1 / 19

Enhancing Information Security: Understanding Attacks, Services & Mechanisms

Learn about the changing landscape of information security, types of attacks, security services, and mechanisms to protect your data effectively. Explore the importance of encryption and the key aspects of maintaining robust information security practices.

lew
Download Presentation

Enhancing Information Security: Understanding Attacks, Services & Mechanisms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction (Pendahuluan) Information Security

  2. Information Security – Why? • Information is a strategic resource • Information security requirements have changed in recent decades • Traditionally provided by physical & administrative mechanisms • Use of computer requires automated tools to protect files and other stored information • Use of networks and communication links requires measures to protect data during transmission

  3. Definition • Computer Security : generic name for the collection of tools designed to protect data and to thwart hackers • Network Security : measures to protect data during their transmission • Internet Security : measures to protect data during their transmission over a collection of interconnected networks

  4. 3 aspects of information security: • Security Attacks • Security Services • Security Mechanisms

  5. Security Attacks • Definition: • Any action that compromises the security of information owned by an organization • Often threat & attack used to mean same thing • Threat : A potential for violation of security • Attack : An assault on system security that derives from an intelligent threat

  6. Classification of security attacks • Passive Attacks: attempt to learn or make use of information from the system but does not affect system resources • Active Attacks: attempt to alter system resource or affect their operation

  7. Security Threats • Threats can come from a range of sources • Various surveys, with results of order: • 55% human error • 10% disgruntled employees • 10% dishonest employees • 10% outsider access • also have "acts of god" (fire, flood etc) • Note that in the end, it always comes back to PEOPLE. • Technology can only assist so much, always need to be concerned about the role of people in the threat equation - who and why.

  8. Passive Attacks • Only involve monitoring (interception) of the information, leading to loss of confidentiality or • Traffic analysis (monitoring exchange of information without knowing precise contents), • hard to detect

  9. Release of message contents: attacks confidentiality • Eavesdropping • Learn the content of transmitted messages

  10. Traffic Analysis: attacks confidentiality, or anonymity • Monitoring the pattern of transmitted messages • Include: the source & destination, frequency, and length of messages • Determine the location and identity of communicating hosts

  11. Active Attacks • Active attacks involve some modification of the data stream or the creation of a false stream, and • hard to prevent.

  12. Masquerade • pretends to be a different entity

  13. Replay • passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect

  14. Modification of messages • alters some portion of a legitimate message

  15. Denial of service • prevents or inhibits the normal use or management of communications facilities

  16. Security Services • Enhance security of data processing systems and information transfers of an organization • Intended to counter security attacks using one or more security mechanisms • Security services implement security policies • Often replicate functions normally associated with physical documents • have signatures, dates • need protection from disclosure, tampering, or destruction; • be notarized or witnessed • be recorded or licensed

  17. Security Services • Authentication - protect info origin (sender) • Access control - control access to info/resources • Data Confidentiality - protect info content/access • Data Integrity - protect info accuracy • Non-repudiation - protect from deniability • Availability - ensure a system (info) is available to authorized entities when needed. One Useful Classification of Security Services:

  18. Security Mechanisms • Features designed to detect, prevent, or recover from a security attack • Personnel : Access Tokens, Biometrics • Physical : Integrated Access Control • Managerial : Security Education • Data Networking : Encryption, Config. Control • S/W & O/S : Testing, Evaluation, Trusted O/S • .

  19. Facts: security mechanism • No single mechanism can provide all the security services wanted. • But encryptionor encryption-like information transformation (and hence the cryptography) is a key enabling technology

More Related