LAW, PROCEDURES AND SECURITY MANAGEMENT: Security, Data Protection and Privacy
Security and protection
-
Upload
nital-shingala -
Category
Education
-
view
59 -
download
0
Transcript of Security and protection
![Page 1: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/1.jpg)
SECURITY & PROTECTION
![Page 2: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/2.jpg)
INDEX
Security environment Security problem Design principles of security User Authentication
![Page 3: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/3.jpg)
Security environment
Goal Threat
Data confidentiality
Exposure of data
Data integrity Tampering with data
System availability Denial of service
![Page 4: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/4.jpg)
Goal
Data confidentially : ability to protect secretData integrity : ability to protect the data contentSystem availability : ability to continue to operate
![Page 5: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/5.jpg)
Security problem
Natural causes - fires,floods,quakes,wars,etc. Hardware or Software errors - CPU malfunctions , unreadable disks , program bugs etc. Human error - Incorrect Data entry , wrong tape mounted , wrong program run,
![Page 6: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/6.jpg)
Design principles for security• System design should be public
• Default should be no access• Check for current authority• Give each process least privilege possible• Protection mechanism should be• Simple• Uniform• In the lowest layers of system
• Scheme should be psychologically acceptable• Biggest thing: keep it simple!
![Page 7: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/7.jpg)
User Authentication Problem: how does the computer know who you are? Solution: use authentication to identify
Something the user knows Something the user has Something the user is
This must be done before user can use the system Important: from the computer’s point of view…
Anyone who can duplicate your ID is you Fooling a computer isn’t all that hard…
![Page 8: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/8.jpg)
User Authentication
Many ways to of authentication: - Passwords
- Pass phrases
- One – time Passwords (exa. Secure ID)
- Biometrics
![Page 9: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/9.jpg)
Password
9
• Successful login lets the user in• Login rejected after entered name ( easier to crack)• Login rejected after name and password entered
Login: elmPassword: foobar
Welcome to Linux!
Login: jimpUser not found!
Login:
Login: elmPassword: barfleInvalid password!
Login:
![Page 10: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/10.jpg)
Continue….. Passwords should be memorable
Users shouldn’t need to write them down! Users should be able to recall them easily
Passwords shouldn’t be stored Password file is often readable by all system users! Password must be checked against entry in this file
Solution: use hashing to hide “real” password One-way function converting password to meaningless string of digits
- Unix password hash, MD5, SHA-1 Difficult to find another password that hashes to the same random-looking string Knowing the hashed value and hash function gives no clue to the original password
![Page 11: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/11.jpg)
Pass Phrases
“It is a sequence of words or other text used to control access to a computer system, program or data.”
• It is applicable to system that use the passphrase an encryption key.• In pass phrases following point are must remember: - long enough to be hard to guess - Not a famous quotation from literature , holy books, etc.• Hard to guess by intuition - even by someone who knows the user well• Easy to remember and type accurately
![Page 12: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/12.jpg)
One – time passwords
“One time password is valid for only one login session or transaction.”
It also known as dynamic password. Two factor authentication - something you know - something you have Generation of a one time password are below: - Time synchronization - Mathematical algorithm
![Page 13: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/13.jpg)
Benefits of OTPs
Can not be reused Avoid expensive hardware tokens Can be used over untrusted communication paths - Telnet, web-based, serial terminals Can use with a compromised user password
![Page 14: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/14.jpg)
Biometric Use basic body properties to prove identity Examples include
Fingerprints Voice Hand size Retina patterns Iris patterns Facial features
Potential problems Duplicating the measurement Stealing it from its original owner?
![Page 15: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/15.jpg)
Program threats
viruses Logic bombs Trap doors Trojan horses Exploiting bugs in OS code
![Page 16: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/16.jpg)
Viruses
“ program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes “
Example: if you open email and a malicious piece of code was download onto your computer causing your computer to freeze
![Page 17: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/17.jpg)
Logic bombs
“a piece of code intentionally inserted into software that will set off a malicious function when specified condition are met.”
Example: a programmer may hide a piece of code that
starts deleting files .
![Page 18: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/18.jpg)
Trap doors
“The designer of a program or system might leave a hole in the software that only Operating System is capable of using. A clever trap door could be included in a compiler. The compiler could generate standard object code as well as a trap door, regardless of the source code being compiled “
![Page 19: Security and protection](https://reader036.fdocuments.us/reader036/viewer/2022070601/5886bf1f1a28abcc7d8b4849/html5/thumbnails/19.jpg)
Trojan horse
“A program in which malicious or harmful code is contained inside apparently harmless programming or data in such way that it can get control and do its chosen form of damage ,such as a running the file allocation table on your hard disk.”