Differences between revisions 5 and 6
Revision 5 as of 2005-08-16 17:04:34
Size: 1769
Editor: yakko
Comment:
Revision 6 as of 2005-08-16 17:17:53
Size: 2061
Editor: yakko
Comment:
Deletions are marked like this. Additions are marked like this.
Line 30: Line 30:
what are two types of attacks?
   1. Active Attacks: try to directly affect resources
   1. Passive Attacks: gain information by evesdropping.
      1. '''Release of message contents''' allows reading of the message.
      1. '''Traffice analysis''' to gain information about the message
Line 37: Line 43:

Chapter 1 Notes

Terms

computer security

The generic name for the collection of tools designed to protect data and to thwart hackers.

network security (often Internet Security)

Tools that protect data in transit

X.800 Security Architecture for OSI

defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems data transfers

Questions

What are three aspects of information security?

  1. Security Attack: Any action that compromises the security of information.
  2. Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
  3. Security Service: A service that enhances the security of the data processing systems and the information transfers of an organization. Services make use of one or more security mechanisms.

Name three challenges faced by electronic documents not faced by paper documents.

  1. Digital copies are identical.
  2. Alterations are not evident
  3. Proof of authenticity must be provided as a function of the content instead of seals or physical signatures.

What 5 categories does X.800 divide services into?

  1. Authentication (entity is the one it claims to be)
  2. Access Control (Prevention of unauthorized use of a resource)
  3. Data Confidentiality (Protection from unauthorized disclosure)
  4. Data Integrity (Data is received as sent)
  5. Nonrepudiation (Protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.)

what are two types of attacks?

  1. Active Attacks: try to directly affect resources
  2. Passive Attacks: gain information by evesdropping.

    1. Release of message contents allows reading of the message.

    2. Traffice analysis to gain information about the message

Resources

[http://www.faqs.org/rfcs/rfc2828.html Internet Security Glossary RFC 2828]

Csce877Ch1Notes (last edited 2005-08-16 17:40:08 by yakko)