Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
-
Upload
mohammed-lone -
Category
Documents
-
view
213 -
download
1
Transcript of Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
![Page 1: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/1.jpg)
Advanced Networks and Computer Security
Curt Carver & Jeff Humphries © 1999
Texas A&M University
![Page 2: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/2.jpg)
Course Overview
Lesson Objectives• Read and understand the course syllabus• Summarize the CIA security model• Recall some basic security mechanisms• Express the fundamental security principles• Learn the importance of computer security
![Page 3: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/3.jpg)
Read and Understand the Course Syllabus http://www.cs.tamu.edu/faculty/pooch/
course/CPSC665/Spring2001/index.html
![Page 4: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/4.jpg)
Summarize the CIA Security Model
![Page 5: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/5.jpg)
Computer Security – Definition
What is computer security?– Protection of an organization’s assets from
accidental or intentional disclosure, modification, destruction, or use
– Alternately, it is the combination of administrative procedures, physical security measures, and systems security measures that are intended to protect computer assets
![Page 6: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/6.jpg)
CIA Model of Security
Computer security consists of maintaining three primary characteristics:– Confidentiality– Integrity– Availability
![Page 7: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/7.jpg)
CIA Model Definitions - Confidentiality Confidentiality means that the information
in a computer system (or in transit between systems) is accessible only by authorized parties.
Authorized access includes printing, displaying, reading, or knowledge that information even exists.
![Page 8: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/8.jpg)
CIA Model Definitions - Integrity Integrity means that information can only
be modified by authorized parties or in authorized ways.
Modification includes writing, changing, deleting, creating, delaying, or replaying information.
![Page 9: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/9.jpg)
CIA Model Definitions - Availability Availability means that information is
accessible to authorized parties when needed.
An authorized party should not be prevented from accessing information to which they have legitimate access.
Denial of service is the opposite of availability.
![Page 10: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/10.jpg)
CIA Model Illustrated
The 3 goals of confidentiality, integrity, and availability often overlap and can also conflict with one another. For example, strong confidentiality can severely limit availability.
Confidentiality Integrity
Availability
![Page 11: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/11.jpg)
CIA Illustration 1
Consider the following:– User A transmits a file containing sensitive information
to User B. User C, who is not authorized to read this file, is able to monitor the transmission of the file and obtain a copy. This is called an interception and is an attack on confidentiality.
User A User B
User C
![Page 12: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/12.jpg)
CIA Illustration 2
Consider the following:– User B has requested information that he is authorized
to have from User A. User C has disabled some component of the network which prevents information flow. This is called an interruption and is an attack on availability. It is also called a denial of service attack.
User A User B
User C
![Page 13: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/13.jpg)
CIA Illustration 3
Consider the following:– User A transmits a file containing sensitive information
to User B. User C, who is not authorized to read this file, gains access to the file during transmission, captures it, modifies it, and sends it on the User B. This is called a modification and is an attack on integrity.User A User B
User C
![Page 14: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/14.jpg)
Recall Some Basic Security Mechanisms
![Page 15: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/15.jpg)
Controls
Various controls and countermeasures have been developed to strengthen system security– Cryptography
– Software controls
– Hardware controls
– Physical controls
– Policies
![Page 16: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/16.jpg)
Controls - Cryptography
Cryptography is an important tool that can enhance system security by providing:– Confidentiality, in that it prevents unauthorized parties
from reading protected information
– Integrity, because information that cannot be read cannot be easily altered in a useful way
Cryptography will be covered thoroughly in future lessons.
![Page 17: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/17.jpg)
Controls – Software Controls
Programs themselves must be robust and secure from outside attack. Some examples where program controls are especially important are:– Operating system software
– Software development tools
– Access control software
![Page 18: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/18.jpg)
Controls - Hardware
Hardware devices can help support system security. Some examples include:– Smart cards
– Secure circuit boards
– Removable media
![Page 19: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/19.jpg)
Controls - Physical
Physical controls used to bolster computer security include many of the same controls used to secure other facilities, such as banks and government buildings:– Door locks
– Backups
– Sentries
– Alarms
– Shredders
![Page 20: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/20.jpg)
Controls - Policies
Policies aim to describe how an organization will posture itself with regard to security:– User awareness & training– What to audit and when– Etc.
![Page 21: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/21.jpg)
Express the Fundamental Security Principles
![Page 22: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/22.jpg)
Basic Security Principles In order to design effective security mechanisms
we will refer to some general security principles. For example:1. Principle of least privilege : Give a user or process only
those privileges needed to perform task at hand -- no more, no less.
2. Minimize the amount of trusted components : Identify what components of the system need to be trusted and aim to keep those small and simple.
3. Do not aim for perfection : Total security is basically impossible. Instead be prepared to detect problems, to design countermeasures and to recover from attacks.
![Page 23: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/23.jpg)
Learn the Importance of Computer Security
![Page 24: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/24.jpg)
Course Overview Glossary
Availability Computer security Confidentiality Denial of service
Integrity Interception Interruption Modification
![Page 25: Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.](https://reader034.fdocuments.us/reader034/viewer/2022051819/5518b12c550346a61f8b4ee2/html5/thumbnails/25.jpg)
References Pfleeger, Charles, Security in Computing, 2nd Ed., 1997,
Prentice-Hall. Stallings, William, Network and Internetwork Security:
Principles and Practice, 1995, Prentice-Hall.