Scribd
Upload
5 views18 pages

LM2 Slides

The document outlines the essentials of information security, focusing on wireless and mobile security, cryptography, and the principles of information security. It covers key concepts such as confidentiality, integrity, availability, and the AAA framework, along with threats to wireless networks and relevant security standards. Additionally, it discusses various cryptographic methods, including symmetric and public key cryptography, and emphasizes the importance of a balanced security approach.

Uploaded by

yashkaushal013
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
5 views18 pages

LM2 Slides

The document outlines the essentials of information security, focusing on wireless and mobile security, cryptography, and the principles of information security. It covers key concepts such as confidentiality, integrity, availability, and the AAA framework, along with threats to wireless networks and relevant security standards. Additionally, it discusses various cryptographic methods, including symmetric and public key cryptography, and emphasizes the importance of a balanced security approach.

Uploaded by

yashkaushal013
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

LM 2.

Information
Security Essentials

Dr. Lei Li
Road Map

WLAN Mobile Security Auditing &


Introduction
Security Security Risk Analysis

Evolution of Wireless WLAN Mobile Network


Network Overview Overview

Infor. Security WLAN Threats Cellular Network


Essentials & Vulnerabilities Security

WLAN Mobile Security


Security Threats

WLAN Mobile Devices


Security Tools Security

2
Learning Outcomes
After this module, a student will be able to:
• Define Information Security and Wireless Security
• Describe the five pillars of information security.
• Discuss defense in depth in information security
• Define the AAA of information security
• Describe the five principles Information security: CIA triad, Non-
repudiation and Accountability.
• Explain the difference between symmetric key cryptography (SKC) and
public key cryptography (PKC).
• Describe how integrity is achieved through hash function.
• Describe how digital signature works
• Discuss the threats category to wireless network/device
• Discuss inf0rmation security standards and regulatory compliances
3
Information Security
• “Preservation of confidentiality, integrity and availability of
information. Note: In addition, other properties, such as authenticity,
accountability, non-repudiation and reliability can also be involved."
(ISO/IEC 27000:2009)
• Wireless Security
• Specific to wireless networks and mobile devices
• Balanced approach among security, implementation efficiency, &
employee productivity.

4
5 Security Principles
• Confidentiality
• Integrity
• Availability
• Non-repudiation
• Authentication

5
Cryptography
• For confidentiality
• Symmetric-key cryptography
• Same key for encryption and decryption
• Simple and fast
• Two parties must exchange the key in a secure way beforehand

6
Public Key Cryptography
• A pair of keys
• Public key – available for public and other user may use it for encryption
• Private key – only known to owner. Decrypt the message encoded using
public key
• Solved the key exchange problem of SKC
• Strong security
• More computationally intensive

7
Hybrid Cryptosystem
• Combine the benefit of SKC and PKC
• Use PKC for the key exchange
• Use SKC for the communication afterward

8
Digital Signature
• Using PKC
• Private key for signing
• Public key for verification
• Applications
• Authentication
• Integrity
• Non-repudiation

9
Integrity
• Threats to integrity
• Passive and active
• Hash function
• Mathematical function that converts a numerical input value into another
compressed numerical value
• Minor changes in hash input will cause significant change in hash value

10
5 Pillars of Information Security
• Protection
• Detection
• Reaction
• Documentation
• Prevention

11
Access Control - AAA
• Authentication
• Authorization
• Accounting

12
Defense in Depth
• Physical controls
• Technical controls
• Administrative controls

13
Defense in Depth

https://www.slideshare.net/OTNArchbeat/rationalization-and-defense-in-depth-two-steps-closer-to-the-clouds
14
Threats to Wireless Network
• System access
• Device control
• Data theft

15
Information Security Standards
• ISO 27001, 27002
• NIST
• ETSI
• CISQ

16
Regulatory Compliance
• Sarbanes-Oxley Act
• GLBA
• HIPPA
• PCI-DSS.

17
Reference
• Praphul Chandra, Bulletproof Wireless Security: GSM, UMTS, 802.11, and Ad Hoc Security, ELSEVIER, 2005.
• Jim Doherty, Wireless and Mobile Device Security, Jones & Bartlett Learning, 2016.
• https://en.wikipedia.org/wiki/Information_security
• https://en.wikipedia.org/wiki/Wireless_security
• http://cf.rims.org/Magazine/PrintTemplate.cfm?AID=2409
• https://en.wikipedia.org/wiki/Defense_in_depth_(computing)
• http://searchsecurity.techtarget.com/definition/authentication-authorization-and-accounting
• https://www.usna.edu/CyberDept/sy110/lec/pillarsCybSec/lec.html
• SKC:http://www.webopedia.com/TERM/S/symmetric_key_cryptography.html
• AKC: https://en.wikipedia.org/wiki/Public-key_cryptography
• Hybrid cryptograph: https://en.wikipedia.org/wiki/Hybrid_cryptosystem
• https://www.tutorialspoint.com/cryptography/data_integrity_in_cryptography.htm
• https://en.wikipedia.org/wiki/Digital_signature
• https://en.wikipedia.org/wiki/Cyber_security_standards
• https://www.tcdi.com/information-security-compliance-which-regulations/

18

You might also like