Information Assurance

Computer Security Overview
1. Security Problems in Computing
  1. Computer System
    1. Hardware
    2. Software
    3. Storage Media
    4. Data
    5. Networks
  2. Principle of Easiest Penetration
    1. any available means
    2. not obvious
    3. not where defended
    4. not how we expected
  3. Threat
    1. Set of circumstances that can lead to loss or harm
    2. block threats by controlling vunerabilities
    3. Types
      1. interception
      2. interruption
      3. modification
      4. fabrication
  4. Vulnerability
    1. Weakness in the security system
    2. Hardware Vulerablilites
      1. Interruption
      2. Interception
      3. modification
      4. fabrication
      5. destruction
    3. Software Vunerability
      1. Factional Rounding
      2. Deletion
      3. modification
        logic bombs
        viruses
        Trojan Horses
        back door
        keyloggers
      4. theft
    4. Data Vulerabilities
      1. Interception
      2. destruction
      3. CIA
  5. Attack
    1. Exploiting a vulnerability
    2. 3 things needed
      1. Method
      2. Opportunity
      3. Motive
  6. Control
    1. counters a vunerability
    2. never use just one control
    3. Encryption
    4. Different Types of Controls
      Attachments:
      - Controls
      1. Policy
        Broad Statement
      2. Procedures
        Specific actions to be taken
  7. Principle of Adequate Protection
    1. protection = value
2. Security Goals-CIA
  1. C-Confidentiality
    1. Secrecy, Privacy
    2. who should access what?
    3. Under what Conditions?
  2. I-Intergrity
    1. precise, accurate, consistent
    2. unmodified, or only modified by authorized users
    3. meaningful and usable
  3. A- Availability
    1. data and services
    2. can you get what we need, when we need it, in a timely fasion
    3. Fault Tolerance, concurrency issues
  4. Extra
    1. Authenticity
    2. Non-Repudiation
    3. Essential for E-Commerce
3. Computer Criminals
  1. any crime involving a computer
  2. amateurs- disgruntled employees
  3. Pros- Hackers
4. Defense
  1. Risk
    1. The possibility for harm to occur
      1. Prevent
      2. Deter
      3. Deflect
      4. Detect
      5. Recover
5. Effectiveness
  1. Awareness of the problem
  2. Likelihood of use
  3. Principle of Effectiveness
    1. Controls that are not used are not controls
  4. Principle of Weakest Link
    1. Security is as strong as the weakest control
Basic Encryption
1. Terms
  1. S-Sender
  2. T- Transmission Medium
  3. R-Rcipient
  4. O-Outsider (interceptor)
  5. Encryption
    1. Encoding a message so its meaning is not obvious
  6. Decryption
    1. transforming an encrypted message to plaintext (deciphering)
  7. Cryptosystem
    1. encrypts and decrypts
  8. Crytography
    1. from Krytos, meaning hidden and Graphos, meaning written
  9. Cryptanalyst
    1. studies encryption and encrypted messages
  10. Cryptographer
    1. works for a legitimate sender
  11. Cryptology
    1. research into and study of encryption and decryption
    2. includes cryptography and cryptanalysis
2. Threats by O
  1. Block
  2. Intercept
  3. Modify
  4. Fabricate
3. Symmetric Encryption
  1. Keys are the same for encryption and decryption
4. Asymmetric Encryption
  1. Encryption and Decryption keys are different
5. Keyless Cipher
  1. security through obsecurity
6. Cryptanalysis
  1. break a single message
  2. find patterns to develop a decryption algorithm
  3. infer meaning w/o breaking the encryption
  4. Deduce the Key
  5. find weakness in the implementation
  6. find general weakness in the algorithm

Next up

Information Assurance

Description

Resource summary

Similar

	Created by vossashley56 over 11 years ago