BCSE353E Information Security

Analysis and Audit

Introduction to Security

Slide Credits: Dr Saritha Murali, Dr. Athira K

 Module:1
Introduction to Security
• Definition and challenges of security
• Attacks and services
• Access control structures
• Deception
• Ethical Hacking
• Firewalls
• Cryptography
• Security Models
Why is network security important?

• Network security is one of the most important aspects to

consider when working over the internet.
• A good network security system helps business reduce the risk of
falling victim of data theft and sabotage.
• Network security infrastructure provides several levels of
protection.
• Network security promotes reliability of your network by
preventing lagging and downtimes through continuous
monitoring of any suspicious transaction that can sabotage the
system.
Why are organizations concerned about network
security ?
• Having your network hacked can put you out of business.
• By planting the wrong information, your company’s integrity can be
called into question and customers may feel misled.
• Damaging of intellectual property is also one of the impacts of faulty
network security systems.
• Citibank Security Breach which affected roughly 1% of its customers in the US
• Losing of plans, ideas, or blueprint of the company might destroy the
business or keep it stagnating.
• Most attacks launched on a network can lead to crashing.
• In total, company's reputation may suffer from a loss of credibility.
Training in Cyber Security help Individuals
Keep Networks Running Safely?
• A well-rounded education in cyber and network security could expose you to
many common methods hackers use to gain access to networks.
• Plan, implement and coordinate network security measures, install security
software and monitor networks for security breaches.
• The training prepares you on how to use cyber security measures to manage
personnel conducts and protects data in relation to safeguarding the
information.
• Learn how to perform vulnerability analysis and penetration testing of
organizations.
• Furthermore, you will gain sufficient knowledge on how to monitor and
defend networks by creating basic security procedures and policies.
 What is Security?
• “The quality or state of being secure—to be
free from danger”
• A successful organization should have
multiple layers of security in place:
– Physical security
– Personal security
– Communications security
– Network security
– Information security
 Security- Definitions
• Computer Security- collection of tools designed to
protect data from the hackers.

• Network Security- measures to protect data during

their transmission.

• Internet Security- measures to protect data during

their transmission over a collection of
interconnected networks.
INFORMATION SECURITY
 INFORMATION SECURITY
• Information security is the process of protecting information
from unauthorized access, use, disclosure, destruction,
modification, or disruption
• The protection of computer systems and information from
harm, theft, and unauthorized use.
• Protecting the confidentiality, integrity and availability of
information
• Highly information-based company without information security
will lose competitiveness
 The CIA Triad
• Security concerning IT and information is normally categorized
in three categories to facilitate the management of information.

Confidentiality Integrity Availability

Prevention of Ensuring authorized
Prevention of
unauthorized access of information
unauthorized
disclosure or use of assets when required
modification of
information assets for the duration
information assets
required
 Security Concepts – CIA triad

[1] Confidentiality
– ensures that only authorized
parties can view the sensitive
information

– privacy: Assures that the

individuals control or influence
what information related to
them may be collected and
stored and by whom.

– data on computer and network

 Security Concepts – CIA triad
[2] Integrity
– ensures that no unauthorized person or malicious
software has altered the data.
– attacker changes the amount of a purchase from $500
to $5000 => Man-in-the-middle attack
 Security Concepts – CIA triad
[3] Availability
– ensures that data is accessible to authorized users.
– prevent denial of service.
– DDoS force websites or
networks offline by
overwhelming servers
with traffic.
 3 Aspects of Security
1. Security Attack
Any action that compromises the security of information

2. Security Mechanism
A mechanism that is designed to detect, prevent, or
recover from a security attack

3. Security Service
A service that enhances the security of data
processing systems and information transfers.
TYPES OF SECURITY ATTACKS
 Attacks
• Passive attack: attempts to learn or
make use of information from the system
but does not affect system resources.
(eavesdropping)

• Difficult to detect
 Passive Attack – Interception

• sensitive information over telephone/email

 Passive Attack: Traffic Analysis

Observe traffic pattern

• frequency and length of messages

 Attacks
• Active attack: involves modification
of the data stream or the creation of a
false stream
– masquerade of one entity as some other
– modify/alter (part of) messages in transit
– replay previous messages
– denial of service
 Active Attack: Replay

• Having an encryption scheme can always prevent an

attack?
Denial of service attack