SlideShare ist ein Scribd-Unternehmen logo

Security in Computer System

Als PPTX, PDF herunterladen
Manesh T
Manesh T

Security in Computer System

Bildung
1 von 103
Security in Computer System 491 CS-G(172) By Manesh T maneshpadmayil@gmail.com
AGENDA • Overview of Security & Needs • Concepts, Types of Viruses • Different Types of Security • Threats in Network • Hacking, Ethical Hacking • Attacks, services and mechanisms • Security attacks-Types • Security services • Methods of Defense • A model for Internetwork Security
Overview • What is security? • Why do we need security? • Who is vulnerable?
What is “Security” Security is state of having 1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear Definition: Security is the protection of assets. Three main aspects of security are 1. Protection 2. Detection 3. Reaction.
Why do we need security? • Protect vital information while still allowing access to those who need it – Trade secrets, medical records, etc. • Provide authentication and access control for resources – Ex: Bank Identity Card, ATM Card • Guarantee availability of resources – Must be available all the time
Need for Security • The Information Age- Internet Highway • Digital Assets- emails, documents • Static Assets- pictures, databases • Assets on Transit- emails(Comm. Networks)
Who is vulnerable? • Financial institutions and banks • Internet service providers • Pharmaceutical companies • Government and defense agencies • Internet users • Multinational corporations • ANYONE ON THE NETWORK
Different Types of Security-Definitions • Computer Security - generic name for the collection of tools designed to protect hardware or software modules. • Network Security - measures to protect data during their transmission • Internet Security - measures to protect data during their transmission over a collection of interconnected network • Information Security- All the three areas
Basic Terminologies • Cryptography – Study of mathematical techniques related to aspects of information security (Set of techniques) • Cryptanalysis – The process of breaking the security policies • Cryptology - Cryptography + cryptanalysis • Cryptosystems are computer systems used to encrypt data for secure transmission and storage
Types of Computer Virus 1.Time Bomb 2.Logical Bomb 3.Worm 4.Boot Sector Virus 5.Macros Virus 6.Trojan Horse
Types of Viruses • Time Bomb – Active when time/date comes • Logical Bomb – Active when some action comes • Worm- Self replicating in networks • Boot Sector Virus- During system boot, boot sector virus is loaded into main memory and destroys data stored in hard disk • Micro Virus- It is associated with application software like word and excel • Trojan Horse- usually email virus
Launching the attack Steps are 1. Vulnerability 2. Threat 3. Discovery of Vulnerability 4. Exploitation of Vulnerability 5. Attack
Attacks, Services and Mechanisms • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
Different Types of Security Attacks
Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity
Security Goals
Threats in Networks
In This Section • What makes a network Vulnerable – Reasons for network attacks • Who Attacks Networks? – Who are the attackers? Why people attack? • Threats in Network transmission: Eavesdropping and Wiretapping – Different ways attackers attack a victim
What Makes a Network Vulnerable • How network differ from a stand-alone environment: – Anonymity • Attacker can mount an attack from thousands of miles away; passes through many hosts – Many points of attack • Both targets and origins • An attack can come from any host to any host – Sharing • More users have the potential to access networked systems than on single computers
• How network differ from a stand-alone environment: – Complexity of System • Reliable security is difficult to obtain • Complex as many users do not know what their computers are doing at any moment – Unknown Perimeter • One host may be a node on two different networks • Causing uncontrolled groups of possibly malicious users – Unknown Path • Can have multiple paths from one host to another. What Makes a Network Vulnerable
Who Attacks Networks 1. Challenge – what would happen if I tried this approach or technique? Can I defeat this network? 2. Fame 3. Money and Espionage(Spy) 4. Organized Crime  Ideology  Hacktivism – breaking into a computer system with the intent of disrupting normal operations but not causing serious damage  Cyberterroism- more dangerous than hacktivism can cause grave harm such as loss of life or severe economic damage
Ethical Hacking • Ethics: Moral principles that govern a person's or group's behavior • Hacking: Practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose • Ethical Hacking: Process of legally hacking the information that is considered to be confidential
Ethical Hacker Vs Hacker
Types of Hackers
How attackers perpetrate attacks? 1. Port Scan For a particular IP address, the program will gather network information. It tells an attacker which standard ports are being used, which OS is installed on the target system, & what applications and which versions are present. 2. Social Engineering It gives an external picture of the network to the attacker. 3. Operating System & Application Fingerprinting Determining what commercial application server application is running, what version… 4. Intelligence Gathering all the information and making a plan. e information and making a plan.
Threats In Network Transmission • Eavesdropping – Overhearing without expending any extra effort – Causing harm that can occur between a sender and a receiver • Wiretapping – Passive wiretapping • Similar to eavesdropping – Active wiretapping • Injecting something into the communication
Wiretapping Communication  Cable  Packet sniffer – A device that can retrieve all packets of LAN  Inductance – a process where an intruder can tap a wire and read radiated signals without making physical contact with the cable  Microwave, Wireless  Signals are broadcasted through air, making more accessible to hackers  Signals are not usually shielded or isolated to prevent interception  Satellite Communication  Dispersed over a great area than the indented point of reception  Communications are multiplexed, the risk is small that any one communication will be interrupted  Greater potential than microwave signals
Wiretap Vulnerabilities Network Security / G. Steffen 28
Threat Categories  Impersonation  Easier than wiretapping for obtaining information on a network  More significant threat in WAN than in LAN  Spoofing  An attacker obtains network credentials illegally and carries false conversations  Masquerade  One hosts pretends to be another  Phishing is a variation of this kind of an attack.  Session hijacking  Intercepting & carrying a session begun by another entity  Man-in-the-Middle Attack  One entity intrudes between two others.
Vulnerability and Attacks • Exploiting a Vulnerability • Passive Attacks • Active Attacks • Hacking • Social Engineering • Identity Theft
Passive Attacks
Active Attacks
Attacks to Security Goals
Various Security Attacks • Brute-force Attack • Spoofing Attack • Denial of Service attack(DoS) • Distributed DoS Attack(DDoS) • Authentication attacks I. Dictionary Attack II. Replay Attack- aquestic attack III. Password Guessing IV. Password Sniffing
Security Services-Principles of Information Security • Security Attributes (CI5A) – Confidentiality – Integrity – Availability – Authentication – Authorization – Accounting – Anonymity
Confidentiality
Integrity
Availability
Authentication
Authorization
Non-Repudiation
Accountability
Model for Network Security
Methods of Defence • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smartcard) • Policies (frequent changes of passwords) • Physical Controls
Cryptographic Techniques Cryptography Some security services can be implemented using cryptography. Cryptography, a word with Greek origins, means “secret writing”. Steganography The word steganography, with its origin in Greek, means “covered writing”, in contrast to cryptography, which means “secret writing”.
Basic Terminology • plaintext - the original message • ciphertext - the coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis (code breaking) - the study of principles/ methods of deciphering ciphertext without knowing key
