Professional Documents
Culture Documents
_____________
INTRODUCTION
_____________
With internet taking the world by storm, there are multiple examples
taking place around.
Examples:
- Intruder capturing credit card details from a user by creating a dummy
website
- A Russian attacker managed to get/capture 300,000 credit card numbers
from a database and asking the merchant for extortion
_____________
SECURITY MODELS
_____________
1. No Security
2. Security through obscurity: The system is secure simply by the
population not being aware whether the system ever existed
3. Host Security
- Security for each host is enforced individually
- Safe approach but not so scalable
- Major complexity is the diversity of the organisations making it
harder to implement
_____________
SECURITY MANAGEMENT
_____________
PRINCIPLES OF SECURITY
_____________
- Specifies that only the sender and the recipient (intended) should be
able to access the message
- It gets compromised if any unauthorised person gets to access the
message
- Consider User A sending some message to User B. As per confidentiality,
only User A and User B are supposed to know the message. However, User
C gets the access which is undesired, hence defeats the motive of
confidentiality
B. Integrity
- User A and User B ensures that the data is not tampered. For example,
amount in cheque, signature, name of the payee etc.
- When the contents of the message are tampered or are not the same as
the messenger had sent before it reaches the receiver, we call it as
the integrity of the message is compromised
- For example, User A sends a cheque to User B with an amount to be
mentioned as $100 in it, however User C gets the access of the cheque
and adds one more zero to make it $1000, User B being unaware the
content of the message was changed.
- This type of breach or attack is known as modification
C. Authentication
D. Non-Repudiation
E. Access Control
- Simple rule for availability states that, all the information must be
made available to authorised parties at all times.