Notesale: Turn your study into money

Document Preview

Extracts from the notes are below, to see the PDF you'll receive please use the links above

---

Computer
and
INFORMATION SECURITY

Ghana, GCUC
Study guide, definitions, and notes
csc 372

1

outline

• Computer Security Concepts
• OSI Security Architecture

• Security Attacks
• Security Services
• Security Mechanisms

2

Definition of computer security
• Definition of computer security has evolved over the years
• Before the problem of data security became widely publicized, most people’s idea of
computer security focused on the physical machine

• Computer security is the protection of computing systems from theft or damage to

the hardware, software, information and services

• It also involves the process of safe guarding against intruders from using one’s
computer resources fro malicious intents or for their own gains
...
slideshare
...
slideshare
...
slideshare
...

• The OSI security architecture is useful to managers as a way of organizing the task
of providing security
...
800, Security Architecture for OSI”
• The International Telecommunication Union (ITU) Telecommunication
Standardization Sector (ITU-T) is a United Nations sponsored agency that develops
standards, called Recommendations, relating to telecommunications and to open
systems interconnection (OSI)
• ITU-T X
...
800 “Security Architecture for OSI” document defines
security attacks, mechanisms and services and the relationships among these
categories
...

• Security policy: It states how a company plans to protect the company's
physical and information technology assets
...

• Security model: integrates the security policy that should be enforced in the
system; it a symbolic form of a security policy
• Security mechanism: A process (or a device incorporating such a process)
that is designed to detect, prevent, or recover from a security attack
• Security service : A service that enhances the security of the data processing
systems and the information transfers of an organization
...

11

Categories of Security attacks
• Security attack: Any action that compromises the security of information
owned by an organization
...


14

Passive attacks: traffic analysis
• In this attack, the eavesdropper analyzes the traffic, determine the location,
identify communicating hosts, observes the frequency and length of message
being exchanged
...
ca/article/838

23

Categories of cyber attackers
1) Hackers: They are benign explorers, malicious intruders, or
computer trespassers
...
They are considered
the “good guys”
...
They break into machines, steal data such as emails
and passwords, bank account and credit card credentials
...
These hackers are sometimes
referred to as crackers
...
They usually sell or disclose
vulnerabilities to governments and law enforcement agencies
...


24
Img src:Community
...
com

Categories of cyber attackers
2) Organized attackers: This category includes organizations of terrorists,
hacktivists and criminal actors
...


• Hacktivists seek to make a political statement, and damage may
be involved, but the motivation is primarily to raise awareness,
not encourage change through fear
...

25

Categories of cyber attackers

3) Disgruntled employees: They can launch retaliatory attacks or threaten the
safety of internal systems; These people are usually financially motivated
insiders, who may misuse company assets or manipulate the system for personal
gain
4) Amateurs: less-skilled hackers, also known as "script kiddies" or "noobs" often
use existing tools and instructions that can be found on the Internet
...

• These mechanisms may be technical or non-technical
• Non-technical mechanisms include “safe computing practices”
• “X
...
800)

29

Security mechanisms
• Encipherment: The use of mathematical algorithms to transform data into a
form that is not readily intelligible
...

• Data Integrity: A variety of mechanisms used to assure the integrity of a data
unit or stream of data units
...

• Traffic Padding: The insertion of bits into gaps in a data stream to frustrate
traffic analysis attempts
...


31

Security services
• Security service : A service that enhances the security of the data
processing systems and the information transfers of an organization
...


32

Security services
Categories of security services include:
• Authentication: The assurance that the communicating entity is the one
that it claims to be
• Access control: The prevention of unauthorized use of a resource
• Data confidentiality: The protection of data from unauthorized
disclosure
...

33



---