Security: Understanding the Basics of Information Security, Slides of Computer Science

An overview of various aspects of information security, including the security environment, basics of cryptography, user authentication, attacks from inside and outside the system, protection mechanisms, trusted systems, intruders, accidental data loss, and countermeasures. It also covers topics such as operating system security, network security, design principles for security, and virus damage scenarios.

Typology: Slides

2012/2013

Uploaded on 03/21/2013

dheeraj
dheeraj 🇮🇳

5

(4)

101 documents

1 / 43

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Security
Chapter 9
9.1 The security environment
9.2 Basics of cryptography
9.3 User authentication
9.4 Attacks from inside the system
9.5 Attacks from outside the system
9.6 Protection mechanisms
9.7 Trusted systems
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b

Partial preview of the text

Download Security: Understanding the Basics of Information Security and more Slides Computer Science in PDF only on Docsity!

Security

Chapter 9

9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from outside the system 9.6 Protection mechanisms 9.7 Trusted systems

The Security Environment

Threats

Security goals and threats

Accidental Data Loss

Common Causes

  1. Acts of God
    • fires, floods, wars
  2. Hardware or software errors
    • CPU malfunction, bad disk, program bugs
  3. Human errors
    • data entry, wrong tape mounted

Basics of Cryptography

Relationship between the plaintext and the ciphertext

Public-Key Cryptography

  • All users pick a public key/private key pair
    • publish the public key
    • private key not published
  • Public key is the encryption key
    • private key is the decryption key

One-Way Functions

  • Function such that given formula for f(x)
    • easy to evaluate y = f(x)
  • But given y
    • computationally infeasible to find x

User Authentication

Basic Principles. Authentication must identify:

  1. Something the user knows
  2. Something the user has
  3. Something the user is

This is done before user can use the system

Authentication Using Passwords

(a) A successful login (b) Login rejected after name entered (c) Login rejected after name and password typed

Authentication Using Biometrics

A device for measuring finger length.

Countermeasures

  • Limiting times when someone can log in
  • Automatic callback at number prespecified
  • Limited number of login tries
  • A database of all logins
  • Simple login name/password as a trap
    • security personnel notified when attacker bites

Login Spoofing

(a) Correct login screen (b) Phony login screen

Logic Bombs

  • Company programmer writes program
    • potential to do harm
    • OK as long as he/she enters password daily
    • ff programmer fired, no password and bomb explodes

Buffer Overflow

  • (a) Situation when main program is running
  • (b) After program A called
  • (c) Buffer overflow shown in gray

Generic Security Attacks

Typical attacks

  • Request memory, disk space, tapes and just read
  • Try illegal system calls
  • Start a login and hit DEL, RUBOUT, or BREAK
  • Try modifying complex OS structures
  • Try to do specified DO NOTs
  • Convince a system programmer to add a trap door
  • Beg admin's sec’y to help a poor user who forgot password