Basic Terminologies • Plaintext is text that is in readable form • Ciphertext results from plaintext by applying the encryption key • Notations: • M = message, C = ciphertext, E = encryption, D = decryption, k= key • Encryption Ek(M)=C • Decryption Dk(C)=M
Cipher-Algorithm • Symmetric cipher: same key used for encryption and decryption – Block cipher: encrypts a block of plaintext at a time (typically 64 or 128 bits) – Stream cipher: encrypts data one bit or one byte at a time • Asymmetric cipher: different keys used for encryption and decryption
The general idea of Key based cryptography
Traditional Ciphers SUBSTITUTION AND TRANSPOSITION. Substitution ciphers A substitution cipher replaces one symbol with another. If the symbols in the plaintext are alphabetic characters, we replace one character with another. A substitution cipher replaces one symbol with another. The simplest substitution cipher is a shift cipher (additive cipher).
Example Use the additive cipher with key = 15 to encrypt the message “hello”. Solution We apply the encryption algorithm to the plaintext, character by character: The ciphertext is therefore “wtaad”.
Transposition ciphers A transposition cipher does not substitute one symbol for another, instead it changes the location of the symbols A transposition cipher reorders symbols.
Example Alice needs to send the message “Enemy attacks tonight” to Bob. Alice and Bob have agreed to divide the text into groups of five characters and then permute the characters in each group. The following shows the grouping after adding a bogus character (z) at the end to make the last group the same size as the others. The key used for encryption and decryption is a permutation key, which shows how the character are permuted. For this message, assume that Alice and Bob used the following key:
Example The third character in the plaintext block becomes the first character in the ciphertext block, the first character in the plaintext block becomes the second character in the ciphertext block and so on. The permutation yields: Continued Alice sends the ciphertext “eemyntaacttkonshitzg” to Bob. Bob divides the ciphertext into five-character groups and, using the key in the reverse order, finds the plaintext.
Substitution Ciphers • Mono-alphabetic Cipher- Ceaser Cipher • Poly- alphabetic Cipher- Vigenere Cipher • Multiple letter cipher- Playfair cipher
Caesar Cipher • Earliest known substitution cipher • Invented by Julius Caesar • Each letter is replaced by the letter three positions further down the alphabet. • Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • Example: ohio state  RKLR VWDWH
Caesar Cipher • Mathematically, map letters to numbers: a, b, c, ..., x, y, z 0, 1, 2, ..., 23, 24, 25 • Then the general Caesar cipher is: c = EK(p) = (p + k) mod 26 p = DK(c) = (c – k) mod 26 • Can be generalized with any alphabet.
Polyalphabetic Cipher • In monoalphabetic cipher the problem was that each character was substituted by a single character • Cryptanalysts are helped by the fact that they have to see what character would correspond in plaintext for a given ciphertext character • Polyalphabetic cipher’s goal is to make this process difficult
Polyalphabetic Cipher • In polyalphabetic cipher, each plaintext character may be replaced by more than one character • Since there are only 26 alphabets this process will require using a different representation than the alphabets • Alphabets ‘A’ through ‘Z’ are replaced by 00, 01, 02, …, 25 • We need two digits in this representation since we need to know how to reverse the process at the decryption side
60 Polyalphabetic Cipher • The most common method used is Vigenère cipher • Vigenère cipher starts with a 26 x 26 matrix of alphabets in sequence. First row starts with ‘A’, second row starts with ‘B’, etc. • This cipher requires a keyword that the sender and receiver know ahead of time • Each character of the message is combined with the characters of the keyword to find the ciphertext character
61 Vigenère Cipher Table A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B B A B C D E F G H I J K L M N O P Q R S T U V W X Y C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
62 Vigenère Cipher Table (cont’d) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
63 Vigenere Cipher • E.g., Message = SEE ME IN MALL • Take keyword as INFOSEC • Vigenère cipher works as follows: S E E M E I N M A L L I N F O S E C I N F O ------------------------------------- A R J A W M P U N Q Z
64 Vigenere Cipher • To decrypt, the receiver places the keyword characters below each ciphertext character • Using the table, choose the row corresponding to the keyword character and look for the ciphertext character in that row • Plaintext character is then at the top of that column
65 Vigenere Cipher • Decryption of ciphertext: A R J A W M P U N Q Z-column2 I N F O S E C I N F O-row1 ------------------------------------- S E E M E I N M A L L • Best feature is that same plaintext character is substituted by different ciphertext characters (i.e., polyalphabetic)
66 Multiple Letter Cipher • Playfair cipher is a multiple letter cipher • Each plaintext letter is replaced by a digram in this cipher • Number of digrams is 26 x 26 = 676 • User chooses a keyword and puts it in the cells of a 5 x 5 matrix. I and J stay in one cell. Duplicate letters appear only once. • Alphabets that are not in the keyword are arranged in the remaining cells from left to right in successive rows in ascending order
67 Playfair Cipher • Keyword “Infosec” I / J N F O S E C A B D G H K L M P Q R T U V W X Y Z
68 Playfair Cipher • Rules: – Group plaintext letters two at a time – Separate repeating letters with an x – Take a pair of letters from plaintext – Plaintext letters in the same row are replaced by letters to the right (cyclic manner) – Plaintext letters in the same column are replaced by letters below (cyclic manner) – Plaintext letters in different row and column are replaced by the letter in the row corresponding to the column of the other letter and vice versa
69 Playfair Cipher • E.g., Plaintext: “CRYPTO IS TOO EASY” • Keyword is “INFOSEC” • Grouped text: CR YP TO IS TO XO EA SY • Ciphertext: AQ VT YB NI YB YF CB OZ • To decrypt, the receiver reconstructs the 5 x 5 matrix using the keyword and then uses the same rules as for encryption
Transposition Ciphers • consider classical transposition or permutation ciphers • these hide the message by rearranging the letter order • without altering the actual letters used • can recognise these since have the same frequency distribution as the original text • Rail Fence and Vernam Ciphers • Columnar Transposition Techniques
Rail Fence cipher • write message letters out diagonally over a number of rows • then read off cipher row by row • eg. write message out as: m e m a t r h p r y e t e f e t e a t • giving ciphertext MEMATRHTGPRYETEFETEOAAT
Vernam Cipher • The only unbreakable stream cipher – K: a long, non-repeating sequence of random numbers Exclusive OR Exclusive ORPlaintext Ciphertext Plaintext P PC K K Secret channel 1 0 =1; 0 1=1 0 0 =0; 1 1=0
Vernam Cipher • An example of Vernam Cipher – Alice: – Bob: 1 0 =1; 0 1=1 0 0 =0; 1 1=0 P: 100 010 111 011 110 001… K: 010 011 101 101 010 111… C: 110 001 010 110 100 110… P: 100 010 111 011 110 001… K: 010 011 101 101 010 111… C: 110 001 010 110 100 110…
Product Ciphers • ciphers using substitutions or transpositions are not secure because of language characteristics • hence consider using several ciphers in succession to make harder, but: – two substitutions make a more complex substitution – two transpositions make more complex transposition – but a substitution followed by a transposition makes a new much harder cipher • this is bridge from classical to modern ciphers
Stegnographic Techniques Greek Words: STEGANOS – “Covered” GRAPHIE – “Writing” • Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message. • This can be achieved by concealing the existence of information within seemingly harmless carriers or cover • Carrier: text, image, video, audio, etc
