Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
2 views

Computer Security Overview

Uploaded by

rafi2305101053
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
2 views

Computer Security Overview

Uploaded by

rafi2305101053
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 23

Computer Security Overview

Different Elements in Computer Security


Confidentiality
Confidentiality is the concealment of information or
resources. Also, there is a need to keep information
secret from other third parties that want to have
access to it, so just the right people can access it.

Example in real life − Let’s say there are two people communicating via an
encrypted email they know the decryption keys of each other and they read
the email by entering these keys into the email program. If someone else can
read these decryption keys when they are entered into the program, then the
confidentiality of that email is compromised.
Integrity
Integrity refers to the accuracy and completeness of data.
Integrity involves maintaining the consistency and
trustworthiness of data over its entire life cycle. Data must
not be changed in transit, and precautionary steps must be
taken to ensure that data cannot be altered by unauthorized
people.

Example in real life − Let’s say you are doing an online payment of 100
USD, but your information is tampered without your knowledge in a way by
sending to the seller 1000 USD, this would cost you too much.
Availability
Availability means that information is accessible to
authorized users. It provides an assurance that your system
and data can be accessed by authenticated users whenever
they’re needed. Similar to confidentiality and integrity,
availability also holds great value.

Example in real life − Let’s say a hacker has compromised a webserver of a bank
and put it down. You as an authenticated user want to do an e-banking transfer but it is
impossible to access it, the undone transfer is a money lost for the bank.
Attacks
• Attacks on computer systems
—break-in to destroy information
—break-in to steal information
—blocking to operate properly
—malicious software
• wide spectrum of problems

6
Services, Mechanisms, Attacks
• 3 aspects of information security:
—security attacks (and threats)
• actions that (may) compromise security
—security services
• services counter to attacks
—security mechanisms
• used by services
• e.g. secrecy is a service, encryption (a.k.a.
encipherment) is a mechanism

7
Attacks
• Network Security
—Active attacks
—Passive attacks

8
Attacks

• Passive attacks
—An attacker observes the
messages and copies
them
—victims do not get
informed about the
attack
—It is difficult to detect as
there is no alteration in
the message.
—Passive attacks can be
prevented by using some
encryption
techniques. 9
Attacks

• Active attacks
—Attacker actively
manipulates
the communication
—Masquerade
• pretend as someone else
• possibly to get more
privileges
—Replay
• passively capture data
and send later
—Denial-of-service
• prevention the normal use
of
servers, end users, or 10
network itself
Security Services

• to prevent or detect attacks


• to enhance the security
• replicate functions of physical
documents
—e.g.
• have signatures, dates
• need protection from disclosure, tampering, or
destruction
• notarize
• record

11
Basic Security Services
• Authentication
—assurance that the communicating entity is the one it
claims to be

• Access Control
—prevention of the unauthorized use of a resource
—to achieve this, each entity trying to gain access must
first be identified and authenticated, so that access
rights can be tailored to the individual

12
Basic Security Services
• Data Confidentiality
—Confidentiality means that only authorized
individuals/systems can view sensitive or classified
information.

• Data Integrity
—assurance that data received are exactly as sent by an
authorized sender
—i.e. no modification, insertion, deletion, or replay

13
Security Mechanisms
• Cryptographic Techniques
— will see next
• Software and hardware for access limitations
— Firewalls
• Traffic Padding
— A continuous random data
stream is generated.
• Hardware for authentication
— Smartcards, security tokens.
• Physical security
— Keep it in a safe place with
limited and authorized physical access

14
Common Types of Networking
Attacks
• Malware
• Computer Virus
• Computer Worm
• Phishing
• DoS (Denial of Service) and DDoS
• Man-in-the-middle
• Ransomware
• SQL Injection Attacks
Malware
 Malware is a catch-all term
for any type of malicious
software, regardless of how
it works, its intent, or how
it's distributed

 Hackers attempt to gain


unauthorized access into the
target system and disrupt or
corrupt the files and data
through malicious codes
called malware.
Computer Virus
A type of malware, they are unique
pieces of code that can wreak havoc
and spread from computer to
computer.

If you click on an email with a


malicious link or download links
from infected websites, these viruses
can corrupt your files, infect other
computers from your list and steal
your personal information.
Computer Worm
Worms replicate itself to cause slow
down the computer system.

Worms are also replicates itself.

The main objective of worms to eat


the system resources.
Phishing
Phishing is a type of social
engineering where an attacker sends
a fraudulent (e.g., spoofed, fake, or
otherwise deceptive) message
designed to trick a person into
revealing sensitive information to the
attacker
DoS (Denial of Service) and
DDoS
A Denial-of-Service (DoS) attack is an attack meant to shut down
a machine or network, making it inaccessible to its intended users.
DoS attacks accomplish this by flooding the target with traffic, or
sending it information that triggers a crash.
Man-in-the-middle
A man-in-the-middle (MiTM) attack is a cyberattack where the attacker
secretly relays and possibly alters the communications between two parties
who believe that they are directly communicating with each other, as the
attacker has inserted themselves between the two parties.
Ransomware
 Ransomware is a type of malware that threatens to publish the victim's
personal data or block access to it unless a ransom is paid.

 While some simple ransomware may lock the system without damaging
any files.

 Advanced malware uses a technique called cryptoviral extortion. It


encrypts the victim's files, making them inaccessible, and demands a
ransom payment to decrypt them
SQL Injection Attacks
 SQL injection, also known as SQLI, is a common attack vector that uses
malicious SQL code for backend database manipulation to access
information that was not intended to be displayed. This information may
include any number of items, including sensitive company data, user
lists or private customer details.

You might also like