Scribd Logo
Upload

Welcome to Scribd!

  • Final

    Uploaded by

    Shrikant Danawale
    4 views14 pages
    This document provides an overview of information security concepts including definitions of information security, types of attacks, goals of security, e-commerce security, computer forensics, and steganography. It defines information security as protecting information, systems, and hardware from unauthorized access, use, alteration, or destruction. The three main goals of security are confidentiality, integrity, and availability of information. Computer forensics involves preserving, identifying, extracting, documenting, and interpreting computer evidence for legal purposes. Steganography techniques have historically involved concealing messages in various covers such as egg shells, folded silk, and even human skin and hair.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides an overview of information security concepts including definitions of information security, types of attacks, goals of security, e-commerce security, computer forensics, and steganography. It defines information security as protecting information, systems, and hardware from unauthorized access, use, alteration, or destruction. The three main goals of security are confidentiality, integrity, and availability of information. Computer forensics involves preserving, identifying, extracting, documenting, and interpreting computer evidence for legal purposes. Steganography techniques have historically involved concealing messages in various covers such as egg shells, folded silk, and even human skin and hair.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views14 pages

    Final

    Uploaded by

    Shrikant Danawale
    This document provides an overview of information security concepts including definitions of information security, types of attacks, goals of security, e-commerce security, computer forensics, and steganography. It defines information security as protecting information, systems, and hardware from unauthorized access, use, alteration, or destruction. The three main goals of security are confidentiality, integrity, and availability of information. Computer forensics involves preserving, identifying, extracting, documenting, and interpreting computer evidence for legal purposes. Steganography techniques have historically involved concealing messages in various covers such as egg shells, folded silk, and even human skin and hair.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Chapter 2:

    Information Security
    Concepts
     Information Security Overview
     Types of Attacks
     Goals of Security
     E-Commerce Security
     Computer Forensics
     Steganography

    By: Prof. Jadhavrao Swapnil Sugaraj


    Q. What Is Information Security?

    • The protection of information and its critical elements,


    including the systems and hardware that use, store,
    and transmit that information.

    • For Security Tools, such as policy, awareness,


    training, education, and technology are necessary.
    Types Of Attacks:

    Security attacks in practice

    Active Attacks Passive Attacks

    Attempt to perform Does not attempt to


    any modifications to perform any
    the data. modifications to the
    data.
     Goals Of Security

    Three main Goals of Security:


    • Confidentiality [covers both data confidentiality and privacy]: preserving
    authorized restrictions on information access and disclosure, including means
    for protecting personal privacy and proprietary information. A loss of
    confidentiality is the unauthorized disclosure of information.

    • Integrity (means the quality of being honest)[covers both data and system
    integrity]: Guarding against improper information modification or damage, and
    includes ensuring information authenticity. A loss of integrity is the unauthorized
    modification or destruction of information.

    • Availability: Ensuring timely and reliable access to and use of information. A


    loss of availability is the disturbance of access to or use of information or an
    information system.
    E-Commerce Security

     Computer security
    The protection of resources from unauthorized access,
    use, alteration, or destruction.

     Physical security
    Includes touchable protection devices.

     Logical security
    Protection of resources using nonphysical (data) means.

     Threat
    Any act or object that poses a danger to computer
    resources.
    Types of Threats

     The players
     Hackers (Ethical Hackers)
     Crackers (Data thieves)

     Systems and software bugs and misconfigurations

     Malicious code
     Viruses
     Worms
     Trojan horses
    What is Computer Forensics?

    Computer forensics involves the preservation,


    identification, extraction, documentation, and
    interpretation of computer media for evidence.

    Evidence might be required for a wide range of


    computer crimes and misuses.
    Evidence
     What Constitutes use Digital Evidence?

     Any information being subject to human intervention or


    not, that can be extracted from a computer.
     Must be in human-readable format or capable of being
    interpreted by a person with expertise in the subject.

     Computer Forensics Examples

     Recovering thousands of deleted emails


     Recovering evidence post formatting hard drive
    users had taken over the system
    Who Uses Computer Forensics?

     Criminal Prosecutors
     Rely on evidence obtained from a computer to prosecute
    suspects and use as evidence
     Civil Litigations
     Personal and business data discovered on a computer can be
    used in fraud, divorce, harassment, or discrimination cases
     Insurance Companies
     Evidence discovered on computer can be
    used to mollify costs (fraud, worker’s
    compensation, arson, etc.)
     Private Corporations
     Obtained evidence from employee computers can
    be used as evidence in harassment, fraud, and imp data
    misuse cases.
    Goals of Computer Forensics

    Primary Aim of Computer Forensics is File Recovery from:

     Deleted Files
     Hidden Files
     Bad Blocks
     Steganography
    Steganography –”Cover Writing” (Short History)
    Example1:
    In 1615 Giovanni Porta described how to conceal a message within a
    Hard Boiled Egg by writing on the shell with a special Ink made with a
    small amount of Alum and pinch of Vinegar.
    The solution penetrates the porous shell, leaving no visible trace, but
    message is stained on the surface of the hardened egg albumen, so it
    can read when the shell is removed.

    Example2:
    Ancient Chinese wrote notes (Message) on small pieces of silk that then
    folded into a small balls and coated with wax to be swallowed by a
    messenger and retrieved at the messenger’s gastrointestinal
    convenience.

    Example3:
    A Greek shaved the head of a slave, wrote a message, then waited for
    the hair to grow back before sending the slave to his destination.
    Steganography –”Cover Writing”

    In Present days So many ways we can use this Concept


    Like
     In SMS (Short Message Service) Or
     In Military (Navy) they uses Semaphore to pass message from One
    Ship to Another
    THANK YOU

    You might also like