Evolution of Steganography 440 BC • Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message was hidden. The purpose was to instigate a revolt against the Persians. • Demeratus sent a warning about a forthcoming attack to Greece by writing it on a wooden panel and covering it in wax. World War II • Invincible inks • Null ciphers (unencrypted messages): • Microdot Technology -Shrinking messages down to the size of a dot became a popular method. Since the microdot could be placed at the end of a sentence or above a j or an i. Disadv: Time, complex, not secure etc
Steganographic System cover: cover is the original picture, audio or video emb : embedded secret message fE: steganographic function "embedding" fE-1: steganographic function "extracting" key: parameter which controls the hiding process of the secret message stego: resultant file that contains hidden message
Modern Steganography Techniques Masking and Filtering: Is where information is hidden inside of a image using digital watermarks that include information such as copyright, ownership, or licenses. The purpose is different from traditional steganography since it is adding an attribute to the cover image thus extending the amount of information presented. Algorithms and Transformations: This technique hides data in mathematical functions that are often used in compression algorithms. The idea of this method is to hide the secret message in the data bits in the least significant coefficients. Least Significant Bit Insertion: The most common and popular method of modern day steganography is to make use of the LSB of a picture’s pixel information. Thus the overall image distortion is kept to a minimum while the message is spaced out over the pixels in the images. This technique works best when the image file is larger then the message file and if the image is grayscale.
Steganography Techniques • Substitution methods(Steganography in Images) Bit plane methods Palette-based methods • Signal Processing methods(Steganography in Images) Transform methods • Steganography in Audio • Steganography in Text
Stegano-system Criteria • Cover data should not be significantly modified ie perceptible to human perception system • The embedded data should be directly encoded in the cover & not in wrapper or header • Embedded data should be immune to modifications to cover
Places to Hide Information: Steganography • Images • Audio files • Text • Video We focus on Images as cover media. Though most ideas apply to video and audio as well.
Steganography in Images Way images are stored: • Array of numbers representing RGB values for each pixel • Common images are in 8-bit/pixel and 24-bit/pixel format. • 24-bit images have lot of space for storage but are huge and invite compression • Proper selection of cover image is important. • Best candidates: gray scale images .. • Cashing on limitations of perception in human vision
Steganography: Bit plane Methods • Image: replace least significant bit (LSB) of image intensity with message bit • Replace lowest 3 or 4 LSB with message bits or image data (assume 8 bit values) • Data is hidden in “noise” of image • Can hide surprisingly large amounts of data this way • Very fragile to any image manipulation
Least Significant Bit • Consider a 24 bit picture • Data to be inserted: character ‘A’: (10000011) • Host pixels: 3 pixel will be used to store one character of 8-bits • The pixels which would be selected for holding the data are chosen on the basis of the key which can be a random number. • Ex: 00100111 11101001 11001000 00100111 11001000 11101001 11001000 00100111 11101001 Embedding ‘A’ 00100111 11101000 11001000 00100110 11001000 11101000 11001001 00100111 11101001 • According to researchers on an average only 50% of the pixels actually change from 0-1 or 1-0.
+ = http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading/ 8-bit (256 grayscale) images. TOP SECRET
Sacrificing 2 bits of cover to carry 2 bits of secret image Original Image Extracted Image
Sacrificing 5 bits of cover to carry 5 bits of secret image Original Image Extracted Image
Palette-based Methods • Palette manipulation means changing the way the color or grayscale palette represents the image colors • Bit methods are used in palette manipulation schemes • Data hidden in “noise” of image • Often radical color shifts occur - can tip off that data is hidden • Use grayscale to overcome color shift problem
Sample palettes Red color shade variations Drastic & Subtle shade variations Gray Scale shade variations
Message: 0 1 1 0 0 1 0 1 0 1 1 1 0 1 0 1 0 1 0 0 0 1 1 1 1 Randomly chosen pixel with color Find the color in the sorted palette Sorted palette Replace the LSB of the index to color C1 with the message bit The new index now points to a neighboring color C2 Replace the index of the pixel in the original image to point to the new color C2. index = 30 = 00011110 00011110 00011111 C1 C1 C2
Signal Processing Methods- Transform Methods • Discrete Cosine Transform • Discrete Wavelet Transform • Discrete Fourier Transform • Mellin-Fourier Transform
Discrete Cosine Transform The forward equation, for image A, is                     N yv N xu yxavCuC N vub N x N y 2 )12( cos 2 )12( cos),()()( 2 ),( 1 0 1 0                      N yv N xu vubvCuC N yxa N u N v 2 )12( cos 2 )12( cos),()()( 2 ),( 1 0 1 0  The inverse equation, for image B, is
Discrete Fourier Transform The formulae for the DFT and its inverse are                     1 0 1 0 2 exp 2 exp),(),( N x N y N vyj N uxj yxavuF                    1 0 1 0 2 2 exp 2 exp),( 1 ),( N u N v N vyj N uxj vuF N yxa 
Steganography in Audio • Low Bit Coding – Most digital audio is created by sampling the signal and quantizing the sample with a 16-bit quantizer. – The rightmost bit, or low order bit, of each sample can be changed from 0 to 1 or 1 to 0 – This modification from one sample value to another is not perceptible by most people and the audio signal still sounds the same
Steganography in Audio • Phase Coding – Relies on the relative insensitivity of the human auditory system to phase changes – Substitutes the initial phase of an audio signal with a reference phase that represents the data – More complex than low bit encoding, but it is much more robust and less likely to distort the signal that is carrying the hidden data.
Steganography in Audio • Direct Sequence Spread Spectrum – Spreads the signal by multiplying it by a chip, which is a maximal length pseudorandom sequence – DSSS introduces additive random noise to the sound file
Steganography in Audio • Echo Data Hiding – Discrete copies of the original signal are mixed in with the original signal creating echoes of each sound. – By using two different time values between an echo and the original sound, a binary 1 or binary 0 can be encoded.
Steganography in Text • Soft Copy Text – Encode data by varying the number of spaces after punctuation – Slight modifications of formatted text will be immediately apparent to anyone reading the text
Steganography in Text • Soft Copy Text – Use of White Space (tabs & spaces) is much more effective and less noticeable – This is most common method for hiding data in text
Steganography in Text • Soft Copy Text – Encode data in additional spaces placed at the end of a line F o u r s c o r e a n d s e v e n y e a r s a g o o u r f o r e f a t h e r s
Steganography in Text • Hard Copy Text – Line Shift Coding • Shifts every other line up or down slightly in order to encode data – Word Shift Coding • Shifts some words slightly left or right in order to encode data
Steganography in Text-Null Cipher • Message sent by a German spy during World war-I: PRESIDENT’S EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY. Pershing sails from NY June I.
Reference • Asoke K Talukder, Manish Chaitanya, Architecting Secure Software System, Aeurbach Publication, 2008 • Howard M, Lipner S, The Security Development Lifecycle, Microsoft Press, 2006 • Frank Swiderski, Window Snyder, Threat Modeling, Microsoft Press, 2004 • John Viega, Gary McGraw, Building secure Software, How to Avoid Security problems in the Right Way, Addison-Wesley 2001 • Tom Gallagher, Bryan Jeffries, Lawrence Landauer, Hunting Security Bugs, Microsoft Press, 2006 • Ross Anderson, Security Engineering: A guide to Building dependable Distributed systems, John wiley, 2001.

