Lecture 3a Security
Lecture 3a Security
Overview
Key Security Concepts
Security Terminology
Vulnerabilities and Attacks
System resource vulnerabilities may
Be corrupted (loss of integrity)
Become leaky (loss of confidentiality)
Become unavailable (loss of availability)
Attacks are threats carried out and may be
Passive
Active
Insider
Outsider
Countermeasures
Means used to deal with security attacks
Detect
Prevent
Recover
May result in new vulnerabilities
Goal is to minimize risk given constraints
Threat Consequences
Unauthorized disclosure
Exposure, interception, inference, intrusion
Deception
Masquerade, falsification, repudiation
Disruption
Incapacitation, corruption, obstruction
Usurpation
Misappropriation, misuse
Scope of Computer Security
Network Security Attacks
Classify as passive or active
Passive attacks are eavesdropping
Release of message contents
Traffic analysis
Modification
Denial of service