Information Security – INSEM Detailed Answers
1. OSI Security Architecture
• OSI Security Architecture is a framework developed by ISO to define security attacks, services and
mechanisms.
• It helps to understand different types of threats in a network system.
• It identifies security services that can protect data and communication.
• It defines security mechanisms used to implement these services.
• The architecture mainly focuses on confidentiality, integrity and authentication.
• It is used in communication systems to design secure networks.
• It provides a structured approach to implement information security.
Security Attacks
|
v
Security Services
|
v
Security Mechanisms
2. Types of Security Attacks (Passive and Active)
• A security attack is an attempt to access, modify or destroy information without authorization.
• Passive attacks monitor communication but do not change the data.
• Examples of passive attacks include eavesdropping and traffic analysis.
• Active attacks modify data or disrupt system operations.
• Examples include masquerade attacks, replay attacks and message modification.
• Denial of Service (DoS) is a common active attack that makes services unavailable.
• Active attacks are more dangerous because they alter the data.
3. Security Services in Information Security
• Security services are techniques used to protect information and communication.
• Confidentiality ensures that data is accessible only to authorized users.
• Integrity ensures that data is not modified during transmission.
• Authentication verifies the identity of users or systems.
• Non-repudiation prevents the sender from denying sending the message.
• Access control restricts unauthorized users from accessing resources.
1. OSI Security Architecture
• OSI Security Architecture is a framework developed by ISO to define security attacks, services and
mechanisms.
• It helps to understand different types of threats in a network system.
• It identifies security services that can protect data and communication.
• It defines security mechanisms used to implement these services.
• The architecture mainly focuses on confidentiality, integrity and authentication.
• It is used in communication systems to design secure networks.
• It provides a structured approach to implement information security.
Security Attacks
|
v
Security Services
|
v
Security Mechanisms
2. Types of Security Attacks (Passive and Active)
• A security attack is an attempt to access, modify or destroy information without authorization.
• Passive attacks monitor communication but do not change the data.
• Examples of passive attacks include eavesdropping and traffic analysis.
• Active attacks modify data or disrupt system operations.
• Examples include masquerade attacks, replay attacks and message modification.
• Denial of Service (DoS) is a common active attack that makes services unavailable.
• Active attacks are more dangerous because they alter the data.
3. Security Services in Information Security
• Security services are techniques used to protect information and communication.
• Confidentiality ensures that data is accessible only to authorized users.
• Integrity ensures that data is not modified during transmission.
• Authentication verifies the identity of users or systems.
• Non-repudiation prevents the sender from denying sending the message.
• Access control restricts unauthorized users from accessing resources.
