IFB102 Lecture Notes - Lecture 7: Wire Transfer, Virtual Private Network, Electronic Document

Introduction basic security ideas: access permissions: file security in linux, encryption and pki, network security, hardware and virtual machines. Information disclosure/information leakage: read information e. g. read a secret document. Integrity violation: write information e. g. change a bank transfer, masquerading, pretend to be someone else, identity theft, denial of service, prevent use. Illegitimate use: generic threat: backdoors, trojan horses, insider attacks. Security overview and terminology: networking means physical security is not sufficient to secure data, basic computer security requirements. Integrity: confidentiality, authentication, non-repudiation, availability, access control, these issues further exacerbated in wireless networking where all communication is in the open. Solutions include: encrypt transmitted information, use passwords and certificates, use firewalls to secure lans. Protection: generally computer security concerns protecting, confidentiality. Integrity: availability, associated with confidentiality and integrity, authentication. Identity of person or data source: use passwords, smartcard, challenge response, authorisation, who can access what, could be role based e. g. set of rules for diff people (identities)