Information Security and Wireless Network Overview

dr liang zhao n.w
1 / 18
Embed
Share

Explore the foundations of information security and wireless network concepts, including the pillars of information security, AAA principles, and key cryptographic methods. Learn about threats to wireless networks and regulatory compliance in this comprehensive guide.

  • Information Security
  • Wireless Network
  • Cybersecurity
  • Network Threats
  • Data Protection
rayaanacharya
anes444 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Dr. Liang Zhao

  2. Road Map Mobile Security Security Auditing & Risk Analysis WLAN Security Introduction Mobile Network Overview (optional) Evolution of Wireless Network WLAN Overview Evolution of Cloud Cellular Network Security (optional) Infor. Security Essentials WLAN Threats & Vulnerabilities Confidentiality and Inte grity of Cloud Mobile Security Threats WLAN Security Cloud Threats & Vulner abilities WLAN Security Tools Mobile Devices Security (optional) Cloud Security 2 2

  3. Learning Outcomes After this module, a student will be able to: Define Information Security and Wireless Security Describe the five pillars of information security. Discuss defense in depth in information security Define the AAA of information security Describe the five principles Information security: CIA triad, Non- repudiation and Accountability. Explain the difference between symmetric key cryptography (SKC) and public key cryptography (PKC). Describe how integrity is achieved through hash function. Describe how digital signature works Discuss the threats category to wireless network/device Discuss inf0rmation security standards and regulatory compliances 3

  4. Information Security Preservation of confidentiality, integrity and availability of information. Note: In addition, other properties, such as authenticity, accountability, non- repudiation and reliability can also be involved." (ISO/IEC 27000:2009) Wireless Security Specific to wireless networks and mobile devices Balanced approach among security, implementation efficiency, & employee productivity. 4

  5. 5 Security Principles Confidentiality Integrity Availability Non-repudiation Authentication 5

  6. 5 Pillars of Information Security 1. Confidentiality is the assurance that information is not disclosed to unauthorized individuals, groups, processes, or devices. Highly confidential data must be encrypted so third parties cannot easily decrypt it. Only those who are authorized to view the information are allowed access. 2. Integrity The accuracy and completeness of vital information must be safeguarded. Data should not be altered or destroyed during transmission and storage. This involves making sure that an information system is not tampered by any unauthorized entities. Policies should be in place so that users know how to properly utilize their system. 3. Availability means authorized users have timely and easy access to information services. IT resources and infrastructure should remain robust and fully-functional at all times even during adverse conditions, such as database conundrum or fall-overs. It involves protecting against malicious codes, hackers, and other threats that could block access to the information system. 6

  7. 5 Pillars of Information Security 4. Authenticity This security measure is designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific information. Authentication prevents impersonation and requires users to confirm their identities before being allowed access to systems and resources. This includes user names, passwords, emails, biometrics, and others. 5. Non-Repudiation This attribute assures the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither party can deny sending, receiving, or accessing the data. Security principles should be used to prove identities and to validate the communication process. 7

  8. Cryptography For confidentiality Symmetric-key cryptography Same key for encryption and decryption Simple and fast Two parties must exchange the key in a secure way beforehand 8

  9. Public Key Cryptography A pair of keys Public key available for public and other user may use it for encryption Private key only known to owner. Used to decrypt the message encrypted by using the public key Solved the key exchange problem of SKC Strong security More computationally intensive 9

  10. Hybrid Cryptosystem Combine the benefit of SKC and PKC Use PKC for the key exchange Use SKC for the communication afterward 10

  11. Integrity Threats to integrity Ex. intercept and modify the data (data tamping attack) Hash function Mathematical function that converts a numerical input value into another compressed numerical value Minor changes in hash input will cause significant change in hash value 11

  12. Digital Signature Using PKC Private key for signing Public key for verification Applications Authentication Integrity Non-repudiation 12

  13. Access Control - AAA AAA is a framework for intelligently controlling access to computer resources by enforcing strict access and auditing policies. Authentication Authorization Accounting 13

  14. Defense in Depth approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information. Physical controls Technical controls Administrative controls 14

  15. Threats to Wireless Network System access Device control Data theft 15

  16. Information Security Standards frameworks for companies to manage their data security. It establishes guidelines and best practices to manage cybersecurity risk. ISO 27001, 27002 NIST ETSI CISQ 16

  17. Regulatory Compliance involves meeting various controls (usually enacted by a regulatory authority, law, or industry group) to protect the confidentiality, integrity, and availability of data. Sarbanes-Oxley Act GLBA HIPPA PCI-DSS GDPR 17

  18. Reference Praphul Chandra, Bulletproof Wireless Security: GSM, UMTS, 802.11, and Ad Hoc Security, ELSEVIER, 2005. Jim Doherty, Wireless and Mobile Device Security, Jones & Bartlett Learning, 2016. https://en.wikipedia.org/wiki/Information_security https://en.wikipedia.org/wiki/Wireless_security https://www.thefreelibrary.com/The+five+pillars+of+information+security.-a0119615278 https://en.wikipedia.org/wiki/Defense_in_depth_(computing) http://searchsecurity.techtarget.com/definition/authentication-authorization-and- accounting https://www.usna.edu/CyberDept/sy110/lec/pillarsCybSec/lec.html SKC:http://www.webopedia.com/TERM/S/symmetric_key_cryptography.html AKC: https://en.wikipedia.org/wiki/Public-key_cryptography Hybrid cryptograph: https://en.wikipedia.org/wiki/Hybrid_cryptosystem https://www.tutorialspoint.com/cryptography/data_integrity_in_cryptography.htm https://en.wikipedia.org/wiki/Digital_signature https://en.wikipedia.org/wiki/Cyber_security_standards https://www.tcdi.com/information-security-compliance-which-regulations/ 18

Related


No related presentations.

More Related Content