SlideShare una empresa de Scribd logo

Part01 general security concepts

Lê Liêu
Lê Liêu

The document discusses general concepts of computer security. It defines basic components of security including confidentiality, integrity, and availability. It describes threats such as snooping, modification, masquerading, and denial of service attacks. The document outlines security policies and mechanisms to enforce policies, including prevention, detection, and recovery. It discusses issues related to trust, assurance, operations, and human factors in security.

Tecnología
1 de 12
Descargar para leer sin conexión
2/19/2012 General Security Concepts IT Faculty – Dalat University February - 2012 LOGO Outline Components of computer security Threats and Vulnerabilities Policies and mechanisms The role of trust Assurance Operational Issues Human Issues 2 Phan Thi Thanh Nga - IT Faculty Basic Components Confidentiality  Keeping data and resources hidden  A secure system ensures the confidentiality of data. This means that it allows individuals to see only the data that they are supposed to see 3 Phan Thi Thanh Nga - IT Faculty 1
2/19/2012 Basic Components Confidentiality  Access control mechanisms support confidentiality.  One access control mechanism for preserving confidentiality is cryptography  Other system-dependent mechanisms can prevent processes from illicitly accessing information  Confidentiality also applies to the existence of data, which is sometimes more revealing than the data itself  Resource hiding is another important aspect of confidentiality: configuration, equipment,… 4 Phan Thi Thanh Nga - IT Faculty Basic Components Integrity  Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change  Data integrity (integrity)  Origin integrity (authentication) 5 Phan Thi Thanh Nga - IT Faculty Basic Components Integrity  A secure system ensures that the data it contains is valid.  Data integrity means that data is protected from deletion and corruption, both while it resides within the database, and while it is being transmitted over the network  Integrity mechanisms fall into two classes: prevention mechanisms and detection mechanisms. 6 Phan Thi Thanh Nga - IT Faculty 2
2/19/2012 Basic Components  Availability  Enabling access to data and resources  A secure system makes data available to authorized users, without delay. Denial-of- service attacks are attempts to block authorized users’ ability to access and use the system when needed 7 Phan Thi Thanh Nga - IT Faculty Basic Components Confidentiality Integrity Avaliability 8 Phan Thi Thanh Nga - IT Faculty Basic Components Authentication  assurance that the communicating entity is the one claimed Access Control  prevention of the unauthorized use of a resource 9 Phan Thi Thanh Nga - IT Faculty 3
2/19/2012 Basic Components  Vulnerability  An error or weakness in design, implementation or operation Threat  An adversary motivated and capable of exploiting a vulnerability Attack  The means (sequence of actions) of exploiting a vulnerability 10 Phan Thi Thanh Nga - IT Faculty Information security threats  Loss of integrity: -> must prevent the improper modification of information  Loss of non-repudiation/ authentication -> auditing & accountability ƒLoss of availability: -> must avoid denial of service  (objective: 24/7 availability) 11 Phan Thi Thanh Nga - IT Faculty Information security threats Threat:  any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization Loss of confidentiality: -> must maintain secrecy over data  Note: privacy refers to the need to protect data about individuals 12 Phan Thi Thanh Nga - IT Faculty 4
2/19/2012 Classes of Threats  Disclosure: unauthorized access to information  Snooping  Deception: acceptance of false data  Modification, spoofing, repudiation of origin, denial of receipt  Disruption: interruption or prevention of correct operation  Modification ƒ Usurpation: unauthorized control of some part of a system  Modification, spoofing, delay, denial of service 13 Phan Thi Thanh Nga - IT Faculty Basic Threats Snooping: the unauthorized interception of information. Some entity is listening to (or reading) communications or browsing through files or system information 14 Phan Thi Thanh Nga - IT Faculty Basic Threats Modification or alteration  unauthorized change of information, covers three classes of threats  some entity relies on the modified data to determine which action to take  incorrect information is accepted as correct and is released  An example is the man-in-the-middle attack 15 Phan Thi Thanh Nga - IT Faculty 5
