Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Slides:



Advertisements
Similar presentations
Network Security Chapter 1 - Introduction.
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Cryptography and Network Security Sixth Edition by William Stallings.
Cryptography and Network Security Chapter 1
Chapter 1 This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 1: Overview.
Lecture 1: Overview modified from slides of Lawrie Brown.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)
Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Lecture 1: Overview modified from slides of Lawrie Brown.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
SEC835 Database and Web application security Information Security Architecture.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings.
Introduction (Based on Lecture slides by J. H. Wang)
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
Network Security Essentials Chapter 1
Lecture 1: Overview modified from slides of Lawrie Brown.
Network Security Essentials Chapter 1 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
Introduction to Computer and Network Security
Network Security Essentials Chapter 1
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Information Security What is Information Security?
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Network Security Introduction
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
Copyright © 2013 – Curt Hill Computer Security An Overview.
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
CST 312 Pablo Breuer. measures to deter, prevent, detect, and correct security violations that involve the transmission of information.
COMPUTER SECURITY COMP424 1 ST LECTURE OVERVIEW AND TERMINOLOGIES Dr. Sarah Mustafa Eljack
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 1: Why Study Information Security?
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Network Security Overview
Information Security Principles course “Cryptology” Based of: “Cryptography and network Security” by William Stalling, 5th edition. Eng. Mohamed Adam Isak.
CS457 Introduction to Information Security Systems
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Information System and Network Security
Chapter 1 This chapter provides an overview of computer security. We begin with a discussion of what we mean by computer security. In essence, computer.
CNET334 - Network Security
Chapter 1: Introduction
INFORMATION SYSTEMS SECURITY and CONTROL
Cryptography and Network Security
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Introduction to Cryptography
Challenges Of Network Security
Presentation transcript:

Chapter 1 Overview

The NIST Computer Security Handbook defines the term Computer Security as:

Key Security Concepts Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information Integrity Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity Availability Ensuring timely and reliable access to and use of information

Levels of Impact Low The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals Moderate The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals High The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals

Computer security is not as simple as it might first appear to the novice Potential attacks on the security features must be considered Procedures used to provide particular services are often counterintuitive Physical and logical placement needs to be determined Additional algorithms or protocols may be involved Attackers only need to find a single weakness, the developer needs to find all weaknesses Users and system managers tend to not see the benefits of security until a failure occurs Security requires regular and constant monitoring Is often an afterthought to be incorporated into a system after the design is complete Thought of as an impediment to efficient and user-friendly operation

Table 1.1 Computer Security Terminology RFC 4949, Internet Security Glossary, May 2000

Assets of a Computer System Hardware Software Data Communication facilities and networks

Vulnerabilities, Threats and Attacks Categories of vulnerabilities Corrupted (loss of integrity) Leaky (loss of confidentiality) Unavailable or very slow (loss of availability) Threats Capable of exploiting vulnerabilities Represent potential security harm to an asset Attacks (threats carried out) Passive – attempt to learn or make use of information from the system that does not affect system resources Active – attempt to alter system resources or affect their operation Insider – initiated by an entity inside the security perimeter Outsider – initiated from outside the perimeter

Countermeasures Means used to deal with security attacks Prevent Detect Recover May itself introduce new vulnerabilities Residual vulnerabilities may remain Goal is to minimize residual level of risk to the assets

**Table is on page 40 in the textbook. Table 1.2 Threat Consequences, and the Types of Threat Actions That Cause Each Consequence Based on RFC 4949

Table 1.3 Computer and Network Assets, with Examples of Threats

Passive and Active Attacks Passive Attack Active Attack Attempts to learn or make use of information from the system but does not affect system resources Eavesdropping on, or monitoring of, transmissions Goal of attacker is to obtain information that is being transmitted Two types: o Release of message contents o Traffic analysis Attempts to alter system resources or affect their operation Involve some modification of the data stream or the creation of a false stream Four categories: o Replay o Masquerade o Modification of messages o Denial of service

Table 1.4 Security Requirements (FIPS PUB 200) (page 1 of 2) (Table can be found on page 46 in the textbook.)

Table 1.4 Security Requirements (FIPS PUB 200) (page 2 of 2) (Table can be found on page 47 in the textbook.)

Fundamental Security Design Principles Economy of mechanism Fail-safe defaults Complete mediation Open design Separation of privilege Least privilege Least common mechanism Psychological acceptability IsolationEncapsulationModularityLayering Least astonishment

Attack Surfaces Consist of the reachable and exploitable vulnerabilities in a system Examples: Open ports on outward facing Web and other servers, and code listening on those ports Services available on the inside of a firewall Code that processes incoming data, , XML, office documents, and industry-specific custom data exchange formats Interfaces, SQL, and Web forms An employee with access to sensitive information vulnerable to a social engineering attack

Attack Surface Categories Network Attack Surface Vulnerabilities over an enterprise network, wide-area network, or the Internet Included in this category are network protocol vulnerabilities, such as those used for a denial- of-service attack, disruption of communications links, and various forms of intruder attacks Software Attack Surface Vulnerabilities in application, utility, or operating system code Particular focus is Web server software Human Attack Surface Vulnerabilities created by personnel or outsiders, such as social engineering, human error, and trusted insiders

Computer Security Strategy

Summary Fundamental security design principles Attack surfaces and attack trees o Attack surfaces o Attack trees Computer security strategy o Security policy o Security implementation o Assurance and evaluation Computer security concepts o Definition o Challenges o Model Threats, attacks, and assets o Threats and attacks o Threats and assets Security functional requirements