Information Security - National University of Sciences and
Download
Report
Transcript Information Security - National University of Sciences and
Information Security
ICT Fundamentals
Presentation Credits
• “Introduction to Computers” by Peter
Norton
• Dr Junaid, EE Dept, SEECS
Today’s Topics
• Computer Security
• Network Security
• Communication Security
Basic Security Terminology
• Threat:
• Anything that can cause harm
• Vulnerability
• Existing weakness that can be exploited to do harm
• Countermeasure
• Steps taken to ward off threat
Basic Security Terminology
Computer Security
• Malware
• Malicious code that compromises your computer
security when it enters your system
• Viruses
• Trojan Horses
• Spyware
Computer Security
• Viruses
• Attaches itself to some host program e.g. a word
document
• Executes when word document is opened
• Make copies of itself by attaching itself by other host
programs
• Can do all sorts of damage
• Fill up storage and memory, modify/destroy data, erase hard
disk
• Attack on Integrity
Computer Security
• Trojan Horses
• Malicious program that appears to be friendly
• E.g. Games
• Open a “backdoor” to the infected system allowing
someone else to access/take control of your system
• Facilitates hacking of system
• Hacking: To enter somebody system/account in an illegal way
• Attack on confidentiality and authenticity
Computer Security
• Spyware
• Can track user’s activities and report them to
somebody else
• Attack on Confidentiality
Network Security
• Worms
• Malicious code that replicates itself
• Can fill entire disks and spread to other computer
• Attack on availability
Network Security
• Denial of Service Attacks (DoS)
• A person hacks a system and uses it to attack other
computers
• Compromised system is called a zombie
• Using large number of zombies, a person can send
thousands of requests to web-Server effectively making
it unavailable for legitimate users
• Attack on availability
Communication Security
• Alice sends a message to Bob
• A malicious person Eve can listen
• Listening: Attack on confidentiality
• Modify data and again transmit to Bob: Attack on integrity
• Self generate a message and send to Bob, pretending that it
came from Alice: Attack on authenticity
• Alice sends a message to Bob and later denies sending it
• Attack on Non-repudiability
COUNTER MEASURES
Computer and Network Security
• Anti Virus Software
• Anti Spyware
• Firewall
• Software or Hardware
• Restricts who can/cannot connect to your system
Communication Security
• Authenticate
• Ask for password before starting communication
• Eve will not know the password, she cannot self generate
the message
• Encrypt
• Talk in secret language
• E.g Alice and Bob understand that a will be written as a+2 =
c and b will be written as b+2 = d and so on
• Eve does not know this, she cannot understand the message
Communication Security
• Hash functions
• Do a summary of whole message using a technique
that only Alice and Bob know
• Append the summary to the message
• If eve modifies message, she cannot recalculate
summary because she does not know the technique
• Digital Signatures
• Digitally sign your message
END OF CHAPTER