Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
21 views

Module 8 - Computer Network and Security

Uploaded by

jaysonumayan595
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views

Module 8 - Computer Network and Security

Uploaded by

jaysonumayan595
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

IT 111: Introduction to Computing

Module 8:

COMPUTER &
NETWORK SECURITY

Leading Innovations, Transforming Lives, Building Nation


2

Why Study
Security ?
IT 111: Introduction to Computing
3

Why Study Security ?

• Security threats are real…


• And need protection against
• Keeping information secure from modification and
unauthorized access.
• Keeping it available is getting increasingly difficult.
4

Computer vs. Network Security


•Computer security is the generic term for a collection of tools
designed to protect data and to thwart hackers.

•Network security is the security measures that are needed to


protect data during their transmission.

•In most systems, the boundaries between computer security


and network security are blurred since most, if not all, of
today’s systems are distributed in nature.
5

Goals of Security
• Confidentiality :prevents unauthorized use or
disclosure of information.
• Integrity: assurance that the information has not
been tampered.
• Availability: information is accessible to
authorized entities at the proper time
6
Basic Terminology

▸ Authentication: Verification
that the user’s claimed identity
is valid, such as through the
use of a password
▸ Authorization: The privileges
allocated to an individual (or
process) that enable access to
a computer resource
7

Cont.

▸ Non-repudiation: offer of evidence that a party is indeed the sender or a


receiver of certain information. (prevents a party in a communication
from later denying its participation in communication)
▸ Access control: facilities to determine and enforce who is allowed
access to what resources, hosts, software, network connections
▸ Data Origin Authentication: provides assurance that a piece of data
originated from a particular source.
▸ Mechanisms: e.g. passwords.
▹ Something you know (password, PIN)
▹ Something you have (ID, smart card)
▹ Something you are (fingerprint, DNA)
8
Threats and Attacks

• A threat : A person, thing, event, or idea which poses some danger


to an asset in terms of that asset's confidentiality, integrity or
availability.
• An attack: A realization of a threat; Any action that attempts to
compromise the security of the information owned by an
organization/person.
▹ Categories of Attacks
▹ Interruption
▹ Interception
▹ Modification
▹ Fabrication
9

“The problem with computers is they do what you tell them."


10
Interruption

• Interruption: an asset of the system becomes lost, unavailable, or


unusable. An example is destroy hardware (cutting fiber) or
software, erasure of a program or data file, or malfunction of an
operating system file manager so that it cannot find a particular
disk file.

• Denial of service (DoS):


▹ Crashing the server
11
Interception

▸ An interception means that some unauthorized party has gained


access to an asset. An examples are Illicit copying of files and
programs and packet sniffers and wiretapping.
12
Modification

• Modification: If an unauthorized party not only accesses but


tampers with an asset.
• Stop the flow of the message
• Delay and modify the message
• Release the message again
13
Fabrication

• Unauthorized assumption of other’s identity


• Generate and distribute objects under this identity
14
Security Attack

• Interruption: This is an attack on availability


• Interception: This is an attack on confidentiality
• Modification: This is an attack on integrity
• Fabrication: This is n attack on authenticity
15
Security attacks classification

• Passive Attacks
▹ The attacker eavesdrops and read/record messages
in transit.
• Active Attacks
▹ The attacker may transmit new messages, replay
old messages, modify/delete messages on transit.
16
Virus, Worms, and Trojan Horses

• Trojan horse: instructions hidden inside an otherwise useful


program that do bad things
• Virus: a set of instructions that, when executed, inserts copies of
itself into other programs.
• Worm: a program that replicates itself by installing copies of itself
on other machines across a network.
• Trapdoor: an undocumented entry point, which can be exploited as
a security flaw
• Zombie: malicious instructions installed on a system that can be
remotely triggered to carry out some attack with les traceability
because the attack comes from another victim.
17 IT 111: Introduction to Computing

Thank you!

You might also like