security in computing (c2021) week-1. module syllabus summary the main topics of study will include:...
TRANSCRIPT
![Page 1: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/1.jpg)
Security in Computing (C2021)
Week-1
![Page 2: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/2.jpg)
Module Syllabus SummaryThe main topics of study will include:
General Security Problems:
attacks; computer criminals; computer security; methods of defense.
Program Security:
secure programs; viruses and malicious code; controls against program
threats.
Security in Operating Systems:
user authentication; memory and address protection; file protections;
control of access to general objects; trusted operating systems.
![Page 3: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/3.jpg)
Module Syllabus Summary contd.Database Security:
security requirements; integrity and reliability; inference; multilevel
security.
Security in Networks:
threats in networks; firewalls intrusion detection; secure email; security
control.
Legal, Privacy, and Ethical Issues:
protecting programs and data; information and the law; rights of
employees and employers; privacy; ethical issues.Cryptography: traditional ciphers; symmetric encryption; public key encryption; digital signatures and authentication; quantum cryptography.
![Page 4: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/4.jpg)
Module Assessments
For more about Assessments:
http://learning.londonmet.ac.uk/computing/IC_Link/CompNetITSec/mo
dules/cc2021/cc2021_spec.html
![Page 5: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/5.jpg)
Recommended Book List• Pfleeger, C.P & Pfleeger, S.L., 2007. Security in Computing. 4th ed.
Prentice Hall.
• Stallings, W., 2006. Cryptography and Network Security Principles and
Practices. 4th ed. Prentice Hall.
• Stallings, W & Brown, L., 2008. Computer Security: Principles and
Practice. Prentice Hall.
![Page 6: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/6.jpg)
Introduction to Security in Computing
Chapter-1
![Page 7: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/7.jpg)
Introduction – Security in Computing• Security in computing is about protecting computer-related assets, i.e.
valuable information
• The focus is security for computing systems
• How banks protect physical currency cf. people protecting information
(Pfleeger, p.2)
• Can we learn from our analysis of banks, i.e. how they have protected
e.g. money, gold etc.
![Page 8: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/8.jpg)
Terms and DefinitionsSecure, protected
• Immune to attack
• Covered by certain controls
Threat
• A potential to do harm or cause loss
Vulnerability
• Weaknesses in defenses that could allow harm to occur
![Page 9: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/9.jpg)
Terms and Definitions
Figure 1-1 Threats Controls and Vulnerabilities
The water is a THREAT to the man
The crack is a VULNERABILTIY that threatens the man’s security
The man placing his finger in the whole is controlling the threat.
![Page 10: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/10.jpg)
Terms and DefinitionsAttack
• Threat + Vulnerability
Control, countermeasure
Risk, residual [remaining] risk
Penetration[making way through], weakest point
![Page 11: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/11.jpg)
Attacks and AttackersAttacks
• Malicious; non-malicious; natural causes
•Accidental, intentional
Attackers
MOM – Method + Opportunity + Motive
• Method: tools, knowledge, capability
• Opportunity: time, physical access, availability
• Motivation: reason for attack
Work factor: difficult in pulling off attack; measured in time, skill,
resources
![Page 12: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/12.jpg)
The Security Triad – C I A
Figure 1-2 Relationship Between Confidentiality, Integrity, and Availability
(Pfleeger, p.11)
![Page 13: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/13.jpg)
The Security Triad – C I A
Figure 1-3 Security of Data (Pfleeger, p.18)
![Page 14: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/14.jpg)
The Security Triad – C I AConfidentiality: protection from unauthorised disclosure
• Privacy; personal private information
• Sensitive information, e.g. student grades, company inventions,
juvenile arrest records
• Protection of classified information
![Page 15: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/15.jpg)
The Security Triad – C I AIntegrity: protection from inappropriate modification
• Precision, accuracy
• Possible ways to limit modification
• Not modified ( for example, read-only)
• Only in acceptable ways, e.g. ?
• Only by acceptable people, e.g. ?
• Only using appropriate processes, e.g.?
