Professional Documents
Culture Documents
Information and Computer Security3.1
Information and Computer Security3.1
Computer Security
Lecture 3
1
Security technologies:
2
The Components of Security Technology
All security mechanisms and technologies have specific functions and components
that work together to create a secure system.
1. Prevention:
The goal of this function is minimizing the risk of a security breach in the first place
by prevent attacks before they happen.
• The need to implement this function means that the prevention function has failed.
• being able to quickly identify an incident is key to minimizing the damages done.
• There must be security solutions designed to detect the attack and identify the
nodes that have been compromised and the data that has been tampered with.
3. Mitigation:
This function aims to mitigate the effects of attacks and minimize losses and
consequences, which were detected by the second function.
4
• It can be said that if these three functions are fully implemented, a strong security
of the system has been achieved.
• However, for the system to be fully secure, these functions must be provided by
the technologies available to defend against different types of attacks.
• There are many general security measures that can be adopted to overcome
security problems in the IT system and mitigate their effects.
5
Some Security Countermeasures
1. Risk Assessment
• Risk assessment is an effective security process whose task is to identify,
analyze, evaluate risks and the factors behind them.
• After that, the risk assessment process identifies the sources of risks that
threaten the product and evaluates the likelihood and severity of these risks on
the product and their impact on the applications and services it provides.
6
2. Safeguard Physical Infrastructures
• For example, the use of alarms, locked doors, fences, guards and cameras
against unauthorized access is an important step in achieving this
countermeasure.
7
3. Authentication
• The authentication in IT can be defined as the process of determining which
users and devices are authorized to access IT system and benefit from the
services it provides and the data stored therein.
8
Device-Based Authentication:
• Distribution a shared secret key between the parties before they begin to interact
with one another. If a party receives a request to exchange information, it can
verify the identity of the sender via the request message. If the request message
contains the correct shared secret key, the recipient verifies the identity of the
sender and agrees to interact with him.
• The digital signature: In digital signature method, the sender sends a signed
request using its private key. If the recipient is able to open the request message
using the sender's public key, this is proof of its identity.
9
User-Based Authentication:
10
4. Data Encryption
• The primary goal of encryption is to secure information and maintain its privacy so that
only the intended sender and receiver can read the information and understand it.
• The data encryption process must be applied to the data present or stored in the node or
the data that is transferring in the network between the nodes.
• The cryptography used in the IT can be divided into two types, symmetric key and
asymmetric key cryptographies.
❑In symmetric key cryptography, the same secret key is used for encryption by the
sender and decryption by the recipient.
❑In asymmetric key cryptography, a secret key is used for encryption called the
public key and another key for decryption called the private key.
11
5. Error Control Techniques:
• It has become important to design a mechanism for error detection and correction in IT
systems.
• Data alteration can occur when it travels through the system, intentionally or
unintentionally. Among the reasons that lead to an unintended error that affects the
integrity of the information:
❑Signal Strength
• Error detection is most commonly achieved by using a parity bit, checksum, CRC, or
cryptographic hash function.
12
6. Firewall:
• It is a robust network security technology that creates a barrier between a reliable
internal network and an unreliable external network, such as the Internet, and monitors
the ports that connect them.
• The firewall can be a software located on the endpoints or can be a hardware device in
itself.
• The main function of the firewall is packet filtering. It scans every incoming and
outgoing packet of data based on predefined security rules and determines whether to
pass or reject this data packet.
• The firewall predetermines the IP addresses allowed to send or receive data (source and
destination IP address), and it also defines which applications are allowed to do so
(source and destination ports).
13
7. Intrusion Detection System (IDS):
• If the firewalls are security guards, intrusion detection systems are security cameras.
• IDS provides uninterrupted monitoring network traffic. Then, it uses this monitoring
process to detect any suspicious activity in the network, which sometimes indicates that
the network is under attack and then alerts the system about this activity.
Some Steps
• changing default passwords
• raising awareness of the seriousness of the risks and security threats that IT users
are exposed to.
• knowledge of the steps and measures by which to prevent the occurrence of these
risks or limit their effects.
• know how to use IT services correctly.
• education on handling and managing sensitive data.
15
9. Access Control Mechanisms:
• Access control is implemented in IT system to prevent unauthorized request, access or use of the
system resources.
• An access control mechanism can be defined as a set of rules and permissions related to an object
that are implemented to control requests to access the resources of that object.
• That means who or what can access to the resource and what can he do to it (read, write, execute,
delete, etc.)
• Access control is implemented through two approaches: the centralized approach and the
distributed approach:
• Backup data can be stored locally, for example, in hard disks or it can be stored in
the cloud.
• If the data is protected locally, it should be saved in a fireproof safe and in safe
and guarded places, whether with guards or cameras.
• The stored information must be encrypted in order to add another level of security
to it.
• It is also important to make sure that the backup process is done frequently and on
schedule to ensure that no important information is lost.
17
11. Anti-Malware:
• The use of anti-malware software is essential for the confidentiality, reliability and
integrity of the IT system because it does an important job to identify and get rid
of all kinds of malicious codes.
• The malware detection methods used today are divided into two categories.
18
Static Detection:
❑Static detection method is performed by analyzing the malicious codes and its
characteristic as well as extract its features without executing it on a device.
❑It is the most popular method and relies on detecting the presence of malware
according to its signature.
❑Signature means the usual effect or pattern associated with a malicious program.
19
Dynamic Detection:
❑This method analyzes malware by executing the suspected program, then studying
its behavior and intentions, and on the basis of this study, this program is classified
as malicious or reliable.
20