You are on page 1of 38


 Class Agreements
 Aspects of Computer Security
 Aspects of Security Threat
 Security Methods
(021) 7150 8843
0818 0854 0094
Activity in class 40%
Home works/Quizzes 20%
Mid Term 15%
Final Exam 25%
 OPEN BOOK (selalu & always)
so, you have to have the reference book

Mencontek/dicontek sama-sama
mendapat penghargaan nilai 10 !!!
Why is the computer security
important? *)
 Computer security is the process of
preventing and detecting unauthorized use
of a computer.
Prevention measures help us to stop
unauthorized users (also known as
"intruders") from accessing any part of our
computer system. Detection helps us to
determine whether or not someone
attempted to break into our system, if they
were successful, and what they may have

Why is the computer security
 We use computers for everything from
banking and investing to shopping and
communicating with others through email
or chat programs. Although we may not
consider our communications "top secret,"
we probably do not want strangers reading
our email, using our computer to attack
other systems, sending forged email from
our computers, or examining personal
information stored on your computer (such
as financial statements).
Why is the computer security
 Intruders (also referred to as hackers,
attackers, or crackers) may not care
about your identity. Often they want to
gain control of your computer so they
can use it to launch attacks on other
computer systems.
Why is the computer security
 Having control of your computer gives
them the ability to hide their true location
as they launch attacks, often against
high-profile computer systems such as
government or financial systems. Even if
you have a computer connected to the
Internet only to play the latest games or
to send email to friends and family, your
computer may be a target.
Why is the computer security
 Intruders may be able to watch all your
actions on the computer, or cause
damage to your computer by
reformatting your hard drive or changing
your data.
Why is the computer security
 Unfortunately, intruders are always
discovering new vulnerabilities
(informally called "holes") to exploit in
computer software. The complexity of
software makes it increasingly difficult to
thoroughly test the security of computer
Why is the computer security
 Also, some software applications have
default settings that allow other users to
access your computer unless you
change the settings to be more secure.
Examples include chat programs that let
outsiders execute commands on your
computer or web browsers that could
allow someone to place harmful
programs on your computer that run
when you click on them.
Aspects of Computer Security
 Authentication
Authentication is the process of
determining whether someone or
something is, in fact, who or what it is
declared to be.
In private and public computer networks
(including the Internet), authentication is
commonly done through the use of
logon passwords.
Aspects of Computer Security
 Authentication …
Knowledge of the password is assumed to
guarantee that the user is authentic. Each
user registers initially (or is registered by
someone else), using an assigned or self-
declared password. On each subsequent
use, the user must know and use the
previously declared password. The
weakness in this system for transactions
that are significant (such as the exchange
of money) is that passwords can often be
stolen, accidentally revealed, or forgotten.
Aspects of Computer Security
 Authentication …
For this reason, Internet business and
many other transactions require a more
stringent authentication process. The use
of digital certificates issued and verified by
a Certificate Authority (CA) as part of a
public key infrastructure is considered likely
to become the standard way to perform
authentication on the Internet.
Logically, authentication precedes
authorization (although they may often
seem to be combined).
Aspects of Computer Security
 Integrity
Assurance that the data being accessed
or read has neither been tampered with,
nor been altered or damaged through a
system error, since the time of the last
authorized access.
Aspects of Computer Security
 Integrity …
Information Integrity is a prerequisite for
many other information management
initiatives. If the underlying information
isn’t of a sufficient level of integrity, the
success of business activities relying on
the information will be limited.

