Download Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
Document related concepts

Distributed firewall wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Multilevel security wikipedia , lookup

Unix security wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Information security wikipedia , lookup

Security printing wikipedia , lookup

Airport security wikipedia , lookup

Wireless security wikipedia , lookup

Mobile security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Computer security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Security
prepared and instructed by
Shmuel Wimer
Eng. Faculty, Bar-Ilan University
January 2017
Security
1
The Security Problem
A system is secure if its resources are used and accessed
as intended under all circumstances.
Security violations can be accidental (easier to protect)
or intentional (malicious) (harder to protect).
Some accidental and malicious security violations are:
Confidentiality breach, unauthorized data reading (info
theft), credit-card info, identity info for identity theft.
Integrity breach, unauthorized data modification,
passing liability to innocent party, commercial
application source code modification.
January 2017
Security
2
Availability breach, unauthorized data destruction,
website defacement.
Service theft, unauthorized use of resources.
Denial of service (DOS), prevent legitimate system use.
In masquerading attack method one participant in a
communication pretends to be someone else (another
host or another person).
Attackers breach authentication, the correctness of
identification, gaining access they would not normally be
allowed.
January 2017
Security
3
Standard security attacks.
January 2017
Security
4
Replay attack is a malicious repeat of valid data
transmission, e.g. transfer of money.
In man-in-the-middle attacker sits in the data flow of a
communication, masquerading as the sender to the
receiver, and vice versa.
Security measures have four levels:
1. Physical, e.g. machine rooms and the terminals or
having access to the machines must be secured.
2. Human. Authorization must be done carefully to
assure that only appropriate users have system access.
January 2017
Security
5
3. Operating system, e.g. runaway process causing
accidental denial-of-service attack, a query to a service
could reveal passwords.
4. Network. Data interception of private leased lines,
Internet, wireless connections, dial-up lines.
OS cannot implement security measures or to run
securely without ability to authorize users, processes,
control their access, and log their activities.
Hardware protection, e.g. memory protection, features
are a must for overall protection scheme.
January 2017
Security
6
Program Threats
Processes, along with the kernel, are the only means of
accomplishing work
on a computer. Therefore, writing a program that
creates a breach of security,
or causing a normal process to change its behavior and
create a breach, is a
common goal of crackers. In fact, even most
nonprogram security events have
as their goal causing a program threat. For example,
while it is useful to log in
to a system without authorization, it is quite a lot more
useful to leave behind
aJanuary
back-door
daemon that Security
provides information or allows7
2017
Related documents
Instructor Rubric for Presentations
Instructor Rubric for Presentations
WWW Lab1
WWW Lab1
Document
Document
Tapeworm Diseases - AAP Red Book
Tapeworm Diseases - AAP Red Book
Math 130
Math 130
CFP - IEEE SMC 2017
CFP - IEEE SMC 2017
Mini EURO Conference on Operational Research in Computational
Mini EURO Conference on Operational Research in Computational
Slide 1 - AccessAnesthesiology
Slide 1 - AccessAnesthesiology
Distributed Information Processing in Social Networks
Distributed Information Processing in Social Networks
Third International Conference on Signal and Image Processing
Third International Conference on Signal and Image Processing
File
File
Cyber Security
Cyber Security
10 Steps to Surviving a Healthcare Data Breach
10 Steps to Surviving a Healthcare Data Breach
Plambeck - Stanford University
Plambeck - Stanford University
breach of contract - U of L Class Index
breach of contract - U of L Class Index
Cyber Risk Insurance for Agents - Great American Insurance Group
Cyber Risk Insurance for Agents - Great American Insurance Group
CONTRACT
CONTRACT
Contract Law I - Marietta College
Contract Law I - Marietta College
letter
letter
Topic-Breach of Contract and its remedies
Topic-Breach of Contract and its remedies
DISCHARGE OF CONTRACT
DISCHARGE OF CONTRACT
Why IT Managers Don`t Go for Cyber
Why IT Managers Don`t Go for Cyber