Professional Documents
Culture Documents
Security Unit 5: Neha Ijaz
Security Unit 5: Neha Ijaz
Security Unit 5: Neha Ijaz
UNIT 5
NEHA IJAZ
What Is Security?
• In general, security is “the quality or state of being secure—to
be free from danger.”
Layer 4
Security Layer 3
User
Layer 2
Security
Layer 1
Application
Ensures that
Security a valid user
System
Covers the use of is logged in
Security and that the
Network software,
Protects the hardware, and logged‐in
Security system and its user is
Physical procedural
Protects the information methods to allowed to
Security
networks and from theft, protect use an
Safeguards the their services corruption, applications application/
personnel, from unauthorized from external program
hardware, unauthorized access, or threats
programs, modification, misuse
networks, and destruction, or
data from disclosure
physical
threats
17 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Why I T
Security?
Computer security is Computer administration
important for protecting the and management have
confidentiality, integrity, and become more complex
availability of computer which produces more attack
systems and their resources avenues
11 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Potential Losses Due to
Attacks
Misuse of computer
resources Financial loss
Unavailability of
Data loss/theft
resources
12 Copyright © by EC-Council
All Rights Re served. Reproduction is Strictly Prohibited.
1-1: Basic Security
Terminology
• Security Goals
• Confidentiality
• Confidentiality means that people cannot read sensitive information,
either while it is on a computer or while it is traveling across a
network.
Copyright Pearson
Prentice-Hall 2010 7
1-1: Basic Security
Terminology
• Security Goals
• Integrity
• Integrity means that attackers cannot change or destroy information,
either while it is on a computer or while it is traveling across a
network. Or, at least, if information is changed or destroyed, then
the receiver can detect the change or restore destroyed data.
Copyright Pearson
Prentice-Hall 2010 8
1-1: Basic Security
Terminology
• Security Goals
• Availability
• Availability means that people who are authorized to use
information are not prevented from doing so
• Authentication
• Users are who they say they are.
• Authorization
• Your level of authorization basically determines what you're
allowed to do once you are authenticated and allowed access
to a network, system, or some other resource such as data or
information.
Copyright Pearson
Prentice-Hall 2010 9
Threat vs. Vulnerability
• A threat is anything that can disrupt the operation,
functioning, integrity, or availability of a network or system.
There are different categories of threats. There are natural
threats, occurrences such as floods, earthquakes, and storms.
There are also unintentional threats that are the result of
accidents and stupidity. Finally, there are intentional threats
that are the result of malicious indent.