Lecture 1 - Intro to Info Security - Lecture 1 Week 1 1...

This preview shows page 1 - 8 out of 18 pages.

1 Lecture 1 Week 1 1 What is security? Security Architecture Security Principles Security Policy Security Attacks / Threats Methods of Defense Security Services Security Mechanisms 2
Image of page 1

Subscribe to view the full document.

2 Definition: Security is the quality or state of being secure that is to be free from danger and to be protected from adversaries – from those who would do harm, intentionally or otherwise Information Security: Information Security is the protection of information and the systems and hardware that use, store, and transmit that information By NSTISSC 3 4
Image of page 2
3 Detection Prevention Recovery Tools: scanner such as virus scanner, internet scanner and Web server scanner Tools: proxy, firewall, cryptography Tools: data management 5 Defined by ITU-T Recommendation X.800 that called OSI Security Architecture. Useful to managers as a way of organizing the task of providing security Architecture was developed as an international standard, computer and communications vendors have developed security features for their products and services that relate to the structured definition of services and mechanisms. Focuses on security attacks, security mechanisms and security services. 6
Image of page 3

Subscribe to view the full document.

4 Confidentiality Integrity Availability Prevention of unauthorized disclosure of information Prevention of unauthorized modification of information Prevention of unauthorized withholding of information or resources 7 Set of rules to apply to security relevant activities in a security domain Level of security policy: objectives, organizational and system. Key aspects of security policy: authorization, access control policy, accountability 8
Image of page 4
5 Classified Into 2 Passive Attacks Active Attacks By X.800 and RFC 2828 Passive attacks : eavesdropping or monitoring the transmissions Goal: to obtain information that is being transmitted Types: release of message contents & traffic analysis Active attacks : Involve some modification of the data stream or the creation of a false stream Goal: to obtain authorization Categories: masquerade, replay, modification of messages & denial of service 9 Internet or other communications facility Read contents of message from Halim to Anita 10
Image of page 5

Subscribe to view the full document.

6 Internet or other communications facility Observe pattern of messages from Halim to Anita 11 Internet or other communications facility Message from Alex that appears to be from Halim 12
Image of page 6
7 Internet or other communications facility Capture message from Halim to Anita; later replay message to Anita 13 Internet or other communications facility Alex modifies message from Halim to Anita
Image of page 7

Subscribe to view the full document.

Image of page 8

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern