Introduction to Information Security. Basic Terminology презентация

Июль 31, 2022

Главная
Информатика
Introduction to Information Security. Basic Terminology

Содержание

2. Teaching Lectures – by Me (15 lectures on a weekly basis) Labs and Practical sessions –
3. Some information to help you to take this module
4. Course Objectives 15 lectures – one per week Provide overview of Security Principles Encryption, Network Security,
5. What you can get from this course Why protect? What protect? How protect? Sorts of threats
6. Syllabus at a glance Basic terminology. Classical Encryption. Early cryptography. Rotor machines: Enigma and its relatives.
7. How to take this course: reading Basic literature (Required Reading!): Cryptography and Network Security by William
8. How to take this course: schedule Attend all lectures Submit assignments on time Do not leave
9. Assessment Overall mark: 30% - 1st term 30% - 2nd term 40% - Final Examination The
10. Questions?
11. Basic Concepts and Terminology Vulnerability Threat Attack Security concepts: Confidentiality, Integrity, Availability Security Service
12. Vulnerability Some state of the system of being open to attacks or injuries. Example in house
13. Threat A statement of an intention to injure, damage or any other enemy action. A potential
14. 4 kind of threats: Interception Interruption Modification Fabrication
15. Interception – unauthorized access to a data. For example, Illegal copying of program or data files
16. Interruption – a data of the system becomes lost, unavailable, or unusable. Examples include Erasure of
17. Modification – unauthorized, change tamper with a data. For example, Someone might change the values in
18. Fabrication – E.g. Unauthorized insertion to a existing database. Source: https://genesisdatabase.wordpress.com/
19. Attack An assault on system security A deliberate attempt to evade security services Kind of attacks:
20. Passive Attacks Source: Cryptography and Network Security by Stallings
21. Passive Attacks (cont.) Source: Cryptography and Network Security by Stallings
22. Source: Cryptography and Network Security by Stallings Active Attacks
23. Source: Cryptography and Network Security by Stallings Active Attacks (cont.)
24. Why to attack? (MOM) Method: skills, knowledge, tools, etc. Opportunity: time and access Motive: fame, money,
25. Key Security Concepts Used to prevent weaknesses from being exploited Confidentiality – access only by authorized
26. Relationship between Confidentiality, Integrity, and Availability
27. How to avoid security attacks? Think about vulnerabilities
28. Viruses, worms, trojans
29. Servers, server rooms, laptops, etc. (Physical Security)
30. Data protection The most important thing in majority of information systems
31. How to protect? 3Ds of Security Defense – reducing risks and saving costs of incidents (E.g.
32. How to protect? Security Service Enhance security of data processing systems and information transfers of an
33. Security Services X.800: “a service provided by a protocol layer of communicating open systems, which ensures
34. Security Services (X.800) Authentication – assure that communication entity is the one claimed Access Control –
35. Security Mechanisms (X.800) Features designed to protect, prevent, or recover from a security attack No single
36. Summary Basic Information Security Terminology Key Security Concepts Confidentiality, Integrity, Availability Subject of attacks? Hardware, Software
37. Reading Cryptography and Network Security by Stallings Chapter 1: Sections 1.1, 1.3, 1.4, 1.5, 1.8
39. Скачать презентацию

Слайд 2

Teaching
Lectures – by Me (15 lectures on a weekly basis)
Labs and

Practical sessions – also by Me
Contact
Email: Igibek@mail.usf.edu
Office 802.

Слайд 3

Some information to help you to take this module

Слайд 4

Course Objectives
15 lectures – one per week
Provide overview of Security Principles

Encryption, Network Security, Software Security, Data and Network Protection methods
Laboratory works and Quizzes
Prerequisites:
Information systems
Networking
Programming and Basic Mathematical skills

Слайд 5

What you can get from this course
Why protect? What protect? How

protect?
Sorts of threats against modern computers and networks
Network attacks, types of worms and viruses
How the above problems is being solved in the industry
Concepts of encryption, hardware and software protection (firewall, IDS, policies and procedures)

Слайд 6

Syllabus at a glance
Basic terminology.
Classical Encryption. Early cryptography. Rotor machines: Enigma

and its relatives.
Block ciphers and the Data Encryption Standard. AES
Basic concepts in Number Theory and Finite Fields
Public Key Cryptography and RSA.
Cryptographic Hash Function
Digital Signatures and Certificates
User Identification and Authentication
Access Control (Authorization)
Network Firewalls
Intrusion Detection System

Слайд 7

How to take this course: reading
Basic literature (Required Reading!):
Cryptography and Network

Security by William Stallings, 5th edition, 2006
Security in Computing by Charles P. Pfleeger and Shari Lawrence Pfleeger, 4th edition, 2006

Слайд 8

How to take this course: schedule
Attend all lectures
Submit assignments on time
Do

not leave until the last minute
Marks will be deducted for late submission (-20% for each day)
Cannot mark what is not there
Plagiarism … will be detected!
For the 1st time, chance will be given with 50% of the total mark
See assignment description for submission date

Слайд 9

Assessment
Overall mark:
30% - 1st term
30% - 2nd term
40% - Final

Examination
The final version of grading policy will be available soon.