Empfohlen

Introduction of computer security
Introduction of computer securityIntroduction of computer security
Introduction of computer securitySoundaryaB2
 
Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and RisksMiguel Rebollo
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
Computer Security
Computer SecurityComputer Security
Computer SecurityFrederik Questier
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFrederik Questier
 
Computer security
Computer securityComputer security
Computer securityOZ Assignment help
 
Computer security
Computer securityComputer security
Computer securityShashi Chandra
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 

Empfohlen

Introduction of computer security
Introduction of computer securityIntroduction of computer security
Introduction of computer securitySoundaryaB2
 
Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and RisksMiguel Rebollo
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
Computer Security
Computer SecurityComputer Security
Computer SecurityFrederik Questier
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFrederik Questier
 
Computer security
Computer securityComputer security
Computer securityOZ Assignment help
 
Computer security
Computer securityComputer security
Computer securityShashi Chandra
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewMohamed Loey
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cftoamma
 
3.2.2 security measures
3.2.2 security measures3.2.2 security measures
3.2.2 security measureshazirma
 
Computer Security
Computer SecurityComputer Security
Computer SecurityWilliam Mann
 
Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
Network security
Network securityNetwork security
Network securityNkosinathi Lungu
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Network Security
Network SecurityNetwork Security
Network SecurityJoe Baker
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.Ankur Kumar
 
Security concepts
Security conceptsSecurity concepts
Security conceptsartisriva
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Understanding the need for security measures
Understanding the need for security measuresUnderstanding the need for security measures
Understanding the need for security measuresjoy grace bagui
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Hardware Security
Hardware SecurityHardware Security
Hardware SecurityMani Rathnam
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutionshassanmughal4u
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityAparnaSunil24
 

Weitere ähnliche Inhalte

Was ist angesagt?

Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewMohamed Loey
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cftoamma
 
3.2.2 security measures
3.2.2 security measures3.2.2 security measures
3.2.2 security measureshazirma
 
Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Network Security
Network SecurityNetwork Security
Network SecurityJoe Baker
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.Ankur Kumar
 
Security concepts
Security conceptsSecurity concepts
Security conceptsartisriva
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Understanding the need for security measures
Understanding the need for security measuresUnderstanding the need for security measures
Understanding the need for security measuresjoy grace bagui
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutionshassanmughal4u
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 

Was ist angesagt? (20)

Network Security
Network SecurityNetwork Security
Network Security
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
Presentation1 new (1) (1)cf
Presentation1 new (1) (1)cfPresentation1 new (1) (1)cf
Presentation1 new (1) (1)cf
 
3.2.2 security measures
3.2.2 security measures3.2.2 security measures
3.2.2 security measures
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer security basics
Computer security basicsComputer security basics
Computer security basics
 
Network security
Network securityNetwork security
Network security
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.
 
