100%(1)1 out of 1 people found this document helpful
This preview shows page 8 - 10 out of 10 pages.
Unauthorized accessTheft and fraudoMalwareViruses are malware (malicious software) that are designed to replicate themselves so as to infect increasing number of computing systemsSpyware are malware that are specifically designed to track activity of users on computing systemsSome are called “keyloggers.” They can record every keystrokeoDenial-of-service (DOS) attacksAre carried out to intentionally block a service such as a bank’s web site from its legitimate usersUsually achieved by flooding the target systemoFIRST VIRUS FOUND WAS CALLED “Brian.A”Lecture 22Security goalsoConfidentiality involves making sure that information or data can onlybe accessed by individuals authorized to access themoIntegrity involves making sure that the data are consistent and completeoAvailability involves ensuring that system and/or data are available when they are neededoAuthentication is basically making sure that the parties involved are who they say they are, and the transactions, data, or communications are genuineoNon-repudiation refers to making sure one cannot renege on their obligations, for example by denying that they entered into a transaction with a web merchantSecurity controlsoPreventive controls stop or limit the security threat from happening inthe first place (anti-virus scans)
oCorrective controls repair damages after a security problem has occurred (anti-virus quarantine)oDetective controls find or discover where and when security threats occurred (audit logs)User profilesoLevels of identificationPossession is when an individual owns a form of identificationKnowledge is when an individual needs to know something to gain accessTraits requires recognition of physical or behavioral human characteristicsBiometricsoFingerprintoFacialoIris/retinaoDNACryptography – provides techniques for assuring the security of information as it flows through a communication channel. It may be used for sending secret or private messagesoEncryption – the process of encoding messages before they enter a communication channel such that, while in transit, the message cannot be decode without special informationoSymmetric cryptography/symmetric encryptionoAsymmetric cryptographyoPublic key – widely known and used to encrypt messagesAsymmetric cryptographyoPrivate key – known only to the receiver and used by the receiver to decryptoCertificate authority – a third party that certifies the ownership of a public key by a named subjectSSL/TLSoSecure Socket Layer/Transport Layer Security are protocols that allows for secure communication between two computersWhat is a worm?
You've reached the end of your free preview.
Want to read all 10 pages?
IP address, World Wide Web, primary key, Information retrieval tools