Threats
and Attacks
INTRODUCTION
Computer data often travels from one computer to another,
leaving the safety of its protected physical surroundings. Once the data is out
of hand, people with bad intention could modify or forge your data, either for
amusement or for their own benefit.
Cryptography can reformat and transform our data, making it
safer on its trip between computers. The technology is based on the essentials
of secret codes, augmented by modern mathematics that protects our data in
powerful ways.
•
Computer Security - generic name
for the collection of tools designed to protect data and to thwart hackers
•
Network Security - measures to
protect data during their transmission
•
Internet Security - measures to
protect data during their transmission over a collection of interconnected
networks
THE OSI SECURITY ARCHITECTURE
To assess effectively the security
needs of an organization and to evaluate and choose various security products
and policies, the manager responsible for security needs some systematic way of
defining the requirements for security and characterizing the approaches to
satisfying those requirements. The OSI security architecture was developed in
the context of the OSI protocol architecture, which is described in Appendix H.
However, for our purposes in this chapter, an understanding of the OSI protocol
architecture is not required.
For
our purposes, the OSI security architecture provides a useful, if abstract,
overview of many of the concepts.. The OSI security architecture focuses on
security attacks, mechanisms, and services. These can be defined briefly as
follows:
Table 1.1. Threats and Attacks (RFC 2828)
|
Threat
|
A
potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security and
cause harm. That is, a threat is a possible danger that might exploit a
vulnerability.
|
Attack
|
An
assault on system security that derives from an intelligent threat; that is,
an intelligent act that is a deliberate attempt (especially in the sense of a
method or technique) to evade security services and violate the security
policy of a system.
|
Security Attacks, Services And
Mechanisms
To assess the security needs of an organization effectively,
the manager responsible for security needs some systematic way of defining the
requirements for security and characterization of approaches to satisfy those
requirements. One approach is to consider three aspects of information
security:
- Security attack – Any action that compromises the security of
information owned by an organization.
- Security mechanism – A mechanism that is designed to detect, prevent or
recover from a security attack.
- Security service – A service that enhances the security of the data
processing systems and the information transfers of an organization. The
services are intended to counter security attacks and they make use of one
or more security mechanisms to provide the service.
No comments:
Post a Comment