Вы находитесь на странице: 1из 37

CS 126:

INTRODUCTION TO IT SECURITY

LECTURE 01
SECURITY CONCEPTS

1 4/11/2016
INTRODUCTION

What is a Security?

What do you think?

2
WHAT IS SECURITY?

Security: A state of well-being of


information and infrastructure in which the
possibility of theft, tempering, and
disruption of information and services is
kept low or tolerable.
Security is the quality or state of being
secure--to be free from danger.

3 4/11/2016
Specialized Areas of Security
Physical security: Protect the physical items,
objects, or areas of an organization from
unauthorized access and misuse.
Personal security: Protect the individual or group
of individuals who are authorized to access the
organization and its operations.
Communications security: Protect an
organizations communications media, technology,
and content.
4 4/11/2016
Specialized Areas of Security

Network Security: Protect the network and the


network-accessible resources from unauthorized
access, consistent and continuous monitoring and
measurement of its effectiveness.
Data security: Data security is the means of
ensuring that data is kept safe from corruption
and that access to it is suitably controlled.

5 4/11/2016
Computer Security
.Protection of computers hardware,
software, data, information and other related
computer devices, from theft, corruption, or
natural disaster destruction..
Computer security is concern with protecting a computer
systems information assets, as well as the computer
systems themselves.
Asset = item of value
Assets include: Hardware, Software, Data

6 4/11/2016
The Vulnerability Threat Control Paradigm
A major goal of information security as a discipline and as a profession is to
protect valuable assets
To study methods of asset protection, we use vulnerability threat control
framework:
Vulnerability
Is a weakness in an information system or its components that might be
exploited to compromise the security of the system.
Attack is the deliberate act that exploits vulnerability. Is the actual attempt to
violate security.
Threat
A set of circumstances or events that has the potential to course loss or harm
an information system by destroying it, disclosing the information stored on
the system, adversely modifying data, or making the system unavailable.
Control
An action, device, procedure, or technique that eliminates or reduces a
vulnerability
7
Also called a countermeasure 4/11/2016
The Vulnerability Threat Control Paradigm

A threat is blocked by control of a vulnerability.

Example: The finger of the man can control a water leak.

8 4/11/2016
Security VULNERABILITIES
WHY Information systems are vulnerable?
1. Poor system management: If managers at all levels
don't make security, their number one priority, then the
threats to an information system is easily to become real.
2. Familiarity: Using common, well-known code,
software, operating systems, and/or hardware increases
the probability an attacker to have the tools or
knowledge to exploit the weakness.
3. Poor System Design: If the System Analyst did not
consider the security aspect, during system design
process then creates a loop hole for an attacker to
damage a system.
9 4/11/2016
Security VULNERABILITIES
WHY Information systems are vulnerable?
3. Poor Password management: The computer users
stores the password on the computer or open place
where an attacker can access it.
5. Unchecked user input: The programmers assumes that
all user input is safe, but there programs that do not
check user input which allow unintended direct
execution of commands.
6. Default configuration: of the OS and Network
Operating System (NOS), network devices firewalls and
encryption weaknesses.
10 4/11/2016
Threats and C-I-A
Threats can apply to the confidentiality, integrity, or
availability (C-I-A) of a system
Confidentiality: Assurance that the information is
accessible only to those authorized to have access.
Integrity: The trustworthiness of data of resources in
terms of preventing improper and unauthorized changes.
Availability: Assurance that the systems are accessible
when required by the authorized users.

C-I-A = The security Triad

C-I-A = The Goals/Objectives of Information Security


11 4/11/2016
SECURITY GOALS

CONFIDENTIALITY

INTEGRITY AVAILABILITY

12 4/11/2016
CIA Triad

13 4/11/2016
Additional Pillars of Information Security
Aside from C-I-A, authentication, nonreputiation, and
auditability are also desirable system properties
Authentication: The ability of a system to confirm the
identity of a sender.
Nonrepudiation: The ability of a system to confirm
that a sender cannot convincingly deny having sent a
message.
Auditability: The ability of a system to trace all
actions related to a given asset.
Determine who did what and when in order to
ensure that responsible parties are held account.
14 4/11/2016
Threats to Information Systems

15 4/11/2016
Threats to Information Systems

16 4/11/2016
Threats to Information Systems
Example: Acts of Human Error or Failure
Includes acts done without malicious intent

Caused by:
Inexperience
Improper training
Incorrect assumptions
Other circumstances

Employees are greatest threats to information security


They are closest to the organizational data
17 4/11/2016
Threats to Information Systems
Example: Acts of Human Error or Failure
Employee mistakes can easily lead to the following:
Revelation of classified data
Entry of erroneous data
Accidental deletion or modification of data
Storage of data in unprotected areas
Failure to protect information

Many of these threats can be prevented with controls


Control: Is an action, procedure or technique that
removes or reduces the vulnerabilities.
18 4/11/2016
Harmful Acts
Harm to information systems can be affected on four different ways
1. Interruption: This is an attack on availability
2. Interception: This is an attack on confidentiality
3. Modification: This is an attack on integrity
4. Fabrication: This is an attack on authenticity

19
Information Information
source destination

Normal Flow

20
Interruption
Interruption: This is an attack on availability
Approach: Destruction of hardware, physical
damages to communication links, Disrupting
traffic (introduction to noise), erase of a
program or a file, DoS attacks.

