPTX
Security & Risk Mgmt_WK1.pptx
byTechnocracy2
 
PPTX
crisc_wk_5.pptx
bydotco
 
PPTX
Ecommerce_Ch4.pptx
byAYNETUTEREFE1
 
PPTX
BCA-601N_final_1-1.pptx uuggjjgghjjhhjjj
bysurvhiagrawal
 
PPTX
IT.pptx
byRaaviKapoor
 
PPTX
Network security
byAttaullah Khan
 
Unit 1 Network Fundamentals and Security .pptx
byGuna Dhondwad
 
ISM-CS5750-01.pptx
byRashidSahito1
 
Chapter- I introduction
byDr.Florence Dayana
 
Cyber-Security-Unit-1.pptx
byTikdiPatel
 
SECURITY INVESTIGATION in the world on 10th
bygallanandhini
 
Security Ch-1.pptx
byKeenboonAsaffaa
 
Foundation of the information securiety
byALIZAIB KHAN
 
BCA-601N_final_1-1Finalsem6metworks.pptx
byPareshLimbad1
 
BAIT1103 Chapter 1
bylimsh
 
ch1-1.ppt
byNayyabMirTahir
 
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
bykarthikasivakumar3
 
Chapter-I introduction
byDr.Florence Dayana
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
byJenna Murray
 
Security & Risk Mgmt_WK1.pptx
bydotco
 
Security & Risk Mgmt_WK1.pptx
byTechnocracy2
 
crisc_wk_5.pptx
bydotco
 
Ecommerce_Ch4.pptx
byAYNETUTEREFE1
 
BCA-601N_final_1-1.pptx uuggjjgghjjhhjjj
bysurvhiagrawal
 
IT.pptx
byRaaviKapoor
 
Network security
byAttaullah Khan
 

More from Zara Nawaz

PPTX
information security (network security methods)
byZara Nawaz
 
PPTX
information security (Audit mechanism, intrusion detection, password manageme...
byZara Nawaz
 
PPTX
Information Security (Firewall)
byZara Nawaz
 
PPTX
Information Security (Malicious Software)
byZara Nawaz
 
PPTX
information security(authentication application, Authentication and Access Co...
byZara Nawaz
 
PPTX
Information Security (Digital Signatures)
byZara Nawaz
 
PPT
Lecture01 algorithm analysis
byZara Nawaz
 
PPTX
information security(Feistal Cipher)
byZara Nawaz
 
PPTX
Translation Look Aside buffer
byZara Nawaz
 
PPTX
information security(Public key encryption its characteristics and weakness, ...
byZara Nawaz
 
PPTX
Information security (Symmetric encryption, cryptography, crypto-analysis)
byZara Nawaz
 
information security (network security methods)
byZara Nawaz
 
information security (Audit mechanism, intrusion detection, password manageme...
byZara Nawaz
 
Information Security (Firewall)
byZara Nawaz
 
Information Security (Malicious Software)
byZara Nawaz
 
information security(authentication application, Authentication and Access Co...
byZara Nawaz
 
Information Security (Digital Signatures)
byZara Nawaz
 
Lecture01 algorithm analysis
byZara Nawaz
 
information security(Feistal Cipher)
byZara Nawaz
 
Translation Look Aside buffer
byZara Nawaz
 
information security(Public key encryption its characteristics and weakness, ...
byZara Nawaz
 
Information security (Symmetric encryption, cryptography, crypto-analysis)
byZara Nawaz
 

Recently uploaded

PPTX
What is Scheduled Actions in Odoo 18
byCeline George
 
PPTX
How to configure Client action in odoo 18
byCeline George
 
PPTX
THERAPEUTIC COMMUNICATION for 2nd year GNM, 2ND YEAR P.B.B.SC NSG, 5TH SEM B....
byparmarjuli1412
 
PDF
how to write your research instrument.pdf
byThelma Villaflores
 
PDF
BP704T: NOVEL DRUG DELIVERY SYSTEMS UNIT 4 PART 1
byRushiMandali
 
PDF
JRF Plant Science Syllabus | Complete Unit-Wise Discussion & Preparation Stra...
bySatyam Sharma
 
PPTX
Merge similar leads and opportunities in Odoo 18 CRM
byCeline George
 
PPTX
EARLY CARCINOMA BREAST SURGICAL MANAGEMENT
byJohn Thanakumar
 
PDF
2025 Caribbean Examinations Council CCSLC Merit List
byCaribbean Examinations Council
 
PDF
Ion Implantation Techniques in VLSI Technology
byGS Virdi
 
PPTX
NMR Spectroscopy M.Pharm 1st Semester, Pharmacy
bySaurabh Dubey
 
PDF
BP605 T PHARMACEUTICAL BIOTECHNOLOGY UNIT 3 PART 1
byRushiMandali
 
PPTX
Tablets & Liquid orals Industrial pharmacy-I UNIT-2, B. Pharam V Semester PPT
byARUN KUMAR
 
