IMMACULATE HEART OF MARY COLLEGE-PARAAQUE Dominic Savio st.

Better Living Subdivision Paraaque City

ITE Elective 3 Information Assurance and Security 2012-2013/First Semester

Taglucop, Mary Jane C. Fourth Year Level

DEFINITION OF SECURITY AND RISK MANAGEMENT Before I define security and risk management. I will define first security. Security comes from the root word secure which means safe or free from harm or risk. So I define security as a condition of being safe or protected from any harm or risk. And risk management, risk means danger, harm, loss and management means managing or controlling. Security and risk management is a process wherein you secure or protect your files or property from any risk or harmful act and at the same time maintaining a good condition to lessen the risk that might affect your data. THREE COMPREHENSICE APPROACHES 1. Identification: For access control to be effective, it must provide some way to identify an individual. The weakest identification capabilities will simply identify someone as part of a vague, poorly defined group of users who should have access to the system. Your TechRepublic username, a PGP e-mail signature, or even the key to the server closet provides some form of identification. 2. Authentication: Identification requires authentication. This is the process of ensuring that the identity in use is authentic that its being used by the right person. In its most common form in IT security, authentication involves validating a password linked to a username. Other forms of authentication also exist, such as fingerprints, smartcards, and encryption keys. 3. Authorization: The set of actions allowed to a particular identity makes up the meat of authorization. On a computer, authorization typically takes the form of read, write, and execution permissions tied to a username.

COMPUTER ETHICS FALLACIES The Computer Game Fallacy Computer games like solitaire and game computers like those made by Nintendo and Sega do not generally let the user cheat. So it is hardly surprising for computer users to think, at least

subliminally, that computers in general will prevent them from cheating and, by extension, from otherwise doing wrong. The Law Abiding Citizen Fallacy Computer virus writers do this all the time. They say: The First Amendment gives me the constitutional right to write anything I want, including computer viruses. Since computer viruses are an expression, and a form of writing, the constitution also protects the distribution of them, the talking about them, and the promotion of them as free speech. The Shatterproof Fallacy Forwarding E-mail without at least the implied permission of all of its authors often leads to harm or embarrassment of participants who thought they were conferring privately. Using E-mail to stalk someone, to send unwanted mail or junk mail, and to send sexual innuendoes or other material that is not appreciated by the recipient all constitute harmful use of computers. Software piracy is another way in which computer users can hurt people. Those people are not only programmers and struggling software companies but also end users who must pay artificially high prices for the software and systems they buy and the stockholders and owners of successful companies who deserve a fair return on their investment. The Candy from a Baby Fallacy Guns and poison make killing easy (i.e., it can be done from a distance with no strength or fight) but not necessarily right. Poisoning the water supply is quite easy, but it is beyond the gut-level acceptability of even the most bizarre schizophrenic. The Hackers Fallacy Consider the hack on Tonya Harding (the Olympic ice skater who allegedly arranged to have her archrival, Nancy Kerrigan, beaten with a bat). During the Lillehammer Olympics, three U.S. newspaper reporters, with the Detroit Free Press, San Jose Mercury News, and The New York Times, discovered that the athletes E-mail user IDs were, in fact, the same as the ID numbers on the backs of their backstage passes. The reporters also discovered that the default passwords for the Olympic Internet mail system were simple derivatives of the athletes birthdays. Reporters

used this information to gain access to Tonya Hardings E-mail account and discovered that she had 68 messages. They claim not to have read any of them. They claim that no harm was done, nothing was published, no privacy was exploited. As it happens, these journalists were widely criticized for their actions. But the fact is, a group of savvy, intelligent people thought that information technology changed the ground rules. The Free Information Fallacy The fallacy probably stems from the fact that once created in digital form, information is very easy to copy and tends to get distributed widely. DIFFERENT CRYPTOGRAPHIC TECHNIQUES OR SCHEMES Key-distribution cryptosystem

Encrypting &decrypting are closely tied together. The sender and the receiver must agree on the use of a common key before any message transmission takes place. A safe communication channel must exist between a sender and receiver. Public-key Cryptosystem

In a public key cryptosystem, each participant is assigned a pair of inverse keys E and D.

Different functions are used for enciphering and deciphering, one of the two keys can be made public, provided that it is impossible to generate one key from the other. E can be made public, but D is kept secret. The normal key transmission between senders and receivers can be replaced by an open directory of enciphering keys, containing the keys E for all participants.

Using Public-Key Cryptosystem to Transfer Messages Secretly When a person A wishes to send a message to a person B, the receivers enciphering key EB is used to generate the ciphertext EB(m). Since the key EB is freely available, anyone can then encipher a message destined for B. However, only the receivers B with access to the decipher key DB can regenerate the original text by performing the inverse transform DB(EB(m)).

Digital Signature Guaranteeing authenticity. Let B be the recipient of a message m signed by A. Then As signature must satisfy:

1. B must be able to able to validate As signature on m. 2. It must be impossible to forge As signature. 3. If A disavow signing a message, a third party must be able to resolve the distribute. Using Public-key Systems to Implement Digital Signatures 1. A signs m by computing c=DA(m) 2. B validates As signature by checking EA(c) =m 3. A dispute can be judged by checking whether EA(c) restores M in the same ways as B. Requirements: Dk(Ek(m))=Ek(Dk(m))=m

Secrecy and Authenticity in A Public-Key System

EA(DB(C))=EA(DB(EB(DA(M)))) =EA(DA(M)) =M

NETWORK TOPOLOGIES (ADVANTAGES AND DISADVANTAGES) Advantages of Bus Topology 1) It is easy to set-up and extend bus network. 2) Cable length required for this topology is the least compared to other networks. 3) Bus topology costs very less. 4) Linear Bus network is mostly used in small networks. Good for LAN. Disadvantages of Bus Topology 1) There is a limit on central cable length and number of nodes that can be connected. 2) Dependency on central cable in this topology has its disadvantages. If the main cable encounters some problem, whole network breaks down. 3) Proper termination is required to dump signals. Use of terminators is must. 4) It is difficult to detect and troubleshoot fault at individual station. 5) Maintenance costs can go higher with time. 6) Efficiency of Bus network reduces as the number of devices connected to it increases. 7) It is not suitable for networks with heavy traffic. 8) Security is very low because all the computers receive the sent signal from the source.

Advantages of Ring Topology

Data is quickly transferred without a bottle neck. (very fast, all data traffic is in the same direction)

2. 3. 4.

The transmission of data is relatively simple as packets travel in one direction only. Adding additional nodes has very little impact on bandwidth It prevents network collisions because of the media access method or architecture required.

Disadvantages of Ring Topology

Data packets must pass through every computer between the sender and recipient therefore this makes it slower.

2. 3. 4.

If any of the nodes fail then the ring is broken and data cannot be transmitted successfully. It is difficult to troubleshoot the ring. Because all stations are wired together, to add a station you must shut down the network temporarily.

5. 6.

In order for all computers to communicate with each other, all computers must be turned on. Total dependence upon the one cable

Advantages of Mesh topology 1) Data can be transmitted from different devices simultaneously. This topology can withstand high traffic. 2) Even if one of the components fails there is always an alternative present. So data transfer doesnt get affected. 3) Expansion and modification in topology can be done without disrupting other nodes. Disadvantages of Mesh topology 1) There are high chances of redundancy in many of the network connections. 2) Overall cost of this network is way too high as compared to other network topologies. 3) Set-up and maintenance of this topology is very difficult. Even administration of the network is tough.

Advantages of Tree Topology 1. It is an extension of Star and bus Topologies, so in networks where these topologies can't be implemented individually for reasons related to scalability, tree topology is the best alternative. 2. Expansion of Network is possible and easy. 3. Here, we divide the whole network into segments (star networks), which can be easily managed and maintained. 4. Error detection and correction is easy. 5. Each segment is provided with dedicated point-to-point wiring to the central hub. 6. If one segment is damaged, other segments are not affected. Disadvantages of Tree Topology 1. Because of its basic structure, tree topology, relies heavily on the main bus cable, if it breaks whole network is crippled. 2. As more and more nodes and segments are added, the maintenance becomes difficult. 3. Scalability of the network depends on the type of cable used.

Advantages of Hybrid Network Topology 1) Reliable : Unlike other networks, fault detection and troubleshooting is easy in this type of topology. The part in which fault is detected can be isolated from the rest of network and required corrective measures can be taken, WITHOUT affecting the functioning of rest of the network. 2) Scalable: Its easy to increase the size of network by adding new components, without disturbing existing architecture. 3) Flexible: Hybrid Network can be designed according to the requirements of the organization and by optimizing the available resources. Special care can be given to nodes where traffic is high as well as where chances of fault are high. 4) Effective: Hybrid topology is the combination of two or more topologies, so we can design it in such a way that strengths of constituent topologies are maximized while there weaknesses are neutralized. For example we saw Ring Topology has good data reliability (achieved by use of tokens) and Star topology has high tolerance capability (as each node is not directly connected to other but through central device), so these two can be used effectively in hybrid star-ring topology.

Disadvantages of Hybrid Topology 1) Complexity of Design: One of the biggest drawback of hybrid topology is its design. Its not easy to design this type of architecture and its a tough job for designers. Configuration and installation process needs to be very efficient. 2) Costly Hub: The hubs used to connect two distinct networks, are very expensive. These hubs are different from usual hubs as they need to be intelligent enough to work with different architectures and should be function even if a part of network is down. 3) Costly Infrastructure: As hybrid architectures are usually larger in scale, they require a lot of cables, cooling systems, sophisticate network devices, etc.

Advantages of Star Topology 1) As compared to Bus topology it gives far much better performance, signals dont necessarily get transmitted to all the workstations. A sent signal reaches the intended destination after passing through no more than 3-4 devices and 2-3 links. Performance of the network is dependent on the capacity of central hub. 2) Easy to connect new nodes or devices. In star topology new nodes can be added easily without affecting rest of the network. Similarly components can also be removed easily. 3) Centralized management. It helps in monitoring the network. 4) Failure of one node or link doesnt affect the rest of network. At the same time its easy to detect the failure and troubleshoot it.

Disadvantages of Star Topology 1) Too much dependency on central device has its own drawbacks. If it fails whole network goes down. 2) The use of hub, a router or a switch as central device increases the overall cost of the network. 3) Performance and as well number of nodes which can be added in such topology is depended on capacity of central device.