Security concepts
Security conceptsSecurity concepts
Security concepts
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 
Understanding the need for security measures
Understanding the need for security measuresUnderstanding the need for security measures
Understanding the need for security measures
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
 
Hardware Security
Hardware SecurityHardware Security
Hardware Security
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
 

Ähnlich wie Security in Computer System

Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityAparnaSunil24
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdfZeeshanMajeed15
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
CNS Unit-I_final.ppt
CNS Unit-I_final.pptCNS Unit-I_final.ppt
CNS Unit-I_final.pptSwapnaPavan2
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfVishwanathMahalle
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdfKIYALIBAN1
 
Network security
Network securityNetwork security
Network securityhajra azam
 

Ähnlich wie Security in Computer System (20)

Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
 
Network sec 1
Network sec 1Network sec 1
Network sec 1
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
 
Dos unit 5
Dos unit 5Dos unit 5
Dos unit 5
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
CNS Unit-I_final.ppt
CNS Unit-I_final.pptCNS Unit-I_final.ppt
CNS Unit-I_final.ppt
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Security fundamentals
Security fundamentalsSecurity fundamentals
Security fundamentals
 
Security Fundamentals
Security FundamentalsSecurity Fundamentals
Security Fundamentals
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
CyberSecurity101.pdf
CyberSecurity101.pdfCyberSecurity101.pdf
CyberSecurity101.pdf
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
 
sc.pptx
sc.pptxsc.pptx
sc.pptx
 
Network security
Network securityNetwork security
Network security
 
Security Threats
Security ThreatsSecurity Threats
Security Threats
 

Kürzlich hochgeladen

Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 

Kürzlich hochgeladen (20)

Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 

Security in Computer System

  • 1. Security in Computer System 491 CS-G(172) By Manesh T maneshpadmayil@gmail.com
  • 2. AGENDA • Overview of Security & Needs • Concepts, Types of Viruses • Different Types of Security • Threats in Network • Hacking, Ethical Hacking • Attacks, services and mechanisms • Security attacks-Types • Security services • Methods of Defense • A model for Internetwork Security
  • 3. Overview • What is security? • Why do we need security? • Who is vulnerable?
  • 4. What is “Security” Security is state of having 1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear Definition: Security is the protection of assets. Three main aspects of security are 1. Protection 2. Detection 3. Reaction.
  • 5. Why do we need security? • Protect vital information while still allowing access to those who need it – Trade secrets, medical records, etc. • Provide authentication and access control for resources – Ex: Bank Identity Card, ATM Card • Guarantee availability of resources – Must be available all the time
  • 6. Need for Security • The Information Age- Internet Highway • Digital Assets- emails, documents • Static Assets- pictures, databases • Assets on Transit- emails(Comm. Networks)
  • 7. Who is vulnerable? • Financial institutions and banks • Internet service providers • Pharmaceutical companies • Government and defense agencies • Internet users • Multinational corporations • ANYONE ON THE NETWORK
  • 8. Different Types of Security-Definitions • Computer Security - generic name for the collection of tools designed to protect hardware or software modules. • Network Security - measures to protect data during their transmission • Internet Security - measures to protect data during their transmission over a collection of interconnected network • Information Security- All the three areas
  • 9. Basic Terminologies • Cryptography – Study of mathematical techniques related to aspects of information security (Set of techniques) • Cryptanalysis – The process of breaking the security policies • Cryptology - Cryptography + cryptanalysis • Cryptosystems are computer systems used to encrypt data for secure transmission and storage
  • 10. Types of Computer Virus 1.Time Bomb 2.Logical Bomb 3.Worm 4.Boot Sector Virus 5.Macros Virus 6.Trojan Horse
  • 11. Types of Viruses • Time Bomb – Active when time/date comes • Logical Bomb – Active when some action comes • Worm- Self replicating in networks • Boot Sector Virus- During system boot, boot sector virus is loaded into main memory and destroys data stored in hard disk • Micro Virus- It is associated with application software like word and excel • Trojan Horse- usually email virus
  • 12. Launching the attack Steps are 1. Vulnerability 2. Threat 3. Discovery of Vulnerability 4. Exploitation of Vulnerability 5. Attack
  • 13. Attacks, Services and Mechanisms • Security Attack: Any action that compromises the security of information. • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
  • 14. Different Types of Security Attacks
  • 15. Security Attacks • Interruption: This is an attack on availability • Interception: This is an attack on confidentiality • Modification: This is an attack on integrity • Fabrication: This is an attack on authenticity
  • 18. In This Section • What makes a network Vulnerable – Reasons for network attacks • Who Attacks Networks? – Who are the attackers? Why people attack? • Threats in Network transmission: Eavesdropping and Wiretapping – Different ways attackers attack a victim
  • 19. What Makes a Network Vulnerable • How network differ from a stand-alone environment: – Anonymity • Attacker can mount an attack from thousands of miles away; passes through many hosts – Many points of attack • Both targets and origins • An attack can come from any host to any host – Sharing • More users have the potential to access networked systems than on single computers
  • 20. • How network differ from a stand-alone environment: – Complexity of System • Reliable security is difficult to obtain • Complex as many users do not know what their computers are doing at any moment – Unknown Perimeter • One host may be a node on two different networks • Causing uncontrolled groups of possibly malicious users – Unknown Path • Can have multiple paths from one host to another. What Makes a Network Vulnerable
  • 21. Who Attacks Networks 1. Challenge – what would happen if I tried this approach or technique? Can I defeat this network? 2. Fame 3. Money and Espionage(Spy) 4. Organized Crime  Ideology  Hacktivism – breaking into a computer system with the intent of disrupting normal operations but not causing serious damage  Cyberterroism- more dangerous than hacktivism can cause grave harm such as loss of life or severe economic damage
  • 22. Ethical Hacking • Ethics: Moral principles that govern a person's or group's behavior • Hacking: Practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose • Ethical Hacking: Process of legally hacking the information that is considered to be confidential
  • 25. How attackers perpetrate attacks? 1. Port Scan For a particular IP address, the program will gather network information. It tells an attacker which standard ports are being used, which OS is installed on the target system, & what applications and which versions are present. 2. Social Engineering It gives an external picture of the network to the attacker. 3. Operating System & Application Fingerprinting Determining what commercial application server application is running, what version… 4. Intelligence Gathering all the information and making a plan. e information and making a plan.
  • 26. Threats In Network Transmission • Eavesdropping – Overhearing without expending any extra effort – Causing harm that can occur between a sender and a receiver • Wiretapping – Passive wiretapping • Similar to eavesdropping – Active wiretapping • Injecting something into the communication
  • 27. Wiretapping Communication  Cable  Packet sniffer – A device that can retrieve all packets of LAN  Inductance – a process where an intruder can tap a wire and read radiated signals without making physical contact with the cable  Microwave, Wireless  Signals are broadcasted through air, making more accessible to hackers  Signals are not usually shielded or isolated to prevent interception  Satellite Communication  Dispersed over a great area than the indented point of reception  Communications are multiplexed, the risk is small that any one communication will be interrupted  Greater potential than microwave signals
  • 29. Threat Categories  Impersonation  Easier than wiretapping for obtaining information on a network  More significant threat in WAN than in LAN  Spoofing  An attacker obtains network credentials illegally and carries false conversations  Masquerade  One hosts pretends to be another  Phishing is a variation of this kind of an attack.  Session hijacking  Intercepting & carrying a session begun by another entity  Man-in-the-Middle Attack  One entity intrudes between two others.
  • 30. Vulnerability and Attacks • Exploiting a Vulnerability • Passive Attacks • Active Attacks • Hacking • Social Engineering • Identity Theft
  • 34. Various Security Attacks • Brute-force Attack • Spoofing Attack • Denial of Service attack(DoS) • Distributed DoS Attack(DDoS) • Authentication attacks I. Dictionary Attack II. Replay Attack- aquestic attack III. Password Guessing IV. Password Sniffing
  • 35. Security Services-Principles of Information Security • Security Attributes (CI5A) – Confidentiality – Integrity – Availability – Authentication – Authorization – Accounting – Anonymity
  • 43. Model for Network Security
  • 44. Methods of Defence • Encryption • Software Controls (access limitations in a data base, in operating system protect each user from other users) • Hardware Controls (smartcard) • Policies (frequent changes of passwords) • Physical Controls
  • 45. Cryptographic Techniques Cryptography Some security services can be implemented using cryptography. Cryptography, a word with Greek origins, means “secret writing”. Steganography The word steganography, with its origin in Greek, means “covered writing”, in contrast to cryptography, which means “secret writing”.