2/19/2012 Basic Threats  Masquerading or spoofing  an impersonation of one entity by another, is a form of both deception and usurpation  It lures a victim into believing that the entity with which it is communicating is a different entity.  Some forms of masquerading may be allowed: delegation 16 Phan Thi Thanh Nga - IT Faculty Basic Threats  Repudiation of origin  a false denial that an entity sent (or created) something, is a form of deception  For example, suppose a customer sends a letter to a vendor agreeing to pay a large amount of money for a product.  The vendor ships the product and then demands payment.  The customer denies having ordered the product  The customer has repudiated the origin of the letter. If the vendor cannot prove that the letter came from the customer, the attack succeeds. 17 Phan Thi Thanh Nga - IT Faculty Basic Threats Denial of receipt  a false denial that an entity received some information or message, is a form of deception  Suppose a customer orders an expensive product, but the vendor demands payment before shipment.  The customer pays, and the vendor ships the product. The customer then asks the vendor when he will receive the product.  If the customer has already received the product, the question constitutes a denial of receipt attack 18 Phan Thi Thanh Nga - IT Faculty 6
2/19/2012 Basic Threats Delay  a temporary inhibition of a service, is a form of usurpation  delivery of a message or service requires some time t; if an attacker can force the delivery to take more than time t, the attacker has successfully delayed delivery 19 Phan Thi Thanh Nga - IT Faculty Basic Threats Denial of service  a long-term inhibition of service, is a form of usurpation  The attacker prevents a server from providing a service  The denial may occur at the source, at the destination, or along the intermediate path 20 Phan Thi Thanh Nga - IT Faculty Information security threats  Identification: a user claims who s/he is  ƒ uthentication: a mechanism that A determines whether a user is who he or she claims to be (establishing the validity of the above claim )  something the user knows (e.g., a password, PIN)  something the user possesses (e.g., an ATM card)  something the user is (e.g., a voice pattern, a fingerprint) 21 Phan Thi Thanh Nga - IT Faculty 7
2/19/2012 Access control  Access control:  Closed systems  Open systems 22 Phan Thi Thanh Nga - IT Faculty Close system 23 Phan Thi Thanh Nga - IT Faculty Open system 24 Phan Thi Thanh Nga - IT Faculty 8
2/19/2012 Information security threats 25 Phan Thi Thanh Nga - IT Faculty Information security threats  Protecting Data  Access Control  Encryption Protecting Data in a Network Environment  Confidential  Cannot be modified, replayed  Lost packets can be detected User Identification and Authentication Auditing 26 Phan Thi Thanh Nga - IT Faculty Policies and Mechanisms  Policy says what is, and is not, allowed  This defines “security” for the site/system/etc. Mechanisms enforce policies Composition of policies  If policies conflict, discrepancies may create security vulnerabilities 27 Phan Thi Thanh Nga - IT Faculty 9
2/19/2012 Prevention  Prevent attackers from violating security policy Detection  Detect attackers’ violation of security policy Recovery  Stop attack, assess and repair damage  Continue to function correctly even if attack succeeds  28 Phan Thi Thanh Nga - IT Faculty Trust and Assumptions  Underlie all aspects of security Policies  Unambiguously partition system states  Correctly capture security requirements Mechanisms  Assumed to enforce policy  Support mechanisms work correctly 29 Phan Thi Thanh Nga - IT Faculty Types of Mechanisms 30 Phan Thi Thanh Nga - IT Faculty 10
2/19/2012 Assurance  Specification  Requirements analysis  Statement of desired functionality Design  How system will meet specification Implementation  Programs/systems that carry out design 31 Phan Thi Thanh Nga - IT Faculty Operational Issues  Cost-Benefit Analysis  Is it cheaper to prevent or recover? Risk Analysis  Should we protect something?  How much should we protect this thing? Laws and Customs  Are desired security measures illegal?  Will people do them? 32 Phan Thi Thanh Nga - IT Faculty Human Issues  Organizational Problems  Power and responsibility  Financial benefits People problems  Outsiders and insiders  Social engineering 33 Phan Thi Thanh Nga - IT Faculty 11
2/19/2012 Tying Together 34 Phan Thi Thanh Nga - IT Faculty Homework  Matt Bishop, Introduction to Computer Security, Chapter 1 Read more about DAC, MAC, RBAC 35 Phan Thi Thanh Nga - IT Faculty References  Matt Bishop, Introduction to Computer Security, Prentice Hall PTR, 2004 36 Phan Thi Thanh Nga - IT Faculty 12

