31268 Study Guide - Final Guide: Non-Repudiation, Public-Key Cryptography, Public Key Certificate
Web Systems Summary 2
Video 03 - Security:
What are the 3 basic security principles?
● Confidentiality, Integrity and Availability (C.I.A)
Confidentiality
Integrity
Availability
● Keep secrets from
unauthorised users
● Authenticate the
user before showing
them information
● Keep information
flowing between
authorised users
● Safeguarding
information by
cryptography
● Allow access to
information to
authorised users
● Safeguard accuracy
of information
● Keep secrets from
unauthorised users
● Safeguarding
information by
cryptography
● Don't allow
information to be
altered by
unauthorised users
● Keep information
flowing between
authorised users
● Information is
allowed to flow to
users when required
● Allow access to
information to
authorised users
Security attack + Appropriate security principle:
● Availability: Cyber criminal attempts a Denial of Service (DoS) attack on our website
● Integrity: A staff member tries to modify the student satisfaction rating on a tutorial
● Confidentiality: A student runs a program to listen on the lab’s network to try steal
answers to the online exam.
● Confidentiality (Authentical/Access Controls): A student attempts to fool the help
desk into letting him log on to the student admin system by pretending to by the
subject coordinator.
What is a security mechanism? What is a security service?
● Security mechanism: designed to detect, prevent or recover from a security attack
● Security service: a service that enhances security of data transfers using 1 or more
security mechanisms
List some typical security services:
● Authentication, Integrity, Confidentiality, Availability,Non-repudiation,Access
Controls
What is non-repudiation?
● Guarantee: assurance and authentication cannot be denied
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
Authenticate the user before showing them information. Don"t allow information to be altered by unauthorised users. Information is allowed to flow to users when required. Allow access to information to authorised users. Availability: cyber criminal attempts a denial of service (dos) attack on our website. Integrity: a staff member tries to modify the student satisfaction rating on a tutorial. Confidentiality: a student runs a program to listen on the lab"s network to try steal answers to the online exam. Confidentiality (authentical/access controls): a student attempts to fool the help desk into letting him log on to the student admin system by pretending to by the subject coordinator. Security mechanism: designed to detect, prevent or recover from a security attack. Security service: a service that enhances security of data transfers using 1 or more security mechanisms. Guarantee: assurance and authentication cannot be denied. Security attacks + security principles that is breaches: