introduction to security
play

Introduction to Security Comm. Security Strategy Summary ITS335: - PowerPoint PPT Presentation

May 27, 2023 •608 likes •965 views

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

  1. ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2 January 2015 its335y14s2l01, Steve/Courses/2014/s2/its335/lectures/intro.tex, r3503 1/34

  2. ITS335 Contents Intro. to Security Concepts Computer Security Concepts Threats, Attacks, Assets Comm. Security Strategy Threats, Attacks and Assets Summary Architecture for Communications Security Computer Security Strategy Summary 2/34

  3. ITS335 What Is Security? Intro. to Security Computer Security Concepts Threats, Attacks, The protection afforded to an automated Assets information system in order to attain the applicable Comm. Security objectives of preserving the integrity, availability, Strategy and confidentiality of information system resources. Summary NIST Computer Security Handbook 3/34

  4. ITS335 Key Security Objectives Intro. to Security Confidentiality Concepts Threats, Attacks, ◮ Data confidentiality: assure confidential information not Assets made available to unauthorized individuals Comm. Security Strategy ◮ Privacy: assure individuals can control what information Summary related to them is collected, stored, distributed Integrity ◮ Data integrity: assure information and programs are changed only in a authorized manner ◮ System integrity: assure system performs intended function Availability ◮ Assure that systems work promptly and service is not denied to authorized users 4/34

  5. ITS335 Other Security Objectives Intro. to Security Authenticity Concepts Threats, Attacks, ◮ Users and system inputs are genuine and can be verified Assets and trusted Comm. Security ◮ Data authentication Strategy ◮ Source authentication Summary Accountability ◮ Actions of an entity can be traced uniquely to that entity ◮ Supports: non-repudiation, deterrence, fault isolation, intrusion detection and prevention, after-action recovery and legal action 5/34

  6. ITS335 Computer Security Challenges Intro. to Security ◮ computer security is not as simple as it might first Concepts appear to the novice Threats, Attacks, ◮ potential attacks on the security features must be Assets considered Comm. Security Strategy ◮ procedures used to provide particular services are often Summary counter-intuitive ◮ physical and logical placement needs to be determined ◮ additional algorithms or protocols may be involved ◮ attackers only need to find a single weakness, the developer needs to find all weaknesses ◮ users and system managers tend to not see the benefits of security until a failure occurs ◮ security requires regular and constant monitoring ◮ is often an afterthought to be incorporated into a system after the design is complete ◮ thought of as an impediment to efficient and user-friendly operation 6/34

  7. ITS335 Computer Security Concepts Intro. to Security Assets Concepts Threats, Attacks, ◮ System resources that the users/owners wish to protect Assets ◮ Hardware, software, data, communication lines Comm. Security Strategy Summary Vulnerabilities ◮ Weakness in system implementation or operation ◮ Can make asset: corrupted, leaky, unavailable Security Policy ◮ Set of rules and practices that specifies how a system provides security services to protect assets Threats ◮ Potential violation of security policy by exploiting a vulnerability 7/34

  8. ITS335 Computer Security Concepts Intro. to Security Attack Concepts ◮ A threat that is carried out; a successful attack leads to Threats, Attacks, Assets violation of security policy Comm. Security ◮ Active attack: attempt to alter system resources or Strategy operation Summary ◮ Passive attack: attempt to learn information that does not affect system resources ◮ Inside attack: initiated by entity with authorized access to system ◮ Outside attack: initiated by unauthorized user of system Countermeasure ◮ Means to deal with an attack ◮ Prevent, detect, respond, recover ◮ Even with countermeasures, vulnerabilities may exist, leading to risk to the assets ◮ Aim to minimize the risks 8/34

  9. ITS335 Computer Security Concepts Intro. to Security Concepts Threats, Attacks, Assets Comm. Security Strategy Summary Credit: Figure 1.2 in Stallings and Brown, Computer Security , 2nd Ed., Pearson 2012 9/34

  10. ITS335 Contents Intro. to Security Concepts Computer Security Concepts Threats, Attacks, Assets Comm. Security Strategy Threats, Attacks and Assets Summary Architecture for Communications Security Computer Security Strategy Summary 10/34