Recomendados

Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...
IJwest
 
Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Research
marciahofmann
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & Privacy
Donny Shimamoto
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
Lindsey Landolfi
 
Mis3rd
Mis3rdMis3rd
Mis3rd
gopalnb
 
I’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextI’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take next
Brian Pichman
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
Robot Mode
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 

Recomendados

Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...
IJwest
 
Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Research
marciahofmann
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & Privacy
Donny Shimamoto
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
Lindsey Landolfi
 
Mis3rd
Mis3rdMis3rd
Mis3rd
gopalnb
 
I’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextI’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take next
Brian Pichman
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
Robot Mode
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
ams1ams11
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptx
desalewminale
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
Barry Caplin
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
deepakbharathi16
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
bagotjesusa
 
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdfLab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
lalitaggarwal627
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
Manoj VNV
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
Mukesh Chinta
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
PiBits
 
Class4 Security
Class4 SecurityClass4 Security
Class4 Security
RMS
 
ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx
ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docxITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx
ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx
donnajames55
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
banerjeea
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
ITNet
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
Ahmad Sharifi
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptx
sorabhsingh17
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 
Introduction to Computer Security
Introduction to Computer SecurityIntroduction to Computer Security
Introduction to Computer Security
Kamal Acharya
 
CSI-ZG-513
CSI-ZG-513CSI-ZG-513
CSI-ZG-513
rajeshkongath1
 
1556 a 09
1556 a 091556 a 09
1556 a 09
Lê Liêu
 
1556 a 08
1556 a 081556 a 08
1556 a 08
Lê Liêu
 

Más contenido relacionado

Similar a Part01 general security concepts

Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
bagotjesusa
 
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdfLab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
lalitaggarwal627
 
Class4 Security
Class4 SecurityClass4 Security
Class4 Security
RMS
 
ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx
ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docxITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx
ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx
donnajames55
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
banerjeea
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
ITNet
 

Similar a Part01 general security concepts (20)

CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptx
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
 
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdfLab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
Lab 3 Explore Social Engineering TechniquesIntroductionCybers.pdf
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
 
Class4 Security
Class4 SecurityClass4 Security
Class4 Security
 
ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx
ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docxITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx
ITS 833 – INFORMATION GOVERNANCEChapter 11 – Information Gov.docx
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptx
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Introduction to Computer Security
Introduction to Computer SecurityIntroduction to Computer Security
Introduction to Computer Security
 
CSI-ZG-513
CSI-ZG-513CSI-ZG-513
CSI-ZG-513
 

Más de Lê Liêu

Part05 communication security
Part05 communication securityPart05 communication security
Part05 communication security
Lê Liêu
 
Part04 key exchange protocols
Part04 key exchange protocolsPart04 key exchange protocols
Part04 key exchange protocols
Lê Liêu
 
Part04 basic cryptography
Part04 basic cryptographyPart04 basic cryptography
Part04 basic cryptography
Lê Liêu
 
Part02 access control authentication
Part02 access control authenticationPart02 access control authentication
Part02 access control authentication
Lê Liêu
 
Part06 infrastructure security
Part06 infrastructure securityPart06 infrastructure security
Part06 infrastructure security
Lê Liêu
 

Más de Lê Liêu (16)

1556 a 09
1556 a 091556 a 09
1556 a 09
 
1556 a 08
1556 a 081556 a 08
1556 a 08
 
1556 a 07
1556 a 071556 a 07
1556 a 07
 
1556 a 06
1556 a 061556 a 06
1556 a 06
 
1556 a 05
1556 a 051556 a 05
1556 a 05
 
1556 a 04
1556 a 041556 a 04
1556 a 04
 
1556 a 03
1556 a 031556 a 03
1556 a 03
 
1556 a 02
1556 a 021556 a 02
1556 a 02
 
1556 a 01
1556 a 011556 a 01
1556 a 01
 
1556 a 00
1556 a 001556 a 00
1556 a 00
 
1556 a 10
1556 a 101556 a 10
1556 a 10
 
Part05 communication security
Part05 communication securityPart05 communication security
Part05 communication security
 
Part04 key exchange protocols
Part04 key exchange protocolsPart04 key exchange protocols
Part04 key exchange protocols
 
