2011년 4월 18일 월요일

IS :: Security Problems in Computing (Ch1)


1. What does “secure” means?
 1) protecting valuables - HW, SW, data

2. Objectives
 1) understanding security problems
 2) understanding methods available to deal with such problems

3. Terms
 1) Vulnerability: weakness in a system
 2) Threat: circumstances that has the potential for violation of security
 3) Risk: possibility[probability] that a threat results in a loss
 4) Control: mechanism[countermeasure] that removes vulnerability
 5) Attack: perpetrating conduct for a human to exploit a vulnerability
 6) Harm: damage occurred when a threat is realized
 7) Example
    water flooding = Threat
    crack = Vulnerability
    finger = Control
    height = Risk

4. What is “computer Security”?
 : many many various opinions…

5. Basic Security Components (CIA)
 1) Confidentiality: prevention of unauthorized disclosure of information (VISIBILITY)
 2) Integrity: prevention of unauthorized modification of information (MODIFY)
 3) Availability: prevention of unauthorized withholding of information (ACCESS)

6. Security Attacks
 1) Interruption: interrupt data transmission, attack on \A, DDoS
 2) Interception: intercept data passively, attack on \C, Snipping
 3) Modification: modify original data, attack on \I, BOF
 4) Fabrication: fabricate certain data, attack on \CIA, Spoofing
 - Passive Attack: difficult to detect, easy to prevent
 - Active Attack: possible to detect, difficult to prevent

7. Attack Methods
 1) Physical Access Attack: vandalism
 2) Dialog Attack: eavesdropping(도청)
 3) Penetration Attack: DoS, Malware, Virus, Worm
 4) Social Engineering: password theft

8. MOM (necessary condition to attack)
 1) Method: skill, knowledge, tool
 2) Opportunity: time, access
 3) Motive: reason - attractive, easy, anonymity

9. Defense (Control)
 1) way: prevent, deter, deflect, detect
 2) SW control: Access limitation in OS, DB
 3) HW control: Smart Card
 4) Secure Policy: frequent change of passwords
 5) Physical control: limited access to machine rooms
 6) Social Engineering Defense: training, punishment
 7) Dialog Attack Defense: Cryptography
 - Multiple Controls: Layered approach to secure
Posted by at

댓글 없음:

댓글 쓰기

피드 구독하기: 댓글 (Atom)