2IRR40 Security Lecture 1

What is information security?

The preservation of confidentiality, integrity, authenticity and availability of information.

What is network security?

Protection of networks and their service from unauthorized modification, destruction, or disclosure. Also provides assurance that the network performs its critical function correctly and there are no harmful side effects.

What subtypes of network security are there?

1. Communications Security

2. Device/System Security

What is communication security?

Protecting the communication through network devices.

What is device/system security?

Protection against intruders that could gain access to the system in many ways to perform unauthorized actions.

What are security objectives?

The goals you want to achieve when protecting a system or data.

What are the 5 security objectives?

1. Confidentiality

2. Integrity

3. Availability

4. Authenticity

5. Accountability

What is confidentiality?

Protection of information that only authorized people can access or recover.

Prevents passive attacks.

What is integrity?

Data is not changed incorrectly, with no outside unauthorized manipulation.

Prevents active attacks.

What is availability?

Service is not denied to authorized users when needed

What is authenticity?

Assure that an entity is really the one who claims to be

What is accountability?

Actions can be traced back to someone

What are the two subtypes of confidentiality?

1. Data confidentiality: Assurance the private/confidential information is not disclosed or made available to unauthorized individuals

2. Privacy: Assurance the individuals control or influence what information related to them may be collected and stored and by who and to who that information can be disclosed.

What are the two subtypes of integrity?

1. Data integrity: Assurance that data and programs are changed only in specified and authorized manner

2. System integrity: Assurance that a system performs its intended functions in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation.

What is availability?

Assurance that a service is not denied to authorized users

What are the two types of attacks?

1. Passive Attacks: Attempt to learn or make use of information without affecting system resources.

• Hard to detect, easier to prevent.

2. Active Attacks: Involve active actions on information flow

• Easier to detect, hard to prevent.

What are some exmaples of passive attacks?

• Eavesdropping

• Traffic Analysis

What are some exmaples of active attacks?

• Impersonation

• Data deletion

• Replay

What is a security service?

A capability that supports one or more security objectives/requirements.

What are the six fundamental security services?

1. Confidentiality

2. Integrity

3. Availability

4. Access Control/Authorization

5. Non-Repudiation

6. Authentication

What are the two types of authentication?

1. Peer Entity Authentication: Connection-oriented transfer, ensures confidence that the entity you are communicating with is the one who it claims to be.

2. Data Authentication: Connectionless transfer, ensured that the source/destination of the data are the intended ones.

What is authorization/access control?

Assurance that the entity performing a given action has the rights to do so.

What are the types of rights in authorization?

1. Identity (IBAC)

2. Role (RBAC)

3. Contextual Attributes (ABAC)

What is non-repudiation?

Ensures either the sender or receiver cannot deny sending/receiving a particular message.

What is a security algorithm?

A mathematical procedure applied to secure data

What are the classes of security algorithms?

1. Encryption Algorithms

2. Hashing Algorithms

3. Authentication Algorithms

4. Access Control Algorithms

What is a security protocol?

Sequence of operations providing one or more security services to the data/communication, through one or more security algorithms

Why would a TTP be involved in the Generic Network Security Model?

To distribute secrets and synchronize communications