Professional Documents
Culture Documents
Introduction To Security: Unit 1
Introduction To Security: Unit 1
Unit 1
Threats - examples
Viruses, trojan horses, etc.
Denial of Service
Modified Databases
Equipment Theft
Espionage in cyberspace
Hack-tivism
Cyberterrorism
…
3 Rejo Mathew, Asst Prof, IT
Information security
Year Attacks
2014 44679
2015 49455
2016 50362
2017 53081
8 Rejo Mathew, Asst Prof, IT
Critical Characteristics of Information
• Availability
The value of • Accuracy
information • Authenticity
comes from the • Confidentiality
characteristics it • Integrity
possesses: • Utility
• Possession
Confidentiality
Integrity
Availability
CIA or CIAAAN…
(other security components added to CIA)
Authentication
Authorization
Non-repudiation
…
11 Rejo Mathew, Asst Prof, IT
Need to Balance CIA
Types of integrity
Data Integrity (the content of the information)
Origin Integrity (source of data, often called authentication)
penetration, etc.
Unsuccessful
vulnerability
Institutional hackers
Shared threats
Organized crime
Industrial espionage
Terrorism
Info warriors
asset/information
Interruption
Modification
Fabrication
Examples?
Operational
Physical attacks on h/w => need physical security: locks and guards
Accidental (dropped PC box) or voluntary (bombing a computer
room)
Theft / destruction
...
Software Modification
Trojan Horses, , Viruses, Logic Bombs, Trapdoors, Information
Leaks (via covert channels), ...
Software Theft
Unauthorized copying
Source code
Adequate protection
Cryptography
Disclosure
Attack on data confidentiality
Disruption
DoS (attack on data availability)
Usurpation
Unauthorized use of services (attack on data confidentiality,
integrity or availability)
29 Rejo Mathew, Asst Prof, IT
Ways of Attacking Data CIA
Examples of Attacks on Data Confidentiality
Tapping / snooping
Disgruntled employees
31 Rejo Mathew, Asst Prof, IT
A) Controls
Castle in Middle Ages Computers Today
Location with natural Encryption
obstacles Software controls
Surrounding moat Hardware controls
Drawbridge Policies and procedures
Heavy walls Physical controls
Arrow slits
Crenellations
Strong gate
Tower
Guards / passwords
tower / ladders up
detection system)
internal program controls (part of a program)
development controls
incl. testing
...
E.g. help desk costs often ignored for for passwords (=>
Periodic reviews
As people and systems, as well as their goals, change
...
Likelihood of use
Too complex/intrusive security tools are often disabled
Overlapping controls
>1 control for a given vulnerability
Participant support
In between white
and black
Newbie
Cyber Cyber
terrorist punks
Hackers
Professional
criminals
Internals
Old guard
Coders
hackers
Script kiddies
Hackers - nonmalicious
Crackers – malicious
Career criminals
DDOS Sophistication of
Hacker Tools
Sweepers Sniffers
Hijacking Sessions
Back Doors
Password Guessing
Time
[Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]