Information Security

1
Information Security

• ICT Fundamentals

2
Presentation Credits

• Introduction to Computers by Peter Norton
• Dr Junaid, EE Dept, SEECS

3
Todays Topics

• Computer Security
• Network Security
• Communication Security

4
Basic Security Terminology

• Threat
• Anything that can cause harm
• Vulnerability
• Existing weakness that can be exploited to do
  harm
• Countermeasure
• Steps taken to ward off threat

5
Basic Security Terminology

• CIA triad of security requirements
• Confidentiality
• Privacy
• Integrity
• Data is not modified
• Availability
• Resources are available
• Other core security requirements
• Authenticity
• Comes from the source it is claiming to come from
• Non-repudiability
• You cant go back on your words

6
Computer Security

• Malware
• Malicious code that compromises your computer
  security when it enters your system
• Viruses
• Trojan Horses
• Spyware

7
Computer Security

• Viruses
• Attaches itself to some host program e.g. a word
  document
• Executes when word document is opened
• Make copies of itself by attaching itself by
  other host programs
• Can do all sorts of damage
• Fill up storage and memory, modify/destroy data,
  erase hard disk
• Attack on Integrity

8
Computer Security

• Trojan Horses
• Malicious program that appears to be friendly
• E.g. Games
• Open a backdoor to the infected system allowing
  someone else to access/take control of your
  system
• Facilitates hacking of system
• Hacking To enter somebody system/account in an
  illegal way
• Attack on confidentiality and authenticity

9
Computer Security

• Spyware
• Can track users activities and report them to
  somebody else
• Attack on Confidentiality

10
Network Security

• Worms
• Malicious code that replicates itself
• Can fill entire disks and spread to other
  computer
• Attack on availability

11
Network Security

• Denial of Service Attacks (DoS)
• A person hacks a system and uses it to attack
  other computers
• Compromised system is called a zombie
• Using large number of zombies, a person can send
  thousands of requests to web-Server effectively
  making it unavailable for legitimate users
• Attack on availability

12
Communication Security

• Alice sends a message to Bob
• A malicious person Eve can listen
• Listening Attack on confidentiality
• Modify data and again transmit to Bob Attack on
  integrity
• Self generate a message and send to Bob,
  pretending that it came from Alice Attack on
  authenticity
• Alice sends a message to Bob and later denies
  sending it
• Attack on Non-repudiability

13
Counter measures
14
Computer and Network Security

• Anti Virus Software
• Anti Spyware
• Firewall
• Software or Hardware
• Restricts who can/cannot connect to your system

15
Communication Security

• Authenticate
• Ask for password before starting communication
• Eve will not know the password, she cannot self
  generate the message
• Encrypt
• Talk in secret language
• E.g Alice and Bob understand that a will be
  written as a2 c and b will be written as b2
  d and so on
• Eve does not know this, she cannot understand the
  message

16
Communication Security

• Hash functions
• Do a summary of whole message using a technique
  that only Alice and Bob know
• Append the summary to the message
• If eve modifies message, she cannot recalculate
  summary because she does not know the technique
• Digital Signatures
• Digitally sign your message

17
END of chapter