Review security basic concepts

IT 352 : Lecture 2- part1

Najwa AlGhamdi , MSc – 2012 /1433

Outline

• Computer Security Concept • Aspects of Security • Security Attack• OSI Security Structure • Model for Network Security

Computer Security Concept

Computer Security Definition the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, information/data, and telecommunications)

Computer Security Concept 1. Confidentiality المعلومات �ة سرّي

preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

2. Integrity المعلومات صحة من التأكدGuarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity

3. Availability المعلومات توفر Ensuring timely and reliable access to and use of information.

Aspects of Security

• consider 3 aspects of information security:• security attack• security mechanism• security service

• note terms

• threat – a potential for violation of security• attack – an assault on system security, a deliberate attempt to

evade security services

Security Attack• Passive Attack

• attempts to learn or make use of information from the system but does not affect system resources.

• Two types of passive attacks are:

1.Release of message contents

2.Traffic analysis.

Active Attack

• Active Attack • modification of the data

stream or the creation of a false stream

• Four types of active attacks1.masquerade,

2.Replay

3.modification of messages,

4.denial of service.

OSI Security Structure

• The OSI security architecture is useful to managers as a way of organizing the task of providing security.

• Define Security Services and mechanism

OSI Security Structure – Security Services • Authentication ( الهوّية من assurance that - (التثبت

communicating entity is the one claimed• have both peer-entity & data origin authentication

• Access Control ( الوصول في prevention of -(التحكمthe unauthorized use of a resource

• Data Confidentiality ( �ة المعلوماتسرّي )–protection of data from unauthorized disclosure

• Data Integrity ( المعلومات صحة من -(التأكدassurance that data received is as sent by an authorized entity

• Non-Repudiation (عدم االنكار) - protection against denial by one of the parties in a communication

• Availability – resource accessible/usable

OSI Security Structure – Security Mechanism • specific security mechanisms ( OSI

model) • Encipherment, digital signatures, access controls, data integrity,

authentication exchange, traffic padding, routing control, notarization

OSI Security Structure – Security Mechanism

OSI Security Structure – Security Mechanism • pervasive security mechanisms:

• trusted functionality: functionality that can be trusted to perform as intended.

• security labels: every item is associated with a security label. For example : a label for sensitivity level.

• event detection : detective and could be corrective mechanism m for security event.

• security audit trails: Review and Examination of system records and activities

• security recovery : implementing corrective security mechanisms and putting them in appropriate place.

Model for Network Security

Model for Network Security using this model requires us to:

1. design a suitable algorithm for the security transformation 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret

information 4. specify a protocol enabling the principals to use the

transformation and secret information for a security service

Model for Network Security

Model for Network Security using this model requires us to:

1. select appropriate gatekeeper functions to identify users 2. implement security controls to ensure only authorised users

access designated information or resources

Summary

• topic roadmap & standards organizations• security concepts:

• confidentiality, integrity, availability• X.800 security architecture• security attacks, services, mechanisms• models for network (access) security

Resources

• Network Security Essential , chapter 1 .