Principle of Information and

Computer Security
Lecture 3

1
Security technologies:

They are concepts, policies, and components designed to minimize risk,

identify vulnerabilities, and inform how and when to respond to
potential incidents.

2
The Components of Security Technology
All security mechanisms and technologies have specific functions and components
that work together to create a secure system.

1. Prevention:
The goal of this function is minimizing the risk of a security breach in the first place
by prevent attacks before they happen.

This function can be done by:

• Deducing vulnerabilities that the attackers might exploit and eliminating them
• Using physical barriers such as fence, gates, or walls.
• Using surveillance cameras, door locks, and password protection
• What else?
3
2. Detection

• The need to implement this function means that the prevention function has failed.
• being able to quickly identify an incident is key to minimizing the damages done.
• There must be security solutions designed to detect the attack and identify the
nodes that have been compromised and the data that has been tampered with.

3. Mitigation:

This function aims to mitigate the effects of attacks and minimize losses and
consequences, which were detected by the second function.

4
• It can be said that if these three functions are fully implemented, a strong security
of the system has been achieved.

• However, for the system to be fully secure, these functions must be provided by
the technologies available to defend against different types of attacks.

• There are many general security measures that can be adopted to overcome
security problems in the IT system and mitigate their effects.

5
 Some Security Countermeasures
1. Risk Assessment
• Risk assessment is an effective security process whose task is to identify,
analyze, evaluate risks and the factors behind them.

• Manufacturers use the risk assessment process to provide a comprehensive

product overview to identify things and situations that may create a risk or
threat.

• This process is done by defining the product's working scenarios.

• After that, the risk assessment process identifies the sources of risks that
threaten the product and evaluates the likelihood and severity of these risks on
the product and their impact on the applications and services it provides.
6
2. Safeguard Physical Infrastructures

• IT systems exist in different places, some of which can be easily reached

such as buildings. The protection of buildings containing IT systems, with
all their devices, networks, antennas and others they contain, is a basic
security countermeasure.

• This countermeasure protects these systems from unauthorized access,

tampering, and intentional and unintentional physical destruction.

• For example, the use of alarms, locked doors, fences, guards and cameras
against unauthorized access is an important step in achieving this
countermeasure.

7
3. Authentication
• The authentication in IT can be defined as the process of determining which
users and devices are authorized to access IT system and benefit from the
services it provides and the data stored therein.

• If a device wants to interact with another device or access the network, it

must first and foremost identify itself and prove its identity.

• If a user wants to request a service or access an application, he must first

prove his identity and eligibility to obtain that service or access this
application.

8
Device-Based Authentication:

• Distribution a shared secret key between the parties before they begin to interact
with one another. If a party receives a request to exchange information, it can
verify the identity of the sender via the request message. If the request message
contains the correct shared secret key, the recipient verifies the identity of the
sender and agrees to interact with him.

• The digital signature: In digital signature method, the sender sends a signed
request using its private key. If the recipient is able to open the request message
using the sender's public key, this is proof of its identity.

9
User-Based Authentication:

• a password and a username

• Biometric authentication (such as face or fingerprint)

10
4. Data Encryption
• The primary goal of encryption is to secure information and maintain its privacy so that
only the intended sender and receiver can read the information and understand it.

• The data encryption process must be applied to the data present or stored in the node or
the data that is transferring in the network between the nodes.

• The cryptography used in the IT can be divided into two types, symmetric key and
asymmetric key cryptographies.

❑In symmetric key cryptography, the same secret key is used for encryption by the
sender and decryption by the recipient.

❑In asymmetric key cryptography, a secret key is used for encryption called the
public key and another key for decryption called the private key.

11
5. Error Control Techniques:
• It has become important to design a mechanism for error detection and correction in IT
systems.
• Data alteration can occur when it travels through the system, intentionally or
unintentionally. Among the reasons that lead to an unintended error that affects the
integrity of the information:

❑Signal Strength

❑The Distance between the Transmitter and the Receiver

❑Signal to Noise Ratio (SNR)

• Error detection is most commonly achieved by using a parity bit, checksum, CRC, or
cryptographic hash function.
12
6. Firewall:
• It is a robust network security technology that creates a barrier between a reliable
internal network and an unreliable external network, such as the Internet, and monitors
the ports that connect them.