Information Information
source destination

21
Interception
Interception: This is an attack on confidentiality
Approach: Eavesdropping over a
communication line, Link monitoring, packet
capturing, system compromisation.

Information Information
source destination

22
Modification
Modification: This is an attack on integrity
Approach: Corrupting transmitted data or
tampering with it before it reaches its
destination. E.g. Changing a record in database.

Information Information
source destination

23
Fabrication
Fabrication: This is an attack on authenticity
Approach: Faking data as if it were created by a
legitimate and authentic party. E.g. Adding a
new record to a database, insertion of new
network packet.

Information Information
source destination

24
Types of attackers
Amateurs
Opportunistic attackers
Use a password that he or she found
Script kiddies
Hackers: Non-malicious
Crackers: Malicious
Career criminals
Organized crime syndicates
Cyber terrorists
State-supported spies and information warriors

25 4/11/2016
Method Opportunity - Motive
Attackers need MOM
Method
Skills, knowledge, tools, etc. with which to
attempt an attack
Opportunity
Time and access to attempt an attack
Motive
A reason to attempt an attack

26 4/11/2016
Method of Defense
Six approaches to defense of computing systems
1. Prevent attack
Block attack / close vulnerability
2. Deter attack
Make attack harder (if we cant make it impossible)
3. Deflect attack
Make another target more attractive than this target
4. Mitigate attack
Make the impact of an attack less severe
5. Detect attack
during or after
6. Recover from attack
27 4/11/2016
Importance of Computer Security
1. To protect organization's valuable resources,
such as information, hardware, and
software, through the selection of appropriate
techniques.
2. Security helps the organization's mission of
protecting its.
Physical and financial resources.
Gaining reputation and legal position from
employees, and customers trust.

28 4/11/2016
Importance of Computer Security

3. Preserving, Integrity, Confidentiality and


Availability of information system resources
that includes.
Organizations data.
Customers information.
Organizations hardware and software etc.
4. To protect the organizations information from
criminal, natural hazards and other threats.

29 4/11/2016
Importance of Computer Security
5. To protect the organization from hackers, crackers
and terrorists.
Hacker: Intelligent individual with excellent
computer skills, with the ability to create and explore
or exploits weaknesses in computer systems and
network.
Cracker: System intruder/destroyer who Breaching
security on software or systems.
Virus: Is a program that reproduces its own code by
attaching itself to other executable files in such a
way that the virus code is executed when the infected
executable file is executed.
Is a program designed and to cause problems to
computers or computer network systems.
30 4/11/2016
SECURITY MEASURES
Protecting Computers
The following measures can be used to protect your
computer from security threats and attacks:
1. Locking your computer with a password.
2. Installing Anti-Virus software and ensure it is up-
to-date.
3. Using up-to-date software (operating systems and
user applications)
4. Logging off or shutting down your computer when
going away.
31 4/11/2016
SECURITY MEASURES
Protecting Computers
5. Make a backup of your important documents and
data.
6. Protect your files with passwords
7. Before clicking on any e-mail attachment, make sure
that the attachment is scanned even if you know the
source.
8. Before using media given to you by someone else,
scan it to remove viruses

32 4/11/2016
SECURITY MEASURES
Protecting Computers Networks
The following measures can be used to protect your
network from security threats and attacks
1. Firewalls: A firewall defines a single choke point of
control and monitoring that keeps unauthorized users
out of the protected network.
2. Intrusion Detection System (IDS)

33 4/11/2016
SYMPTOMS OF INFECTED
COMPUTER
It is difficult to prove if your computer has been
affected with a virus. However, one can suspects
that a computer is infected with a virus, by
considering some primary indicators that are;
1. The computer runs slower than usual.
2. The computer stops responding, or it locks up
frequently.
3. The computer crashes, and then it restarts every few
minutes.
4. Your computer has much less memory or hard drive
space is unavailable.
34 4/11/2016
SYMPTOMS OF INFECTED
COMPUTER
5. Applications programs on the computers do not work
correctly.
6. Disks or flash disk drives are inaccessible.
7. You cannot print soft copy to hardcopy correctly or PC
prints bogus information.
8. You see unusual error messages.
9. There is a double extension on an attachment that you
recently opened, such as a .jpg, .gif, or .exe. extension.
10. An antivirus program is disabled for no reason and
sometimes it cannot be restarted.
35 4/11/2016
SYMPTOMS OF INFECTED
COMPUTER
11. An antivirus program cannot be installed on the
computer, or the antivirus program will not run.
12. New icons appear on the desktop that you did not put
there, or the icons are not associated with any recently
installed programs.
13. There are error messages popping out on a regular basis.
14. Your files and folders are getting deleted automatically.
15. Abnormal sound.

36 4/11/2016
END

CS 126 LECTURE 01
37 4/11/2016

Вам также может понравиться