Module:1

Introduction to Security
 Module:1
Introduction to Security
• Security properties
• Security vulnerabilities
• Threats and attacks
• Security models, policies and
mechanisms
• Security Services and Mechanisms
• Encryption Techniques
• Basic notions of security protocol
Computer Career Growth Rate
 Need for Security
• All documents are in electronic form.
• Need for protecting files & other information
on computer became evident.
• Growth in computer systems &
interconnections via network. (i.e to
authenticate of data & message , protect data
& resource).
• Developments to enforce network Security.
 What is Security?
• “The quality or state of being secure—to be free from
danger”
• A successful organization should have multiple layers
of security in place:
– Physical security
– Personal security
– Communications security
– Network security
– Information security
 Security- Definitions
• Computer Security
- collection of tools designed to protect data
and from the hackers.

• Network Security
- measures to protect data during their
transmission.

• Internet Security
- measures to protect data during their
transmission over a collection of interconnected
networks.
INFORMATION SECURITY
 INFORMATION SECURITY
 Data
recording of “something” measured
Raw material, just measured

 Information
Information is the result of processing, manipulating
and organizing data in a way that adds to the
knowledge of the receiver.
Processed data

 Knowledge
Knowledge is normally processed by means of
structuring, grouping, filtering, organizing or pattern
recognition.
Highly structured information
 INFORMATION SECURITY
Information Systems
 An integrated set of components for collecting, storing, processing, and
communicating information.
 Business firms, other organizations, and individuals in contemporary society
rely on information systems to manage their operations, compete in the
marketplace, supply services, and augment personal lives.

 Information Security
 Information security is the process of protecting information from unauthorized
access, use, disclosure, destruction, modification, or disruption
 The protection of computer systems and information from harm, theft, and
unauthorized use.
 Protecting the confidentiality, integrity and availability of information
 Information security is an essential infrastructure technology to achieve
successful information-based society
 Highly information-based company without information security will lose
competitiveness
 INFORMATION SECURITY
 What kind of protection?
Protecting important document /
computer
Protecting communication networks
Protecting Internet
Protection in ubiquitous world
 3 Aspects of Security
1. Security Attack
– Any action that compromises the security of
information.
2. Security Mechanism
– A mechanism that is designed to
detect, prevent, or recover from a security attack.
3. Security Service
– A service that enhances the security of data
processing systems and information transfers.
 Security Attack
• any action that compromises the security of
information owned by an organization
• information security is about how to prevent
attacks, or failing that, to detect attacks on
information-based systems
• often threat & attack used to mean same thing
• have a wide range of attacks
• can focus of generic types of attacks
– passive
– active
Passive Attacks
Active Attacks
 Security Service
– enhance security of data processing systems
and information transfers of an organization
– intended to counter security attacks
– using one or more security mechanisms
– often replicates functions normally associated
with physical documents
• which, for example, have signatures, dates; need
protection from disclosure, tampering, or
destruction; be notarized or witnessed; be
recorded or licensed
 Security Services
• X.800:
“a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data
transfers”

• RFC 2828:
“a processing or communication service
provided by a system to give a specific kind
of protection to system resources”
 Security Services (X.800)
• Authentication - assurance that the
communicating entity is the one claimed
• Access Control - prevention of the
unauthorized use of a resource
• Data Confidentiality –protection of data from
unauthorized disclosure
• Data Integrity - assurance that data received is
as sent by an authorized entity
• Non-Repudiation - protection against denial by
one of the parties in a communication
 Principles and Concepts – Data
Security
• Authentication
 Principles and Concepts – Data
Security
• Authorization
 Principles and Concepts – Data
Security
• Confidentiality
 Principles and Concepts – Data
Security
• Integrity
 Principles and Concepts – Data
Security
• Availability
 Principles and Concepts – Data
Security
• Non-repudiation
Security Needs for Network Communications
Confidentiality Authentication Availability

Interception Forgery Denial of Service

Is Private? Who am I dealing with? Wish to access!!

Integrity Non-Repudiation Access Control

Not
SENT !

Modification Claim Unauthorized access

Has been altered? Who sent/received it? Have you privilege?

 Security Mechanism
• feature designed to detect, prevent, or
recover from a security attack
• no single mechanism that will support all
services required
• however one particular element underlies
many of the security mechanisms in use:
– cryptographic techniques
Model for Network Security
Model for Network Access Security
Model for Network Access Security
• using this model requires us to:
1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only
authorised users access designated
information or resources
• trusted computer systems may be useful
to help implement this model
 WHY – Information Security

 To Universal growth & use of digital information (as

confidential), there has also been a growth in thefts,
including cyber attacks by hackers.
 Need for keeping information safe from data Breaks
using a variety of tools and techniques.
 Information Security Analysts -> Protects information
on computer Network.
 They have special software  keep track of who can access,
who have accessed data.

30
 Information security
• Protects from unauthorised access, use, disclosure,
disruption, modification, perusal, inspection,
recording, or destruction.
• The core function is to ensure the confidentiality,
integrity and availability of data to the ‘right’
users within/outside of the organisation.
• Application Security are responsible for ensuring
stable and secure functioning of the applications
by knowing threats, Securing the network, host
and application Incorporating security into the
software development process