PPT ON INFORMATION SECURITY

CLICK HERE TO DOWNLOAD PPT ON INFORMATION SECURITY

Information Security  Presentation Transcript

1. Presentation on Information Security

2. Background

 information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems

 Information Security requirements have changed in recent times

 traditionally provided by physical and administrative mechanisms

 computer use requires automated tools to protect files and other stored information

 use of networks and communications links requires measures to protect data during transmission

3. Definitions

Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers

 Network Security - measures to protect data during their transmission

 Internet Security - measures to protect data during their transmission over a collection of interconnected networks

4. Possible Security Violations

 A transmits a file to B. C (not authorized to read the file) monitors transmissions and captures a copy

 D transmits a message to computer E,

instructing E to update an authorization file. User F intercepts the message, alters its contents to add or delete entries and forward to E which accepts the message as being from D

 User F constructs its own message and transmits E as if coming from D Denying sending a message

5. Aspects of Security consider 3 aspects of information security: a. security attack b. security mechanism security service

6. Security Attack

 any action that compromises the security of information owned by an organization

 information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems

 often threat & attack used to mean same thing

have a wide range of attacks

 can focus of generic types of attacks

• passive

• active

7. Security Attacks Normal Information flow :

8  Interruption 

 Asset is destroyed / unavailable / unusable

 Attack to availability

 Destruction of hardware

9. Security Attack

 Interception

 An unauthorized party gains access to an asset (attack to confidentiality)

 Capture data in a network, copying file

10.  Modification

 Not only gains, but modify an asset

 Attack on integrity

 Changing value of data, modify message

11. Fabrication

 Inserts object into system 

 Attack on authenticity

 Addition records to a file, insert message

12.

• Passive Attacks

13. Passive Attacks

 The goal : obtain information that is being transmitted.

 Release of message content

 Telephone conversation, e-mail message, transferred file

 Traffic analysis

 Encrypt message, masking so opponent couldn’t extract the information.

 But could determine the location and identity of communicating host

14. Release of message content

15. Traffic Analysis

16. Security Attack

17. Active Attacks

 Involve modification of data or the creation of false data

 Subdivided into

4 categories 

 Masquerade : one entity pretends to be a different entity

 Replay : passive capture of data and its subsequent retransmission to produce an unauthorized effect

18. Active Attacks (continued)

 Modification of message : legitimate message is altered

 Denial of Service : prevents or inhibits the normal use or management of communications facilities

 Degrade performance

19. Masquerade .