  • 46. Basic Terminology • plaintext - the original message • ciphertext - the coded message • cipher - algorithm for transforming plaintext to ciphertext • key - info used in cipher known only to sender/receiver • encipher (encrypt) - converting plaintext to ciphertext • decipher (decrypt) - recovering ciphertext from plaintext • cryptography - study of encryption principles/methods • cryptanalysis (code breaking) - the study of principles/ methods of deciphering ciphertext without knowing key
  • 47. Basic Terminologies • Plaintext is text that is in readable form • Ciphertext results from plaintext by applying the encryption key • Notations: • M = message, C = ciphertext, E = encryption, D = decryption, k= key • Encryption Ek(M)=C • Decryption Dk(C)=M
  • 48. Cipher-Algorithm • Symmetric cipher: same key used for encryption and decryption – Block cipher: encrypts a block of plaintext at a time (typically 64 or 128 bits) – Stream cipher: encrypts data one bit or one byte at a time • Asymmetric cipher: different keys used for encryption and decryption
  • 49. The general idea of Key based cryptography
  • 50. Traditional Ciphers SUBSTITUTION AND TRANSPOSITION. Substitution ciphers A substitution cipher replaces one symbol with another. If the symbols in the plaintext are alphabetic characters, we replace one character with another. A substitution cipher replaces one symbol with another. The simplest substitution cipher is a shift cipher (additive cipher).
  • 51. Example Use the additive cipher with key = 15 to encrypt the message “hello”. Solution We apply the encryption algorithm to the plaintext, character by character: The ciphertext is therefore “wtaad”.
  • 52. Transposition ciphers A transposition cipher does not substitute one symbol for another, instead it changes the location of the symbols A transposition cipher reorders symbols.
  • 53. Example Alice needs to send the message “Enemy attacks tonight” to Bob. Alice and Bob have agreed to divide the text into groups of five characters and then permute the characters in each group. The following shows the grouping after adding a bogus character (z) at the end to make the last group the same size as the others. The key used for encryption and decryption is a permutation key, which shows how the character are permuted. For this message, assume that Alice and Bob used the following key:
  • 54. Example The third character in the plaintext block becomes the first character in the ciphertext block, the first character in the plaintext block becomes the second character in the ciphertext block and so on. The permutation yields: Continued Alice sends the ciphertext “eemyntaacttkonshitzg” to Bob. Bob divides the ciphertext into five-character groups and, using the key in the reverse order, finds the plaintext.
  • 55. Substitution Ciphers • Mono-alphabetic Cipher- Ceaser Cipher • Poly- alphabetic Cipher- Vigenere Cipher • Multiple letter cipher- Playfair cipher
  • 56. Caesar Cipher • Earliest known substitution cipher • Invented by Julius Caesar • Each letter is replaced by the letter three positions further down the alphabet. • Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C • Example: ohio state  RKLR VWDWH
  • 57. Caesar Cipher • Mathematically, map letters to numbers: a, b, c, ..., x, y, z 0, 1, 2, ..., 23, 24, 25 • Then the general Caesar cipher is: c = EK(p) = (p + k) mod 26 p = DK(c) = (c – k) mod 26 • Can be generalized with any alphabet.
  • 58. Polyalphabetic Cipher • In monoalphabetic cipher the problem was that each character was substituted by a single character • Cryptanalysts are helped by the fact that they have to see what character would correspond in plaintext for a given ciphertext character • Polyalphabetic cipher’s goal is to make this process difficult
  • 59. Polyalphabetic Cipher • In polyalphabetic cipher, each plaintext character may be replaced by more than one character • Since there are only 26 alphabets this process will require using a different representation than the alphabets • Alphabets ‘A’ through ‘Z’ are replaced by 00, 01, 02, …, 25 • We need two digits in this representation since we need to know how to reverse the process at the decryption side
  • 60. 60 Polyalphabetic Cipher • The most common method used is Vigenère cipher • Vigenère cipher starts with a 26 x 26 matrix of alphabets in sequence. First row starts with ‘A’, second row starts with ‘B’, etc. • This cipher requires a keyword that the sender and receiver know ahead of time • Each character of the message is combined with the characters of the keyword to find the ciphertext character
  • 61. 61 Vigenère Cipher Table A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B B A B C D E F G H I J K L M N O P Q R S T U V W X Y C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
  • 62. 62 Vigenère Cipher Table (cont’d) A B C D E F G H I J K L M N O P Q R S T U V W X Y Z N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
  • 63. 63 Vigenere Cipher • E.g., Message = SEE ME IN MALL • Take keyword as INFOSEC • Vigenère cipher works as follows: S E E M E I N M A L L I N F O S E C I N F O ------------------------------------- A R J A W M P U N Q Z
  • 64. 64 Vigenere Cipher • To decrypt, the receiver places the keyword characters below each ciphertext character • Using the table, choose the row corresponding to the keyword character and look for the ciphertext character in that row • Plaintext character is then at the top of that column
  • 65. 65 Vigenere Cipher • Decryption of ciphertext: A R J A W M P U N Q Z-column2 I N F O S E C I N F O-row1 ------------------------------------- S E E M E I N M A L L • Best feature is that same plaintext character is substituted by different ciphertext characters (i.e., polyalphabetic)
  • 66. 66 Multiple Letter Cipher • Playfair cipher is a multiple letter cipher • Each plaintext letter is replaced by a digram in this cipher • Number of digrams is 26 x 26 = 676 • User chooses a keyword and puts it in the cells of a 5 x 5 matrix. I and J stay in one cell. Duplicate letters appear only once. • Alphabets that are not in the keyword are arranged in the remaining cells from left to right in successive rows in ascending order
  • 67. 67 Playfair Cipher • Keyword “Infosec” I / J N F O S E C A B D G H K L M P Q R T U V W X Y Z
  • 68. 68 Playfair Cipher • Rules: – Group plaintext letters two at a time – Separate repeating letters with an x – Take a pair of letters from plaintext – Plaintext letters in the same row are replaced by letters to the right (cyclic manner) – Plaintext letters in the same column are replaced by letters below (cyclic manner) – Plaintext letters in different row and column are replaced by the letter in the row corresponding to the column of the other letter and vice versa
  • 69. 69 Playfair Cipher • E.g., Plaintext: “CRYPTO IS TOO EASY” • Keyword is “INFOSEC” • Grouped text: CR YP TO IS TO XO EA SY • Ciphertext: AQ VT YB NI YB YF CB OZ • To decrypt, the receiver reconstructs the 5 x 5 matrix using the keyword and then uses the same rules as for encryption
  • 70. Transposition Ciphers • consider classical transposition or permutation ciphers • these hide the message by rearranging the letter order • without altering the actual letters used • can recognise these since have the same frequency distribution as the original text • Rail Fence and Vernam Ciphers • Columnar Transposition Techniques
  • 71. Rail Fence cipher • write message letters out diagonally over a number of rows • then read off cipher row by row • eg. write message out as: m e m a t r h p r y e t e f e t e a t • giving ciphertext MEMATRHTGPRYETEFETEOAAT
  • 72. Vernam Cipher • The only unbreakable stream cipher – K: a long, non-repeating sequence of random numbers Exclusive OR Exclusive ORPlaintext Ciphertext Plaintext P PC K K Secret channel 1 0 =1; 0 1=1 0 0 =0; 1 1=0
  • 73. Vernam Cipher • An example of Vernam Cipher – Alice: – Bob: 1 0 =1; 0 1=1 0 0 =0; 1 1=0 P: 100 010 111 011 110 001… K: 010 011 101 101 010 111… C: 110 001 010 110 100 110… P: 100 010 111 011 110 001… K: 010 011 101 101 010 111… C: 110 001 010 110 100 110…
  • 74. Product Ciphers • ciphers using substitutions or transpositions are not secure because of language characteristics • hence consider using several ciphers in succession to make harder, but: – two substitutions make a more complex substitution – two transpositions make more complex transposition – but a substitution followed by a transposition makes a new much harder cipher • this is bridge from classical to modern ciphers
  • 75. Stegnographic Techniques Greek Words: STEGANOS – “Covered” GRAPHIE – “Writing” • Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message. • This can be achieved by concealing the existence of information within seemingly harmless carriers or cover • Carrier: text, image, video, audio, etc
