Lecture 12: Mid-term Review,School of Software Engineering, CQU Fall, 2014,An Introduction to Information Security,2,2019/2/25,An Introduction to Information Security,Lecture 1: Preface,The Categories of attacks: Generally, there are four general categories of security attacks Interruption 阻断 Interception 窃听 Modification 修改 Fabrication 伪装,1. About IS,2. WWW IS?,3. S_ Attacks,4. S_ Services,Information source,Information destination,An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability. Examples include: destruction of a piece of hardware the cutting of a communication line the disabling of the file management system DOS/DDOS (Denial of Service),3,2019/2/25,An Introduction to Information Security,Lecture 1: Preface,1. About IS,2. WWW IS?,3. S_ Attacks,4. S_ Services,The Categories of attacks: Generally, there are four general categories of security attacks Interruption 阻断 Interception 窃听 Modification 修改 Fabrication 伪装,Information source,Information destination,An unauthorized party gains access to an asset. This is an attack on confidentiality(保密性). egs: wiretapping (窃听) to capture data in a network the illicit (非法) copying of files or programs ,4,2019/2/25,An Introduction to Information Security,Lecture 1: Preface,The Categories of attacks: Generally, there are four general categories of security attacks Interruption 阻断 Interception 窃听 Modification 修改 Fabrication 伪装,1. About IS,2. WWW IS?,3. S_ Attacks,4. S_ Services,Information source,Information destination,An unauthorized party not only gains access to but tampers (篡改) with an asset. This is an attack on deniability / integrity (完整性). Examples are: changing values in a data file altering a program modifying the content of messages ,5,2019/2/25,An Introduction to Information Security,Lecture 1: Preface,The Categories of attacks: Generally, there are four general categories of security attacks Interruption 阻断 Interception 窃听 Modification 修改 Fabrication 伪装,1. About IS,2. WWW IS?,3. S_ Attacks,4. S_ Services,Information source,Information destination,An unauthorized party inserts counterfeit (假冒的) objects into the system. This is an attack on authenticity (真实性). Examples are: insertion of spurious messages in a network addition of records to a file ,6,2019/2/25,An Introduction to Information Security,Lecture 1: Preface,1. About IS,2. WWW IS?,3. S_ Attacks,4. S_ Services,These attacks involves some modification of the data stream or the creation of a false stream, which can be subdivided into four categories: masquerade (伪装) replay (重放) modification of messages (篡改) denial of service (拒绝服务) Active attacks present the opposite characteristics of passive attacks:,Easy to detect but hard to prevent！,Active Attack,Passive attack,and,7,2019/2/25,An Introduction to Information Security,Lecture 1: Preface,1. About IS,2. WWW IS?,3. S_ Attacks,4. S_ Services,Passive attacks are in the nature of eavesdropping(偷听) on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are: release of message contents (泄密) traffic analysis (流量分析) passive attacks present the opposite characteristics of active attacks:,Easy to prevent but hard to detect！,Active Attack,Passive attack,and,8,2019/2/25,An Introduction to Information Security,Lecture 1: Preface,Security Services Confidentiality (保密性) Availability (可用性) Nonrepudiation (防抵赖) Authentication (真实性) Integrity (完整性) Access Control (可控性),1. About IS,2. WWW IS?,3. S_ Attacks,4. S_ Services,Ensures that the information in a network and transmitted information are accessible only for reading by authorized parties.,9,2019/2/25,An Introduction to Information Security,Lecture 1: Preface,Security Services Confidentiality (保密性) Availability (可用性) Nonrepudiation (防抵赖) Authentication (真实性) Integrity (完整性) Access Control (可控性),1. About IS,2. WWW IS?,3. S_ Attacks,4. S_ Services,Requires that computer assets be available to authorized parties as needed.,10,2019/2/25,An Introduction to Information Security,Lecture 1: Preface,Security Services Confidentiality (保密性) Availability (可用性) Nonrepudiation (防抵赖) Authentication (真实性) Integrity (完整性) Access Control (可控性),1. About IS,2. WWW IS?,3. S_ Attacks,4. S_ Services,Requires that neither the sender nor the receiver of a message be able to deny the transmission.,I didnt send R the message !,I didnt receive the message from S !,11,2019/2/25,An Introduction to Information Security,Lecture 1: Preface,Security Services Confidentiality (保密性) Availability (可用性) Nonrepudiation (防抵赖) Authentication (真实性) Integrity (完整性) Access Control (可控性),1. About IS,2. WWW IS?,3. S_ Attacks,4. S_ Services,Ensures that the origin of a message or electronic document is correctly identified, with an assurance that the identity is not false.,Ich bin Xiaofeng + Credential,Verify User and Credential,Authorized,