Chapter 9 Security. Copyright © 2003, Addison-Wesley Security The quality or state of being secure Freedom from danger Freedom from fear or anxiety Measures.

Slides:



Advertisements
Similar presentations
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Advertisements

Chapter 9: Privacy, Crime, and Security
Security+ Guide to Network Security Fundamentals
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lecture 10 Security and Control.
Lecture 10 Security and Control.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Security Awareness: Applying Practical Security in Your World
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Computer and Network Security Risanuri Hidayat, Ir., M.Sc.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Chapter 19 Security.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Chapter 13 Network Security. Contents Definition of information security Role of network security Vulnerabilities, threats and controls Network security.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Chapter 9 Security. Copyright © 2003, Addison-Wesley Security The quality or state of being secure Freedom from danger Freedom from fear or anxiety Measures.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
C8- Securing Information Systems
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Security Content 1. Requirements of Security 2. Private Key, Public Key, Digital Signature 3. Security Protocols (SSL, SET) 4. Security Attack, Network.
CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Types of Electronic Infection
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Security is often cited as a major barrier to electronic commerce. Prospective buyers are leery of sending credit card information over the web. Prospective.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
DIGITAL SIGNATURE.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Information Security in Distributed Systems Distributed Systems1.
Chap1: Is there a Security Problem in Computing?.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
Jump to first page Internet Security in Perspective Yong Cao December 2000.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Information Systems Design and Development Security Precautions Computing Science.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
Securing Information Systems
Security Issues in Information Technology
Securing Information Systems
USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY
Security.
Operating System Concepts
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

Chapter 9 Security

Copyright © 2003, Addison-Wesley Security The quality or state of being secure Freedom from danger Freedom from fear or anxiety Measures taken to guard against Espionage or sabotage Crime or attack Escape

Copyright © 2003, Addison-Wesley Information Technology Security Protect resources… Hardware Software Data …from unauthorized Use Modification Theft Technology infrastructure is strategic resource Mission critical applications

Copyright © 2003, Addison-Wesley Security Tradeoffs Conflicting objectives Convenience vs. security Ease of use vs. security Perfect security is impossible Lock computer in safe and don’t use it Or, accept some risk

Copyright © 2003, Addison-Wesley The Attacker’s Viewpoint Attack pointless if cost exceeds value Cost of breaking security Major cost is risk of getting caught Training, equipment, time Value of secured resources Difficult to estimate What is the value of information? Enemy’s attack plans Competitor’s pricing strategy Hackers do not value things conventionally

Copyright © 2003, Addison-Wesley The Defender’s Viewpoint Cost of implementing security Hardware, software, and other IT resources Security management User efficiency implications Cost of not implementing security Theft, destruction, or modification of information Denial of service attacks Viruses, worms, and packet sniffers Loss of a mission critical application

Copyright © 2003, Addison-Wesley Risk Assessment Problem resembles insurance underwriting Estimate value of resources Identify and estimate risks How might you be attacked? What would a successful attack cost? Estimate probabilities for several security options Consider social/political issues Powerful managers Non-believers Customers – risk assumption

Copyright © 2003, Addison-Wesley Security Threats Traditional physical countermeasures Locks, doors, vaults Security guards and security cameras Internet issues Difficult to trace electronic access paths Steal, alter, destroy, copy information Denial of service Viruses and worms Packet sniffers

Copyright © 2003, Addison-Wesley Figure 9.1 The Objectives of Security. Access Each user can access all authorized resources Authentication Sender of message is who he or she claims to be Integrity Contents not modified during transmission Privacy protection Contents known only to sender and receiver

Copyright © 2003, Addison-Wesley Objectives, continued Non-repudiation Sender cannot deny he or she sent message Recovery Procedures in place to get the system back on line Auditability Procedures can be audited

Copyright © 2003, Addison-Wesley Physical Access Control Foundation of security Ensure physically secure location The system itself All system access points Tools Doors, locks, guards User authentication Biometrics Fingerprints and smart cards Mantraps

Copyright © 2003, Addison-Wesley Figure 9.3 A smart card. Embedded chip ID number Digital photo Digital fingerprint Other biometrics Financial data Likely applications Credit cards Cash cards National ID card

Copyright © 2003, Addison-Wesley Figure 9.4 Biometrics authentication. Scan smart card Scan fingerprint Compare values Match – approve No match – reject

Copyright © 2003, Addison-Wesley Figure 11.5 Biometrics using a database. Scan employee ID Read fingerprint from disk Scan fingerprint Compare results Match – approve No match – reject More secure

Copyright © 2003, Addison-Wesley Biometrics Risks Invalid if database compromised Digitized biometrics value Resembles a long password Subject to forgery Subject to hacking False negatives and false positives Excessive confidence in biometrics

Copyright © 2003, Addison-Wesley Network Vulnerabilities Public access can compromise physical security is a major security hole Attachments Trojan horses, backdoors, sniffers Instant messaging is an emerging problem Efficiency gains No telephone tag No crossing messages Public domain software  inability to control Solution – integrate into corporate IT strategy

Copyright © 2003, Addison-Wesley Intrusion Detection Objectives Gather evidence for possible prosecution Identify cause to aid in recovery Logging Record all logins and changes to database Write-only medium Honey pots and tar pits Reverse Trojan horse Lure attacker into confined space Monitor activities

Copyright © 2003, Addison-Wesley The Principle of Confinement Limit a given user’s access Need to know Privilege levels Permissions Before gaining access Authorization After gaining access Privilege levels and permissions

Copyright © 2003, Addison-Wesley Firewalls (access control doors/interlocks) Consist of: Hardware/software Software only Monitor incoming and outgoing packets Packet filtering Content filtering Isolate private network from public network Protect integrity and privacy

Copyright © 2003, Addison-Wesley Cryptography (for Privacy) Encrypting/concealing meaning of message Plain text An unencrypted message Readable by anyone Encryption Convert to ciphered or encoded form Code – substitute word or phrase Cipher – substitute letter or digit Decryption Convert back into plain text

Copyright © 2003, Addison-Wesley Asymmetric Public Key Encryption Two keys Related pair Public key is published Private key is secret Sender encrypts with recipient’s public key Recipient decrypts with his/her private key More secure than secret key encryption No need to exchange keys Much slower than secret key encryption

Copyright © 2003, Addison-Wesley Digital Envelopes and Signatures Solution to the security/speed tradeoff Use secret key encryption for the message The lengthy part Use public key encryption for the secret key Solves the key exchange problem Key is relatively small, so speed is not an issue This is the digital envelope Transmit message and digital envelope

Copyright © 2003, Addison-Wesley Digital Signature Flaws Compromised system Trojan horse Virus Backdoor Steal keys from hard drive User signs wrong document Display document A Apply signature to document B

Copyright © 2003, Addison-Wesley Digital Certificate Registration authority (RA) Authenticates applicant’s identity Certificate authority (CA) Trusted third party Attests to binding between public key and user name Assign key pair and digital certificate The public key infrastructure (PKI)

Copyright © 2003, Addison-Wesley Figure 9.18 The contents of a digital certificate. Source:

Copyright © 2003, Addison-Wesley Figure 9.23 A steganographic watermark. A visible watermark proves ownership and makes the image unusable The image with the watermark. removed or hidden. Source:

Copyright © 2003, Addison-Wesley Secure Sockets Layer (SSL) Operates in TCP/IP context Public key encryption Digital envelope Digital signature Randomly generates keys by transaction Encrypts browser/ server communication e.g., credit card number Supports several encryption algorithms and authentication methods The closed lock icon

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.