Scribd
Upload
2 views

Lect-4_2

The document discusses data security, focusing on the control measures organizations implement to protect electronic data from unauthorized access and potential loss or damage. It outlines various types of attacks on information security, including interruption, interception, modification, and fabrication, as well as passive and active threats. Additionally, it describes essential security services such as confidentiality, authentication, integrity, non-repudiation, access control, and availability within a network security model.

Uploaded by

abdoalsenaweabdo
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

Lect-4_2

The document discusses data security, focusing on the control measures organizations implement to protect electronic data from unauthorized access and potential loss or damage. It outlines various types of attacks on information security, including interruption, interception, modification, and fabrication, as well as passive and active threats. Additionally, it describes essential security services such as confidentiality, authentication, integrity, non-repudiation, access control, and availability within a network security model.

Uploaded by

abdoalsenaweabdo
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Computer Security

Lecture 4
Dr. Mahmoud Y. Shams
Introduction
 What’s meant by Data Security?
It refers to the control measures adopted by an organization
aimed at consistently securing its owned electronic data files.
Whether they are data files or program files, and protecting
them from two main types of risks:
 Risks of unauthorized access.
 Risks of loss or damage.
Types of Attacks on Information
Security:
1. Interruption
2. Interception
3. Modification
4. Fabrication
First: Interruption
 It refers to attacking the information between the
source of the information and the recipient of the
information.
 The goal of this attack is to destroy the
information or make it unavailable or unusable.
 Examples:
 Destroying the hard drive

 Cutting the communication line

 Disabling the file management system


First: Interruption

Information

Source of Recipient of
Information Information
The Natural Flow of Information

Information

Source of Recipient of
Information Information

Interruption
Second: Interception
 It refers to an unauthorized entity accessing the
information.
 This entity can be either a person or a computer program.
 The goal of this entity is to attack the confidentiality and
privacy of the information.
 Examples:
 Accessing network data
 Unauthorized copying of files and
programs
Second: Interception

Information

Source of Recipient of
Information Information

Unauthorized
Entity
Third: Modification
 Modification represents an attack on the integrity and
accuracy of the information.
 An unauthorized entity tampers with the information.
 Examples:
 Changing values in data files
 Modifying a program to perform
differently
 Altering the content of messages
Third: Modification

Source of
Recipient of
Information
Information

Information

Unauthorized
Entity
Fourth: Fabrication
 This type of attack targets the authenticity
and identity of the user.
 An unauthorized entity introduces forged
items into the system.
 Examples:
 Injecting forged messages into
the network.
 Adding records to a file.
Fourth: Fabrication

Source of Recipient of
Information Information

Unauthorized
Entity
Threats to Information Security
 Attacks on information security are classified into:
Passive Attacks: These involve eavesdropping on
information and monitoring the communication
without modifying the transmitted data.
There are two types of passive attacks:
 Identifying the contents of the message, such as a

phone conversation or an email.


 Analyzing traffic to determine the location and

identity of the communicators, while observing the


length of the message and its frequency.
Threats to Information Security
 Active Attacks: These involve modifying data or
creating false data and are classified into four
categories:
 Impersonation: Occurs when a person pretends to be

someone else.
 Replying: Capturing data and then resending it to
cause an unauthorized effect.
 Message Modification: Altering part of a legitimate
message to create an unauthorized effect.
 Denial of Service (DoS): Preventing the normal use

of communication means by disrupting the


network’s functionality, either by disabling it or
overwhelming it with messages so that it can no
longer function.
Security Services
 Confidentiality:
Protecting transmitted data from passive attacks,
referring to the ability to keep things secret and
ensuring the confidentiality of the data.
 Authentication:

Ensuring the identity of the user and confirming that


you are communicating with the intended person.
 Integrity:

Ensuring that the message is received in its original


form, without alteration, addition, or loss of data.
Security Services
 Non repudiation:
This service ensures that the sender or
receiver cannot deny the message.
 Access Control:

The ability to control access to systems and


applications through communication
connections.
 Availability:

Ensuring that system elements are available


to users when needed.
Network Security Model
Trusted Third Party
e.g. Distributor of Secret
Information
Main Main

Message Message
Secure Secure
Conversion Communication Conversion
Process Channel Process
Secret Secret
Information Information

Interceptor
Network Security Model
 A message is sent from one party to another over the
network, where both parties cooperate to exchange the
message.
 The communication channel is established by the two main
parties in such a way that:
 The process involves converting the information to be

sent into a different form so that it becomes unreadable


by an interceptor.
 Both main parties share some confidential information,

ensuring it remains unknown to the interceptor.


 A trusted third party is required to secure the

transmission process.
Basic roles of the network
security model
 There are four basic roles in designing a security service:
 Designing algorithms to perform the lock
process related to message conversion.
 Generate confidential information used by the
algorithm.
 Find ways to distribute and share confidential
information.
 Determine the protocol used by the main
parties to make the use of algorithms and
confidential information.

You might also like