Sunteți pe pagina 1din 12

Introduction to Security

Contents
1. Security
2. Attacks
3. Computer Criminals
4. Security Services
5. Security Mechanisms
1. Security
What does Security means?
Security means “trying to protect anything”.

What does Information Security means?


It is the protection of computing systems and the data that they
store or access.

Why Information Security is important nowadays?


• When computer application were developed to handle
financial and personal data, the real need for security was felt.
• It enables people to carry out their job, education and research.
• Supporting critical business process.
• Protecting personal and sensitive information.
1. Security
Why do we need to learn about IS?
Good security standards follow the “90/10” rule-
• 10% of security safeguards are technical.
• 90% of security safeguards rely on the computer user (YOU)
to adhere to good computing practices.
For e.g.

Which is the most hazardous place?


• The Internet can be a hazardous place.
• An unprotected computer can become infected or
compromised within a few seconds after it is connected to
network.
1. Security
What a hacked computer can do?
• Record keystrokes and steal passwords.
• Send spam and phishing emails.
• Access restricted or personal information on your computer.
• Generate large volume of traffic, slowing the entire system.

How to avoid cyber security threats?


• Use good, cryptic passwords that cant be easily guessed, and keeping your
passwords secret.
• Make sure your computers, OS and applications are protected with all
necessary security patches and updates.
• Make sure your computer is protected with up-to-date antiviruses and anti-
spyware software.
• Don’t click on unknown or unsolicited links or attachments and don’t
download unknown files or programs onto your computer.
2. Security Services
Primary Principles:
 Confidentiality
 Authentication
 Integrity
 Non-repudiation

Secondary Principles:
 Access Control
 Availability
Confidentiality:
It refers to the secrecy of information.

A Secret B

Interception (Loss of confidentiality)


Ms. Sharmistha Roy,
Assistant Professor, SCE , KIIT
Authentication:
It helps in establishing proof of identities.

I am
A B
User A

Fabrication (Absence of authentication)


Ms. Sharmistha Roy,
Assistant Professor, SCE , KIIT
Integrity:
The message must travel without any alteration.
Ideal route of
message
A B

Actual route
Original of message
Modified
message message
C

Modification (Loss of message integrity)


Ms. Sharmistha Roy,
Assistant Professor, SCE , KIIT
Non-repudiation:
It does not allow the sender of a message to refute the
claim of not sending that message.

I never sent that message


which you claim to have
received
A B

Ms. Sharmistha Roy,


Assistant Professor, SCE , KIIT
Access Control/ Authorization:
It determines who should be able to access what.

It is classified into two areas:


 Role management: it concentrates on user side.
 Rule management: it focuses on resource side.

Ms. Sharmistha Roy,


Assistant Professor, SCE , KIIT
Availability:
It states that resources should be available to authorized
parties at all time.

A B

Interruption (Absence of Availability)


Ms. Sharmistha Roy,
Assistant Professor, SCE , KIIT

S-ar putea să vă placă și