  • 76. Evolution of Steganography 440 BC • Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message was hidden. The purpose was to instigate a revolt against the Persians. • Demeratus sent a warning about a forthcoming attack to Greece by writing it on a wooden panel and covering it in wax. World War II • Invincible inks • Null ciphers (unencrypted messages): • Microdot Technology -Shrinking messages down to the size of a dot became a popular method. Since the microdot could be placed at the end of a sentence or above a j or an i. Disadv: Time, complex, not secure etc
  • 77. Steganographic System cover: cover is the original picture, audio or video emb : embedded secret message fE: steganographic function "embedding" fE-1: steganographic function "extracting" key: parameter which controls the hiding process of the secret message stego: resultant file that contains hidden message
  • 78. Modern Steganography Techniques Masking and Filtering: Is where information is hidden inside of a image using digital watermarks that include information such as copyright, ownership, or licenses. The purpose is different from traditional steganography since it is adding an attribute to the cover image thus extending the amount of information presented. Algorithms and Transformations: This technique hides data in mathematical functions that are often used in compression algorithms. The idea of this method is to hide the secret message in the data bits in the least significant coefficients. Least Significant Bit Insertion: The most common and popular method of modern day steganography is to make use of the LSB of a picture’s pixel information. Thus the overall image distortion is kept to a minimum while the message is spaced out over the pixels in the images. This technique works best when the image file is larger then the message file and if the image is grayscale.
  • 79. Steganography Techniques • Substitution methods(Steganography in Images) Bit plane methods Palette-based methods • Signal Processing methods(Steganography in Images) Transform methods • Steganography in Audio • Steganography in Text
  • 80. Stegano-system Criteria • Cover data should not be significantly modified ie perceptible to human perception system • The embedded data should be directly encoded in the cover & not in wrapper or header • Embedded data should be immune to modifications to cover
  • 81. Places to Hide Information: Steganography • Images • Audio files • Text • Video We focus on Images as cover media. Though most ideas apply to video and audio as well.
  • 82. Steganography in Images Way images are stored: • Array of numbers representing RGB values for each pixel • Common images are in 8-bit/pixel and 24-bit/pixel format. • 24-bit images have lot of space for storage but are huge and invite compression • Proper selection of cover image is important. • Best candidates: gray scale images .. • Cashing on limitations of perception in human vision
  • 83. Steganography: Bit plane Methods • Image: replace least significant bit (LSB) of image intensity with message bit • Replace lowest 3 or 4 LSB with message bits or image data (assume 8 bit values) • Data is hidden in “noise” of image • Can hide surprisingly large amounts of data this way • Very fragile to any image manipulation
  • 84. Least Significant Bit • Consider a 24 bit picture • Data to be inserted: character ‘A’: (10000011) • Host pixels: 3 pixel will be used to store one character of 8-bits • The pixels which would be selected for holding the data are chosen on the basis of the key which can be a random number. • Ex: 00100111 11101001 11001000 00100111 11001000 11101001 11001000 00100111 11101001 Embedding ‘A’ 00100111 11101000 11001000 00100110 11001000 11101000 11001001 00100111 11101001 • According to researchers on an average only 50% of the pixels actually change from 0-1 or 1-0.
  • 86. Sacrificing 2 bits of cover to carry 2 bits of secret image Original Image Extracted Image
  • 87. Sacrificing 5 bits of cover to carry 5 bits of secret image Original Image Extracted Image
  • 88. Palette-based Methods • Palette manipulation means changing the way the color or grayscale palette represents the image colors • Bit methods are used in palette manipulation schemes • Data hidden in “noise” of image • Often radical color shifts occur - can tip off that data is hidden • Use grayscale to overcome color shift problem
  • 89. Sample palettes Red color shade variations Drastic & Subtle shade variations Gray Scale shade variations
  • 90. Message: 0 1 1 0 0 1 0 1 0 1 1 1 0 1 0 1 0 1 0 0 0 1 1 1 1 Randomly chosen pixel with color Find the color in the sorted palette Sorted palette Replace the LSB of the index to color C1 with the message bit The new index now points to a neighboring color C2 Replace the index of the pixel in the original image to point to the new color C2. index = 30 = 00011110 00011110 00011111 C1 C1 C2
  • 91. Signal Processing Methods- Transform Methods • Discrete Cosine Transform • Discrete Wavelet Transform • Discrete Fourier Transform • Mellin-Fourier Transform
  • 92. Discrete Cosine Transform The forward equation, for image A, is                     N yv N xu yxavCuC N vub N x N y 2 )12( cos 2 )12( cos),()()( 2 ),( 1 0 1 0                      N yv N xu vubvCuC N yxa N u N v 2 )12( cos 2 )12( cos),()()( 2 ),( 1 0 1 0  The inverse equation, for image B, is
  • 93. Discrete Fourier Transform The formulae for the DFT and its inverse are                     1 0 1 0 2 exp 2 exp),(),( N x N y N vyj N uxj yxavuF                    1 0 1 0 2 2 exp 2 exp),( 1 ),( N u N v N vyj N uxj vuF N yxa 
  • 94. Steganography in Audio • Low Bit Coding – Most digital audio is created by sampling the signal and quantizing the sample with a 16-bit quantizer. – The rightmost bit, or low order bit, of each sample can be changed from 0 to 1 or 1 to 0 – This modification from one sample value to another is not perceptible by most people and the audio signal still sounds the same
  • 95. Steganography in Audio • Phase Coding – Relies on the relative insensitivity of the human auditory system to phase changes – Substitutes the initial phase of an audio signal with a reference phase that represents the data – More complex than low bit encoding, but it is much more robust and less likely to distort the signal that is carrying the hidden data.
  • 96. Steganography in Audio • Direct Sequence Spread Spectrum – Spreads the signal by multiplying it by a chip, which is a maximal length pseudorandom sequence – DSSS introduces additive random noise to the sound file
  • 97. Steganography in Audio • Echo Data Hiding – Discrete copies of the original signal are mixed in with the original signal creating echoes of each sound. – By using two different time values between an echo and the original sound, a binary 1 or binary 0 can be encoded.
  • 98. Steganography in Text • Soft Copy Text – Encode data by varying the number of spaces after punctuation – Slight modifications of formatted text will be immediately apparent to anyone reading the text
  • 99. Steganography in Text • Soft Copy Text – Use of White Space (tabs & spaces) is much more effective and less noticeable – This is most common method for hiding data in text
  • 100. Steganography in Text • Soft Copy Text – Encode data in additional spaces placed at the end of a line F o u r s c o r e a n d s e v e n y e a r s a g o o u r f o r e f a t h e r s
  • 101. Steganography in Text • Hard Copy Text – Line Shift Coding • Shifts every other line up or down slightly in order to encode data – Word Shift Coding • Shifts some words slightly left or right in order to encode data
  • 102. Steganography in Text-Null Cipher • Message sent by a German spy during World war-I: PRESIDENT’S EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY. Pershing sails from NY June I.
  • 103. Reference • Asoke K Talukder, Manish Chaitanya, Architecting Secure Software System, Aeurbach Publication, 2008 • Howard M, Lipner S, The Security Development Lifecycle, Microsoft Press, 2006 • Frank Swiderski, Window Snyder, Threat Modeling, Microsoft Press, 2004 • John Viega, Gary McGraw, Building secure Software, How to Avoid Security problems in the Right Way, Addison-Wesley 2001 • Tom Gallagher, Bryan Jeffries, Lawrence Landauer, Hunting Security Bugs, Microsoft Press, 2006 • Ross Anderson, Security Engineering: A guide to Building dependable Distributed systems, John wiley, 2001.