Scribd
Upload
6 views

System and Network Security

The document discusses why security matters and outlines the goals of security as preventing, detecting, and recovering from attacks. It describes CIA security properties of confidentiality, integrity, and availability and discusses authenticity and accuracy. It also covers security issues, vulnerabilities, attacks, and threats.

Uploaded by

epicsmurfc2
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
6 views

System and Network Security

The document discusses why security matters and outlines the goals of security as preventing, detecting, and recovering from attacks. It describes CIA security properties of confidentiality, integrity, and availability and discusses authenticity and accuracy. It also covers security issues, vulnerabilities, attacks, and threats.

Uploaded by

epicsmurfc2
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

SENG2250 System and Network Security – 21/7/21

Why does security matter?

- Money: e.g., Ransomware


- Sensitive data
- Intelligent property
- Industrial sabotage
- Computing power and resources
- Fun
- Increasing computer crimes and financial losses

- System features/functionalities

- the more, the better

- System Correctness

- Desire input -> desired output

- Security

- Unexpected input -> controllable output

- System complexity -> more vulnerabilities

- More secure -> less efficient, less convenient, more cost

The goal of security

- Prevent an attack (before it happens)


o This is the ideal solution
o This is where technology should be helping most!
- Detect the attack (when it happens)
o Know what is going on, and who is causing it
o This is really where technology is helping most!
- Recover from an attack (as soon as possible)
o Stop the attack
o Assess and repair the damage caused

C.I.A – Security Properties

- Confidentiality: Assets should be accessible to authorised parties only

- Integrity: Assets should be unmodifiable by unauthorised parties

- Availability: Assets should be available to authorised parties


Confidentiality

- Prevent assets from accessing by unauthorised parties


- Access control mechanisms support confidentiality
o Eg cryptography (keys), encryption
- Confidentiality also applies to the existence of data, which is sometime more revealing
that the data itself
- Resource hiding is another important aspect
o Sites whish to conceal their configuration as well as what systems they are using
o Organisations may not wish for people to know about specific equipment they
are using
- Assumptions and trust underlie confidentiality mechanisms

Integrity

- Integrity includes
o Data integrity: the content of the information
o Origin integrity: the source of the data, often called authentication
- Integrity mechanisms fall into 2 classes
o Prevention
 Seek to maintain the integrity of the data by blocking any unauthorised
attempts to change the data or any attempts to change the data in
unauthorised ways
 E.G., Access control
o Detection mechanisms
 Do not try to prevent violations of integrity; they simply report that the
data’s integrity is no longer trustworthy
 E.g., MAC, digital signatures

Confidentiality And Integrity

- With confidentiality the data is either compromised or it is not, but integrity include
both the correctness and the trustworthiness of the data
- The origin of the data (how and from whom it was obtained), how well the data was
protected before it arrived at the current machine all affect the integrity of the data
- Thus, evaluating integrity is often difficult

Availability

- Availability is very much linked to reliability as well as of system design because an


unavailable system is as bad as no system at all
- Someone may deliberately deny access to data or to a service by making it unavailable
- Attempts to block availability are called, denial of service (DoS) attacks
o Dos attacks are difficult to detect because it requires the analyst to determine if
unusual patterns of access are attributable to deliberate manipulation of
resources or of environment
o Sometimes DoS attacks just seem to be atypical events or in some cases they are
not even atypical, Statistical models are important here esp. of network traffic
o
Authenticity and Accuracy

- Authenticity
o The origin of assets should be assured, and the assets should be unforgeable by
unauthorised parties.
o E.g., Impersonation, forgery of digital signatures
- Accuracy
o Be free from mistakes and errors
o Provide information as end user expects
o E.g., $ = AUD/USD/…?

Security Issues

- Interruption: An attack on availability (active)


- Interception: An attack on confidentiality (passive)
- Modification: An attack on integrity (active)
- Fabrication: An attack on authenticity (active)

Vulnerabilities and Attacks

- Vulnerabilities: A weakness in the system that is could be exploited to harm the system
or assets
o Account password is too simple: 12345678
- Attack: An exploitation of one or more system vulnerabilities by using specific
techniques to cause some damage
o Guess/Brute force password to gain the access to account

Attacks

- Security attacks
o Consists of goals and a set of actions that exploits vulnerability in controlled
system
o Accomplished by threat agent that damages or steals information
- Relationship with CIA
o An attack aims at breaking one or more properties of CIA
o CIA provides directions of defending specific attacks

Security Threats

- Threat: A potential danger which may be presented by exploiting some vulnerabilities in


attacks
- The violation need not occur for the to be a threat
- The fact that the violation MIGHT occur is a threat
- If the action occurs, then it is an attacks
- The one who causes the attack to happen is an attacker/adversary

You might also like