+1 (208) 254-6996 [email protected]
  

wits between a perpetrator and

the designer

Don't use plagiarized sources. Get Your Custom Essay on
wits between a perpetrator and the designer • Little benefit from security
Just from $13/Page
Order Essay

• Little benefit from security

investment is perceived until a

security failure occurs

• Strong security is often viewed as

an impediment to efficient and

user-friendly operation

 

 

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

O S I Security Architecture

• Security attack

– Any action that compromises the security of information

owned by an organization

• Security mechanism

– A process (or a device incorporating such a process) that is

designed to detect, prevent, or recover from a security

attack

• Security service

– A processing or communication service that enhances the

security of the data processing systems and the information

transfers of an organization

– Intended to counter security attacks, and they make use of

one or more security mechanisms to provide the service

 

 

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Threats and Attacks

Threat

A potential for violation of security, which exists when there

is a circumstance, capability, action, or event that could

breach security and cause harm. That is, a threat is a

possible danger that might exploit a vulnerability.

Attack

An assault on system security that derives from an intelligent

threat; that is, an intelligent act that is a deliberate attempt

(especially in the sense of a method or technique) to evade

security services and violate the security policy of a system.

 

 

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 1.2 Key Concepts in Security (1 of 2)

 

 

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 1.2 Key Concepts in Security (2 of 2)

 

 

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Security Attacks

• A means of classifying security attacks, used both in X.800

and R F C 4949, is in terms of passive attacks and active

attacks

• A passive attack attempts to learn or make use of

information from the system but does not affect system

resources

• An active attack attempts to alter system resources or

affect their operation

 

 

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Passive Attacks

• Are in the nature of

eavesdropping on, or

monitoring of,

transmissions

• Goal of the opponent is to

obtain information that is

being transmitted

• Two types of passive

attacks are:

– The release of message

contents

– Traffic analysis

 

 

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Active Attacks

• Involve some modification of the

data stream or the creation of a

false stream

• Difficult to prevent because of the

wide variety of potential physical, software, and network

vulnerabilities

• Goal is to detect attacks and to

recover from any disruption or

delays caused by them

• Masquerade

– Takes place when one entity

pretends to be a different entity

– Usually includes one of the other

forms of active attack • Replay

– Involves the passive capture of a

data unit and its subsequent

retransmission to produce an

unauthorized effect • Data Modification

– Some portion of a legitimate

message is altered, or messages

are delayed or reordered to

produce an unauthorized effect • Denial of service

– Prevents or inhibits the normal use

Order your essay today and save 10% with the discount code ESSAYHELP