  11. ITS335 Threat Consequences and Attacks Intro. to Security Threat Action An attack Concepts Threat Agent Entity that attacks, or is threat to system Threats, Attacks, Assets (adversary, attacker, malicious user) Comm. Security Threat Consequence A security violation that results from a Strategy threat action Summary ◮ Unauthorized Disclosure: exposure, interception, inference, intrusion ◮ Deception: masquerade, falsification, repudiation ◮ Disruption: incapacitation, corruption, obstruction ◮ Usurpation: misappropriation, misuse See: R. Shirey, Internet Security Glossary, IETF RFC 2828, May 2000. http://www.ietf.org/rfc/rfc2828.txt (or version 2 in RFC 4949). 11/34

  12. ITS335 Scope of Computer Security Intro. to Security Concepts Threats, Attacks, Assets Comm. Security Strategy Summary Credit: Figure 1.3 in Stallings and Brown, Computer Security , 2nd Ed., Pearson 2012 12/34

  13. ITS335 Assets and Examples of Threats Intro. to Security Concepts Threats, Attacks, Availability Confidentiality Integrity Assets Hardware Equipment is stolen or disabled, thus denying Comm. Security service. Software Programs are deleted, An unauthorized copy of A working program is modi- Strategy denying access to users software is made. fied, either to cause it to fail Summary during execution or to cause it to do some unintended task. Data Files are deleted, An unauthorized read Existing files are modified or denying access to users. of data is performed. new files are fabricated. An analysis of statistical data reveals underlying data. Messages are destroyed Messages are read. The Messages are modified, Commu- or deleted. traffic pattern of delayed, reordered, or dupli- nication Communication lines or messages is observed. cated. False messages are Lines networks are rendered fabricated. unavailable. Credit: Table 1.3 in Stallings and Brown, Computer Security , 2nd Ed., Pearson 2012 13/34

  14. ITS335 Contents Intro. to Security Concepts Computer Security Concepts Threats, Attacks, Assets Comm. Security Strategy Threats, Attacks and Assets Summary Architecture for Communications Security Computer Security Strategy Summary 14/34

  15. ITS335 Architecture for Communications Security Intro. to Security ◮ Systematic approach to define requirements for security Concepts and approaches to satisfying those requirements Threats, Attacks, Assets ◮ ITU-T Recommendation X.800, Security Architecture Comm. Security for OSI Strategy ◮ Provides abstract view of main issues of security Summary ◮ Security aspects: Attacks, mechanisms and services ◮ Focuses on security of networks and communications systems ◮ Concepts also apply to computer security 15/34

  16. ITS335 Aspects of Security Intro. to Security Security Attack Concepts Threats, Attacks, Any action that attempts to compromise the security of Assets information or facilities Comm. Security Strategy Security Mechanism Summary A method for preventing, detecting or recovering from an attack Security Service Uses security mechanisms to enhance the security of information or facilities in order to stop attacks 16/34

  17. ITS335 Defining a Security Service Intro. to Security ◮ ITU-T X.800: service that is provided by a protocol Concepts layer of communicating systems and that ensures Threats, Attacks, adequate security of the systems or of data transfers Assets Comm. Security ◮ IETF RFC 2828: a processing or communication service Strategy that is provided by a system to give a specific kind of Summary protection to system resources ◮ Security services implement security policies and are implemented by security mechanisms 17/34

  18. ITS335 Security Services Intro. to Security 1. Authentication Assure that the communicating entity is Concepts the one that it claims to be. (Peer entity and data Threats, Attacks, origin authentication) Assets Comm. Security 2. Access Control Prevent unauthorised use of a resource Strategy 3. Data Confidentiality Protect data from unauthorised Summary disclosure 4. Data Integrity Assure data received are exactly as sent by authorised entity 5. Non-repudiation Protect against denial of one entity involved in communications of having participated in communications 6. Availability System is accessible and usable on demand by authorised users according to intended goal 18/34

  19. ITS335 Attacks on Communication Lines Intro. to Security Passive Attack Concepts Threats, Attacks, ◮ Make use of information, but not affect system Assets resources, e.g. Comm. Security 1. Release message contents Strategy 2. Traffic analysis Summary ◮ Relatively hard to detect, but easier to prevent Active Attack ◮ Alter system resources or operation, e.g. 1. Masquerade 2. Replay 3. Modification 4. Denial of service ◮ Relatively hard to prevent, but easier to detect 19/34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Practices and Charter Research Branch Security Council Affairs Division Department of Political Affairs United Nations August

490 views • 28 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Affairs Division Department of Political Affairs United Nations August 2013 Outline What is the Security Council?

189 views • 16 slides
Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Cryptography pragmatics 7.1. Introduction Why need security mechanisms in DS? Share of resources

364 views • 24 slides
Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to data security. - Security requirements. - Types of security threats. - Security risks. - Technologies and security solutions. Introduction

411 views • 37 slides
Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics WWW HTTP: Hyper Text Transfer Protocol HTTP Security HTML Protocol HTML Security

1.09k views • 74 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security Landscape Meraki Security Demo Security Landscape The Growing Importance of Security MALWARE HAS RISEN BY MORE THAN 10X IN THE LAST YEAR 70% M ALW AR E

604 views • 35 slides
Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction to access control Policy matrix Specification Design Implementation Operation and Maintenance Security in the Course Lectures

784 views • 40 slides
Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack surface Recent vulnerabilities Security response Defensive technologies Next steps Introduction Security nerd, recovering

790 views • 39 slides
Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

CSS441 Introduction Concepts Architecture Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

678 views • 23 slides
INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is security? Why is it so hard to achieve? Administrative The security mindset Analyzing a systems security 1. Summarize the system 2.

801 views • 43 slides
The lattice model (continued) This satisfies the definition of lattice. There is a single

The lattice model (continued) This satisfies the definition of lattice. There is a single

The lattice model (continued) This satisfies the definition of lattice. There is a single source and sink. The least upper bound of the security classes {x} and {z} is {x,z} and the greatest lower bound of the security classes {x,y} and

698 views • 31 slides
Common Criteria Johan Otterstrm Sectra Communications AB Sectra Communications AB

Common Criteria Johan Otterstrm Sectra Communications AB Sectra Communications AB

Common Criteria Johan Otterstrm Sectra Communications AB Sectra Communications AB Cryptographic Tokens Network Encryption Management Equipment Personal Devices Radio Outline Security Evaluation Common Criteria Development

597 views • 46 slides
r t sts r rts

r t sts r rts

r t sts r rts Prss rst tttrt sttt r tr

1.31k views • 66 slides
Planarity Testing of Graphs Swami Sarvottamananda Ramakrishna Mission Vivekananda University

Planarity Testing of Graphs Swami Sarvottamananda Ramakrishna Mission Vivekananda University

Planarity Testing of Graphs Planarity Testing of Graphs Swami Sarvottamananda Ramakrishna Mission Vivekananda University NITPatna-IGGA, 2011 Planarity Testing of Graphs Outline I Introduction 1 Scope of the Lecture Motivation for Planar

1.18k views • 92 slides
Xenon: High-Assurance Xen John McDermott John.McDermott@NRL.Navy.Mil Naval Research Laboratory

Xenon: High-Assurance Xen John McDermott John.McDermott@NRL.Navy.Mil Naval Research Laboratory

Xenon: High-Assurance Xen John McDermott John.McDermott@NRL.Navy.Mil Naval Research Laboratory Center for High-Assurance Computer Systems http:/ / chacs.nrl.navy.mil Xenon Xen Beyond Buffer Overflows high-assurance Policy flaws Use the

565 views • 24 slides
IT Transformation & Applications Montgomery IT Summit 23 - 25 May 11 1 I n t e g r i t y -

IT Transformation & Applications Montgomery IT Summit 23 - 25 May 11 1 I n t e g r i t y -

Headquarters U.S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e IT Transformation & Applications Montgomery IT Summit 23 - 25 May 11 1 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 2 AFPEO EIS

643 views • 19 slides
Security in modern CPU Guillaume Bouffard ( guillaume.bouffard@ssi.gouv.fr ) Hardware Security

Security in modern CPU Guillaume Bouffard ( guillaume.bouffard@ssi.gouv.fr ) Hardware Security

Security in modern CPU Guillaume Bouffard ( guillaume.bouffard@ssi.gouv.fr ) Hardware Security Labs National Cybersecurity Agency of France (ANSSI) DIENS, ENS, CNRS, PSL University Workshop SILM 21 November 2019 Who am I? Me Expert in

1.18k views • 80 slides
Bayesian Trust Models and Information Security Mozhgan Tavakolifard Trial Lecture 30 August 2012

Bayesian Trust Models and Information Security Mozhgan Tavakolifard Trial Lecture 30 August 2012

Bayesian Trust Models and Information Security Mozhgan Tavakolifard Trial Lecture 30 August 2012 Centre for Quantifiable Quality of Service in Communication Systems Centre of Excellence NTNU, Norway www.q2s.ntnu.no Bayesian Trust Models and

1.05k views • 58 slides

More recommend