Security-Encrypt-s.pptx - Computer and Network Security Threats Topics I Computer Security Concepts II Security Threats A Intruders B Malicious Software

Security-Encrypt-s.pptx - Computer and Network Security...

  • CUHK
  • DSME 4280
  • Notes
  • hinss
  • 52

This preview shows page 1 - 10 out of 52 pages.

Computer and Network Security Threats
Image of page 1
Topics: I. Computer Security Concepts II. Security Threats A. Intruders B. Malicious Software C. Keyloggers, Phishing, Spyware III. Computer Security Trends IV. Security Technologies
Image of page 2
I. Computer Security Concepts The NIST (National Institute of Standards and Technology) Computer Security Handbook [NIST95] defines the term computer security as: “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).”
Image of page 3
Computer Security Objectives Confidentia lity Confidentia lity Data confidentiality assures that confidentia l information is not made available or disclosed to unauthorized individuals Privacy assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed Integrity Integrity Data integrity assures that information and programs are changed only in a specified and authorized manner System integrity assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system Availability Availability Assures that systems work promptly and service is not denied to authorized users
Image of page 4
Scope of System Security Software Hardware Network Data
Image of page 5
Computer and Network Assets, with Examples of Threats
Image of page 6
The Security Requirements Triad CIA Triad Two more: Authenticity and Accountability Data and Services
Image of page 7
III. Security Threats A. Intruders Masquer ader Masquer ader An individual not authorized to use the computer and penetrates a system’s access controls to exploit a legitimate user’s account An individual not authorized to use the computer and penetrates a system’s access controls to exploit a legitimate user’s account Likely to be an outsider Likely to be an outsider Misfeaso r Misfeaso r Legitimate user who accesses data, programs, or resources for which such access is not authorized Legitimate user who accesses data, programs, or resources for which such access is not authorized Could also be someone who is authorized for access but misuses their privileges Could also be someone who is authorized for access but misuses their privileges Generally an insider Generally an insider Clandesti ne user Clandesti ne user An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection Can be either an insider or an outsider Can be either an insider or an outsider
Image of page 8
B. Malicious Software Malware Malicious software that exploits system vulnerabilities Designed to cause damage to or use up the
Image of page 9
Image of page 10

You've reached the end of your free preview.

Want to read all 52 pages?

  • Spring '16

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture