INTRODUCTION OF INFORMATION SECURITY








  • Information security refers to protection of information from unauthorized access, use, modification, inspection, recording or destruction.

  • Information security primarily focus on the balanced protection of the confidentiality, integrity and availability of data.

Key Principles of information security:

1. Confidentiality

The principle of confidentiality specifies that only the sender and intended recipient are able to access the contents of message.Probably it is the most common aspect of information security.


2. Integrity

It is a security service that deals with identifying any alteration to the data.It confirms that data is not modified by unauthorized entity. Data integrity cannot prevent the alteration of data, but provides a means for detecting whether data has been manipulated in an unauthorized manner.


3. Availability

The principle of availability states that information must be available to authorized parties when it is needed. Information is useless if it is not available at right time.


4. Non-Repudiation

It ensures that an entity cannot refuse the ownership of a previous commitment or an action. For example-Once an order is placed electronically, a purchaser cannot deny the purchase order, if non-repudiation service was enabled in the transaction.


SECURITY ATTACK

Any action that compromise the security of information owned by any organization.
There are two types of security attack-

1. Passive Attack
2. Active Attack


1. Passive Attack

The main goal of passive attack is to obtain unauthorized access to the information, but it does not involve any modification to the contents of an original message.

Passive attacks are classified into two subcategories:

Release of message content

When we send a confidential email message to friend, we desire that only he/she be able to access it, otherwise the contents of the message are released against our wishes to someone else.

Traffic analysis

In traffic analysis ,attacker only observe the pattern of message.


2. Active Attack

The main goal active attack is modification of the original message in some manner, or in the creation of false message. These attacks cannot be prevented easily.
In active attacks, the contents of original message are modified in some ways-

Masquerade-When a user hides its original identity,it is called Masquerade

Reply-In a reply attack, a user captures a sequence of events, or some data, and resends them.

Masquerade-It involves some changes in the original message.