Unauthorized access
Theft and fraud
o
Malware
Viruses are malware (malicious software) that are designed to
replicate themselves so as to infect increasing number of
computing systems
Spyware are malware that are specifically designed to track
activity of users on computing systems
Some are called “keyloggers.” They can record every
keystroke
o
Denial-of-service (DOS) attacks
Are carried out to intentionally block a service such as a bank’s
web site from its legitimate users
Usually achieved by flooding the target system
o
FIRST VIRUS FOUND WAS CALLED “Brian.A”
Lecture 22
Security goals
o
Confidentiality involves making sure that information or data can only
be accessed by individuals authorized to access them
o
Integrity involves making sure that the data are consistent and
complete
o
Availability involves ensuring that system and/or data are available
when they are needed
o
Authentication is basically making sure that the parties involved are
who they say they are, and the transactions, data, or communications
are genuine
o
Non-repudiation refers to making sure one cannot renege on their
obligations, for example by denying that they entered into a
transaction with a web merchant
Security controls
o
Preventive controls stop or limit the security threat from happening in
the first place (anti-virus scans)
o
Corrective controls repair damages after a security problem has
occurred (anti-virus quarantine)
o
Detective controls find or discover where and when security threats
occurred (audit logs)
User profiles
o
Levels of identification
Possession is when an individual owns a form of identification
Knowledge is when an individual needs to know something to
gain access
Traits requires recognition of physical or behavioral human
characteristics
Biometrics
o
Fingerprint
o
Facial
o
Iris/retina
o
DNA
Cryptography – provides techniques for assuring the security of information
as it flows through a communication channel.
It may be used for sending
secret or private messages
o
Encryption – the process of encoding messages before they enter a
communication channel such that, while in transit, the message
cannot be decode without special information
o
Symmetric cryptography/symmetric encryption
o
Asymmetric cryptography
o
Public key – widely known and used to encrypt messages
Asymmetric cryptography
o
Private key – known only to the receiver and used by the receiver to
decrypt
o
Certificate authority – a third party that certifies the ownership of a
public key by a named subject
SSL/TLS
o
Secure Socket Layer/Transport Layer Security are protocols that
allows for secure communication between two computers
What is a worm?
You've reached the end of your free preview.
Want to read all 10 pages?
- Spring '16
- IP address, World Wide Web, primary key, Information retrieval tools
