SlideShare a Scribd company logo

Security

Download as PPT, PDF
S
santhypp
EducationTechnologyNews & Politics
1 of 23
Chapter 1 Introduction: Computer and Network Security //Modified by Prof. M. Singhal// Henric Johnson Blekinge Institute of Technology, Sweden www.its.bth.se/staff/hjo/ henric.johnson@bth.se Henric Johnson +46 708 250375 1
Outline • Information security • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs Henric Johnson 2
Information Security “Protection of data”. Has gone two major changes: 1. Computer Security: oTimesharing systems: multiple users share the H/W and S/W resources on a computer. o Remote login is allowed over phone lines. “Measures and tools to protect data and thwart hackers is called Computer Security”. Henric Johnson 3
Information Security… 2. Network Security: Computer networks are widely used to connect computers at distant locations. Raises additional security problems: o Data in transmission must be protected. o Network connectivity exposes each computer to more vulnerabilities. Henric Johnson 4
Attacks, Services and Mechanisms Three aspects of Information Security: • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. Henric Johnson 5
Security Attacks Henric Johnson 6
Security Attacks Interruption: An asset of the system is destroyed or becomes unavailable or unusable. • This is an attack on availability. Examples: • Destroying some H/W (disk or wire). • Disabling file system. • Swamping a computer with jobs or communication link with packets. Henric Johnson 7
Security Attacks Interception: An unauthorized party gains access to an asset. O This is an attack on confidentiality. Examples: >Wiretapping to capture data in a network. >Illicitly copying data or programs. Henric Johnson 8
Security Attacks Modification: An unauthorized party gains access and tampers an asset. oThis is an attack on integrity. Examples: • Changing data files. • Altering a program. • Altering the contents of a message. Henric Johnson 9
Security Attacks Fabrication: An unauthorized party inserts a counterfeit object into the system. O This is an attack on authenticity. Examples: > Insertion of records in data files. > Insertion of spurious messages in a network. (message replay). Henric Johnson 10
Passive vs. Active Attacks 1. Passive Attacks: o Eavesdropping on information without modifying it. (difficult to detect ). 2. Active Attacks: o Involve modification or creation of info. Henric Johnson 11
Henric Johnson 12
Passive Threats • Release of a message contents: Contents of a message are read. > A message may be carrying sensitive or confidential data. • Traffic analysis: An intruder makes inferences by observing message patterns. > Can be done even if messages are encrypted. > Inferences: location and identity of hosts. Henric Johnson 13
Active Threats • Masquerade: An entity pretends to be some other entity. Example: An entity captures an authentication sequence and replays it later to impersonate the original entity. • Replay: Involves capture of a data unit and its retransmission to produce an unauthorized effect. Henric Johnson 14
Active Threats • Modification of messages: A portion of a legitimate message has been altered to produce an undesirable effect. • Denial of service: Inhibits normal use of computer and communications resources. > Flooding of computer network. >Swamping of CPU or a server. Henric Johnson 15
Security Services A classification of security services: • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files Henric Johnson 16
Security Goals Confidentiality Integrity Avalaibility Henric Johnson 17
Henric Johnson 18
Henric Johnson 19
Methods of Defence • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smartcard) • Policies (frequent changes of passwords) • Physical Controls Henric Johnson 20
Internet standards and RFCs • The Internet society – Internet Architecture Board (IAB) – Internet Engineering Task Force (IETF) – Internet Engineering Steering Group (IESG) Henric Johnson 21
Internet RFC Publication Process Henric Johnson 22
Recommended Reading • Pfleeger, C. Security in Computing. Prentice Hall, 1997. • Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001. Henric Johnson 23

Recommended

Chapter 1
Chapter 1Chapter 1
Chapter 1
rajjani
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
Atif Rehmat
 
Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cf
toamma
 
Network security
Network securityNetwork security
Network security
hajra azam
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
Manesh T
 
Network security
Network securityNetwork security
Network security
Jasleen Kaur (Chandigarh University)
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
Lecture1 Introduction
Lecture1 Introduction Lecture1 Introduction
Lecture1 Introduction
rajakhurram
 

Recommended

Chapter 1
Chapter 1Chapter 1
Chapter 1
rajjani
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
Atif Rehmat
 
Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cf
toamma
 
Network security
Network securityNetwork security
Network security
hajra azam
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
Manesh T
 
Network security
Network securityNetwork security
Network security
Jasleen Kaur (Chandigarh University)
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
Lecture1 Introduction
Lecture1 Introduction Lecture1 Introduction
Lecture1 Introduction
rajakhurram
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
Mohamed Loey
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
limsh
 
BAIT1103 Course Overview
BAIT1103 Course OverviewBAIT1103 Course Overview
BAIT1103 Course Overview
limsh
 
Network security
Network securityNetwork security
Network security
Eshrak Rahman
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
Network Security
Network SecurityNetwork Security
Network Security
Sayantan Sur
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
Stefano Maria De' Rossi
 
Dos attack
Dos attackDos attack
Dos attack
Manjushree Mashal
 
cryptographic security
cryptographic securitycryptographic security
cryptographic security
Priyamvada Singh
 
Computer Networking
Computer NetworkingComputer Networking
Computer Networking
ShahMDGolamRahmanNay
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Rubal Sagwal
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
veeresh35
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 
Information and network security 6 security attacks
Information and network security 6 security attacksInformation and network security 6 security attacks
Information and network security 6 security attacks
Vaibhav Khanna
 
Dos unit 5
Dos unit 5Dos unit 5
Dos unit 5
JebasheelaSJ
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
STS
 
Module 8 security and ethical challenges
Module 8 security and ethical challengesModule 8 security and ethical challenges
Module 8 security and ethical challenges
CRM
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
alrawes
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
waqasahmad1995
 
Information security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityInformation security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information security
Neha Raju k
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
shivz3
 
Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1
shivz3
 

More Related Content

What's hot

BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
limsh
 
BAIT1103 Course Overview
BAIT1103 Course OverviewBAIT1103 Course Overview
BAIT1103 Course Overview
limsh
 
Network security
Network securityNetwork security
Network security
Eshrak Rahman
 
Module 8 security and ethical challenges
Module 8 security and ethical challengesModule 8 security and ethical challenges
Module 8 security and ethical challenges
CRM
 

What's hot (20)

Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
BAIT1103 Course Overview
BAIT1103 Course OverviewBAIT1103 Course Overview
BAIT1103 Course Overview
 
Network security
Network securityNetwork security
Network security
 
Network security
Network securityNetwork security
Network security
 
Network Security
Network SecurityNetwork Security
Network Security
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
 
Dos attack
Dos attackDos attack
Dos attack
 
cryptographic security
cryptographic securitycryptographic security
cryptographic security
 
Computer Networking
Computer NetworkingComputer Networking
Computer Networking
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Information and network security 6 security attacks
Information and network security 6 security attacksInformation and network security 6 security attacks
Information and network security 6 security attacks
 
Dos unit 5
Dos unit 5Dos unit 5
Dos unit 5
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
 
Module 8 security and ethical challenges
Module 8 security and ethical challengesModule 8 security and ethical challenges
Module 8 security and ethical challenges
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
 
Information security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityInformation security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information security
 

Similar to Security

Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
shahadd2021
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
Kaukau9
 

Similar to Security (20)

Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1Cryptography and network Security Chapter 1
Cryptography and network Security Chapter 1
 
Network Security
Network SecurityNetwork Security
Network Security
 
Network Security introduction.pdf
Network Security introduction.pdfNetwork Security introduction.pdf
Network Security introduction.pdf
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
A survey in privacy security in IOT
A survey in privacy security in IOT A survey in privacy security in IOT
A survey in privacy security in IOT
 
Network sec 1
Network sec 1Network sec 1
Network sec 1
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture A
 
sc.pptx
sc.pptxsc.pptx
sc.pptx
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
Iot security problems and solutions
Iot security problems and solutionsIot security problems and solutions
Iot security problems and solutions
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
CNS Unit-1.pptx
CNS Unit-1.pptxCNS Unit-1.pptx
CNS Unit-1.pptx
 
CNS - Chapter1
CNS - Chapter1CNS - Chapter1
CNS - Chapter1
 
KCS074_CGNS_L1_PPT1.pptx
KCS074_CGNS_L1_PPT1.pptxKCS074_CGNS_L1_PPT1.pptx
KCS074_CGNS_L1_PPT1.pptx
 

