Scribd Logo
Upload

Welcome to Scribd!

  • 4 views

    Lecture 1,2,3

    Uploaded by

    Subhan Ch
    This document provides an introduction to information privacy and security. It discusses key concepts like confidentiality, integrity, and availability (CIA model), as well as other important terms like vulnerability, attack, threat, and mechanisms for security. It describes different types of security attacks such as active attacks that modify data and passive attacks that don't harm data but affect confidentiality. Finally, it outlines common security services and methods of defense like encryption, access controls, policies, and physical controls.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Lecture 1,2,3

    Uploaded by

    Subhan Ch
    4 views24 pages
    This document provides an introduction to information privacy and security. It discusses key concepts like confidentiality, integrity, and availability (CIA model), as well as other important terms like vulnerability, attack, threat, and mechanisms for security. It describes different types of security attacks such as active attacks that modify data and passive attacks that don't harm data but affect confidentiality. Finally, it outlines common security services and methods of defense like encryption, access controls, policies, and physical controls.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides an introduction to information privacy and security. It discusses key concepts like confidentiality, integrity, and availability (CIA model), as well as other important terms like vulnerability, attack, threat, and mechanisms for security. It describes different types of security attacks such as active attacks that modify data and passive attacks that don't harm data but affect confidentiality. Finally, it outlines common security services and methods of defense like encryption, access controls, policies, and physical controls.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    4 views24 pages

    Lecture 1,2,3

    Uploaded by

    Subhan Ch
    This document provides an introduction to information privacy and security. It discusses key concepts like confidentiality, integrity, and availability (CIA model), as well as other important terms like vulnerability, attack, threat, and mechanisms for security. It describes different types of security attacks such as active attacks that modify data and passive attacks that don't harm data but affect confidentiality. Finally, it outlines common security services and methods of defense like encryption, access controls, policies, and physical controls.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 24

    Information Privacy and

    Security
    Lecture 01,02,03
    Introduction

    Areesha Sajjad
    NCBA&E FLC
    Security???
    What is security
    • Security revolves around CIA
    Confidentiality

    • Preventing the unauthorized disclosure of sensitive information.


    • disclosure could be
    • Intentional (Breaking)
    • Unintentional (Carelessness)
    • Confidentiality VS Privacy
    • Privacy:
    • Degree to which entity will interact with its environment.
    • Privacy is a reason for confidentiality
    Integrity

    • Goals of integrity (e.g. email)


    • Prevention of the modification of information by unauthorized users.
    • Prevention of the unauthorized or unintentional modification of information
    by authorized users
    Availability

    • a system’s authorized users have timely and uninterrupted access


    • DoS/DDoS
    What is Privacy

    • Right to Access
    • Privileges defined by the owner on the resource.
    • Legislations (HIPPA/US Laws/EU laws)
    Other Terms

    • Vulnerability: An error or weakness in the design, implementation,


    or operation of a system
    • Attack: A mean of exploiting some vulnerability in a system.
    • Threat: An adversary that is motivated and capable of exploiting a
    vulnerability.
    Attacks, Services and Mechanisms

    • Security Attack: Any action that compromises the security of


    information.
    • Security Mechanism: A mechanism that is designed to detect, prevent,
    or recover from a security attack.
    • Security Service: A service that enhances the security of data processing
    systems and information transfers. A security service makes use of one
    or more security mechanisms. E.g., virus detection, firewall, etc.
    Security Attacks

    • Active attacks ( affects integrity & availability)


    • Modifies data
    • Passive attacks (Affects confidentiality)
    • Don’t harm data
    Active Attacks

    • Masquerade
    • Pretending to be a different entity
    Active Attacks
    • Replay Attacks (to trick the system into accepting the re transmission
    of the data as legitimate one)
    Active Attacks
    • Denial of service (A denial-of-service (DoS) attack occurs when
    legitimate users are unable to access information systems, devices,
    or other network resources due to the actions of a malicious cyber
    threat actor.)
    • Easy to detect
    • Hard to prevent
    Passive Attacks

    • Eavesdropping on transmissions to obtain information


    • Release of message contents
    • Outsider learns content of transmission
    • Traffic analysis
    • By monitoring frequency and length of messages, even encrypted, nature of
    communication may be guessed (ID, location, session, file transfer)
    • Difficult to detect
    • Can be prevented
    Attackers

    • 1. Hacker: The one who is only interested in penetrating into your


    system. They do not cause any harm to your system they only get
    satisfied by getting access to your system.
    • 2. Intruders: These attackers intend to do damage to your system or
    try to obtain the information from the system which can be used to
    attain financial gain.
    • The attacker can place a logical program on your system through the
    network which can affect the software on your system. This leads to
    two kinds of risks:
    • a. Information threat: This kind of threats modifies data on the
    user’s behalf to which actually user should not access. Like enabling
    some crucial permission in the system.
    • b. Service threat: This kind of threat disables the user from
    accessing data on the system.
    Security Attacks (active and passive, affects CIA)
    Security Attacks

    • Interruption: This is an attack on availability


    • Interception: This is an attack on confidentiality
    • Modification: This is an attack on integrity
    • Fabrication: This is an attack on authenticity
    Security Services

    • Confidentiality (privacy)

    • Authentication (who created or sent the data)

    • Integrity (has not been altered)

    • Non-repudiation (cannot deny authenticity of message i.e. signature)

    • Access control (prevent misuse of resources)

    • Availability
    • Denial of Service Attacks
    • Virus that deletes files
    Methods of Defence

    • Encryption
    • Software Controls (access limitations in a database, in operating
    system protect each user from other users)
    • Hardware Controls (smartcard)
    • Policies (frequent changes of passwords)
    • Physical Controls
    Internet RFC Publication Process
    Recommended Reading

    • Pfleeger, C. Security in Computing. Prentice Hall, 1997.

    • Mel, H.X. Baker, D. Cryptography Decrypted. Addison


    Wesley, 2001.

    You might also like