PPTX
Gender, School and Society - B.Ed Course
byRejoshaRajendran
 
PDF
Statement-by-UK-PhD-cohort-to-the-Ghana-High-Commission-and-the-media.docx1_.pdf
bynservice241
 
PPTX
major drivers of biodiversity change.pptx
byKajal Kashyap
 
PDF
ARS Nematology Syllabus | Complete Unit-wise Topics, Booklist & Preparation S...
bySatyam Sharma
 
PDF
BP303T PHARMACEUTICALMICROBIOLOGY UNIT 3
byRushiMandali
 
PPTX
PLAY-IMPORTANCE OF PLAY,FUNCTIONS OF PLAY AND TYPES
byBHUVANESHWARI BADIGER
 
DOCX
ANATOMY NOTES- Dr. Sudhadevi Sadanandan
byDr. Sudhadevi Sadanandan
 
What is Scheduled Actions in Odoo 18
byCeline George
 
How to configure Client action in odoo 18
byCeline George
 
THERAPEUTIC COMMUNICATION for 2nd year GNM, 2ND YEAR P.B.B.SC NSG, 5TH SEM B....
byparmarjuli1412
 
how to write your research instrument.pdf
byThelma Villaflores
 
BP704T: NOVEL DRUG DELIVERY SYSTEMS UNIT 4 PART 1
byRushiMandali
 
JRF Plant Science Syllabus | Complete Unit-Wise Discussion & Preparation Stra...
bySatyam Sharma
 
Merge similar leads and opportunities in Odoo 18 CRM
byCeline George
 
EARLY CARCINOMA BREAST SURGICAL MANAGEMENT
byJohn Thanakumar
 
2025 Caribbean Examinations Council CCSLC Merit List
byCaribbean Examinations Council
 
Ion Implantation Techniques in VLSI Technology
byGS Virdi
 
NMR Spectroscopy M.Pharm 1st Semester, Pharmacy
bySaurabh Dubey
 
BP605 T PHARMACEUTICAL BIOTECHNOLOGY UNIT 3 PART 1
byRushiMandali
 
Tablets & Liquid orals Industrial pharmacy-I UNIT-2, B. Pharam V Semester PPT
byARUN KUMAR
 
Gender, School and Society - B.Ed Course
byRejoshaRajendran
 
Statement-by-UK-PhD-cohort-to-the-Ghana-High-Commission-and-the-media.docx1_.pdf
bynservice241
 
major drivers of biodiversity change.pptx
byKajal Kashyap
 
ARS Nematology Syllabus | Complete Unit-wise Topics, Booklist & Preparation S...
bySatyam Sharma
 
