Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9 Security. Copyright © 2003, Addison-Wesley Security The quality or state of being secure Freedom from danger Freedom from fear or anxiety Measures.

Published byCory Carter Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 9 Security. Copyright © 2003, Addison-Wesley Security The quality or state of being secure Freedom from danger Freedom from fear or anxiety Measures."— Presentation transcript:

1 Chapter 9 Security

2 Copyright © 2003, Addison-Wesley Security The quality or state of being secure Freedom from danger Freedom from fear or anxiety Measures taken to guard against Espionage or sabotage Crime or attack Escape

3 Copyright © 2003, Addison-Wesley Information Technology Security Protect resources… Hardware Software Data …from unauthorized Use Modification Theft Technology infrastructure is strategic resource Mission critical applications

4 Copyright © 2003, Addison-Wesley Security Tradeoffs Conflicting objectives Convenience vs. security Ease of use vs. security Perfect security is impossible Lock computer in safe and don’t use it Or, accept some risk

5 Copyright © 2003, Addison-Wesley The Attacker’s Viewpoint Attack pointless if cost exceeds value Cost of breaking security Major cost is risk of getting caught Training, equipment, time Value of secured resources Difficult to estimate What is the value of information? Enemy’s attack plans Competitor’s pricing strategy Hackers do not value things conventionally

6 Copyright © 2003, Addison-Wesley The Defender’s Viewpoint Cost of implementing security Hardware, software, and other IT resources Security management User efficiency implications Cost of not implementing security Theft, destruction, or modification of information Denial of service attacks Viruses, worms, and packet sniffers Loss of a mission critical application

7 Copyright © 2003, Addison-Wesley Risk Assessment Problem resembles insurance underwriting Estimate value of resources Identify and estimate risks How might you be attacked? What would a successful attack cost? Estimate probabilities for several security options Consider social/political issues Powerful managers Non-believers Customers – risk assumption

8 Copyright © 2003, Addison-Wesley Security Threats Traditional physical countermeasures Locks, doors, vaults Security guards and security cameras Internet issues Difficult to trace electronic access paths Steal, alter, destroy, copy information Denial of service Viruses and worms Packet sniffers

9 Copyright © 2003, Addison-Wesley Figure 9.1 The Objectives of Security. Access Each user can access all authorized resources Authentication Sender of message is who he or she claims to be Integrity Contents not modified during transmission Privacy protection Contents known only to sender and receiver

10 Copyright © 2003, Addison-Wesley Objectives, continued Non-repudiation Sender cannot deny he or she sent message Recovery Procedures in place to get the system back on line Auditability Procedures can be audited

11 Copyright © 2003, Addison-Wesley Physical Access Control Foundation of security Ensure physically secure location The system itself All system access points Tools Doors, locks, guards User authentication Biometrics Fingerprints and smart cards Mantraps

12 Copyright © 2003, Addison-Wesley Figure 9.3 A smart card. Embedded chip ID number Digital photo Digital fingerprint Other biometrics Financial data Likely applications Credit cards Cash cards National ID card

13 Copyright © 2003, Addison-Wesley Figure 9.4 Biometrics authentication. Scan smart card Scan fingerprint Compare values Match – approve No match – reject

14 Copyright © 2003, Addison-Wesley Figure 11.5 Biometrics using a database. Scan employee ID Read fingerprint from disk Scan fingerprint Compare results Match – approve No match – reject More secure

15 Copyright © 2003, Addison-Wesley Biometrics Risks Invalid if database compromised Digitized biometrics value Resembles a long password Subject to forgery Subject to hacking False negatives and false positives Excessive confidence in biometrics

16 Copyright © 2003, Addison-Wesley Network Vulnerabilities Public access can compromise physical security E-mail is a major security hole Attachments Trojan horses, backdoors, sniffers Instant messaging is an emerging problem Efficiency gains No telephone tag No crossing e-mail messages Public domain software  inability to control Solution – integrate into corporate IT strategy

17 Copyright © 2003, Addison-Wesley Intrusion Detection Objectives Gather evidence for possible prosecution Identify cause to aid in recovery Logging Record all logins and changes to database Write-only medium Honey pots and tar pits Reverse Trojan horse Lure attacker into confined space Monitor activities

18 Copyright © 2003, Addison-Wesley The Principle of Confinement Limit a given user’s access Need to know Privilege levels Permissions Before gaining access Authorization After gaining access Privilege levels and permissions

19 Copyright © 2003, Addison-Wesley Firewalls (access control doors/interlocks) Consist of: Hardware/software Software only Monitor incoming and outgoing packets Packet filtering Content filtering Isolate private network from public network Protect integrity and privacy

20 Copyright © 2003, Addison-Wesley Cryptography (for Privacy) Encrypting/concealing meaning of message Plain text An unencrypted message Readable by anyone Encryption Convert to ciphered or encoded form Code – substitute word or phrase Cipher – substitute letter or digit Decryption Convert back into plain text

21 Copyright © 2003, Addison-Wesley Asymmetric Public Key Encryption Two keys Related pair Public key is published Private key is secret Sender encrypts with recipient’s public key Recipient decrypts with his/her private key More secure than secret key encryption No need to exchange keys Much slower than secret key encryption

22 Copyright © 2003, Addison-Wesley Digital Envelopes and Signatures Solution to the security/speed tradeoff Use secret key encryption for the message The lengthy part Use public key encryption for the secret key Solves the key exchange problem Key is relatively small, so speed is not an issue This is the digital envelope Transmit message and digital envelope

23 Copyright © 2003, Addison-Wesley Digital Signature Flaws Compromised system Trojan horse Virus Backdoor Steal keys from hard drive User signs wrong document Display document A Apply signature to document B

24 Copyright © 2003, Addison-Wesley Digital Certificate Registration authority (RA) Authenticates applicant’s identity Certificate authority (CA) Trusted third party Attests to binding between public key and user name Assign key pair and digital certificate The public key infrastructure (PKI)

25 Copyright © 2003, Addison-Wesley Figure 9.18 The contents of a digital certificate. Source: http://rr.sans.org/encryption/certificate.phphttp://rr.sans.org/encryption/certificate.php

26 Copyright © 2003, Addison-Wesley Figure 9.23 A steganographic watermark. A visible watermark proves ownership and makes the image unusable The image with the watermark. removed or hidden. Source: http://www15.brinkster.com/kfrank/projects/water/water.htmhttp://www15.brinkster.com/kfrank/projects/water/water.htm

27 Copyright © 2003, Addison-Wesley Secure Sockets Layer (SSL) Operates in TCP/IP context Public key encryption Digital envelope Digital signature Randomly generates keys by transaction Encrypts browser/ server communication e.g., credit card number Supports several encryption algorithms and authentication methods The closed lock icon

Download ppt "Chapter 9 Security. Copyright © 2003, Addison-Wesley Security The quality or state of being secure Freedom from danger Freedom from fear or anxiety Measures."

Similar presentations

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Computer and Network Security Risanuri Hidayat, Ir., M.Sc.

Computer and Network Security Risanuri Hidayat, Ir., M.Sc.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google