Computer Security: Protecting Assets, Understanding Threats and Countermeasures, Slides of Computer Security

An overview of computer security, focusing on the fundamental questions of what assets need protection, how they are threatened, and what can be done to counter those threats. Key security concepts such as confidentiality, integrity, and availability, as well as computer security challenges and terminology. It also discusses vulnerabilities, threats, attacks, countermeasures, and threat consequences.

Typology: Slides

2012/2013

Uploaded on 04/25/2013

bageshri
bageshri 🇮🇳

4.3

(24)

175 documents

1 / 22

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture 1:
Overview
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16

Partial preview of the text

Download Computer Security: Protecting Assets, Understanding Threats and Countermeasures and more Slides Computer Security in PDF only on Docsity!

Lecture 1:

Overview

Outline

The focus of this chapter is on three fundamental questions:

  • What assets do we need to protect?
  • How are those assets threatened?
  • What can we do to counter those threats?

The CIA Triad

Key Security Concepts

Confidentiality

  • preserving authorized restrictions on information access and disclosure.
  • including means for protecting personal privacy and proprietary information

Integrity

  • guarding against improper information modification or destruction,
  • including ensuring information nonrepudiation and authenticity

Availability

  • ensuring timely and reliable access to and use of information

Integrity

Is this all?

Computer Security Challenges

  • attackers only need to find a single weakness, the developer needs to find all weaknesses
  • users and system managers tend to not see the benefits of security until a failure occurs
  • security requires regular and constant monitoring
  • is often an afterthought to be incorporated into a system after the design is complete
  • thought of as an impediment to efficient and user-friendly operation

Computer Security Terminology

  • Adversary (threat agent) - An entity that attacks, or is a threat to, a system.
  • Attack - An assault on system security that derives from an intelligent threat; a deliberate attempt to evade security services and violate security policy of a system.
  • Countermeasure - An action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.

Computer Security Terminology

  • Threat - A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
  • Vulnerability - Flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy.

Security Concepts and Relationships

Countermeasures

means used to deal with security attacks may introduce new vulnerabilities Residual vulnerabilities may remain goal is to minimize residual level of risk to the assets

  • prevent
  • detect
  • recover

Threat Consequences

  • Unauthorized disclosure is a threat to confidentiality
  • Exposure : This can be deliberate or be the result of a human, hardware, or software error
  • Interception : unauthorized access to data
  • Inference : e.g., traffic analysis, use of limited access to get detailed information
  • Intrusion : unauthorized access to sensitive data

Threat Consequences

  • Disruption is a threat to availability or system integrity
  • Incapacitation : a result of physical destruction of or damage to system hardware
  • Corruption : system resources or services function in an unintended manner; unauthorized modification
  • Obstruction : e.g. overload the system or interfere with communications

Threat Consequences

  • Usurpation is a threat to system integrity.
  • Misappropriation : e.g., theft of service, distributed denial of service attack
  • Misuse : security functions can be disabled or thwarted

Computer and Network Assets

Passive and Active Attacks

  • Passive attacks attempt to learn or make use of information from the system but does not affect system resources - eavesdropping/monitoring transmissions - difficult to detect - emphasis is on prevention rather than detection - two types: - release of message contents - traffic analysis
  • Active attacks involve modification of the data stream
    • goal is to detect them and then recover
    • four categories:
      • masquerade
      • replay
      • modification of messages
      • denial of service