Mohammad Alauthman CsStudent24@gmail.com Computer Security Mohammad Alauthman CsStudent24@gmail.com.

Slides:

Advertisements

Similar presentations

1 MIS 2000 Class 22 System Security Update: Winter 2015.

Advertisements

Crime and Security in the Networked Economy Part 4.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Cryptography and Network Security Chapter 1

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

Lecture 1: Overview modified from slides of Lawrie Brown.

Security+ Guide to Network Security Fundamentals

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

1 An Overview of Computer Security computer security.

FIT3105 Security and Identity Management Lecture 1.

7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

Introduction (Pendahuluan)  Information Security.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Topics in Information Security Prof. JoAnne Holliday Santa Clara University.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =

CIS/TCOM 551 Computer and Network Security Slide Set 2 Carl A. Gunter Spring 2004.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

BUSINESS B1 Information Security.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

What does “secure” mean? Protecting Valuables

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.

Information Security What is Information Security?

Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

© G. Dhillon Principles of IS Security Security of Technical Systems in Organizations – an introduction.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Chap1: Is there a Security Problem in Computing?.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

CONTROLLING INFORMATION SYSTEMS

Security and Ethics Safeguards and Codes of Conduct.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Computer threats, Attacks and Assets upasana pandit T.E comp.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.

UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,

CIT-460 Chapter 1 : Basic Terminologies Lecture #1-Week 1 Dr.Khalid, Dr. Mohannad Computer and Information Security 1.

Threats, Attacks And Assets… By: Rachael L. Fernandes Roll no:

Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.

Information Management System Ali Saeed Khan 29 th April, 2016.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.

Security Issues in Information Technology

CS457 Introduction to Information Security Systems

Risk management.

Network Security (the Internet Security)

Information System and Network Security

Secure Software Confidentiality Integrity Data Security Authentication

Lecture 5. Security Threats

Chapter 17 Risks, Security and Disaster Recovery

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Security in Networking

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

INFORMATION SYSTEMS SECURITY and CONTROL

Security of Data

Faculty of Science IT Department By Raz Dara MA.

Security in SDR & cognitive radio

Presentation transcript:

Mohammad Alauthman CsStudent24@gmail.com Computer Security Mohammad Alauthman CsStudent24@gmail.com

Computer Security: Why do we care?

HW SW

Security is based on: Privacy or Confidentiality. Trust. Authenticity. Integrity.

Privacy or Confidentiality : The ability to keep things private. Preserving authorized restrictions on information access and disclosure, including means of protecting personal privacy and proprietary information. Keeping secrets secret.

Trust : Do we trust data from an individual or a host? Could they be used against us?

Authenticity : Are security credentials in order? Are we talking to whom we think we are talking to, privately or not.

Integrity : Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. Has anything changed, is this really from the person it says it is from?

Where do most Security Problems rise? Lack of understanding. Natural disasters. Bad habits (eat, drink, etc.).

Statistics of computer security: 55% human error 10% disgruntled employees 10% dishonest employees 10% outsider access

How do we secure a system? Environments can be hostile because of : Physical threats - weather, natural disaster, bombs, power etc. Human threats - stealing, trickery, spying, sabotage, accidents. Software threats - viruses, Trojan horses, logic bombs.

Hardware Security: Physical problem Theft

Software Security: Theft. Modification on SW: Deletion. Misplacement Logic Bombs. Specific time. Specific event. Trojan Horses Deletion. Misplacement

Methods of Defense : (countermeasures) Two main classes: Administrative Controls (Polices): Backup procedures Password changes Hours of usage Guards Access control devices Locks “Often fails – people don’t follow rules.”

Methods of Defense : (Cont.) (countermeasures) Two main classes: Technical controls: Hardware Controls: Physical Security Locks Perimeter Control Hardware encryption

Methods of Defense : (Cont.) (countermeasures) Two main classes: Technical controls: 2. Software Controls: Compression Encryption Secure software development Network (e.g., protocol filters). Audit logs (who did what and when). Operating Systems. Firewalls. Virus scanners.

Network Security Four common types of possible attacks are: 1. Interruption: A message traveling from A to B never reaches its destination, possibly because of problems with router. 2. Interception: When a message is sent from A to B, it is also (illegally) intercepted by another listener C, who is usually eavesdropping on the conversation.

Network Security Four common types of possible attacks are: 3. Modification: A message sent from A to B is first intercepted by C, who modifies the message and sends the new modified message to B. 4. Fabrication: Another messenger C can fabricate messages and send messages to B, making it look like they have been sent from A.

Network Security

What shall I do???? Criticality Cost Vulnerability Threat Risk Asset Criticality: How important is the IT asset to the mission? Vulnerability: How can the asset be compromised, exploited, damaged, or destroyed? Threat: Who intends to exploit a vulnerability, against what, and what are their capabilities? Risk: What is the probability of loss or damage to the asset?

Vulnerability 1 4 6 3 5 2 7 Threat Criticality RISK = Vulnerability AND Criticality AND Threat RISK Vulnerability 1 4 6 3 5 2 7 Threat Criticality

Threats & Outcomes

Objectives of a Secure System: Privacy Or Confidentiality Keeping information secret from all but those who are authorized to see it. Data Integrity Ensuring information has not been altered by unauthorized or unknown means. Entity Authentication Or Identification Corroboration of the identity of an entity (e.g., a person, a computer terminal, a credit card, etc.) Message Authentication Corroborating the source of information; also known as data origin authentication.

Objectives of a Secure System: Signature A means to bind information to an entity. Authorization Conveyance, to another entity, of official sanction to do or be something. Validation A means to provide timeliness of authorization to use or manipulate information or resources. Access Control Restricting access to resources to privileged entities.

Objectives of a Secure System: Certification Endorsement of information by a trusted entity. Time stamping Recording the time of creation or existence of information. Witnessing Verifying the creation or existence of information by an entity other than the creator. Receipt Acknowledgement that information has been received.

Objectives of a Secure System: Confirmation Acknowledgement that services has been provided. Ownership A means to provide an entity with the legal right to use or transfer a resource to others.