Scribd Logo
Upload

Welcome to Scribd!

  • CH 1

    Uploaded by

    አርቲስቶቹ Artistochu animation sitcom by habeshan meme
    6 views16 pages

    Original Title

    CH-1

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views16 pages

    CH 1

    Uploaded by

    አርቲስቶቹ Artistochu animation sitcom by habeshan meme

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    CoSc 4171: Computer Security

    University of Gondar, Faculty of Informatics

    Chapter 1
    Lecture Notes

    Computer Security Introduction

    Department of Computer Science


    Objectives

    To define security

    To define security goals

    To define security controls

    To define vulnerability


    Introduction
    Computer Security:
    • Computer security: is the process of preventing and
    detecting unauthorized use of your computer.
    • Privacy: Is the process of protecting he’s or her own
    personal files against any intrusion.
    • Prevention: measures help you to stop unauthorized users
    (also known as "intruders") from accessing any part of your
    computer system.
    • Detection: helps you to determine whether or not someone
    attempted to break into your system, if they were successful,
    and what they may have done.
    Cont..

    Data Security
    • Data security is the practice of keeping data protected from
    corruption and Unauthorized access.
    • The focus behind data security is to ensure privacy while
    protecting personal or corporate data.
    Information Technology Security
    • Information technology security is the process of protecting
    computers, networks, programs and data from unintended or
    unauthorized access, change or destruction.
    Why Do we care about Computer Security?
    • Our modern ways of communication provide a lot of
    examples of critical situations involving security issues.
    ✓ Communicating by phone,
    ✓ by e-mail, or by fax,
    ✓ Getting connected to a bank via the Internet and performing
    transactions
    ✓ Digital payment systems,
    ✓ e-voting systems, etc. demands confidentiality and integrity
    of exchanged information.
    Security Goals (pillars)

    • Confidentiality
    • Integrity
    • Availability

    Fig 1 security goals


    Cont..

    Confidentiality
    • It ensures that computer-related assets are accessed only by
    authorized parties.
    • Confidentiality is sometimes called secrecy or privacy.
    Only authorized entities are allowed to view
    Only sender, intended receiver should “understand”
    message contents
    • confidentiality covers two related concepts
    Data confidentiality
    Privacy
    Cont..

    Integrity
    • Information needs to be changed constantly.
    • Integrity means that changes need to be done only by authorized
    entities and through authorized mechanisms or assets can be
    modified only by authorized parties or only in authorized ways.
     Ensures the message was not altered by unauthorized
    individuals.
     sender, receiver want to ensure message not altered (in transit,
    or afterwards) without detection
    • Integrity can be
     Data integrity
     System integrity
    Cont..

    Availability
    • it means that assets are accessible to authorized parties at
    appropriate times
    • The information created and stored by an organization needs
    to be available to authorized entities. Information needs to
    be constantly changed, which means it must be accessible to
    authorized entities.
    • It assures that system works promptly and service is not
    denied for authorized user.
    Vulnerability

    • Vulnerability is a weakness in the security system.


    • Weaknesses can appear in any element of a computer, both
    in the hardware, operating system, and the software.

    Fig 2 vulnerability of computing system


    Cont..

    Hardware Vulnerabilities
    • Hardware is more visible than software
    • it is rather simple to attack by adding devices, changing
    them, removing them, intercepting the traffic to them, or
    flooding them with traffic until they can no longer function.
    • Computers have been drenched with water, burned, frozen,
    gassed, and electrocuted with power surges.
    Cont..

    Software vulnerability
    • Software can be replaced, changed, or destroyed
    maliciously, or it can be modified, deleted, or misplaced
    accidentally. Whether intentional or not, these attacks exploit
    the software’s vulnerabilities.
    • Sometimes, the attacks are obvious, as when the software no
    longer runs. More subtle are attacks in which the software
    has been altered but seems to run normally
    Cont..

    Data vulnerability
    • a data attack is a more widespread and serious problem than
    either a hardware or software attack.
    • data items have greater public value than hardware and
    software because more people know how to use or interpret
    data.
    Policies and mechanisms

    • Policy is a statement of what is, and what is not allowed by


    users of a system.
    • Mechanisms is a method, tool or procedure for enforcing a
    security policy.
    Security controls
    • controls or countermeasures that attempt to prevent
    exploiting a computing system's vulnerabilities.
    a. Authentication
    • Is a process of binding an identity to a subject.
    • Validates the source of a message, to ensure the sender is
    properly identified
    • sender, receiver want to confirm identity of each other
    b. Encryption
    c. Auditing
    d. Standards etc.
    • Thank you!

    You might also like