![Page 16: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/16.jpg)
The Security Triad – C I AIntegrity: protection from inappropriate modification
• Internally consistent
• The disk contents match what was originally recorded
• Update to once instance causes change to be propagated to all
instances
• Meaningful and usable
• Readable
• Not protected against legitimate access (see also availability)
![Page 17: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/17.jpg)
The Security Triad – C I AAvailability
• Usable (readable, accessible)
• Sufficient capacity (bandwidth, sharable, or copied as needed)
• Is making progress (not hung in a loop or never attended to)
• Completes in an acceptable amount of time
These goals can conflict
• High confidentiality may limit availability
• Strong integrity controls may impose a slowdown that affect
availability
![Page 18: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/18.jpg)
VulnerabilitiesKinds of Vulnerabilities
• Interruption (breaking a pathway of use, deleting, destroying)
• Interception (taking or obtaining without permission; either taking an
object itself or making an unauthorised copy)
• Modifications (changing without permission)
• Fabrication (creating a new – illicit – version)
![Page 19: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/19.jpg)
VulnerabilitiesKinds of Vulnerabilities
Figure 1-4 System Security Threats
![Page 20: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/20.jpg)
VulnerabilitiesKinds of Vulnerabilities
Figure 1-5 Vulnerabilities of Computer System
![Page 21: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/21.jpg)
VulnerabilitiesTargets of vulnerabilities
• Hardware (including firmware)
• Software
• Data and Information
• Access, time, bandwidth, network resources(cable, switches and
routers, addressing and routing information, wireless services)
• People
• Supplies
![Page 22: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/22.jpg)
Computer AttackersMost computers attacks are committed by insiders as unintentional,
non- malicious errors
• Security awareness is the most effective and least expensive control
Amateurs
• Often insiders with privileges (necessary to do their jobs)
• Outside probers or tinkerers
![Page 23: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/23.jpg)
Computer Attackers contdCrackers
• Advanced form of probing or tinkering.
• Intention to undermine or circumvent security controls
• Various motivations: challenge, ego, curiosity, adventure,
experimentation
• Non-malicious attacks or attacks with non-malicious intent are still
attacks
![Page 24: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/24.jpg)
Computer Attackers contdCriminals
• Motivation: payoff, revenge, competition
• Rapidly growing attack segment
• Financial reward potential is attractive
• Some evidence that organised crime is becoming involved in computer
crime – it’s where the money is
• Definition of “computer crime” not precise
![Page 25: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/25.jpg)
Defence ObjectivesPrevent harm
• Block attack, close [plug] vulnerability
• Although obviously most effective, sometimes prevention is not
possible
o Insiders need elevated privileges to do work
o Vulnerabilities may be unknown
o Even a fortes can be breached with the right attack
![Page 26: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/26.jpg)
Defence Objectives contd.Deter harm
• Make the attacker work harder or longer
• Hope the attacker will choose another easier target
• Example: protect bank tellers with bulletproof glass: not
impenetrable, but requires a long time and a lot of force
Deflect harm
• Push the attacker to another target
• Example: a “honeypot” [trap] - website to attract and occupy the
attacker
![Page 27: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/27.jpg)
Defence Objectives contd.Detect harm
• Determine that attack is under way (realtime) or has occurred
sometime in the past (non-realtime)
Goals:
• to be able to increase defences (to block an attack in realtime)
• To determine the kind and extend of attack (after the fact) and
strengthen defences for the future (close vulnerability) or know what
has been lost
![Page 28: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/28.jpg)
Defence Objectives contd.Recover from harm
• Resume normal operation
• Increase or strengthen so future attacks do not succeed
• Deal with loss or exposure of date
Note:
• More cost effective to allow unlikely harm to occur and spend money
on recovery than to spend much more money trying in vain to prevent
the harm
![Page 29: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/29.jpg)
ControlsPhysical• Gates, guns, guards
• Access control devices, e.g., badge readers, motion detectors
• Fire suppression, extinguishers
Administrative
• Security awareness training
• Security policies, procedures, guidelines, practices
• Rules of acceptable use, code of ethics
• Hiring and termination practices
• Software development practices
• Human oversight, management, review
![Page 30: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/30.jpg)
Controls contd.Technical
• Firewall
• Intrusion detection system
• Virus scanner
• Encryption
• Identification and authentication technologies (e.g. smart cards,
biometrics, password)
• Logical access controls (program-based controls limiting access based
on identity, proposed use, date, time etc); implemented by network
infrastructure, operating systems, database management, application
program, utility
![Page 31: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/31.jpg)
Controls contd.Technical
• Honeypot
• Protocol
• Networking infrastructure, operating systems, database management
systems, applications
![Page 32: Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;](https://reader034.vdocuments.us/reader034/viewer/2022042616/56649e195503460f94b05d35/html5/thumbnails/32.jpg)
Controls contd.Technical
Figure 1-6 Multiple Controls