Part04 basic cryptography
Part04 basic cryptographyPart04 basic cryptography
Part04 basic cryptography
 
Part02 access control authentication
Part02 access control authenticationPart02 access control authentication
Part02 access control authentication
 
Part06 infrastructure security
Part06 infrastructure securityPart06 infrastructure security
Part06 infrastructure security
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Part01 general security concepts

  • 1. 2/19/2012 General Security Concepts IT Faculty – Dalat University February - 2012 LOGO Outline Components of computer security Threats and Vulnerabilities Policies and mechanisms The role of trust Assurance Operational Issues Human Issues 2 Phan Thi Thanh Nga - IT Faculty Basic Components Confidentiality  Keeping data and resources hidden  A secure system ensures the confidentiality of data. This means that it allows individuals to see only the data that they are supposed to see 3 Phan Thi Thanh Nga - IT Faculty 1
  • 2. 2/19/2012 Basic Components Confidentiality  Access control mechanisms support confidentiality.  One access control mechanism for preserving confidentiality is cryptography  Other system-dependent mechanisms can prevent processes from illicitly accessing information  Confidentiality also applies to the existence of data, which is sometimes more revealing than the data itself  Resource hiding is another important aspect of confidentiality: configuration, equipment,… 4 Phan Thi Thanh Nga - IT Faculty Basic Components Integrity  Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change  Data integrity (integrity)  Origin integrity (authentication) 5 Phan Thi Thanh Nga - IT Faculty Basic Components Integrity  A secure system ensures that the data it contains is valid.  Data integrity means that data is protected from deletion and corruption, both while it resides within the database, and while it is being transmitted over the network  Integrity mechanisms fall into two classes: prevention mechanisms and detection mechanisms. 6 Phan Thi Thanh Nga - IT Faculty 2
  • 3. 2/19/2012 Basic Components  Availability  Enabling access to data and resources  A secure system makes data available to authorized users, without delay. Denial-of- service attacks are attempts to block authorized users’ ability to access and use the system when needed 7 Phan Thi Thanh Nga - IT Faculty Basic Components Confidentiality Integrity Avaliability 8 Phan Thi Thanh Nga - IT Faculty Basic Components Authentication  assurance that the communicating entity is the one claimed Access Control  prevention of the unauthorized use of a resource 9 Phan Thi Thanh Nga - IT Faculty 3
  • 4. 2/19/2012 Basic Components  Vulnerability  An error or weakness in design, implementation or operation Threat  An adversary motivated and capable of exploiting a vulnerability Attack  The means (sequence of actions) of exploiting a vulnerability 10 Phan Thi Thanh Nga - IT Faculty Information security threats  Loss of integrity: -> must prevent the improper modification of information  Loss of non-repudiation/ authentication -> auditing & accountability ƒLoss of availability: -> must avoid denial of service  (objective: 24/7 availability) 11 Phan Thi Thanh Nga - IT Faculty Information security threats Threat:  any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization Loss of confidentiality: -> must maintain secrecy over data  Note: privacy refers to the need to protect data about individuals 12 Phan Thi Thanh Nga - IT Faculty 4
  • 5. 2/19/2012 Classes of Threats  Disclosure: unauthorized access to information  Snooping  Deception: acceptance of false data  Modification, spoofing, repudiation of origin, denial of receipt  Disruption: interruption or prevention of correct operation  Modification ƒ Usurpation: unauthorized control of some part of a system  Modification, spoofing, delay, denial of service 13 Phan Thi Thanh Nga - IT Faculty Basic Threats Snooping: the unauthorized interception of information. Some entity is listening to (or reading) communications or browsing through files or system information 14 Phan Thi Thanh Nga - IT Faculty Basic Threats Modification or alteration  unauthorized change of information, covers three classes of threats  some entity relies on the modified data to determine which action to take  incorrect information is accepted as correct and is released  An example is the man-in-the-middle attack 15 Phan Thi Thanh Nga - IT Faculty 5
