Computer Security: Introduction to Information and Network Protection, High school final essays of Computer science

An introduction to computer security, discussing the concepts of network security and information security, the importance of protecting assets, and various security services such as confidentiality, integrity, availability, authenticity, and access control. It also covers the vulnerability-threat-control paradigm and different types of security attacks, including passive and active attacks, as well as security mechanisms like decipherment, digital signatures, and access control.

Typology: High school final essays

2021/2022

Uploaded on 03/20/2022

pro-nebyu
pro-nebyu 🇸🇨

7 documents

1 / 17

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Computer Security
Chapter 1
Introduction to Security
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download Computer Security: Introduction to Information and Network Protection and more High school final essays Computer science in PDF only on Docsity!

Computer Security

Chapter 1

Introduction to Security

What is computer Security?

The terms Computer security, network security and information security are often

used interchangeably.

Network security is generally taken as providing protection at the boundaries of

an organization by keeping out intruders or hackers.

Network security starts from authenticating the user, commonly with a username

and a password.

Once authenticated, a firewall enforces access policies such as what services are

allowed to be accessed by the network users.

Security services

Security services are as follow.

Confidentiality:

  • Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals

or systems.

  • For example, a credit card transaction on the Internet requires the credit card number to be transmitted

from the buyer to the merchant and from the merchant to a transaction processing network.

Integrity

  • In information security, integrity means that data cannot be modified undetectably.

Security services

Availability

  • The information must be available when it is needed.
  • This means that the computing systems used to store and process the information, the

security controls used to protect it, and the communication channels used to access it must be

functioning correctly.

  • High availability systems aim to remain available at all times, preventing service disruptions

due to power outages, hardware failures, and system upgrades.

Authenticity

  • In computing, e-Business and information security it is necessary to ensure that the data,

transactions, communications or documents are genuine.

  • It is also important for authenticity to validate that both parties involved are who they claim

they are.

The Vulnerability–Threat–Control Paradigm

The goal of computer security is protecting valuable assets.

o A Vulnerability is a weakness in the system, for example, in procedures, design,

or implementation, that might be exploited to cause loss or harm.

o

For instance, a particular system may be vulnerable to unauthorized data

manipulation because the system does not verify a user’s identity before allowing

data access.

o A threat is a breach of security which can be either natural, physical, or

accidental examples of these include flood, fire, earthquake, electrical spark,

manufacturer error, vandalism and so on.

o A threat is a set of circumstances that could cause harm.

o A threat to a computing system is a set of circumstances that has the potential to

cause loss or harm.

The Vulnerability–Threat–Control Paradigm

We can classify the security attacks as

  • Passive attacks : A passive attack attempts to learn or make use of information from the system

but does not affect the system resources. The passive attackers are in the nature of

eavesdropping( secretly listen to a conversation ) on, or monitoring of transmissions with a goal of

obtaining information being transmitted.

  • The passive attacks are very difficult to detect because they do not involve any alteration of data.

Measures are available to prevent their success.

  • Two types of passive attacks are: - release of message content and traffic analysis.

o

Release of message content: The process of preventing an opponent from learning the

contents of transmissions

o Traffic analysis : The process of guessing the information being transmitted by observing

the frequency and length of message being exchanged.

o Active attack : Active attacks attempts to alter system resources or affects their operation. It is

very difficult to prevent active attacks absolutely.

Continued

Examples of interruption are destruction of a piece of hardware, the cutting

of cable and disabling of a file management system.

Interception:

Interception occurs when any unauthorized unit gains access to an asset. This

attack means that there is no privacy therefore it is an attack on

confidentiality. The unauthorized unit or party could be an individual, a

program or even another computer. Diagram (c) reveals the nature of

interception.

Examples of interception can be seen

in wiretapping to capture data into a

network and coping of files which is not permitted.

Modification:

If an unauthorized party gains access to a system and make some changes to

it, then this tampering is known as Modification. This medication is an attack

on the integrity of the system or the organization. Diagram (d) depicts this

attack.

Examples of such tampering includes the

changing of values in a file, altering a

program so that it performs differently and

changing the contents of messages that are

sent over the network.

Security mechanism

A mechanism that is designed to detect, prevent or recover the system from

the security attacks. The security mechanisms are as follow.

Decipherment : The use of mathematical algorithms to transfer the data into a form

that is not readily intelligible.

Digital signatures : Used to protect the data against forgery. Digital signature

appended to the data unit that allows a recipient of the data unit to prove the source

and integrity of the data unit.

Access Control : These mechanisms enforce access rights to resources.

Data integrity: A variety of mechanisms are used to assure the integrity of data unit.

Security mechanism

o Authentication exchange : A mechanism intended to ensure the identity of an entity by

means of information exchange.

o Traffic padding : The insertion of bits into gaps in a data stream to control traffic

analysis attacks

o Notarization: The use of trusted third party to assure certain properties of a data

exchange.

o Routing control : Enables selection of particular physically secure routes for certain

data and allows routing changes.

Diagram: A model for network security in

class Room

This general model shows that there are four basic tasks in designing a security

service:

Designing an algorithm for performing the security related transformation.

Generate the secret information to be used with the algorithm.

Develop a method for distribution and sharing of the secret information

Specify a protocol to be used by the two principals that make use of security

algorithm and the secret information to achieve a particular security service.

Thank you!!!

17