Presentation is loading. Please wait.

Presentation is loading. Please wait.

John Carpenter 2008 702904 & 711908 lecture - 01 1 702904 & 711908 Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

Published byBenjamin Miller Modified over 8 years ago

Similar presentations

Presentation on theme: "John Carpenter 2008 702904 & 711908 lecture - 01 1 702904 & 711908 Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals."— Presentation transcript:

1 John Carpenter 2008 702904 & 711908 lecture - 01 1 702904 & 711908 Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals

2 John Carpenter 2008 702904 & 711908 lecture - 01 2 Lecturer Mr John Carpenter B Eng (Electrical) M Eng Sc (Systems Theory, Pattern Recognition) M Arts (Philosophy – Theory of Mind) Work experience: Embedded Systems Pathology Instrumentation and Databases Project manager Lecturer in Computer Technology, Project Management, and Security johncoz@fastmail.com.au

3 John Carpenter 2008 702904 & 711908 lecture - 01 3 702904 & 711908 Information Security Lecture Introduction Welcome Student Handout: Subject Introduction Assessment Texts Tutorials Lecture 1 Objectives

4 John Carpenter 2008 702904 & 711908 lecture - 01 4 702904 & 711908 Information Security Principles of Security Securing individual computer systems Models for securing information systems Securing local networks Cryptography as a basis for securing transactions passing across open networks Maybe: Introduction to securing websites Maybe: Securing databases

5 John Carpenter 2008 702904 & 711908 lecture - 01 5 Objectives of Lecture 1 Subject Administration Define the objectives of information security Some definitions The four Threats Controls The layers of technology and hence the layers of controls A different point of view Physical security

6 John Carpenter 2008 702904 & 711908 lecture - 01 6 References Pfleeger & Pleeger Ch 1, Section 8.4 Gollman Computer Security Ch 1

7 John Carpenter 2008 702904 & 711908 lecture - 01 7 There are Problems Theft - of equipment, of proprietary software Theft - Copying of confidential material Fabrication - for gain - Adding false names to company payroll Modification - malicious - Virus infections Access - easy for ‘us’ Access - difficult for ‘them’

8 John Carpenter 2008 702904 & 711908 lecture - 01 8 What is Security ? Protection of assets - can take several forms: Prevention Detection Reaction What does this mean for computer assets ?

9 John Carpenter 2008 702904 & 711908 lecture - 01 9 What is Information Security ? The objectives of information security are: Confidentiality Integrity Availability to give us: Secure Data

10 John Carpenter 2008 702904 & 711908 lecture - 01 10 Confidentiality Only accessible by authorised parties Not revealed More than not reading Confidentiality is distinct from secrecy and privacy ( for you to think about)

11 John Carpenter 2008 702904 & 711908 lecture - 01 11 Integrity Associated with loss and corruption Data Integrity: Computerised data to be the same as the external, source data Data not exposed to alteration or destruction No inappropriate modification

12 John Carpenter 2008 702904 & 711908 lecture - 01 12 Availability The property of being accessible and useable (without delay) upon demand by an authorised entity We want there to be no denial of service

13 John Carpenter 2008 702904 & 711908 lecture - 01 13 Other security issues Accountability Reliability Safety Dependability

14 John Carpenter 2008 702904 & 711908 lecture - 01 14 Computer security deals with the prevention and detection of unauthorised actions by users of a computer system security deals with the ready availability of valuable assets by authorised agents, and the denial of that access to all others

15 John Carpenter 2008 702904 & 711908 lecture - 01 15 Some Definitions Vulnerability A weakness of some sort Attack When a weakness is exploited Threat A circumstance with a potential for loss Exposure When a vulnerability is visible Control A protective measure NOTE the CLOSED nature of these definitions, the concept of PERIMETER CONTROL.

16 John Carpenter 2008 702904 & 711908 lecture - 01 16 Breaches of Security The Four Threats Interruption Interception Modification Fabrication

17 John Carpenter 2008 702904 & 711908 lecture - 01 17 Some Principles of Security Principle of Easiest Penetration An intruder will use any means of penetration Principle of Timeliness Items only need to be protected until they lose their value (Only protect valuable items) Principle of Effectiveness Controls must work, and they should be efficient, easy to use, and appropriate

18 John Carpenter 2008 702904 & 711908 lecture - 01 18 Costs The costs of additional resources to implement security mechanisms can be quantified (measured) Security mechanisms interfere with users, and can lead to loss of productivity Managing security also costs (Risk Analysis will be covered)

19 John Carpenter 2008 702904 & 711908 lecture - 01 19 Controls A control is a protective mechanism A lock with a key An ATM card is a PIN number A login with a password An e-mail message that is encrypted What should be the focus of controls ? Should protection mechanisms focus on data, or operations on that data, or should we focus on the users ?

20 John Carpenter 2008 702904 & 711908 lecture - 01 20 There are layers of information systems technology Applications Services Operating system Kernel Hardware In which layer (or layers) should security mechanisms be placed ? Should controls be placed in more that one layer ?

21 John Carpenter 2008 702904 & 711908 lecture - 01 21 Layers The presence of layers is a feature of technology Separate layers often perform very different functions Similar functions are combined in one layer The boundary between two layers is usually easily defined Layers can often be independently implemented

22 John Carpenter 2008 702904 & 711908 lecture - 01 22 One Architecture of Controls Administrative Policies Physical Computer and Network Hardware Software Encryption (concealing)

23 John Carpenter 2008 702904 & 711908 lecture - 01 23 Controls: The Onion Model Simple mechanisms, or lots of features ? Should defining and enforcing security be a centralised function ? How to prevent access to the layer below the security mechanism ?

24 John Carpenter 2008 702904 & 711908 lecture - 01 24 Attack on the layer below An important concept Needs an understanding of the layers that are used to gain access to an asset When an intruder finds they are blocked at one layer, this intruder may attempt to attack the next layer closer to the asset Circumventing the protection Smashing a door Posing as an employee Posing as a programmer An email pretending to be from your bank

25 John Carpenter 2008 702904 & 711908 lecture - 01 25 A Different View: Security as a Person problem Roles of individuals in an organisation Directors Managers Professionals Clerks IT staff Personality types Adventurous Anti-social Gregarious

26 John Carpenter 2008 702904 & 711908 lecture - 01 26 Physical Security Control ACCESS Control PORTABILITY Detect EXIT VIOLATIONS

27 John Carpenter 2008 702904 & 711908 lecture - 01 27 Site Security The concern is with physical things Fire Flood Electric Power Access

28 John Carpenter 2008 702904 & 711908 lecture - 01 28 Securing ‘Closed’ Computer systems Media Equipment Site Cold Site Warm Site Hot Site

29 John Carpenter 2008 702904 & 711908 lecture - 01 29 Next week Identity and Authentication References: Pfleeger and Pfleeger section 4.5 Gollman Chapter 2 (Anderson Security Engineering )

Download ppt "John Carpenter 2008 702904 & 711908 lecture - 01 1 702904 & 711908 Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Computer Security CIS326 Dr Rachel Shipsey.

Computer Security CIS326 Dr Rachel Shipsey.
Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.

G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Introducing Computer and Network Security

Introducing Computer and Network Security
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
CSE2500 System Security and Privacy. CSE2500 System Security and Privacy  Nandita&Srini 2 Lecturers Prof B Srinivasan Phone: 990 31333 Room No: C4.47.

CSE2500 System Security and Privacy. CSE2500 System Security and Privacy  Nandita&Srini 2 Lecturers Prof B Srinivasan Phone: Room No: C4.47.
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google