Documente Academic
Documente Profesional
Documente Cultură
Information Security 2
OSI (X.800) Security Architecture
Information Security 3
Security Attacks
Information Security 4
Security Attacks (Cont…)
Information Security 5
Security Attacks (Cont…)
■ Passive attack:
A passive attack attempts to learn or make use of
information from the system but does not affect system
resources.
2. Traffic analysis
Information Security 6
Security Attacks (Cont…)
■ Release of a message content
A telephone conversation, an e-mail message and a
transferred file may contain sensitive or confidential
information
Information Security 7
Security Attacks (Cont…)
■ Traffic analysis
▪ It is a kind of attack done on encrypted messages.
▪ The opponent might be able to observe the pattern of such
encrypted message.
▪ The opponent could determine the location and identity of
communicating hosts and could observe the frequency and
length of messages being exchanged .
Information Security 8
Security Attacks (Cont…)
Information Security 9
Security Attacks (Cont…)
■ Active attacks
■ Masquerade
■ Replay
■ Modification of messages
■ Denial of service
Information Security 10
Security Attacks (Cont…)
Information Security 11
Security Attacks (Cont…)
Information Security 12
Security Attacks (Cont…)
Information Security 13
Security Attacks (Cont…)
▪ The denial of service prevents or inhibits the normal use or
management of communications facilities
This attack may have a specific target; for example, an entity may suppress
all messages directed to a particular destination
Another form of service denial is the disruption of an entire network,
either by disabling the network or by overloading it with messages so as to
degrade performance
Information Security 14
Security Attacks (Cont…)
Information Security 15
Model for Network Security
Information Security 16
Model for Network Security (Conti…)
Information Security 17
Information Security Objectives
■ Confidentiality or privacy
■ Keeping information secret from all but those who are
authorized to see it
■ Privacy involves protecting data from unauthorized
individuals while in transit or in the store
■ When data travels across a network, especially the internet, it
may travel through many intermediate organizations and
their devices, such as routers
■ During this process, data packets may be intercepted
intentionally or accidentally, or misdirected, and privacy can
be lost.
■ Data integrity
■ Ensuring that information has not been altered by
unauthorized or unknown means.
■ Data integrity provides protection against alteration in an
unauthorized manner since the time it was created,
transmitted, or stored by Information
an authorized
Security source. 18
Information Security Objectives (Conti…)
■ Non-repudiation
■ Preventing the denial of previous commitments or actions.
■ Non-repudiation requires mechanisms similar to a personal
signature on a cheque or contract to prevent the denial of
previous commitments or actions.
Information Security 19
Information Security Objectives (Conti…)
Information Security 20
Information Security Objectives (Conti…)
Information Security 21
Information Security Objectives (Conti…)
■ Anonymity: Concealing the identity of an entity involve
involved in some process.
Information Security 22