• The firewall can be a software located on the endpoints or can be a hardware device in
itself.

• The main function of the firewall is packet filtering. It scans every incoming and
outgoing packet of data based on predefined security rules and determines whether to
pass or reject this data packet.

• The firewall predetermines the IP addresses allowed to send or receive data (source and
destination IP address), and it also defines which applications are allowed to do so
(source and destination ports).
13
7. Intrusion Detection System (IDS):
• If the firewalls are security guards, intrusion detection systems are security cameras.

• IDS is a traffic data monitoring tool.

• IDS provides uninterrupted monitoring network traffic. Then, it uses this monitoring
process to detect any suspicious activity in the network, which sometimes indicates that
the network is under attack and then alerts the system about this activity.

• IDS operations are divided into three stages:

❑ The first stage is the monitoring stage, that its function is to monitor the traffic of
information in the network to look for signs of known attacks.
❑ The second stage is the analysis stage, which is based on comparing the information
with the usual data pattern stored in the IDS database.
❑ The final stage is the detection stage is responsible for detecting intrusion or
misuse.
14
8. Security Awareness
Security awareness is a important non-technical countermeasure related to
information security.

Some Steps
• changing default passwords
• raising awareness of the seriousness of the risks and security threats that IT users
are exposed to.
• knowledge of the steps and measures by which to prevent the occurrence of these
risks or limit their effects.
• know how to use IT services correctly.
• education on handling and managing sensitive data.

15
9. Access Control Mechanisms:
• Access control is implemented in IT system to prevent unauthorized request, access or use of the
system resources.

• An access control mechanism can be defined as a set of rules and permissions related to an object
that are implemented to control requests to access the resources of that object.

• That means who or what can access to the resource and what can he do to it (read, write, execute,
delete, etc.)

• Access control is implemented through two approaches: the centralized approach and the
distributed approach:

❑Centralized Approach: In a centralized approach, a centauthorization policiesral entity is

responsible for filtering and managing access requests based on their permissions.
❑Distributed Approach: In this approach, the end device can be totally relied upon in
making access control decisions without having to delegate this process to central entities.
16
10. Data Backup and Recovery Mechanisms
• Backup and restore mechanisms are another type of countermeasure that can be
taken to ensure that data is not lost, whether by deleting or replacing it in an
intended or unintended manner.

• Backup data can be stored locally, for example, in hard disks or it can be stored in
the cloud.

• If the data is protected locally, it should be saved in a fireproof safe and in safe
and guarded places, whether with guards or cameras.

• The stored information must be encrypted in order to add another level of security
to it.

• It is also important to make sure that the backup process is done frequently and on
schedule to ensure that no important information is lost.

17
11. Anti-Malware:

• In general, malware can be defined as any program designed to intentionally

inflict damage on a device or network.

• The use of anti-malware software is essential for the confidentiality, reliability and
integrity of the IT system because it does an important job to identify and get rid
of all kinds of malicious codes.

• The malware detection methods used today are divided into two categories.

18
Static Detection:
❑Static detection method is performed by analyzing the malicious codes and its
characteristic as well as extract its features without executing it on a device.

❑It is the most popular method and relies on detecting the presence of malware
according to its signature.

❑Signature means the usual effect or pattern associated with a malicious program.

❑This method relies on the existence of a prior repository of malware signatures in

order to compare any program against it.

❑This repository should be updated frequently as new threats are detected.

19
Dynamic Detection:

❑This method analyzes malware by executing the suspected program, then studying
its behavior and intentions, and on the basis of this study, this program is classified
as malicious or reliable.

❑Dynamic detection monitors the suspected program during runtime to detect

abnormal behaviors such as network behavior, power consumption, CPU load,
virtual memory, etc.

20