13th of July, 2009 was our first IT security lecture class. Before start the lecture, we have some quiz which is in puzzle form. First quiz in first lecture. All answer of quiz is related to general internet security knowledge.
The first lecture today is introduction to information security which included security architecture, security principles, security policy, security attacks, method of defense, security services and security mechanisms.
What is Security?
Security can be defined as "the state of being free from unacceptable risk". The risk concerns the following categories of losses:
* Confidentiality of Information.
* Integrity of data.
* Assets.
* Efficient and Appropriate Use.
* System Availability.
Security Architecture
* Defined by ITU-T Recommendation X.800 that called OSI Security Architecture.
* Useful to managers as a way of organizing the task of providing security.
* Focuses on security attacks, security mechanisms and security services.
Security Principles:
a) Confidentiality
* Confidentiality refers to the privacy of personal or corporate information. This includes issues of copyright. Prevention of unauthorized disclosure of information.
b) Integrity
* Integrity refers to the accuracy of data. Loss of data integrity may be gross and evident.
* Prevention of unauthorized modification of information.
c) Availability
* Availability is concerned with the full functionality of a system and its components.
* Prevention of unauthorized withholding of information or resources
Security Policy
* Set of rules to apply to security relevant activities in a security domain.
* Level of security policy: objectives, organizational and system
* Key aspects of security policy: authorization, access policy and accountability
Security Attacks/Threats
Security Attacks is any attack that compromises the security of information owned by an organization.
1) Passive attacks
* An attack such as listening to communications then attacking the encryption schemeb off line may be done.
* Eavesdropping.
A passive attack is characterized by the interception of messages without modification. There is no change to the network data or systems. The message itself may be read or its occurrence may simply be logged.
Identifying the communicating parties and noting the duration and frequency of messages can be of significant value in itself. From this knowledge certain deductions or inferences may be drawn regarding the likely subject matter, the urgency or the implications of messages being sent. This type of activity is termed traffic analysis because there may be no evidence that an attack has taken place, prevention is a priority.
2) Active attacks
* A common attack of this type is the man in the middle attack.
* During this attack the attacker may try to convince the victim that they are communicating with another party when they are really communicating with the attacker.
* The attacker may use the attack to gain passwords or other vital information.
a) Masquerade attacks, as the name suggests, relate to an entity (usually a computer or a person) taking on a false identity in order to acquire or modify information, and in effect achieve an unwarranted privilege status. Masquerade attacks can also incorporate other categories.
b) Message replay involves the re-use of captured data at a later time than originally intended \ in order to repeat some action of benefit to the attacker: For example, the capture and replay of an instruction to transfer funds from a bank account into one under the control of an attacker. This could be foiled by confirmation of the freshness of a message.
c) Message modification could involve modifying a packet header address for the purpose of directing it to an unintended destination or modifying the user data.
d) Denial-of-service attacks prevent the normal use or management of communication services, and may take the form of either a targeted attack on a particular service or a broad, incapacitating attack. For example, a network may be flooded with messages that cause a degradation of service or possibly a complete collapse if a server shuts down under abnormal loading. Denial-of-service attacks are frequently reported for internet- connected services.
Security Services
a) Non-Repudiation
* protection against denial by one of the parties in communication
b) Access Control
* prevention of unauthorized use of a resource
c) Data Integrity
* is the provision of the property that data has not been altered or destroyed in an unauthorized manner
* nor have data sequences been altered to an extent greater than can occur non-maliciously.
d) Data Origin Authentication
* is the provision of the property that the claimed origin of received data is corroborated.
e) Data Confidentiality
* is the provision of the property that information is not made available or
* disclosed to unauthorized individuals, entities, or processes.
Security Mechanisms
Security mechanism exists to provide and support security services and was defined by X.800.
Security mechanism is a mechanism that is designed to:
a) Detect.
b) Prevent.
c) Recover from security attack.
