Defining computer security
- Security: asset protection, protection against danger loss or loss of control of something
valuable
- Computer Security: protection of computer related assets against an attack or threat &
ensure usage of computer hardware and software by non attackers
- CIA (Confidentiality, Integrity, Availability):
- Confidentiality: Ensures that information is accessible only to those authorized to
view it
- Access controls: Limiting access to data through authentication methods
like usernames, biometrics and multi-factor authentication
- Encryption: converting data into a coded format to make it unreadable
without the property
- Data Masking and Obfuscation: redacting sensitive parts of data when
shown to unauthorized individuals or applications
- Network security: Implementing firewalls, VPNs and secure network
configurations to prevent unauthorized access
- Integrity: Protects information from being altered or tampered with
- Checksums and Hashing
- Digital signatures and certificates
- Access controls and permissions
- Audit Trails and Logging
- Availability: Ensures that authorized users have consistent access to information
- Redundancy and Fault Tolerance
- Data Backups
- Disaster Recovery and Continuity Plans
- Network Security and Defense
Goals:
1. Prevention: safeguarding of assets from threats
2. Detection: system to detect when attack or malicious activity about to take place
3. Reaction: defining procedures that enable you to deal with an attack
Security aspects:
1. Policy: deals with confidentiality, integrity, and availability of data
2. Threat model: set of assumptions about people involved in malicious activity and the
3. Mechanism: software/ hardware that's designed and implemented to make sure the
policies enforced using assumptions which we made using the threat model
Important terms:
- Attack: activities harmful to computer systems, data, software and hardware etc
- Risk: possibility of damage or loss of digital assets in case of an attack
, - Zero-day from ability: A vulnerability used by an attacker before being discovered by the
developer of the software
- Zero-day: length of time the developer has to react to this particular issue (none
at all)
- Exploit: software used to take advantage of a bug/ vulnerability
- Hackers
- White hats (ethical hackers): try to find weaknesses in the computer or network
system with proper permission from a company
- Aim: find and fix the vulnerabilities before they are exploited by an
attacker
- Black hats: try to penetrate the system to gain unauthorized access
- Aim: harm operations/ steal sensitive information
- Gray hats: falls between white hat and black hats and work with varying
combinations or both good and bad intentions
- Phishing: A social engineering attack where attackers pose as legitimate entities
Quiz: The basics
- Security: asset protection, protection against danger loss or loss of control of something
valuable
- Computer Security: protection of computer related assets against an attack or threat &
ensure usage of computer hardware and software by non attackers
- CIA (Confidentiality, Integrity, Availability):
- Confidentiality: Ensures that information is accessible only to those authorized to
view it
- Access controls: Limiting access to data through authentication methods
like usernames, biometrics and multi-factor authentication
- Encryption: converting data into a coded format to make it unreadable
without the property
- Data Masking and Obfuscation: redacting sensitive parts of data when
shown to unauthorized individuals or applications
- Network security: Implementing firewalls, VPNs and secure network
configurations to prevent unauthorized access
- Integrity: Protects information from being altered or tampered with
- Checksums and Hashing
- Digital signatures and certificates
- Access controls and permissions
- Audit Trails and Logging
- Availability: Ensures that authorized users have consistent access to information
- Redundancy and Fault Tolerance
- Data Backups
- Disaster Recovery and Continuity Plans
- Network Security and Defense
Goals:
1. Prevention: safeguarding of assets from threats
2. Detection: system to detect when attack or malicious activity about to take place
3. Reaction: defining procedures that enable you to deal with an attack
Security aspects:
1. Policy: deals with confidentiality, integrity, and availability of data
2. Threat model: set of assumptions about people involved in malicious activity and the
3. Mechanism: software/ hardware that's designed and implemented to make sure the
policies enforced using assumptions which we made using the threat model
Important terms:
- Attack: activities harmful to computer systems, data, software and hardware etc
- Risk: possibility of damage or loss of digital assets in case of an attack
, - Zero-day from ability: A vulnerability used by an attacker before being discovered by the
developer of the software
- Zero-day: length of time the developer has to react to this particular issue (none
at all)
- Exploit: software used to take advantage of a bug/ vulnerability
- Hackers
- White hats (ethical hackers): try to find weaknesses in the computer or network
system with proper permission from a company
- Aim: find and fix the vulnerabilities before they are exploited by an
attacker
- Black hats: try to penetrate the system to gain unauthorized access
- Aim: harm operations/ steal sensitive information
- Gray hats: falls between white hat and black hats and work with varying
combinations or both good and bad intentions
- Phishing: A social engineering attack where attackers pose as legitimate entities
Quiz: The basics
