cyber laws and security policies
TRANSCRIPT
-
7/30/2019 Cyber Laws and Security Policies
1/21
Cyber Laws and Security Policies
Characteristics of Computer Intrusion
Assets of a Computer System: Hardware Software
Data
-
7/30/2019 Cyber Laws and Security Policies
2/21
Vulnerability
A vulnerability is a weakness in the designor implementation of the system Threats
A set of circumstances that has a potentialto cause loss or harm Controls
An action, device, procedure or techniquethat removes or reduces the vulnerability
-
7/30/2019 Cyber Laws and Security Policies
3/21
System Security Threats
Interception: Unauthorized persongaining access to an asset
e.g. illicit copying of data, program Interruption: Making an asset
unavailable, lost or unusable
e.g. destruction of h/w, removal of
program or data Modification: Unauthorized tampering of
data
-
7/30/2019 Cyber Laws and Security Policies
4/21
Fabrication: Creating counterfeit objects
e.g. adding records to an existing
database, inserting spurious transactions
Method , Opportunity and Motive
A malicious attacker must have a method(skills, tools), opportunity (time and access),and a motive( reason) to perform an attack.
-
7/30/2019 Cyber Laws and Security Policies
5/21
Types of Vulnerabilities
Hardware Vulnerability:
Deliberate attack on the equipment to limit
availability e.g. theft or destruction
Software Vulnerability:
Software deletion or replacement ormodification e.g. virus, trojan horse,information leaks
-
7/30/2019 Cyber Laws and Security Policies
6/21
Data Vulnerability:
Illegal access to data to cause loss inits value
e.g. wire tapping, planting bugs inoutput devices, sifting through trash,inferring data from other values
-
7/30/2019 Cyber Laws and Security Policies
7/21
Security Goals
Confidentiality :Assets are only accessedby authorized people
Integrity: Data or Assets are precise,accurate, unmodified, meaningful
Availability: Data and services areaccessible to users at appropriate times
-
7/30/2019 Cyber Laws and Security Policies
8/21
Cyber Criminals
Amateurs: Normal people who observea weakness in a system
Crackers: Students attempting toaccess unauthorized computing facilitiesout of curiosity
Career Criminals: Professionals who
engage in crime knowing the prospectsfor good payoff
-
7/30/2019 Cyber Laws and Security Policies
9/21
Methods of Defense
Preventing: block the attack, closethe vulnerability
Deterring: make the attack harder Deflecting: make another target more
attractive Detecting: identify the attack when it
happens Recovering: place incident response
procedures
-
7/30/2019 Cyber Laws and Security Policies
10/21
Controls
Encryption Software controls
Hardware controls Physical controls Policies and Procedures
Layered controls
-
7/30/2019 Cyber Laws and Security Policies
11/21
Software: Operating System andNetwork system controls, passwordcheckers, intrusion detection utilities,
virus scanners, access limitation(d/b),development controls(quality standards)
Hardware: devices to verify useridentities, firewalls, IDS, locks or cables,hardware or smart card implementation
-
7/30/2019 Cyber Laws and Security Policies
12/21
Physical Controls: Guards at entrypoints, backup copies of important
software and data, locks on doors
Policies and Procedures: Frequent
change of passwords, formalstandards of ethical behavior
-
7/30/2019 Cyber Laws and Security Policies
13/21
Cryptography
Encryption: The process of encoding amessage so that its meaning is notobvious
Decryption: The reverse process,transforming an encrypted message backinto its original form to reveal the
original message Cryptosystem: A system for encryption
and decryption
-
7/30/2019 Cyber Laws and Security Policies
14/21
Encryption
C = E(K, P)
where, E is the encryption algorithm,K the key, P the plain text and C the
cipher text
-
7/30/2019 Cyber Laws and Security Policies
15/21
Decryption
P = D(K, C) where, D is the
decryption algorithm, K the key, C thecipher text and P the plain text
-
7/30/2019 Cyber Laws and Security Policies
16/21
Types of Encryption
Symmetric encryption: The encryptionand decryption keys are the same. Here,
P = D(K, E(K,P)).
Asymmetric encryption: The encryptionand decryption keys come in pairs. Here,P = D(KD, E(KE,P)).
-
7/30/2019 Cyber Laws and Security Policies
17/21
Types of Encryption
Substitutions: Here, one letter is
exchanged for another
Transpositions: Here, the order of the
letters is rearranged
-
7/30/2019 Cyber Laws and Security Policies
18/21
Shannons Characteristics of GoodCiphers
The amount of secrecy needed shoulddetermine the amount of labor for the
encryption and decryption. The set of keys and the enciphering
algorithm should be free from
complexity. The implementation of the process
should be as simple as possible.
-
7/30/2019 Cyber Laws and Security Policies
19/21
Shannons Characteristics ofGood Ciphers
Errors in ciphering should notpropagate and cause corruption offurther information in the message.
The size of the enciphered text shouldbe no larger than the text of the
original message.
-
7/30/2019 Cyber Laws and Security Policies
20/21
Encryption Algorithms
DES ( Data Encryption Standard)
AES ( Advanced Encryption Standard) RSA (Rivest Shamir Adelman)
-
7/30/2019 Cyber Laws and Security Policies
21/21
Applications of Encryption
Cryptographic hash functions
(checksum or message digest) Key exchange Digital signatures
Digital certificates