Senior UI designer

Only available on StudyMode
  • Download(s): 34
  • Published: November 2, 2013
Open Document
Text Preview
CR415
Information Security

Lecture.1
Introduction to
Security

Associate Professor Dr. : Essam Hamed
Essam.hamed@aast.edu

CR415 CLASS SCHEDULE
Week #
1
2

Covered Topics
Introduction to data Security Principles

Part 1- CRYPTOGRAHY :
Classical Encryption Techniques

3
4,5
6
7

Symmetric Encryption
Public key Cryptography
Message Authentication & Digital Signature

7th Exam.
Part 2 – COMPUTER SECURITY:

8

Key Distribution and User Authentication

9

Internet Security Protocols ( HTTPS), Secure Socket
Layer(SSL), Secure Shell (SSH) protocols

11

User Authentication & Biometric Authentication

12

12th EXAM (Projects Discussion)

13

Part 3 – NETWORK SECURITY:
Firewalls (types/ categories/implementation

14

IP Security

15

Virtual Private Networks (VPN ) theory and applications

16

FINAL EXAM.

Associate Professor Essam Hamed

2

9/21/2013

Most Important
Standards Organizations
 National Institute of Standards & Technology (NIST)


is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government use and to the promotion of U.S. private-sector innovation. Despite its national scope, NIST Federal Information Processing Standards (FIPS) and Special Publications (SP) have a worldwide impact.

 Internet Society (ISOC)


• ISOC is a professional membership society with worldwide organizational and individual membership. It provides leadership in addressing issues that confront the future of the Internet and is the organization home for the groups responsible for Internet infrastructure standards, including the Internet Engineering Task Force (IETF) and the Internet Architecture Board (IAB). These organizations develop Internet standards and related specifications, all of which are published as Requests for Comments (RFCs).

 International Telecommunication Union- Telecommunication Standardization

Sector (ITU-T)



an international organization within the United Nations System in which governments and the private sector coordinate global telecom networks and services. The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors of the ITU. ITUT's mission is the production of standards covering all fields of telecommunications. ITU-T standards are referred to as Recommendations.

Associate Professor Essam Hamed

3

9/21/2013

Computer Security Overview
The NIST Computer Security Handbook defines the
term Computer Security as:
“The protection afforded to an automated information
system in order to achieve the applicable objectives of
preserving the integrity, availability and confidentiality of information system resources” (includes hardware, software, firmware, information/data, and telecommunications).

Associate Professor Essam Hamed

4

9/21/2013

Computer Security Challenges
 computer security is not as

 attackers only need to find a

simple as it might first appear
to the novice
 potential attacks on the
security features must be
considered
 physical and logical placement
needs to be determined
 additional algorithms or
protocols may be involved

single weakness, the
developer needs to find all
weaknesses
 users and system managers
tend to not see the benefits of
security until a failure occurs
 security requires regular and
constant monitoring
 is often an afterthought to be
incorporated into a system
after the design is complete

Associate Professor Essam Hamed

5

9/21/2013

The CIA Triad
Confidentiality
- data confidentiality
- privacy

Integrity
- data integrity
- system integrity

Availability
Associate Professor Essam Hamed

9/21/2013

Security Requirements

9/21/2013
1.٧

Associate Professor Essam
Hamed

Confidentiality :
Revealing the data only to authorized users
is probably the most common aspect of information
security. We need to protect our...
tracking img