KEMBAR78
security introduction and overview lecture1 .pptx
Uploaded bynagwaAboElenein
PPTX, PDF18 views

security introduction and overview lecture1 .pptx

This document provides an introduction to computer security concepts. It discusses how computer security aims to protect hardware, software, data, users and information from unauthorized access and use. The key concepts of confidentiality, integrity and availability (CIA) are explained. Principles of secure design are outlined, including least privilege, fail-safe defaults, defense in depth, and separation of privilege. Computer security challenges like ensuring systems are not simple to attack and require regular monitoring are also covered.

Download to read offline
Security Lecture 1
Introduction • Computer security- ways and means taken to protects computer and everything associated with it : - Hardware -Software -Storage media -Data -Persons( authorized users) -Information( Information Security) • Secure computing resources against unauthorized users ( attackers, outsider) as well as from natural disasters
Introduction • Computer security: • -Preventing attackers from achieving objectives through unauthorized access or unauthorized use of computers and networks. • -Keeping anyone from doing things you don not want them to do, with on or from your computers or any peripheral devices
Introduction • The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)
Key Security Concepts
Network and computer security Requirements CIA • Confidentiality – Data Confidentiality :protection of data from unauthorized disclosure • Integrity – Data Integrity: assurance that data received is as sent by an authorized entity • Availability – Systems work promptly and service is not denied to authorized users.( resource accessible/usable)
Computer Security Challenges 1. not simple 2. must consider potential attacks 3. involve algorithms and secret info 4. battle of wits between attacker / admin 5. requires regular monitoring 6. regarded as impediment to using system
Principles of Secure Design 1. Least Priviledge 2. Fail Safe Defaults 3. Economy of Mechanism 4. Complete Mediation 5. Defense in depth 6. Open Design 7. Separation of priviledge 8. Least Common Mechanism 9. Psychological Acceptability
Principle of Least Priviledge • Asubject should only be given the priviledges it needs to complete its task and no more. • The priviledges should be controlled by the function , not the identity ,similar to the right to know principle. • Foe example, a cashier cannot write checks.
Principle of Fail-Safe Defaults • Unless explicit acess has been granted ,access should be denied.Moreover, if a system is unable to complete a task, it should roll back to the start state, for safety. • Example: A regular user may not modify other people’s mail files; in addition, if the mail program cannot deliver mail, the only thing it can do is report failure.
Principle of Economy of Mechanism • Security mechanisms should be as simple as possible. • This way, it is easier to check for errors.
Principle of Complete Mediation • All accesses to objects must be checked to ensure that they are still allowed.
Principle of Defense in Depth • The more lines of defense there are against an attacker, the better the defense, specially if the additional line(s) are of different nature.
Principle of Open Design • The security of a mechanism should not depend on the secrecy of its design or implementation. • Specially important for crypto. • Example DVD’s
Principle of Separation of Priviledge • A system should not grant permission based on a single condition. • Example :on BSD systems, su users must belong to the wheel group and know the root password.
Principle of Least Common Mechanism • Mechanisms to access resources should not be shared(because they provide a haven for covert channels)
Principle of psychological Acceptability • Security mechanisms should not make it more difficult to access a resource. • Example: ssh, login mechanism.

More Related Content

PDF
Security Principles and Protection Mechanism
byMona Rajput
 
PPT
ch0001 computer systems security and principles and practices
bystephen972973
 