  • 6. 2/19/2012 Basic Threats  Masquerading or spoofing  an impersonation of one entity by another, is a form of both deception and usurpation  It lures a victim into believing that the entity with which it is communicating is a different entity.  Some forms of masquerading may be allowed: delegation 16 Phan Thi Thanh Nga - IT Faculty Basic Threats  Repudiation of origin  a false denial that an entity sent (or created) something, is a form of deception  For example, suppose a customer sends a letter to a vendor agreeing to pay a large amount of money for a product.  The vendor ships the product and then demands payment.  The customer denies having ordered the product  The customer has repudiated the origin of the letter. If the vendor cannot prove that the letter came from the customer, the attack succeeds. 17 Phan Thi Thanh Nga - IT Faculty Basic Threats Denial of receipt  a false denial that an entity received some information or message, is a form of deception  Suppose a customer orders an expensive product, but the vendor demands payment before shipment.  The customer pays, and the vendor ships the product. The customer then asks the vendor when he will receive the product.  If the customer has already received the product, the question constitutes a denial of receipt attack 18 Phan Thi Thanh Nga - IT Faculty 6
  • 7. 2/19/2012 Basic Threats Delay  a temporary inhibition of a service, is a form of usurpation  delivery of a message or service requires some time t; if an attacker can force the delivery to take more than time t, the attacker has successfully delayed delivery 19 Phan Thi Thanh Nga - IT Faculty Basic Threats Denial of service  a long-term inhibition of service, is a form of usurpation  The attacker prevents a server from providing a service  The denial may occur at the source, at the destination, or along the intermediate path 20 Phan Thi Thanh Nga - IT Faculty Information security threats  Identification: a user claims who s/he is  ƒ uthentication: a mechanism that A determines whether a user is who he or she claims to be (establishing the validity of the above claim )  something the user knows (e.g., a password, PIN)  something the user possesses (e.g., an ATM card)  something the user is (e.g., a voice pattern, a fingerprint) 21 Phan Thi Thanh Nga - IT Faculty 7
  • 8. 2/19/2012 Access control  Access control:  Closed systems  Open systems 22 Phan Thi Thanh Nga - IT Faculty Close system 23 Phan Thi Thanh Nga - IT Faculty Open system 24 Phan Thi Thanh Nga - IT Faculty 8
  • 9. 2/19/2012 Information security threats 25 Phan Thi Thanh Nga - IT Faculty Information security threats  Protecting Data  Access Control  Encryption Protecting Data in a Network Environment  Confidential  Cannot be modified, replayed  Lost packets can be detected User Identification and Authentication Auditing 26 Phan Thi Thanh Nga - IT Faculty Policies and Mechanisms  Policy says what is, and is not, allowed  This defines “security” for the site/system/etc. Mechanisms enforce policies Composition of policies  If policies conflict, discrepancies may create security vulnerabilities 27 Phan Thi Thanh Nga - IT Faculty 9
  • 10. 2/19/2012 Prevention  Prevent attackers from violating security policy Detection  Detect attackers’ violation of security policy Recovery  Stop attack, assess and repair damage  Continue to function correctly even if attack succeeds  28 Phan Thi Thanh Nga - IT Faculty Trust and Assumptions  Underlie all aspects of security Policies  Unambiguously partition system states  Correctly capture security requirements Mechanisms  Assumed to enforce policy  Support mechanisms work correctly 29 Phan Thi Thanh Nga - IT Faculty Types of Mechanisms 30 Phan Thi Thanh Nga - IT Faculty 10
  • 11. 2/19/2012 Assurance  Specification  Requirements analysis  Statement of desired functionality Design  How system will meet specification Implementation  Programs/systems that carry out design 31 Phan Thi Thanh Nga - IT Faculty Operational Issues  Cost-Benefit Analysis  Is it cheaper to prevent or recover? Risk Analysis  Should we protect something?  How much should we protect this thing? Laws and Customs  Are desired security measures illegal?  Will people do them? 32 Phan Thi Thanh Nga - IT Faculty Human Issues  Organizational Problems  Power and responsibility  Financial benefits People problems  Outsiders and insiders  Social engineering 33 Phan Thi Thanh Nga - IT Faculty 11
  • 12. 2/19/2012 Tying Together 34 Phan Thi Thanh Nga - IT Faculty Homework  Matt Bishop, Introduction to Computer Security, Chapter 1 Read more about DAC, MAC, RBAC 35 Phan Thi Thanh Nga - IT Faculty References  Matt Bishop, Introduction to Computer Security, Prentice Hall PTR, 2004 36 Phan Thi Thanh Nga - IT Faculty 12