Introduction to Computer Security - 31 January 2012 - Blog - | LINUX - SECURITY |
Saturday, 2016-12-03, 6:32 PM
Welcome Guest | RSS
Statistics

Total online: 1
Guests: 1
Users: 0
Site menu
Our Documentations
1* METASPLOIT
Blog Category
# Only for beginners [39]
This category contains some introductions and tutorials about UBUNTU and BACKTRACK for those who just start using LINUX.
# Computer Security [11]
In this category, you will find all courses about the Informatique Security
# LINUX [2]
EVERYTHING ABOUT LINUX - UBUNTU & BACKTRACK - (NEWS, VIDEOS, TUTORIALS, ... )
# BackTrack 5 Tutorials [6]
In this categorie, I will post all tutorials about BackTrack5 (Installation, Configuration, Update, Hacking...)
# TechnicDynamic Tutorials [12]
Technic Dynamic is a source of education focused in the following categories of technology: (Computer - Design - Gadgets - Networking - Security) Link : http://technicdynamic.com
# Vishnuvalentino Tutorials [2]
He is a computer security specialist, and also freelance website designer. Read more : http://vishnuvalentino.com/about/
# Hackers News [6]
All news about the hackers of the world ...
# Tools [18]
All Security Tools
MEMES PICTURES [0]
Entries archive
Shopping


Follow us
facebook
Main » 2012 » January » 31 » Introduction to Computer Security
1:24 AM
Introduction to Computer Security
Introduction to Computer Security



Introduction to Computer Security

The purpose of this document is to familiarize readers with the basics of computer security, as defined in ISO 7498-2, for example.

The objectives of computer security 

Computer security has several objectives, of course related to the types of threats and types of resources, etc ...However, the main points points are: 
  • prevent the unauthorized disclosure of data
  • prevent the unauthorized modification of data
  • prevent the unauthorized use of network resources or computer in general

The scope of information security 

These objectives apply in different areas or fields of applications, each using different techniques to attain the same objectives, and these fields are: 
  • physical security
  • Personal Safety
  • procedural security (security audit., procedures, computer ...)
  • physical security programs (screens, power cables, power consumption curves ...)
  • the security of operating systems
  • communications security

Terminology of computer security 

Computer security uses a well-defined vocabulary that we use in our articles. In order to understand these articles, it is necessary to define some terms: 
  • Vulnerabilities: what are the security vulnerabilities in one or more systems. Any system as a whole has seen vulnerabilities, which can be exploited or not.
  • Attacks (exploits) represent the means to exploit a vulnerability. There may be several attacks for the same vulnerability but all vulnerabilities are not exploitable.
  • The cons-measures: these are the procedures or techniques to address a vulnerability or to counter a specific attack (in which case there may be other attacks on the same vulnerability).
  • Threats: These are determined opponents can mount an attack exploiting a vulnerability.

For other definitions, see ISO 7498-2 defines no fewer than 59 words, while other definitions are also available in our lexicon. 


Types of attacks 

Attacks may at first be classified into two broad categories: 
  • passive attacks: are to listen to without changing the data or the network. They are generally undetectable but prevention is possible.
  • active attacks: are to change data or messages, to get into network equipment or interfere with proper operation of this network.Note that an active attack can be executed without the ability to listen. In addition, there is generally not possible to prevent these attacks, although they are detectable (allowing an adequate response).

Profiles and capabilities of attackers 

The attackers can be categorized not only by their knowledge (newbies, experts, etc ...) but also according to their capacities of attacks in a well-defined situation. Thus, there are the following capabilities: 
  • transmission of messages without listening skills (IP spoofing ...)
  • listening and messaging
  • listening and disruption of communications (blocking packets, DoS and DDoS ...)
  • listening, disturbance and message transmission
  • listen and relay messages (attacks man-in-the-middle)
Another feature of the attackers will be their hold uni-directional or bi-directional communications, due to the asymmetric nature of these. Indeed, most of the transmission channels over the Internet or any other heterogeneous network are uni-directional and take different paths depending on the routing rules. For example, many security protocols are unidirectional and must be established multiple channels to allow an exchange in "duplex". These channels are at least two in number, are mostly managed completely independently by the security protocol. This is the case for SSL / TLS but for which IPSec security associations (SA) are unidirectional and independent, each defining its own set of keys, algorithms, etc ... 


Core services of information security 

To remedy the flaws and to counter the attacks, computer security is based on a number of services that implement an appropriate response to each threat. At this level, no technique has yet been considered and it is only one level of abstraction to obtain a minimum granularity to deploy a security policy optimally (as analyzed the practical aspects of risk , technological solutions and will cost in the future. See the "Site Security Handbook", RFC 1244 for details). Describe the main security services: 
  • confidentiality
  • authentication (entity, data origin)
  • integrity
    • machines (tamper-resistant, tamper-proofness, secure execution ...)
    • data (with the possibility of recovery)
    • flows:
      • offline mode, packet-level (exchange of request-response, such as UDP)
      • connection-oriented mode (all of the exchange, such as TCP)
      • partial sequence integrity (VoIP, applications, etc ... avoids the DoS for example)
  • access control (= authorization, to differentiate the authentication)
  • non-repudiation (proof of issue or proof of receipt)
Note that encryption, digital signatures and other techniques reflect the lower level of abstraction, described as the set of security mechanisms to provide the services described above. Several mechanisms can produce such authentication service (authentication schemes, encryption, digital signatures ...). However, these security mechanisms are not yet final solutions that will actually be implemented. This will make a final refinement of choosing symmetric algorithms, asymmetric algorithms, key size, etc ... 

Finally, there are other concepts that can not be classified directly in these lists; confidence (trust) is a good example. Indeed, although it is very expensive, trust is required for effective security mechanisms in place. An example of an encapsulation protocol encryption (tunneling), developed in soft, to exchange data while preserving confidentiality. Now if only the data is protected, it is easier for an attacker to break into one of the machines at the ends (PC or otherwise), modify the corresponding library in order to distort the security mechanism (random number forced to a constant value, key values ​​predefined algorithms NULL) and then you can access at your leisure to the transmitted data. Hence the need to establish a trust scheme to ban this type of attack, it is necessary to trust the safety equipment because otherwise, the utility of security mechanisms is called into question.
Category: # Computer Security | Views: 384 | Added by: Administrator | Tags: Security, Computer | Rating: 0.0/0
Total comments: 0
Name *:
Email *:
Code *:
Visitors

Share This On:
Google Translator
Search
Login form
Our poll
Rate my site
Total of answers: 17
Clock & Calendar

«  January 2012  »
SuMoTuWeThFrSa
1234567
891011121314
15161718192021
22232425262728
293031