Example: Threats to information integrity

Aspects of Computer Security
 Nonrepudiation
In reference to digital security,
nonrepudiation means to ensure that a
transferred message has been sent and
received by the parties claiming to have
sent and received the message.
Nonrepudiation is a way to guarantee that
the sender of a message cannot later deny
having sent the message and that the
recipient cannot deny having received the
Aspects of Computer Security
 Nonrepudiation …
Nonrepudiation can be obtained through
the use of:
 digital signatures (digital certificates, a form of
public key infrastructure) -- function as a unique
identifier for an individual, much like a written
 confirmation services -- the message transfer
agent can create digital receipts to indicated that
messages were sent and/or received.
 timestamps -- timestamps contain the date and
time a document was composed and proves that
a document existed at a certain time.
Aspects of Computer Security
 Authority
An unauthorized user can not altered/
modified information reside in the
computer network.
Aspects of Computer Security
 Confidentiality
Confidentiality has been defined by the
International Organization for
Standardization (ISO) as "ensuring that
information is accessible only to those
authorized to have access" and is one of
the cornerstones of information security.
Confidentiality is one of the design goals
for many cryptosystems, made possible in
practice by the techniques of modern
Aspects of Computer Security
 Privacy
Privacy is the ability of an individual or
group to seclude themselves or information
about themselves and thereby reveal
themselves selectively.
The boundaries and content of what is
considered private differ among cultures
and individuals, but share basic common
themes. Privacy is sometimes related to
anonymity, the wish to remain unnoticed or
unidentified in the public realm.
Aspects of Computer Security
 Privacy …
When something is private to a person, it
usually means there is something within them
that is considered inherently special or
personally sensitive. The degree to which
private information is exposed therefore
depends on how the public will receive this
information, which differs between places and
over time. Privacy can be seen as an aspect of
security — one in which trade-offs between
the interests of one group and another can
become particularly clear.
Aspects of Computer Security
 Privacy …
The right against unsanctioned invasion of privacy by
the government, corporations or individuals is part of
many countries' privacy laws, and in some cases,
constitutions. Almost all countries have laws which in
some way limit privacy; an example of this would be
law concerning taxation, which normally require the
sharing of information about personal income or
earnings. In some countries individual privacy may
conflict with freedom of speech laws and some laws
may require public disclosure of information which
would be considered private in other countries and
Aspects of Computer Security
 Privacy …
Privacy may be voluntarily sacrificed, normally in
exchange for perceived benefits and very often with
specific dangers and losses, although this is a very
strategic view of human relationships. Academics
who are economists, evolutionary theorists, and
research psychologists describe revealing privacy as
a 'voluntary sacrifice', where sweepstakes or
competitions are involved. In the business world, a
person may give personal details (often for
advertising purposes) in order to enter a gamble of
winning a prize. Information which is voluntarily
shared and is later stolen or misused can lead to
identity theft.
Aspects of Computer Security
 Availability
Information availability is always
vulnerable to the unexpected, such as
human error, severe weather, natural
disasters, disruptions to electrical or
communications networks, as well as
man-made disasters. Even a minor
disruption to business operations can be
devastating, which is why developing an
information availability plan is essential.
Aspects of Computer Security
 Access Cotrol
Access control is the ability to permit or deny
the use of a particular resource by a particular
Access control mechanisms can be used in
managing physical resources (such as a
movie theater, to which only ticketholders
should be admitted), logical resources (a bank
account, with a limited number of people
authorized to make a withdrawal), or digital
resources (for example, a private text
document on a computer, which only certain
users should be able to read).
Aspects of Computer Security
 Access Cotrol …
In computer security, access control
includes authentication, authorization
and audit. It also includes measures
such as physical devices, including
biometric scans and metal locks, hidden
paths, digital signatures, encryption,
social barriers, and monitoring by
humans and automated systems.
Aspects of Computer Security
 Access Cotrol …
In any access control model, the entities
that can perform actions in the system
are called subjects, and the entities
representing resources to which access
may need to be controlled are called
objects (see also Access Control
Aspects of Computer Security
 Access Cotrol …
Subjects and objects should both be
considered as software entities, rather
than as human users: any human user
can only have an effect on the system
via the software entities that they
Aspects of Computer Security
 Access Cotrol …
Although some systems equate subjects
with user IDs, so that all processes
started by a user by default have the
same authority, this level of control is not
fine-grained enough to satisfy the
Principle of least privilege, and arguably
is responsible for the prevalence of
malware in such systems (see computer

Hackers are constantly working

to update their attack tools,
techniques and methods to find
new ways to break into
databases, networks and PCs.
Track their progress and the work
of cybercrime investigators with
hacking groups, hacker sites and
the hacker underground.
“These days, a phishing attack is almost
indistinguishable from the real thing.”
The result: unwitting employees disclosing
confidential information, from passwords to
financial data, to ill-intentioned intruders.
Unable to identify fraudulent websites and
counterfeit email messages, these internal
workers are essentially opening a
company’s closed doors to criminals.
No wonder spear phishing attempts
are exploding in number. The
Symantec Probe Network detected a
total of 166,248 unique phishing
messages, a six percent increase
over the first six months of 2006.
And Symantec blocked over 1.5
billion phishing messages, an
increase of 19 percent over the first
half of 2006.