Security attacks on information systems occur all the time and pertain to every aspect of the attacked system. In other words the attacks are directed against all components of a system. The attackers look for the weakest links in each component and using various tools exploit the potential vulnerabilities. The first step in establishing a secure information system is to consider the potential threats and the corresponding attacks. Next, the risk or the probability of a threat to cause damage to an asset should be evaluated. Once the threat definition and risk analysis are performed, the appropriate solution of defense can be devised.
The purpose of this conference topic is to understand the prerequisite steps that should be taken for a successful implementation of security solutions. Read through Session 4 Lecture Notes, and become familiar with the issues of vulnerabilities. attacks and countermeasures at different layers. We will focus on typical attacks in the Internet affecting confidentiality, integrity and availability mainly on the lower four layers: Layer 1, Physical; Layer 2, Data Link; Layer 3, Network; and Layer 4, Transport.