Слайд 10

Questions?

Слайд 11

Basic Concepts and Terminology
Vulnerability
Threat
Attack
Security concepts:
Confidentiality, Integrity, Availability
Security Service

Слайд 12

Vulnerability
Some state of the system of being open to attacks or

injuries.
Example in house analogy:
“Open Door” is the vulnerability for thieves

Слайд 13

Threat
A statement of an intention to injure, damage or any other

enemy action.
A potential for violation of security.
In case of “house” example:
“Loss of Money” is a threat

Слайд 14

4 kind of threats:
Interception
Interruption
Modification
Fabrication

Слайд 15

Interception – unauthorized access to a data.
For example,
Illegal copying of

program or data files

Source: https://genesisdatabase.wordpress.com/

Слайд 16

Interruption – a data of the system becomes lost, unavailable, or

unusable.
Examples include
Erasure of a program or data file
Malicious destruction of a hardware device

Source: https://genesisdatabase.wordpress.com/

Слайд 17

Modification – unauthorized, change tamper with a data.
For example,
Someone

might change the values in a database

Source: https://genesisdatabase.wordpress.com/

Слайд 18

Fabrication – E.g. Unauthorized insertion to a existing database.
Source: https://genesisdatabase.wordpress.com/

Слайд 19

Attack
An assault on system security
A deliberate attempt to evade security

services
Kind of attacks:
Passive attacks
Active attacks

Слайд 20

Passive Attacks
Source: Cryptography and Network Security by Stallings

Слайд 21

Passive Attacks (cont.)
Source: Cryptography and Network Security by Stallings

Слайд 22

Source: Cryptography and Network Security by Stallings
Active Attacks

Слайд 23

Source: Cryptography and Network Security by Stallings
Active Attacks (cont.)

Слайд 24

Why to attack? (MOM)
Method: skills, knowledge, tools, etc.
Opportunity: time and

access
Motive: fame, money, etc.

Слайд 25

Key Security Concepts
Used to prevent weaknesses from being exploited
Confidentiality – access

only by authorized users; E.g. Student grades
Integrity – modify only by authorized users; E.g. Patient information
Availability – E.g. Users want to check their accounts

Слайд 26

Relationship between Confidentiality, Integrity, and Availability

Слайд 27

How to avoid security attacks?
Think about vulnerabilities

Слайд 28

Viruses, worms, trojans

Слайд 29

Servers, server rooms, laptops, etc. (Physical Security)

Слайд 30

Data protection
The most important thing in majority of information systems

Слайд 31

How to protect? 3Ds of Security
Defense – reducing risks and saving

costs of incidents (E.g. Firewalls, antivirus software, spam filters, etc.)
Deterrence – punishing makes attackers think twice (E.g. Laws, organizational policies and procedures)
Detection – need alert if security incident occurs (E.g. Audit logs, intrusion detection system, network traffic monitoring)

Слайд 32

How to protect? Security Service
Enhance security of data processing systems and

information transfers of an organization
Intended to counter security attacks
Using one or more security mechanisms
Often replicates functions normally associated with physical documents
E.g. have signatures, dates; need protection from disclosure

Слайд 33

Security Services
X.800:
“a service provided by a protocol layer of communicating open

systems, which ensures adequate security of the systems or of data transfers”
RFC 2828:
“a processing or communication service provided by a system to give a specific kind of protection to system resources”

Слайд 34

Security Services (X.800)
Authentication – assure that communication entity is the one

claimed
Access Control – prevention of the unauthorized use of a resource
Data Confidentiality – protection of data from unauthorized disclosure
Data Integrity – assure that data received is as sent by an authorized entity
Non-Repudiation – protection against denial by one of the parties in a communication
Availability – resource accessible/usable.

Слайд 35

Security Mechanisms (X.800)
Features designed to protect, prevent, or recover from a

security attack
No single mechanism that will support all services required
Specific security mechanisms:
Encipherment, digital signatures, access controls, data integrity, authentication

Слайд 36

Summary
Basic Information Security Terminology
Key Security Concepts
Confidentiality, Integrity, Availability
Subject of attacks? Hardware,

Software and Data
How to avoid attacks?
Think about vulnerabilities
How to protect?
3 Ds: Defense, Deter, Detect
Security Services

Слайд 37

Reading
Cryptography and Network Security by Stallings
Chapter 1:
Sections 1.1, 1.3, 1.4,

1.5, 1.8

Introduction to Information Security. Basic Terminology презентация

Содержание

TeachingLectures – by Me (15 lectures on a weekly basis)Labs and

Some information to help you to take this module

Course Objectives15 lectures – one per weekProvide overview of Security Principles

What you can get from this courseWhy protect? What protect? How

Syllabus at a glanceBasic terminology.Classical Encryption. Early cryptography. Rotor machines: Enigma

How to take this course: readingBasic literature (Required Reading!):Cryptography and Network

How to take this course: scheduleAttend all lecturesSubmit assignments on timeDo

AssessmentOverall mark: 30% - 1st term30% - 2nd term40% - Final

Questions?

