Download 2nd presentation slide and more Lecture notes Information Security and Markup Languages in PDF only on Docsity!
INFORMATION SECURITY
Attacks on Computers and Computer
Security
Attacks on Computers and Computer Security:
- (^) Introduction,
- (^) The need for security,
- (^) Security approaches,
- (^) Principles of security,
- (^) Types of Security attacks,
- (^) Security services,
- (^) Security Mechanisms,
- (^) A model for Network Security
Principle/Goals Of Security
- (^) These r the 4 chief principles of security.
1. Confidentiality:- Is msg seen by someone else?
2. Authentication:- Do u trust the sender of msg?
3. Integrity:- Is the meg changed during transmit?
4. Non-repudiation:- Can sender refute the msg?
- (^) Above principles r related to a particular message.
- (^) There r 2 more linked to overall system as a
whole.
5. Access Control:- Who can Access what? [ACL]
6. Availability:- Information should be available
timely.
Confidentiality
- (^) Confidentiality is the process of preventing disclosure of information to unauthorized individuals or systems. Examples: Credit card
- (^) Confidentiality is necessary, but not sufficient to maintain privacy
Authenticity
- (^) In computing, e-Business and information security it is necessary to ensure that the data , transactions, communications or documents (electronic or physical) are genuine (i.e. they have not been forged or fabricated.) Examples: Passport, Credit card Accounts, academic transcripts
Fabrication is possible in absence of proper authentication
Modification Causes Loss of Message integrity
Non-Repudiation
- (^) It is a complex term used to describe the lack of deniability of ownership of a message, piece of data, or Transaction. Examples: Proof of an ATM transaction, a stock trade, or an email
Access Control
- (^) Role Management->User Side->Which user
can do what.
- (^) Rule Management->Resource Side->Which
resources r accessible and under what
circumstances.
- (^) Access Control List is subset of Access Control
Matrix.
Availability
- (^) For any information/system to serve its purpose,
- (^) The information must be accessible & usable when it is needed.
- (^) Computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. Examples: Power outages, Hardware failures, System upgrades and Preventing denial-of-service attacks