Recently uploaded

Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
fonyou31
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Sapana Sha
 

Recently uploaded (20)

Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 

Security

  • 1. Chapter 1 Introduction: Computer and Network Security //Modified by Prof. M. Singhal// Henric Johnson Blekinge Institute of Technology, Sweden www.its.bth.se/staff/hjo/ henric.johnson@bth.se Henric Johnson +46 708 250375 1
  • 2. Outline • Information security • Attacks, services and mechanisms • Security attacks • Security services • Methods of Defense • A model for Internetwork Security • Internet standards and RFCs Henric Johnson 2
  • 3. Information Security “Protection of data”. Has gone two major changes: 1. Computer Security: oTimesharing systems: multiple users share the H/W and S/W resources on a computer. o Remote login is allowed over phone lines. “Measures and tools to protect data and thwart hackers is called Computer Security”. Henric Johnson 3
  • 4. Information Security… 2. Network Security: Computer networks are widely used to connect computers at distant locations. Raises additional security problems: o Data in transmission must be protected. o Network connectivity exposes each computer to more vulnerabilities. Henric Johnson 4
  • 5. Attacks, Services and Mechanisms Three aspects of Information Security: • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. Henric Johnson 5
  • 6. Security Attacks Henric Johnson 6
  • 7. Security Attacks Interruption: An asset of the system is destroyed or becomes unavailable or unusable. • This is an attack on availability. Examples: • Destroying some H/W (disk or wire). • Disabling file system. • Swamping a computer with jobs or communication link with packets. Henric Johnson 7
  • 8. Security Attacks Interception: An unauthorized party gains access to an asset. O This is an attack on confidentiality. Examples: >Wiretapping to capture data in a network. >Illicitly copying data or programs. Henric Johnson 8
  • 9. Security Attacks Modification: An unauthorized party gains access and tampers an asset. oThis is an attack on integrity. Examples: • Changing data files. • Altering a program. • Altering the contents of a message. Henric Johnson 9
  • 10. Security Attacks Fabrication: An unauthorized party inserts a counterfeit object into the system. O This is an attack on authenticity. Examples: > Insertion of records in data files. > Insertion of spurious messages in a network. (message replay). Henric Johnson 10
  • 11. Passive vs. Active Attacks 1. Passive Attacks: o Eavesdropping on information without modifying it. (difficult to detect ). 2. Active Attacks: o Involve modification or creation of info. Henric Johnson 11
  • 13. Passive Threats • Release of a message contents: Contents of a message are read. > A message may be carrying sensitive or confidential data. • Traffic analysis: An intruder makes inferences by observing message patterns. > Can be done even if messages are encrypted. > Inferences: location and identity of hosts. Henric Johnson 13
  • 14. Active Threats • Masquerade: An entity pretends to be some other entity. Example: An entity captures an authentication sequence and replays it later to impersonate the original entity. • Replay: Involves capture of a data unit and its retransmission to produce an unauthorized effect. Henric Johnson 14
  • 15. Active Threats • Modification of messages: A portion of a legitimate message has been altered to produce an undesirable effect. • Denial of service: Inhibits normal use of computer and communications resources. > Flooding of computer network. >Swamping of CPU or a server. Henric Johnson 15
  • 16. Security Services A classification of security services: • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (has not been altered) • Non-repudiation (the order is final) • Access control (prevent misuse of resources) • Availability (permanence, non-erasure) – Denial of Service Attacks – Virus that deletes files Henric Johnson 16
  • 17. Security Goals Confidentiality Integrity Avalaibility Henric Johnson 17
  • 20. Methods of Defence • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smartcard) • Policies (frequent changes of passwords) • Physical Controls Henric Johnson 20
  • 21. Internet standards and RFCs • The Internet society – Internet Architecture Board (IAB) – Internet Engineering Task Force (IETF) – Internet Engineering Steering Group (IESG) Henric Johnson 21
  • 22. Internet RFC Publication Process Henric Johnson 22
  • 23. Recommended Reading • Pfleeger, C. Security in Computing. Prentice Hall, 1997. • Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001. Henric Johnson 23