Upload File

cis326week1lesson1

20

Click here to load reader

Upload: fahad1

Post on 12-Jul-2015

16 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Cis326week1lesson1

1

Computer Security

CIS326

Dr Rachel Shipsey

Page 2: Cis326week1lesson1

2

This course will cover the following topics:

• passwords

• access controls

• symmetric and asymmetric encryption

• confidentiality

• authentication and certification

• security for electronic mail

• key management

Page 3: Cis326week1lesson1

3

The following books are recommended as additional reading to the CIS326 study guide

• Computer Security by Dieter Gollman• Secrets and Lies by Bruce Schneier• Security in Computing by Charles Pfleeger• Network Security Essentials by William Stallings• Cryptography - A Very Short Introduction by Fred

Piper and Sean Murphy• Practical Cryptography by Niels Ferguson and

Bruce Schneier

Page 4: Cis326week1lesson1

4

There are also many websites dealing with the subjects discussed in this course.

For example, the following website provides links to a large number of sites who have security and cryptography course on-line:

http://avirubin.com/courses.html

Page 5: Cis326week1lesson1

5

What is Security? Security is the protection of assets. The

three main aspects are:

• prevention

• detection

• re-action

Page 6: Cis326week1lesson1

6

Some differences between traditional security and information security

• Information can be stolen - but you still have it

• Confidential information may be copied and sold - but the theft might not be detected

• The criminals may be on the other side of the world

Page 7: Cis326week1lesson1

7

Computer Security deals with the prevention and detection of unauthorised actions by users of a computer system.

Page 8: Cis326week1lesson1

8

There is no single definition of security

What features should a computer security system provide?

Page 9: Cis326week1lesson1

9

Confidentiality

• The prevention of unauthorised disclosure of information.

• Confidentiality is keeping information secret or private.

• Confidentiality might be important for military, business or personal reasons.

Page 10: Cis326week1lesson1

10

Integrity

• Integrity is the unauthorised writing or modification of information.

• Integrity means that there is an external consistency in the system - everything is as it is expected to be.

• Data integrity means that the data stored on a computer is the same as the source documents.

Page 11: Cis326week1lesson1

11

Availability

• Information should be accessible and useable upon appropriate demand by an authorised user.

• Availability is the prevention of unauthorised withholding of information.

• Denial of service attacks are a common form of attack.

Page 12: Cis326week1lesson1

12

Non-repudiation

• Non-repudiation is the prevention of either the sender or the receiver denying a transmitted message.

• A system must be able to prove that certain messages were sent and received.

• Non-repudiation is often implemented by using digital signatures.

Page 13: Cis326week1lesson1

13

Authentication

• Proving that you are who you say you are, where you say you are, at the time you say it is.

• Authentication may be obtained by the provision of a password or a scan of your retina.

Page 14: Cis326week1lesson1

14

Access Controls

• The limitation and control of access through identification and authentication.

• A system needs to be able to indentify and authenticate users for access to data, applications and hardware.

• In a large system there may be a complex structure determining which users and applications have access to which objects.

Page 15: Cis326week1lesson1

15

Accountability

• The system managers are accountable to scrutiny from outside.

• Audit trails must be selectively kept and protected so that actions affecting security can be traced back to the responsible party

Page 16: Cis326week1lesson1

16

Security systems

• A security system is not just a computer package. It also requires security conscious personnel who respect the procedures and their role in the system.

• Conversely, a good security system should not rely on personnel having security expertise.

Page 17: Cis326week1lesson1

17

Risk Analysis

• The disadvantages of a security system are that they are time-consuming, costly, often clumsy, and impede management and smooth running of the organisation.

• Risk analysis is the study of the cost of a particular system against the benefits of the system.

Page 18: Cis326week1lesson1

18

Designing a Security SystemThere are a number of design considerations:• Does the system focus on the data, operations or the users

of the system?

• What level should the security system operate from? Should it be at the level of hardware, operating system or applications package?

• Should it be simple or sophisticated?• In a distributed system, should the security be centralised

or spread?• How do you secure the levels below the level of the

security system?

Page 19: Cis326week1lesson1

19

Security Models

A security model is a means for formally expressing the rules of the security policy in an abstract detached way.

The model should be:• easy to comprehend• without ambiguities• possible to implement• a reflection of the policies of the organisation.

Page 20: Cis326week1lesson1

20

SummaryBy now you should have some idea about

• Why we need computer security (prevention, detection and re-action)

• What a computer security system does (confidentiality, integrity, availability, non-repudiation, authentication, access control, accountability)

• What computer security exerts do (design, implement and evaluate security systems)


Apple 03 - Management Mistakes

Big Data - The 5 Vs Everyone Must Know

The Value of User Experience (from Web 2.0 Expo Berlin 2008)

Evangelizing Yourself

Simple Steps to UX/UI Web Design

Designing for an Augmented Reality world

Best Practice For UX Deliverables - Eventhandler, London, 05 March 2014

Lean Prototyping - A Practical Guide

The Essence of Design for Startups

Personal Branding Presentation for HCC

Social, Digital & Mobile in The Americas

The Art Of Colors

Leaving Positive Impression

Crafting a UX Strategy for Wearables and the Mobile Mainframe

On Digital Transformation - 10 Observations

What is Big Data?

Site Search Analytics in a Nutshell

Automotive20

Designing With Vision

The New Brand Landscape 2

The Art & Science of Seductive Interactions

App optimization for ios 7

Using Social Networks as Job Searching Tools

From Paths to Sandboxes

Design Principles: The Philosophy of UX

6 key learnings for responsive webdesign

Campaign Tracking and Adwords Integration

How to Set Google Analytics Goals and Funnels

User Centered Design Overview

Psychology Of The Winner

Profile & Resume Buzzkill - Words to avoid

Expert Positioning Using LinkedIn

Zipcar Millennials Survey

Lets Go on a Field Trip! (Physically & Virtually)

Wireframes for the Wicked