Professional Documents
Culture Documents
IS Lecture 4
IS Lecture 4
Security
• Freedom from risk, doubt or fear
– Something that assures safety
Security
Computer Network
Security Security
Computer Security
• Computer security is a technique used to protect data
stored on a single computer
– ensures that the data or information stored on computer cannot
be accessed, read, or otherwise compromised by any individuals
without appropriate authorization.
• Data corruption / Erroneous
– Viruses (Counter: Anti-virus programs)
• Access Control
– Unauthorized access (counter: Password protection)
• Physical Damage
– Earthquakes, part burning or theft etc
Network Security
• Covers any computer(s) connected to the
network and flow of data communication
between two or more nodes in the network or
outside the network.
– Viruses and worms
– Spywares
– Service attacks
– Hackers
Security Goals
– Confidentiality: information needs to be hidden
from unauthorized access
– Integrity: protected from unauthorized change
– Availability: available to an authorized entity
when it is needed
Attacks Threatening Confidentiality
1) Snooping: refers to unauthorized access to or
interception of data.
– For example, a file transferred through the Internet
may contain confidential information. An
unauthorized entity may intercept the
transmission and use the contents for his/her own
benefit.
Countermeasure
– Encryption ( the method by which information is converted into secret
code that hides the information's true meaning.)
Attacks Threatening Confidentiality (2)
2) Traffic Analysis:
Although “encipherment” of data may make it
nonintelligible (impossible to understand). for the intercepter, he/she
can obtain some other type of information i.e.;
– electronic address (such as the e-mail address) of the sender
or the receiver.
– collect pairs of requests and responses to help her to guess
the nature of the transaction.
Countermeasure
– Padding ( The insertion of bits into gaps in an information flow is known as traffic padding.
This provide to counter traffic analysis attempts.)
Attacks Threatening Integrity
1) Modification:
Attacker modifies the information to make it
beneficial to himself/herself.
– For example, a customer sends a message to a
bank to do some transaction. The attacker
intercepts the message and changes the type of
transaction to benefit himself/herself.
Attacks Threatening Integrity (2)
2) Spoofing:
Happens when the attacker impersonates somebody else.
– For example, an attacker might steal the bank card and PIN
of a bank customer and pretend that he/she is that
customer.
• Sometimes the attacker pretends to be the receiver
entity.
– For example, a user tries to contact a bank, but another site
pretends that it is the bank and obtains some information
from the user.
Attacks Threatening Integrity (3)
3) Replaying
The attacker obtains a copy of a message sent by
a user and later tries to replay it.
– For example, a person sends a request to bank to
ask for payment to the attacker, who has done a
job for him/her. The attacker intercepts the
message and sends it again to receive another
payment from the bank.
Attacks Threatening Integrity (4)
4) Repudiation:
• Performed by one of the two parties in the
communication: the sender or the receiver.
– The sender of the message might later deny that
he/she has sent the message;
– The receiver of the message might later deny that
he/she has received the message.
Attacks Threatening Availability
1) Denial of Service (DoS)
Slow down or totally interrupt the service of a
system.
• The attacker can use several strategies to achieve
this.
– He/She might send so many bogus requests to a server
that the server crashes because of the heavy load.
– The attacker might intercept and delete a server’s
response to a client, making the client believe that the
server is not responding.
Security Service
• A processing or communication service that is
provided by a system to give a specific kind of
protection to system resources
– Specific mechanisms are required to implement
these services
What is X.800
• Security architecture or service that provides various
services to secure network transmission