BP303T PHARMACEUTICALMICROBIOLOGY UNIT 3
byRushiMandali
 
PLAY-IMPORTANCE OF PLAY,FUNCTIONS OF PLAY AND TYPES
byBHUVANESHWARI BADIGER
 
ANATOMY NOTES- Dr. Sudhadevi Sadanandan
byDr. Sudhadevi Sadanandan
 

Information security ist lecture

  • 1.
  • 2.
    Basic Concepts OfSecurity • Information security has become a continuing concern in all areas of an Information system. Security is neither a product nor a software; it is a discipline that needs to be taken into consideration in any organizational decision. It is indeed true that there is no such thing as a completely secure system. But it is also correct that by increasing the security measures that protect your assets, you are making your system a much more difficult target for intruders, which, in turn, reduces the chances of becoming a victim when the right security technologies are in place.
  • 3.
    Network Security • Networksecurity is the practice of preventing and protecting against unauthorized intrusion into corporate networks. • Network security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users, and programs to perform their permitted critical functions within a secure environment.
  • 4.
    Network security consistsof: • Protection: You should configure your systems and networks as correctly as possible • Detection: You must be able to identify when the configuration has changed or when some network traffic indicates a problem • Reaction: After identifying problems quickly, you must respond to them and return to a safe state as rapidly as possible
  • 5.
    Network security methods •Access control: You should be able to block unauthorized users and devices from accessing your network. Users that are permitted network access should only be able to work with the limited set of resources for which they've been authorized. • Anti-malware: Viruses, worms, and trojans by definition attempt to spread across a network, and can lurk dormant on infected machines for days or weeks. Your security effort should do its best to prevent initial infection and also root out malware that does make its way onto your network. • Application security: Insecure applications are often the vectors by which attackers get access to your network. You need to employ hardware, software, and security processes to lock those apps down. • Behavioral analytics: You should know what normal network behavior looks like so that you can spot anomalies or breaches as they happen.
  • 6.
    Network security methods(cont.) •Data loss prevention: Human beings are inevitably the weakest security link. You need to implement technologies and processes to ensure that staffers don't deliberately or inadvertently send sensitive data outside the network. • Email security: Phishing is one of the most common ways attackers gain access to a network. Email security tools can block both incoming attacks and outbound messages with sensitive data. • Firewalls: Perhaps the granddaddy of the network security world, they follow the rules you define to permit or deny traffic at the border between your network and the internet, establishing a barrier between your trusted zone and the wild west outside. They don't preclude the need for a defense-in-depth strategy, but they're still a must-have. • Intrusion detection and prevention: These systems scan network traffic to identify and block attacks, often by correlating network activity signatures with databases of known attack techniques. • Mobile device and wireless security: Wireless devices have all the potential security flaws of any other networked gadget — but also can connect to just about any wireless network anywhere, requiring extra scrutiny.
  • 7.
    Network security methods(cont.) •Network segmentation: Software-defined segmentation puts network traffic into different classifications and makes enforcing security policies easier. • Security information and event management (SIEM): These products aim to automatically pull together information from a variety of network tools to provide data you need to identify and respond to threats. • VPN: A tool (typically based on IPsec or SSL) that authenticates the communication between a device and a secure network, creating a secure, encrypted "tunnel" across the open internet. • Web security: You need to be able to control internal staff's web use in order to block web-based threats from using browsers as a vector to infect your network.
  • 8.
  • 9.
    Confidentiality • When informationis read or copied by someone not authorized to do so, then it will be “loss of confidentiality”. For sensitive information, confidentiality is a very important criterion. Bank account statements, personal information, credit card numbers, trade secrets, government documents are some examples of sensitive information. This goal of the CIA triad emphasizes the need for information protection. For example, confidentiality is maintained for a computer file, if authorized users are able to view it, while unauthorized persons are blocked from seeing it.
  • 10.
    Integrity • Information canbe corrupted or manipulated if it’s available on an insecure network and is referred to as “loss of integrity.” This means that unauthorized changes are made to information, whether by human error or intentional tampering. Integrity is particularly important for critical safety and financial data used for activities such as electronic funds transfers, air traffic control, and financial accounting. For example, banks are more concerned about the integrity of financial records, with confidentiality having only second priority. Some bank account holders or depositors leave ATM receipts unchecked and hanging around after withdrawing cash. This shows that confidentiality does not have the highest priority. In the CIA triad, integrity is maintained when the information remains unchanged during storage, transmission, and usage not involving modification to the information. •
  • 11.
    Availability • Information canbe erased or become inaccessible, resulting in “loss of availability.” This means that people who are authorized to get information are restricted from accessing. Availability is often the most important attribute in service-oriented businesses that depend on information. Denying access to information has become a very common attack nowadays. Almost every week you can find news about high profile websites being taken down by Denial of Service attacks. The CIA triad goal of availability is the situation where information is available when and where it is rightly needed.
  • 12.
    protecting the C-I-Atriad • Authorization, Authentication, and Nonrepudiation processes and methods, which are some of the main controls aimed at protecting the C-I-A triad • To make information available or accessible/modifiable to those who need it and who can be trusted with it (for accessing and modification), organizations use authentication and authorization. Authentication is proving that a user is the person he or she claims to be. That proof may involve something the user knows (such as a password), something the user has (such as a “smartcard”), or something about the user that proves the person’s identity (such as a fingerprint). Authorization is the act of determining whether a particular user (or computer system) has the right to carry out a certain activity, such as reading a file or running a program. • Users must be authenticated before carrying out the activity they are authorized to perform. Security is strong when the means of authentication cannot later be refuted—the user cannot later deny that he or she performed the activity. This is known as non-repudiation.
  • 13.
    THE OSI SECURITYARCHITECTURE • The OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined briefly as • Security attack: Any action that compromises the security of information owned by an organization. • Security mechanism: A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. • Security service: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.
  • 14.
    SECURITY ATTACKS • ACTIVEATTACKS • PASSIVE ATTACKS
  • 15.
    • A passiveattack attempts to learn or make use of information from the system but does not affect system resources. An active attack attempts to alter system resources or affect their operation. Passive attacks are eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. • Two types of passive attacks are the release of message contents and traffic analysis.
  • 16.
    Release of message Contents Therelease of message contents is easily understood . A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions.
  • 17.
    traffic analysis • Asecond type of passive attack, traffic analysis, is subtler . Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message. • The common technique for masking contents is encryption. If we had encryption protection in place, an opponent still might be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place.
  • 18.
    PASSIVE ATTACKS • Passiveattacks are very difficult to detect, because they do not involve any alteration of the data. Typically, the message traffic is sent and received in an apparently normal fashion, and neither the sender nor the receiver is aware that a third party has read the messages or observed the traffic pattern. • However, it is feasible to prevent the success of these attacks, usually by means of encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than detection.
  • 19.
    Active Attacks • Activeattacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: • Masquerade • replay • modification of messages • denial of service.
  • 20.
    Masquerade • A masqueradetakes place when one entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges.
  • 21.
    replay • Replay involvesthe passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect
  • 22.
    Modification of messages •Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect. For example, a message meaning “Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”
  • 23.
    denial of service •The denial of service prevents or inhibits the normal use or management of communications facilities. This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination (e.g., the security audit service). Another form of service denial is the disruption of an entire network—either by disabling the network or by overloading it with messages to degrade performance.
  • 24.
    Active attacks • Activeattacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely because of the wide variety of potential physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them. If the detection has a deterrent effect, it also may contribute to prevention.