The quality of security services

Rate this post

1.Definition:

The quality of service refers to the set of parameters exchanged during a connection-based communication for the information to pass correctly.

Applied to packet switched networks “network based on the use of routers”, the quality of service “QOS” refers to the ability to guarantee an acceptable level of packet loss, contractually defined, for a given use.

Security services can have very different levels of performance depending on the mechanisms used. These levels cover:

  • The effectiveness of security services:

Just as some locks (closures) are easier to violate than others, security services are designed to withstand varying levels of attack, depending on the mechanisms used, making them effective.

  • Their robustness:

Just as some active protections become faulty without provoking a reaction, the security services can be studied to detect any anomaly by complementary mechanisms, which makes them robust.

  • Putting them under control

Just as an official will be truly concerned about the protection provided by the security lock only if he ensures that the occupants lock the outlet concerned, the security services may be accompanied by a control measure to ensure the sustainability of practical measures put in place, which makes them under control.

2.Computer security risks:

  • Types of risks:
    For risk analysis, 12 types of threats were defined.

    • Physical accidents.
    • Physical malpractice
    • SI failure
    • Deficiency of personnel
    • Interruption of network operation.
    • Input error.
    • Transmission error.
    • Operating error.
    • Design / development error.
    • Illegal copy of software.
    • Indiscretion / misappropriation of information
    • Logical network attack.
  • Risk classification:
    • Human Hazards:
      Human risks are the most important, they concern the users but also the computer scientists.

      • Malicious behavior: Some users may voluntarily endanger the information system by knowingly introducing viruses or by intentionally introducing bad information into a database.7
      • Inconsistency: As in all activities, humans commit errors, so they happen more or less frequently to perform unwanted treatment, to erase data or programs unintentionally.
      • Unconsciousness: Many users of computer tools are still unaware or unaware of the risks they face to the systems they use, and often introduce malicious programs if known.
    • Technical risks:
      • Malicious programs: It is software developed in order to harm a computer system. Here are the main types of malware:
        • The virus: Program duplicating on other computers.
        • The worm: Exploits the resources of a computer to ensure its reproduction.
        • Trojan: A legitimate appearance program that performs harmful routines without the user’s permission.
      • Accidents: this is an event that disrupts the flow of data in the absence of damage to the equipment (breakdown, fire, water damage of a server or data center, ..).
      • Errors: Error: design error, parameterization programming or manipulation of data or their supports, the error indicates the prejudice caused by human intervention in the automated data processing process.
      • Mail Attack Technique: Apart from many malicious programs that spread through e-mail, there are specific attacks such as:
        • Spam: An unsolicited email, most of the time of advertising. They clutter the network.
        • Phishing: an e-mail that is usually sent to a financial institution and asks the recipient to provide confidential information.
      • Attacks on the network: the main techniques of attacks on the network are:
        • Sniffing: a technique used to retrieve all information transiting the network. It is typically used to retrieve passwords from applications that do not encrypt their communications.
        • Spoofing: the technique of taking the identity of another person or machine. It is usually used to recover sensitive information.

Leave a Reply