PPTX
1. Introduction to Information Security.pptx
bynoura53269
 
PPTX
Dos unit 5
byJebasheelaSJ
 
PPTX
Security and management
byArtiSolanki5
 
PPTX
SECURITY PRINCIPLES AND SECURITY SERVICES.pptx
by22r01a05l4
 
PPT
its a computer security based ppt which is very useful
bySantoshChintawar
 
PPTX
Protection and security
bymbadhi
 
Security Principles and Protection Mechanism
byMona Rajput
 
ch0001 computer systems security and principles and practices
bystephen972973
 
1. Introduction to Information Security.pptx
bynoura53269
 
Dos unit 5
byJebasheelaSJ
 
Security and management
byArtiSolanki5
 
SECURITY PRINCIPLES AND SECURITY SERVICES.pptx
by22r01a05l4
 
its a computer security based ppt which is very useful
bySantoshChintawar
 
Protection and security
bymbadhi
 

Similar to security introduction and overview lecture1 .pptx

PDF
Information Security basic introduction by professor
byadityakatare35
 
PDF
Chapter 1 - Introduction.pdf
byEthioDotNetDeveloper
 
PPTX
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
byNune SrinivasRao
 
PPTX
Security & Protection in Operating System
byMeghaj Mallick
 
PDF
Health Information Privacy and Security
byNawanan Theera-Ampornpunt
 
PPTX
System protection in Operating System
bysohaildanish
 
PPT
Network security desighn principles and authentication
byEdgar Mwangangi
 
PPTX
Principles of Secure Design and its componetnts
byAssadLeo1
 
PPT
Encryption and some other information and
byAssadLeo1
 
DOCX
General Security ConceptsChapter 2Principles of Comput.docx
bybudbarber38650
 
PPT
Protection and Security in Operating Systems
byvampugani
 
PPTX
Foundation of the information securiety
byALIZAIB KHAN
 
PDF
Basic security concepts_chapter_1_6perpage
bynakomuri
 
PPT
Computer Securityyyyyyyy - Chapter 1.ppt
bySolomonSB
 
PDF
information security introduction for campus students.pdf
byhailegebrielgeta6
 
PPT
Overview
byphanleson
 
PDF
OPERATING SYSTEM SECURITY
byRohitK71
 
PPT
20-security.ppt
byajajkhan16
 
PPT
basic-security-concepts-what-is-security48.ppt
byPawachMetharattanara
 
DOCX
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
bybagotjesusa
 
Information Security basic introduction by professor
byadityakatare35
 
Chapter 1 - Introduction.pdf
byEthioDotNetDeveloper
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
byNune SrinivasRao
 
Security & Protection in Operating System
byMeghaj Mallick
 
Health Information Privacy and Security
byNawanan Theera-Ampornpunt
 
System protection in Operating System
bysohaildanish
 
Network security desighn principles and authentication
byEdgar Mwangangi
 
Principles of Secure Design and its componetnts
byAssadLeo1
 
Encryption and some other information and
byAssadLeo1
 
General Security ConceptsChapter 2Principles of Comput.docx
bybudbarber38650
 
Protection and Security in Operating Systems
byvampugani
 
Foundation of the information securiety
byALIZAIB KHAN
 
Basic security concepts_chapter_1_6perpage
bynakomuri
 
Computer Securityyyyyyyy - Chapter 1.ppt
bySolomonSB
 
information security introduction for campus students.pdf
byhailegebrielgeta6
 
Overview
byphanleson
 
OPERATING SYSTEM SECURITY
byRohitK71
 
20-security.ppt
byajajkhan16
 
basic-security-concepts-what-is-security48.ppt
byPawachMetharattanara
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
bybagotjesusa
 

More from nagwaAboElenein

PDF
Cryptographic Hash Functions message auhentication
bynagwaAboElenein
 
PDF
Difference between Active attack and Passive
bynagwaAboElenein
 
PPTX
Difference between Active attack and Passive attack
bynagwaAboElenein
 
PPTX
Chapter 1: Computer Vision Introduction.pptx
bynagwaAboElenein
 
PPTX
Chapter 1: Computer Vision Introduction.pptx
bynagwaAboElenein
 
PPTX
security Symmetric Key Cryptography Substitution Cipher, Transposition Cipher.
bynagwaAboElenein
 
PPT
研究生学位论文在线提交Electronic thesis online submission(20210527).ppt
bynagwaAboElenein
 
PPTX
brain tumor.pptx
bynagwaAboElenein
 
PDF
Lec_9_ Morphological ImageProcessing .pdf
bynagwaAboElenein
 
PDF
Lec_8_Image Compression.pdf
bynagwaAboElenein
 
PDF
Semantic Segmentation.pdf
bynagwaAboElenein
 
PPTX
lecture1.pptx
bynagwaAboElenein
 
PDF
Lec_4_Frequency Domain Filtering-I.pdf
bynagwaAboElenein
 
PDF
Lec_3_Image Enhancement_spatial Domain.pdf
bynagwaAboElenein
 
PDF
Lec_2_Digital Image Fundamentals.pdf
bynagwaAboElenein
 
PDF
Lec_1_Introduction.pdf
bynagwaAboElenein
 
PPTX
Lecture3.pptx
bynagwaAboElenein
 
PDF
Image Segmentation Techniques for Remote Sensing Satellite Images.pdf
bynagwaAboElenein
 
PDF
Fundamentals_of_Digital image processing_A practicle approach with MatLab.pdf
bynagwaAboElenein
 
PDF
Lec_1_Introduction.pdf
bynagwaAboElenein
 
Cryptographic Hash Functions message auhentication
bynagwaAboElenein
 
Difference between Active attack and Passive
bynagwaAboElenein
 
Difference between Active attack and Passive attack
bynagwaAboElenein
 
Chapter 1: Computer Vision Introduction.pptx
bynagwaAboElenein
 
Chapter 1: Computer Vision Introduction.pptx
bynagwaAboElenein
 
security Symmetric Key Cryptography Substitution Cipher, Transposition Cipher.
bynagwaAboElenein
 
研究生学位论文在线提交Electronic thesis online submission(20210527).ppt
bynagwaAboElenein
 
brain tumor.pptx
bynagwaAboElenein
 
Lec_9_ Morphological ImageProcessing .pdf
bynagwaAboElenein
 
Lec_8_Image Compression.pdf
bynagwaAboElenein
 
Semantic Segmentation.pdf
bynagwaAboElenein
 
lecture1.pptx
bynagwaAboElenein
 
Lec_4_Frequency Domain Filtering-I.pdf
bynagwaAboElenein
 
Lec_3_Image Enhancement_spatial Domain.pdf
bynagwaAboElenein
 
Lec_2_Digital Image Fundamentals.pdf
bynagwaAboElenein
 
Lec_1_Introduction.pdf
bynagwaAboElenein
 
Lecture3.pptx
bynagwaAboElenein
 
Image Segmentation Techniques for Remote Sensing Satellite Images.pdf
bynagwaAboElenein
 
Fundamentals_of_Digital image processing_A practicle approach with MatLab.pdf
bynagwaAboElenein
 
Lec_1_Introduction.pdf
bynagwaAboElenein
 

Recently uploaded

PPTX
Basic presentation - architecture pics.pptx
byMelsonJohnDalabajan
 
PPT
GSM concepts_Slide with frame structure.ppt
byATULJOSHI721117
 
PPTX
All About Introduction to Artificial IntelligenceAI.pptx
byRAJASEKARAN G
 
PDF
【EN】Accelerating Flutter UI Development with 
Figma Dev Mode MCP × Claude Code
byYuta Asada
 
PDF
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
PDF
LOW POWER CLASS AB SI POWER AMPLIFIER FOR WIRELESS MEDICAL SENSOR NETWORK
byRandyClara
 
PDF
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
PPTX
UNIT - IV - Computer aided process planning - part 2.pptx
byrameshrajendhra
 
PDF
alireza payravi-resume english 1404-07-24.pdf
byAlireza Payravi
 
PDF
energies-14-0ggggggggggggggggg2725-v2.pdf
byCarlosPrezBuelga
 
PDF
(36-50)ANCIENT INGENUITY A REAPPRAISAL OF THE ARCHITECTURAL (3 files merged).pdf
byDharmsinh Desai of University
 
PDF
(17-30)Geotechnical Research in India - Scenario up to 2025.pdf
byDharmsinh Desai of University
 
PPTX
Understanding UL Wire Options that Surpass Industry Standards
byEpec Engineered Technologies
 
PPTX
Blockchain for Digital identity security
bysamirsarar2
 
PPTX
An improved feature extraction algorithm of EEG signals
byAnirban Nath
 
PDF
Introduction to Machine Learning: Foundations and Applications
byremoved_2838c0f85dcbdf1a3b55b256d9455357
 
PDF
Somnath Mukherjee_BIM Specialist_Portfolio.pdf
bySomnathMukherjee980757
 
PPTX
AUV DESIGN and DEVELOPMENT FOR DEEP SEA MINING ( POLYMETALLIC NODULES) in MRC...
byArijit Biswas
 
PDF
Vertical Roller Mill more detail inside function
byagungcemindo
 
PPTX
Optimizing Wave Energy Capture: Utilizing Variable-Pitch Turbine Blades in We...
byArijit Biswas
 
Basic presentation - architecture pics.pptx
byMelsonJohnDalabajan
 
GSM concepts_Slide with frame structure.ppt
byATULJOSHI721117
 
All About Introduction to Artificial IntelligenceAI.pptx
byRAJASEKARAN G
 
【EN】Accelerating Flutter UI Development with 
Figma Dev Mode MCP × Claude Code
byYuta Asada
 
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
LOW POWER CLASS AB SI POWER AMPLIFIER FOR WIRELESS MEDICAL SENSOR NETWORK
byRandyClara
 
