Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mohammad Alauthman CsStudent24@gmail.com Computer Security Mohammad Alauthman CsStudent24@gmail.com.

Published byPauline Simmons Modified over 5 years ago

Similar presentations

Presentation on theme: "Mohammad Alauthman CsStudent24@gmail.com Computer Security Mohammad Alauthman CsStudent24@gmail.com."— Presentation transcript:

1 Mohammad Alauthman CsStudent24@gmail.com
Computer Security Mohammad Alauthman

2 Computer Security: Why do we care?

3 HW SW

4 Security is based on: Privacy or Confidentiality. Trust. Authenticity.
Integrity.

5 Privacy or Confidentiality :
The ability to keep things private. Preserving authorized restrictions on information access and disclosure, including means of protecting personal privacy and proprietary information. Keeping secrets secret.

6 Trust : Do we trust data from an individual or a host? Could they be used against us?

7 Authenticity : Are security credentials in order? Are we talking to whom we think we are talking to, privately or not.

8 Integrity : Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. Has anything changed, is this really from the person it says it is from?

9 Where do most Security Problems rise?
Lack of understanding. Natural disasters. Bad habits (eat, drink, etc.).

10 Statistics of computer security:
55% human error 10% disgruntled employees 10% dishonest employees 10% outsider access

11 How do we secure a system?
Environments can be hostile because of : Physical threats - weather, natural disaster, bombs, power etc. Human threats - stealing, trickery, spying, sabotage, accidents. Software threats - viruses, Trojan horses, logic bombs.

12 Hardware Security: Physical problem Theft

13 Software Security: Theft. Modification on SW: Deletion. Misplacement
Logic Bombs. Specific time. Specific event. Trojan Horses Deletion. Misplacement

14 Methods of Defense : (countermeasures)
Two main classes: Administrative Controls (Polices): Backup procedures Password changes Hours of usage Guards Access control devices Locks “Often fails – people don’t follow rules.”

15 Methods of Defense : (Cont.) (countermeasures)
Two main classes: Technical controls: Hardware Controls: Physical Security Locks Perimeter Control Hardware encryption

16 Methods of Defense : (Cont.) (countermeasures)
Two main classes: Technical controls: 2. Software Controls: Compression Encryption Secure software development Network (e.g., protocol filters). Audit logs (who did what and when). Operating Systems. Firewalls. Virus scanners.

17 Network Security Four common types of possible attacks are: 1. Interruption: A message traveling from A to B never reaches its destination, possibly because of problems with router. 2. Interception: When a message is sent from A to B, it is also (illegally) intercepted by another listener C, who is usually eavesdropping on the conversation.

18 Network Security Four common types of possible attacks are: 3. Modification: A message sent from A to B is first intercepted by C, who modifies the message and sends the new modified message to B. 4. Fabrication: Another messenger C can fabricate messages and send messages to B, making it look like they have been sent from A.

19 Network Security

20 What shall I do???? Criticality Cost Vulnerability Threat Risk Asset
Criticality: How important is the IT asset to the mission? Vulnerability: How can the asset be compromised, exploited, damaged, or destroyed? Threat: Who intends to exploit a vulnerability, against what, and what are their capabilities? Risk: What is the probability of loss or damage to the asset?

21 Vulnerability 1 4 6 3 5 2 7 Threat Criticality
RISK = Vulnerability AND Criticality AND Threat RISK Vulnerability 1 4 6 3 5 2 7 Threat Criticality

22 Threats & Outcomes

23 Objectives of a Secure System:
Privacy Or Confidentiality Keeping information secret from all but those who are authorized to see it. Data Integrity Ensuring information has not been altered by unauthorized or unknown means. Entity Authentication Or Identification Corroboration of the identity of an entity (e.g., a person, a computer terminal, a credit card, etc.) Message Authentication Corroborating the source of information; also known as data origin authentication.

24 Objectives of a Secure System:
Signature A means to bind information to an entity. Authorization Conveyance, to another entity, of official sanction to do or be something. Validation A means to provide timeliness of authorization to use or manipulate information or resources. Access Control Restricting access to resources to privileged entities.

25 Objectives of a Secure System:
Certification Endorsement of information by a trusted entity. Time stamping Recording the time of creation or existence of information. Witnessing Verifying the creation or existence of information by an entity other than the creator. Receipt Acknowledgement that information has been received.

26 Objectives of a Secure System:
Confirmation Acknowledgement that services has been provided. Ownership A means to provide an entity with the legal right to use or transfer a resource to others.

Download ppt "Mohammad Alauthman CsStudent24@gmail.com Computer Security Mohammad Alauthman CsStudent24@gmail.com."

Similar presentations

1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.

Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
CIS/TCOM 551 Computer and Network Security Slide Set 2 Carl A. Gunter Spring 2004.

CIS/TCOM 551 Computer and Network Security Slide Set 2 Carl A. Gunter Spring 2004.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

Similar presentations

Ads by Google