Identifying Security

Fundamentals
Week 2 – Security +
Learning Objectives
• At the end of this lesson, student should be able to:
• Define Information Security in an IT spectrum.
• Explain the goals of Information Security
• Discuss the relationship between threats, vulnerabilities and risk in IS.
• Enumerate and explain the different types of attacks.
• Recommend security controls to counter attacks.
• Discuss the importance of Security Management Process in the
prevention / mitigation of damage to a network system.
Basic Concepts of Authentication and
Authorization
• Authentication is one of the primary control used to
information security.
• Strong authentication is the first line of defense of security.
• Authentication can be simple or complex; weak or strong.
• Appropriate authentication varies on work environment.
Types of
Authentication
Username and Password

• The most basic and widely used authentication scheme.

• This method may not be very secure because it doesn't
necessarily identify the correct user.
Tokens
• Tokens are physical or virtual objects, such as smart cards, ID badges, or data
packets, that store authentication information
• Tokens can store personal identification numbers (PINs), information about
users, or passwords. Unique token values can be generated by special
hardware devices or software in response to a challenge from an
authenticating server or by using independent algorithms.
Biometrics
• Authentication based on the identification of individuals by their
physical characteristics.
• This can involve a fingerprint scanner, a retinal scanner, a hand geometry
scanner, or voice-recognition and facial-recognition software.
• Less expensive to implement; becoming more widely adopted.
 Geolocation
• Is an extra level authentication that
grants access from an approved
location.
• Internet and computer geolocation
can be performed by associating a
geographic location with an Internet
Protocol (IP) address, radio-frequency
ID (RFID), embedded hardware or
software number, invoice, Wi-Fi
positioning system, device GPS
coordinates, or other information.
Keystroke Authentication
• Keystroke authentication is a type of authentication that
relies on detailed information that describes exactly when a
keyboard key is pressed and released as someone types
information into a computer or other electronic device.
• Multi-factor authentication is any authentication scheme
that requires validation of two or more authentication
factors.
Mutual authentication
• A security mechanism that requires that each party in a communication
verifies each other's identity.
• Mutual authentication prevents a client from inadvertently submitting
confidential information to a non-secure server.
Basic Cryptography
Concepts
Basic Elements of Security

• Confidentiality
• Integrity
• Availability
• The best way to achieve these elements is Cryptography.
Cryptography
• The science of hiding information, most commonly by
encoding and decoding a secret code used to send messages.
• Modern communications and computing use cryptography
• extensively to protect sensitive information and
communications from unauthorized access or accidental
disclosure while the information is in transit and while the
information is being stored.
How it works.
Encryption and Decryption

• Encryption is a cryptographic technique that converts data

from plaintext form into coded, or ciphertext , form.

• Decryption is the companion technique that converts

ciphertext back to plaintext.
How it works
Encryption and Security Goals
• Encryption is used to promote and support many security goals and
techniques:
• It enables confidentiality by protecting data from unauthorized access.
• It supports integrity because it is difficult to decipher encrypted data without
the secret decrypting cipher.
• It supports non-repudiation, because only parties that know about the
confidential encryption scheme can encrypt or decrypt data.
• Some form of encryption is employed in most authentication mechanisms to
protect passwords.
• It is also used in many access control mechanisms.
Cipher
• A cipher is an algorithm used to encrypt or decrypt data.
Algorithms can be simple mechanical substitutions, but in
electronic cryptography, they are generally complex
mathematical functions.
Cipher

• Ciphers are differentiated from codes in that codes are meant to

translate words or phrases or act like a secret language, whereas ciphers
operate on individual letters or bits and scramble the message.
• Cryptanalysis is the science of breaking codes and ciphers.
Keys
Keys

• An encryption key is a specific piece of information that is

used in conjunction with an algorithm to perform encryption
and decryption.
• A different key can be used with the same algorithm to
produce different ciphertext.
Simple Encryption Key

• In a simple letter-
substitution algorithm,
the key might be "replace
each letter with the letter
that is two letters
following it in the
alphabet.
Symmetric Encryption
• two-way encryption
scheme in which
encryption and decryption
are both performed by the
same key.
• The key can be configured
in software or coded in
hardware.
Asymmetric Encryption
• asymmetric encryption uses different key; public and private
• The private key is kept secret by one party during two-way
encryption. Because the private key is never shared, its security is
relatively maintained. The asymmetric key exchange process is
therefore easier and more secure than the symmetric process.
Hashing

• Hashing is a process or function that transforms plaintext

into ciphertext that cannot be directly decrypted.
Hashing
• Hashing has several uses:
• Hashing is used in a number of password authentication schemes.
Encrypted password data is called a hash of the password.
• A hash value can be embedded in an electronic message to support data
integrity and nonrepudiation. This is the function of a digital signature.
Steganography

• Steganography is an alternative encryption technique that

hides a secret message by enclosing it in an ordinary file such
as a graphic, movie, or sound file.
End