Scribd
Upload
18 views

Computer Security

This document discusses the topics of a computer security course, including passwords, access controls, encryption, authentication, email security, and key management. It defines computer security as preventing and detecting unauthorized actions by users. The document outlines aspects of security like confidentiality, integrity, availability, non-repudiation, authentication, and access controls. It also discusses security systems, risk analysis, designing security systems, and security models.

Uploaded by

ARYAN RATHORE
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
18 views

Computer Security

This document discusses the topics of a computer security course, including passwords, access controls, encryption, authentication, email security, and key management. It defines computer security as preventing and detecting unauthorized actions by users. The document outlines aspects of security like confidentiality, integrity, availability, non-repudiation, authentication, and access controls. It also discusses security systems, risk analysis, designing security systems, and security models.

Uploaded by

ARYAN RATHORE
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 18

Computer Security

1
This course will cover the following topics:

• passwords
• access controls
• symmetric and asymmetric encryption
• confidentiality
• authentication and certification
• security for electronic mail
• key management
2
What is Security?
Security is the protection of assets. The three
main aspects are:

• prevention

• detection

• re-action
3
Some differences between traditional
security and information security

• Information can be stolen - but you still


have it
• Confidential information may be copied and
sold - but the theft might not be detected
• The criminals may be on the other side of
the world

4
Computer Security
deals with the prevention
and detection of
unauthorised actions by
users of a computer
system.
5
There is no single definition of security

What features should a computer security


system provide?

6
Confidentiality
• The prevention of unauthorised disclosure
of information.
• Confidentiality is keeping information
secret or private.
• Confidentiality might be important for
military, business or personal reasons.

7
Integrity
• Integrity is the unauthorised writing or
modification of information.
• Integrity means that there is an external
consistency in the system - everything is as it
is expected to be.
• Data integrity means that the data stored on a
computer is the same as the source
documents.
8
Availability
• Information should be accessible and
useable upon appropriate demand by an
authorised user.
• Availability is the prevention of
unauthorised withholding of information.
• Denial of service attacks are a common
form of attack.

9
Non-repudiation
• Non-repudiation is the prevention of either
the sender or the receiver denying a
transmitted message.
• A system must be able to prove that certain
messages were sent and received.
• Non-repudiation is often implemented by
using digital signatures.

10
Authentication
• Proving that you are who you say you are,
where you say you are, at the time you say
it is.
• Authentication may be obtained by the
provision of a password or a scan of your
retina.

11
Access Controls
• The limitation and control of access through
identification and authentication.
• A system needs to be able to indentify and
authenticate users for access to data,
applications and hardware.
• In a large system there may be a complex
structure determining which users and
applications have access to which objects.
12
Accountability
• The system managers are accountable to
scrutiny from outside.

• Audit trails must be selectively kept and


protected so that actions affecting security
can be traced back to the responsible party

13
Security systems
• A security system is not just a computer
package. It also requires security conscious
personnel who respect the procedures and
their role in the system.
• Conversely, a good security system should
not rely on personnel having security
expertise.

14
Risk Analysis
• The disadvantages of a security system are
that they are time-consuming, costly, often
clumsy, and impede management and
smooth running of the organisation.
• Risk analysis is the study of the cost of a
particular system against the benefits of the
system.

15
Designing a Security System
There are a number of design considerations:
• Does the system focus on the data, operations or the users
of the system?
• What level should the security system operate from?
Should it be at the level of hardware, operating system or
applications package?
• Should it be simple or sophisticated?
• In a distributed system, should the security be centralised
or spread?
• How do you secure the levels below the level of the
security system?

16
Security Models
A security model is a means for formally expressing
the rules of the security policy in an abstract detached
way.

The model should be:


• easy to comprehend
• without ambiguities
• possible to implement
• a reflection of the policies of the organisation.
17
Summary
By now you should have some idea about
• Why we need computer security (prevention,
detection and re-action)
• What a computer security system does
(confidentiality, integrity, availability, non-
repudiation, authentication, access control,
accountability)
• What computer security exerts do (design,
implement and evaluate security systems)
18

You might also like