Security Basics Unit I

Views:
 
Category: Education
     
 

Presentation Description

Introduction, Elements of Information security, Security Policy, Techniques, steps, Categories, Operational Model of Network Security, Basic Terminologies in Network Security.

Comments

Presentation Transcript

Slide1:

Reference: Cryptography and Information Security by Dr. Pachghare Prepared for Students, BE Computer Engineering Unit I: Security Basics

Slide2:

Index Introduction, Elements of Information security, Security Policy, Techniques, Operational Model of Network Security, Basic Terminologies in Network Security. 1/12/2016 2 Security Basics

Slide3:

Introduction Information Security requirements have changed in recent times traditionally provided by physical and administrative mechanisms computer use requires automated tools to protect files and other stored information use of networks and communications links requires measures to protect data during transmission 1/12/2016 3 Security Basics

Slide4:

Definitions Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers Network Security - measures to protect data during their transmission Internet Security - measures to protect data during their transmission over a collection of interconnected networks 1/12/2016 4 Security Basics

Slide5:

Aspects of Security consider 3 aspects of information security: security attack security mechanism security service 1/12/2016 5 Security Basics

Slide6:

Elements of Information Security

Slide7:

Elements of Information Security Information Security provides services such as confidentiality, availability and Integrity Confidentiality: It makes sure that only authorize user can access data. Can be defined as protection of data from unauthorized user. Availability: It is the measure to which a system or information is accessible and usable upon request by an authorize user. Integrity: checks the validity of data means no change happen 1/12/2016 7 Security Basics

Slide8:

Security Policy Information security is concerned with control of threats related to use of information. To achieve this develop secure computing platform permit only authorized users Restrict the users to misuse their rights i.e. access control Security to information or computer can be provided by External approach Internal approach 1/12/2016 8 Security Basics

Slide9:

Security Techniques Strong security to information or computer is provided by using cryptography and authentication. Some of the secure techniques are: Series of confidence: ensures that use of all software are authentic. Access control: Access to the computer or information is controlled. Backup data: take backup regularly. Antivirus software, Firewalls, Encryption, Intrusion detection system and Information security awareness etc 1/12/2016 9 Security Basics

Slide10:

Steps for better Security We should following steps for security: Assets: Identify the important information which need to be protected. Risks: After identification of important data to be protected, identify threats, attack, vulnerability and risks to the data. Tools and Techniques: Select tool or technique to protect data. Priorities: Decide the order of the tools and techniques for the protection of the information. 1/12/2016 10 Security Basics

Slide11:

Categories of Computer Security Computer Security can be categorized into following: Cryptography: Plain text, cipher text and key Data Security: protective measures which ensures that data is kept safe from modification or corruption. Computer Security Model: Formal description of security policies Refers to the underlying computer architechture, specification, protection mechanism, security issues that provide framework. Network Security: protection of data during transmission Computer Security: Security of computer and data stored in it Security exploits: unintended flaws in software which helps attackers. 1/12/2016 11 Security Basics

Slide12:

Operational Model of Network Security 1/12/2016 12 Security Basics

Slide13:

Model for Network Security using this model requires us to: design a suitable algorithm for the security transformation generate the secret information (keys) used by the algorithm develop methods to distribute and share the secret information specify a protocol enabling the principals to use the transformation and secret information for a security service 1/12/2016 13 Security Basics

Slide14:

Basic Network Security Terminologies Cryptography Hacking White Hat: Ethical hackers Black Hat: Cracker. They break security for wicked intention. Grey Hat: Combination of both white and grey hat. Encryption Decryption Cryptanalysis: study of principles/methods of deciphering ciphertext without knowing key 1/12/2016 14 Security Basics

Slide15:

Security Services Authentication - assurance that the communicating entity is the one claimed Access Control - prevention of the unauthorized use of a resource Data Confidentiality – protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication 1/12/2016 15 Security Basics

Slide16:

Model for Network Access Security using this model requires us to: select appropriate gatekeeper functions to identify users implement security controls to ensure only authorised users access designated information or resources trusted computer systems may be useful to help implement this model 1/12/2016 16 Security Basics

Slide17:

Security Attack any action that compromises the security of information owned by an organization information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems often threat & attack used to mean same thing have a wide range of attacks can focus of generic types of attacks passive active 1/12/2016 17 Security Basics

Slide18:

Passive Attacks 1/12/2016 18 Security Basics

Slide19:

Active Attacks 1/12/2016 19 Security Basics

authorStream Live Help