Information Security Introduction: By: Mitul Patel
Information Security Introduction: By: Mitul Patel
By:
Mitul Patel
COURSE PLAN
Course Teachers:
Dr. D R Patel(DRP)-Course Coordinator
Mr. Mitul H Patel
Miss. Mukti Padhya
SYLLABUS
BOOKS RECOMMENDED
INFORMATION SECURITY
C.I.A
Confidentiality-information needs to be hidden from
unauthorized access
Integrity-protected from unauthorized change
and
Availability-Available to an authorized entity when it is
needed
Information Systems are decomposed into three main
portions hardware, software and Communications
Physical, Personal and Organizational Security
VARIOUS SECURITIES
Data Security
Data security is the means of ensuring that data is kept safe
from corruption and that access to it is suitably controlled.
Computer Security
protection of information and property from theft, corruption,
or natural disaster,
Malware: malicious software
Network Security
protectthe network and the network-accessible resources
from unauthorized access, consistent and continuous
monitoring and measurement of its effectiveness
SECURITY BASICS
X.800 focuses on three aspects of information security
1. Security service
properties which any security solution should satisfy e.g.
……
2. Security mechanism
tools and techniques by which, the security services can
be achieved e.g.
3. Security attack
actions that are attempts at violating the security rules.
SECURITY SERVICES
X.800:
“a service provided by a protocol layer of communicating
open systems, which ensures adequate security of the
systems or of data transfers”
RFC 2828:
“a processing or communication service provided by a
system to give a specific kind of protection to system
resources”
SECURITY SERVICES
SECURITY SERVICES - X.800
OBJECTIVES
Data Confidentiality : protection of data from unauthorized
disclosure
• Passive
• Active
SECURITY THREAT
SECURITY ATTACKS
1. Passive attacks
• Attacker’s goal is to just obtain the information
• Does not modify the data or harm the system
• The system continues with its normal operation
• Difficult to detect
PASSIVE ATTACKS
PASSIVE ATTACKS
Two types of Passive attacks
Attacks threatening confidentiality
1. Release of message contents
Unauthorized access or interception of data
2. Traffic Analysis
Online traffic monitoring by attacker
Solution: