Wolkite university

College of Computing & Informatics

Course Title: Security Implementation & mgt

By Aschalew.S
Contents
Security overview
Computer and network security
Security problems
Effective Security Strategies
computer security principles
“Security” overview
 Most of computer science is concerned with achieving desired behavior
 In some sense, security is concerned with preventing undesired
behavior
 Different way of thinking!
 An enemy/opponent/hacker/adversary may be actively and
maliciously trying to circumvent any protective measures you put in
place
 Security: all issues which make secure communication (information
transmission, two (multiple) party interaction) over insecure channels.
 Information security is deemed to safeguard three main objectives:
 Confidentiality – data and information assets must be confined to people
authorized to access and not be disclosed to others;
 Integrity – keeping the data intact, complete and accurate, and IT systems
operational;
 Note
…Cont.
 Security refers to providing a protection system to computer
system resources such as CPU, memory, disk, software
programs and most importantly data/information stored in
the computer system.
 So a computer system must be protected against
unauthorized access, malicious access to system memory,
viruses, worms etc.
 The basic idea of both security and safety protecting assets
from hazards/threats creating safe/secure conditions. The
condition safety is about being protected, while the
condition security is about being free from danger. The
differences between being protected and being free from
danger or threat are not easily seen.
…Cont.
 MIS security refers to measures put in place to protect
information system resources from unauthorized access or
being compromised. Security vulnerabilities are weaknesses
in a computer system, software, or hardware that can be
exploited by the attacker to gain unauthorized access or
compromise a system.
 Physical security is the protection of personnel, hardware,
software, networks and data from physical actions and
events that could cause serious loss or damage to an
enterprise, agency or institution. This includes protection
from fire, flood, natural disasters, burglary, theft, vandalism
and terrorism.
…Cont
 Software security is an idea implemented to protect
software against malicious attack and other hacker risks so
that the software continues to function correctly under
such potential risks. Security is necessary to provide
integrity, authentication and availability.
 Information systems security, more commonly referred to
as INFOSEC, refers to the processes and methodologies
involved with keeping information confidential, available,
and assuring its integrity. It also refers to: Access controls,
which prevent unauthorized personnel from entering or
accessing a system.
Computer and network security
 Computer security
 Computer security is the process of preventing and detecting
unauthorized use of your computer. Prevention measures help
you stop unauthorized users (hackers) from accessing any part
of your computer system.
 From Wikipedia, the free encyclopedia. Cyber security,
computer security or IT security is the protection of computer
systems from theft of or damage to their hardware, software or
electronic data, as well as from disruption or misdirection of
the services they provide.
 Objectives of Computer Security.
 Computer security has four objectives: confidentiality,
integrity, availability, and non-repudiation (NR).
…cont.
 The Basic Components
 Confidentiality. Confidentiality is the concealment of
information or resources.
 Integrity:-Integrity refers to the trustworthiness of data or
resources, and it is usually phrased in terms of preventing
improper or unauthorized change.
 Availability. This means that the information is accessible
when authorized users need it.
 Elements in Computer Security
 Confidentiality
 Integrity
 Availability and the recently added authenticity and utility
…Cont.
 Network Security
 Network security consists of the policies and practices
adopted to prevent and monitor unauthorized access,
misuse, modification, or denial of a computer network and
network-accessible resources.
 Network security is protection of the access to files and
directories in a computer network against hacking, misuse
and unauthorized changes to the system. An example of
network security is an anti virus system.
 Network security is involved in organizations, enterprises,
and other types of institutions.
…cont.
 Types of Network Security. Antivirus and Antimalware
Software : This software is used for protecting against
malware, which includes spyware, ransomware, Trojans,
worms, and viruses
 The network needs security against attackers and hackers.
Network Security includes two basic securities.
The first is the security of data information i.e. to protect
the information from unauthorized access and loss.
And the second is computer security i.e. to protect data
and to thwart hackers.
…Cont.
Network security
 Identity
 Authentication
 Some real-world protocols
 Wireless security
 Network Security Fundamentals skill set
 The main concepts of how to secure a computer
network.
 Network security, whether it pertains to an internal
network (such as an intranet) or an external network
(such as the internet) is a constant process
…Cont.
Miscellaneous (as time permits)
 Firewalls
 Intrusion detection
 Buffer overflows; secure programming
languages
 Viruses and malicious logic
 Etc
…Cont.
 Integrity: it is the second goal of Network Security which
is aims at maintaining and assuring the accuracy and
consistency of data.
 The function of Integrity is to make sure that the date is
accurate and reliable and is not changed by unauthorized
persons or hackers.
Quiz
1. What is the difference between computer security and
network security?
…Cont.
 Computer security: focuses on security aspects of systems in isolation
 Network security: focuses on security of data as it is transmitted
between networked systems
 Not always a clear-cut dividing line
 Computer security
 Viruses
 Secure data storage
 OS Security
 Network security
 Authentication protocols
 Encryption of transmitted data
 Firewalls
 Security problems
 Network security issues:- despite the many benefits of
using networks, networking raises a greater potential for
security issues such as: data loss. security breaches.
malicious attacks, such as hacking and viruses.
…Cont.
 Threats (or “attacks”)
Snooping, eavesdropping
Modification, alteration
Masquerading, spoofing
False repudiation/denial of receipt
Network delay, denial of service
…Cont.
 IT Services are able to monitor computer and network usage in
order to protect University assets and services.
 Maintaining computer security involves implementing suitable
preventative measures, detecting potential vulnerabilities,
detecting possible threats, detecting compromised systems and
handling incidents.
 Security is the degree of resistance to, or protection from, harm.
It applies to any vulnerable and valuable asset, such as a person,
dwelling, community, nation, or organization.
 Security provides "a form of protection where a separation is
created between the assets and the threat.
Security Controls
 The three types of security controls are Preventative,
Detective, and Responsive.
 Controls (such as documented processes) and
countermeasures (such as firewalls) must be implemented
as one or more of these previous types, or the controls are
not there for the purposes of security.
…Cont.
 An operating system has three main functions: (1) manage the
computer's resources, such as the central processing unit, memory, disk
drives, and printers, (2) establish a user interface, and (3) execute and
provide services for applications software.
 Operating system security (OS security) is the process of ensuring
OS integrity, confidentiality and availability. OS security refers to
specified steps or measures used to protect the OS from threats,
viruses, worms, malware or remote hacker intrusions.
 Operating System Security Issues
 Software Vulnerabilities. Operating systems are composed of
hundreds of thousands of lines of code.
 Authentication. Most operating systems have a login feature, or a
method of separating users' files and access to a computer.
 Malware.
 Physical Security
…Cont.
 Broader impacts of security
 Explosive growth of interest in security
 Most often following notable security failures
 Impact on/interest from all (?) areas of Computer Security
 Theory (especially cryptography)
 Databases
 Operating systems
 AI/learning theory
 Networking
 Computer architecture/hardware
 Programming languages/compilers
 HCI
…Cont.
 Philosophy
 We are not going to be able to cover everything
 Main goals
 Exposure to different aspects of security; meant mainly to
“pique” your interest
 The “mindset” of security: a new way of thinking about
more than computer networks
 Become familiar with basic crypto, acronyms (RSA, SSL,
PGP, etc.), and “buzzwords”
 Security is a process, not a product
Cryptography
 Introduction
o Including various classes of attacks
 Cryptography
 Cryptography is not the (whole) solution but is an
important part of the solution
 Along the way, we will see why cryptography can’t
solve all security problems
Cryptography
Security policies
 Security policies and analysis includes
 Attack trees
 Access control
 Confidentiality/integrity
 Key management
 Principles for secure design/implementation
…Cont.
 IT physical security policy. Originally Published: Mar
2018. This policy will help your organization safeguard its
hardware, software, and data from exposure to persons
(internal or external) who could intentionally or
inadvertently harm your business and/or damage physical
assets.
…Cont.
 The main points about the importance of physical access control policy
include:
 Protects equipment, people, money, data and other assets
 Physical access control procedures offer employees/management peace
of mind
 Reduces business risk substantially
 Helps safeguard logical security policy more accurately
 Helps getting the compliance of physical access control rules by ISO,
PCI and other organizations
 Helps improve business continuity in natural disasters or destructive
sabotage situations
 Improves effective tracing of culprits
 Reduce financial losses and improve productivity
 Fast recovery from any loss of assets or disaster
 Helps to take preventive measures against any possible threat
“Managed security monitoring”
 Although network monitoring and risk management are
important, security is too
 Security is not an ends unto itself
 If you really want to be secure, disconnect yourself from
the Internet
…Cont.
 A firewall is a system designed to prevent unauthorized access to
or from a private network. You can implement a firewall in
either hardware or software form, or a combination of both.
Firewalls prevent unauthorized internet users from accessing
private networks connected to the internet, especially intranets.
 The National Institute of Standards and Technology (NIST)
800-10 divides firewalls into three basic types:
 Packet filters.
 Stateful inspection.
 Proxy's.
Confidentiality
 Confidentiality refers to protecting information from being accessed by
unauthorized parties. In other words, only the people who are
authorized to do so can gain access to sensitive data.
 Encryption
 In cryptography, encryption is the process of encoding a message or
information in such a way that only authorized parties can access it and
those who are not authorized cannot. Encryption does not itself prevent
interference, but denies the intelligible content to a would-be
interceptor.
 Data encryption translates data into another form, or code, so that only
people with access to a secret key (formally called a decryption key) or
password can read it. Encrypted data is commonly referred to as cipher
text, while unencrypted data is called plaintext.
Encryption
 Encryption refers to any process used to make sensitive data
more secure and less likely to be intercepted by those
unauthorized to view it. There are several modern types of
encryption used to protect sensitive electronic data, such as
emails, files, folders and entire drives.
 RSA. RSA is a public-key encryption algorithm and the
standard for encrypting data sent over the internet. It also
happens to be one of the methods used in our PGP and GPG
programs. Unlike Triple DES, RSA is considered an
asymmetric algorithm due to its use of a pair of keys.
…Cont
 Encryption is important because it allows you to securely
protect data that you don't want anyone else to have access
to. Espionage uses encryption to securely protect folder
contents, which could contain emails, chat histories, tax
information, credit card numbers, or any other sensitive
information.
 The translation of data into a secret code. Encryption is the
most effective way to achieve data security. To read an
encrypted file, you must have access to a secret key or
password that enables you to decrypt it. Unencrypted data is
called plain text ; encrypted data is referred to as cipher
text.
Security Key
 Both keys work in two encryption systems called
symmetric and asymmetric.
 Symmetric encryption (private-key encryption or secret-
key encryption) utilize the same key for encryption and
decryption. Public and Private key pair helps to encrypt
information that ensures data is protected during
transmission.
 An encryption key is a random string of bits created
explicitly for scrambling and unscrambling data.
Encryption keys are designed with algorithms intended to
ensure that every key is unpredictable and unique. The
longer the key built in this manner, the harder it is to crack
the encryption code.
…Cont
Quiz
2. Can public key decrypt?
 Yes you can encrypt using a private key and decrypt using a
public key, do NOT hand out your private key (private keys
can generate public keys, and your entire encryption system
is now useless), I'm assuming you want to do something like
this: ... Clients have public key, and can decrypt data from
the server.
 Your network's current network security encryption key
(WPA2, WPA, or WEP) is stored in your Verizon
MI4242WR router. As long as you know your router's user
name and password, you can access the security settings
where the network encryption key is stored.
…Cont.
 You'll also see WPA2 – it's the same idea, but a newer
standard. WPA Key or Security Key: This is the password
to connect your wireless network. It's also called a Wi-Fi
Security Key, a WEP Key, or a WPA/WPA2 Passphrase.
This is another name for the password on your modem or
router.
 The network security key is the password or pass phrase
that you use to authenticate with your home network. In
order to establish a secure connection with your wireless
router, you have to provide the key to prove that you are
authorized to do so.
Data security
 Confidentiality, integrity and availability, also known as the CIA
triad, is a model designed to guide policies for information security
within an organization. The model is also sometimes referred to as the
AIC triad (availability, integrity and confidentiality) to avoid
confusion with the Central Intelligence Agency.
 Confidentiality and Data Integrity
 Different information or data in the organization has different
sensitivities as far as confidentiality is concerned. Some data may be
accessed by everyone as there is no security risk, even if it is known to
the entire world. Other information may be highly confidential and may
have to be shared only with a few individuals or be restricted to only a
few individuals. Various levels of data sensitivity can be ensured only
by controlling appropriate access through proper authentication and
authorization
Integrity
 Trustworthiness of data or resources
 Prevention vs. detection
 Blocking unauthorized attempts to change data, or attempts
to change data in unauthorized ways
 The second is much harder…
 Correctness vs. trustworthiness of data
 Integrity
Availability
Denial of service attacks
Denying access can lead to more serious
attacks
◦ I.e., if credit card verification is down
Security principles
 Basic security principles for information systems
development/deployment. Information security is
concerned with the confidentiality, integrity, and
availability of information. From these three 'pillars', the
following principles must be applied when implementing
and maintaining an information system: Accountability.
 Security Principles. A few security principles are
summarized here. Often computer security objectives (or
goals) are described in terms of three overall objectives:
Confidentiality (also known as secrecy), meaning that the
computing system's assets can be read only by authorized
parties.
…Cont.
A principle which is a core requirement of information
security for the safe utilization, flow, and storage of
information is the CIA triad. CIA stands for
confidentiality, integrity, and availability and these are
the three main objectives of information security.
 Principles of Network Security. Network security involves
around three key principles of confidentiality, integrity
and availability. Depending upon the application and
context, one of these principles might be more important
than the others.
…Cont.
 Security Principles
 Confidentiality. Confidentiality determines the secrecy
of the information asset.
 Integrity. With data being the primary information asset,
integrity provides the assurance that the data is accurate
and reliable.
Availability.
Passwords.
Keystroke Monitoring.
Protecting Audit Data.
Policy vs. mechanism
 Security policy
 Statement of what is and is not allowed
 Security mechanism
 Method for enforcing a security policy
 One is meaningless without the other
 Problems when combining security policies of
multiple organizations
Summery
 The CIA (Confidentiality, Integrity, and Availability) triad
is a well-known model for security policy development.
 Confidentiality – ensures that sensitive information are
accessed only by an authorized person and kept away from
those not authorized to possess them.
 Confidentiality,in the context of computer systems, allows
authorized users to access sensitive and protected data.
Specific mechanisms ensure confidentiality and safeguard
data from harmful intruders.