Basic Concepts and TerminologyVulnerabilityThreatAttackSecurity concepts:Confidentiality, Integrity, AvailabilitySecurity Service

VulnerabilitySome state of the system of being open to attacks or

ThreatA statement of an intention to injure, damage or any other

4 kind of threats: Interception InterruptionModificationFabrication

Interception – unauthorized access to a data.For example, Illegal copying of

Interruption – a data of the system becomes lost, unavailable, or

Modification – unauthorized, change tamper with a data. For example, Someone

Fabrication – E.g. Unauthorized insertion to a existing database. Source: https://genesisdatabase.wordpress.com/

AttackAn assault on system security A deliberate attempt to evade security

Passive AttacksSource: Cryptography and Network Security by Stallings

Passive Attacks (cont.)Source: Cryptography and Network Security by Stallings

Source: Cryptography and Network Security by StallingsActive Attacks

Source: Cryptography and Network Security by StallingsActive Attacks (cont.)

Why to attack? (MOM)Method: skills, knowledge, tools, etc. Opportunity: time and

Key Security ConceptsUsed to prevent weaknesses from being exploitedConfidentiality – access

Relationship between Confidentiality, Integrity, and Availability

How to avoid security attacks?Think about vulnerabilities

Viruses, worms, trojans

Servers, server rooms, laptops, etc. (Physical Security)

Data protection The most important thing in majority of information systems

How to protect? 3Ds of SecurityDefense – reducing risks and saving

How to protect? Security ServiceEnhance security of data processing systems and

Security ServicesX.800:“a service provided by a protocol layer of communicating open

Security Services (X.800)Authentication – assure that communication entity is the one

Security Mechanisms (X.800)Features designed to protect, prevent, or recover from a

SummaryBasic Information Security TerminologyKey Security ConceptsConfidentiality, Integrity, AvailabilitySubject of attacks? Hardware,

ReadingCryptography and Network Security by StallingsChapter 1: Sections 1.1, 1.3, 1.4,

Похожие презентации

Teaching
Lectures – by Me (15 lectures on a weekly basis)
Labs and

Course Objectives
15 lectures – one per week
Provide overview of Security Principles

What you can get from this course
Why protect? What protect? How

Syllabus at a glance
Basic terminology.
Classical Encryption. Early cryptography. Rotor machines: Enigma

How to take this course: reading
Basic literature (Required Reading!):
Cryptography and Network

How to take this course: schedule
Attend all lectures
Submit assignments on time
Do

Assessment
Overall mark:
30% - 1st term
30% - 2nd term
40% - Final

Basic Concepts and Terminology
Vulnerability
Threat
Attack
Security concepts:
Confidentiality, Integrity, Availability
Security Service

Vulnerability
Some state of the system of being open to attacks or

Threat
A statement of an intention to injure, damage or any other

4 kind of threats:
Interception
Interruption
Modification
Fabrication

Interception – unauthorized access to a data.
For example,
Illegal copying of

Modification – unauthorized, change tamper with a data.
For example,
Someone

Fabrication – E.g. Unauthorized insertion to a existing database.
Source: https://genesisdatabase.wordpress.com/

Attack
An assault on system security
A deliberate attempt to evade security

Passive Attacks
Source: Cryptography and Network Security by Stallings

Passive Attacks (cont.)
Source: Cryptography and Network Security by Stallings

Source: Cryptography and Network Security by Stallings
Active Attacks

Source: Cryptography and Network Security by Stallings
Active Attacks (cont.)

Why to attack? (MOM)
Method: skills, knowledge, tools, etc.
Opportunity: time and

Key Security Concepts
Used to prevent weaknesses from being exploited
Confidentiality – access

How to avoid security attacks?
Think about vulnerabilities

Data protection
The most important thing in majority of information systems

How to protect? 3Ds of Security
Defense – reducing risks and saving

How to protect? Security Service
Enhance security of data processing systems and

Security Services
X.800:
“a service provided by a protocol layer of communicating open

Security Services (X.800)
Authentication – assure that communication entity is the one

Security Mechanisms (X.800)
Features designed to protect, prevent, or recover from a

Summary
Basic Information Security Terminology
Key Security Concepts
Confidentiality, Integrity, Availability
Subject of attacks? Hardware,

Reading
Cryptography and Network Security by Stallings
Chapter 1:
Sections 1.1, 1.3, 1.4,