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
UNIT - IV - Computer aided process planning - part 2.pptx
byrameshrajendhra
 
alireza payravi-resume english 1404-07-24.pdf
byAlireza Payravi
 
energies-14-0ggggggggggggggggg2725-v2.pdf
byCarlosPrezBuelga
 
(36-50)ANCIENT INGENUITY A REAPPRAISAL OF THE ARCHITECTURAL (3 files merged).pdf
byDharmsinh Desai of University
 
(17-30)Geotechnical Research in India - Scenario up to 2025.pdf
byDharmsinh Desai of University
 
Understanding UL Wire Options that Surpass Industry Standards
byEpec Engineered Technologies
 
Blockchain for Digital identity security
bysamirsarar2
 
An improved feature extraction algorithm of EEG signals
byAnirban Nath
 
Introduction to Machine Learning: Foundations and Applications
byremoved_2838c0f85dcbdf1a3b55b256d9455357
 
Somnath Mukherjee_BIM Specialist_Portfolio.pdf
bySomnathMukherjee980757
 
AUV DESIGN and DEVELOPMENT FOR DEEP SEA MINING ( POLYMETALLIC NODULES) in MRC...
byArijit Biswas
 
Vertical Roller Mill more detail inside function
byagungcemindo
 
Optimizing Wave Energy Capture: Utilizing Variable-Pitch Turbine Blades in We...
byArijit Biswas
 

security introduction and overview lecture1 .pptx

  • 1.
  • 3.
    Introduction • Computer security-ways and means taken to protects computer and everything associated with it : - Hardware -Software -Storage media -Data -Persons( authorized users) -Information( Information Security) • Secure computing resources against unauthorized users ( attackers, outsider) as well as from natural disasters
  • 4.
    Introduction • Computer security: •-Preventing attackers from achieving objectives through unauthorized access or unauthorized use of computers and networks. • -Keeping anyone from doing things you don not want them to do, with on or from your computers or any peripheral devices
  • 5.
    Introduction • The protectionafforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)
  • 6.
  • 7.
    Network and computersecurity Requirements CIA • Confidentiality – Data Confidentiality :protection of data from unauthorized disclosure • Integrity – Data Integrity: assurance that data received is as sent by an authorized entity • Availability – Systems work promptly and service is not denied to authorized users.( resource accessible/usable)
  • 8.
    Computer Security Challenges 1.not simple 2. must consider potential attacks 3. involve algorithms and secret info 4. battle of wits between attacker / admin 5. requires regular monitoring 6. regarded as impediment to using system
  • 9.
    Principles of SecureDesign 1. Least Priviledge 2. Fail Safe Defaults 3. Economy of Mechanism 4. Complete Mediation 5. Defense in depth 6. Open Design 7. Separation of priviledge 8. Least Common Mechanism 9. Psychological Acceptability
  • 10.
    Principle of LeastPriviledge • Asubject should only be given the priviledges it needs to complete its task and no more. • The priviledges should be controlled by the function , not the identity ,similar to the right to know principle. • Foe example, a cashier cannot write checks.
  • 11.
    Principle of Fail-SafeDefaults • Unless explicit acess has been granted ,access should be denied.Moreover, if a system is unable to complete a task, it should roll back to the start state, for safety. • Example: A regular user may not modify other people’s mail files; in addition, if the mail program cannot deliver mail, the only thing it can do is report failure.
  • 12.
    Principle of Economyof Mechanism • Security mechanisms should be as simple as possible. • This way, it is easier to check for errors.
  • 13.
    Principle of CompleteMediation • All accesses to objects must be checked to ensure that they are still allowed.
  • 14.
    Principle of Defensein Depth • The more lines of defense there are against an attacker, the better the defense, specially if the additional line(s) are of different nature.
  • 15.
    Principle of OpenDesign • The security of a mechanism should not depend on the secrecy of its design or implementation. • Specially important for crypto. • Example DVD’s
  • 16.
    Principle of Separationof Priviledge • A system should not grant permission based on a single condition. • Example :on BSD systems, su users must belong to the wheel group and know the root password.
  • 17.
    Principle of LeastCommon Mechanism • Mechanisms to access resources should not be shared(because they provide a haven for covert channels)
  • 18.
    Principle of psychologicalAcceptability • Security mechanisms should not make it more difficult to access a resource. • Example: ssh, login mechanism.