Chapter 1 Notes

Terms

computer security

The generic name for the collection of tools designed to protect data and to thwart hackers.

network security (often Internet Security)

Tools that protect data in transit

X.800 Security Architecture for OSI

defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems data transfers

Questions

What are three aspects of information security?

  1. Security Attack: Any action that compromises the security of information.
  2. Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
  3. Security Service: A service that enhances the security of the data processing systems and the information transfers of an organization. Services make use of one or more security mechanisms.

Name three challenges faced by electronic documents not faced by paper documents.

  1. Digital copies are identical.
  2. Alterations are not evident
  3. Proof of authenticity must be provided as a function of the content instead of seals or physical signatures.

What 5 categories does X.800 divide services into?

  1. Authentication (entity is the one it claims to be)
  2. Access Control (Prevention of unauthorized use of a resource)
  3. Data Confidentiality (Protection from unauthorized disclosure)
  4. Data Integrity (Data is received as sent)
  5. Nonrepudiation (Protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.)

What are 2 types of attacks?

  1. Active Attacks: try to directly affect resources
  2. Passive Attacks: gain information by evesdropping.
    1. Release of message contents allows reading of the message.

    2. Traffice analysis to gain information about the message

Model for Network Security: What are the 4 basic tasks in designing a particular security service (to protect transmitted messages)?

  1. Design an algorithm for performing the security-related transformation. The algorithm should be such that an opponent cannot defeat its purpose.
  2. Generate secret information to be used with the algorithm (Keys).
  3. Develop methods for the distribution of and sharing of the secret information (Key distribution).
  4. Specify a protocol to be used by the two principals that makes use of the security algorithm and the secrite information (key) to achieve a particular security service.

What is a Gatekeeper? ANS: A system that protects resources by allowing only authorized access. Usually a password system of some sort.

What are internal security controls? ANS: Internal security controls monitor activity and analyze stored information in an attempt to detect the presence of unwanted intruders. E.g. virus scanners or spyware scanners.

Resources

[http://www.faqs.org/rfcs/rfc2828.html Internet Security Glossary RFC 2828]

Csce877Ch1Notes (last edited 2005-08-16 17:40:08 by yakko)