a brief intro to security
play

A Brief Intro to Security December 5th, 2013 What is Computer - PowerPoint PPT Presentation

Sep 03, 2022 •155 likes •296 views

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and

  1. A Brief Intro to Security December 5th, 2013

  2. What is “Computer Security”? “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information systems resources” - William Stallings, Network Security Essentials The “CIA Triad” - Confidentiality : A loss of confidentiality is unauthorized disclosure of data. - Integrity : A loss of integrity is unauthorized modification of information. - Availability : A loss of availability is the disruption of access to a system.

  3. The Problem of Security ● “He who defends everything defends nothing.” “90% of life is solving the right problem.” - Mary Ann Davidson, Oracle CSO ● “Effective security is about failure.” - Andy Johnson, UMBC OIT ● Security is jokingly referred to as insecurity, due to the impossibility of completely protecting a system.

  4. Defense in Depth This is a model of Harlech Castle. Note the different colors of defense. Defense in Depth expects some layers to fail, and adds enough layers to protect the keep.

  5. Network Defense in Depth For a network, replace the castle layers and colors with: - firewalls - Internet Protocol Security (IPS) - Secure Socket Layer (SSL) - Verisign certificates - various types of encryption

  6. Continuous Monitoring Assumes all security measures will eventually fail and constant watch to: - ensure the most updated system - shut down areas where attacks are getting through - find out how they got in once areas are shut down

  7. “Defense” Security Jobs - Network Analyst In this job, the analyst is responsible for ensuring the network maintains its accessibility and integrity. This kind of analyst installs firewalls, etc. - Security Analyst This job is a specific kind of systems analyst who finds and closes the security holes. Security analysts help build layers of defense by sanitizing inputs.

  8. Dilbert’s Defense

  9. “Monitoring” Security Jobs - Vulnerability Researcher/Penetration Tester Penetration Testers are given a complete system and act as attackers. They have no malicious goals other than to gain access. - Malware Reverse Engineer When an attack from the “bad guys” has been detected, it needs to be prevented from spreading. These jobs usually involve deciphering attacks and creating “signatures” that can be used to identify them in the future.

  10. CyberSecurity is a Buzzword

  11. Hacking Matt Honan http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ ● Hacker decides he wants Honan’s Twitter Handle. ● He finds Honan’s Gmail address by following link from Twitter page. ● He goes to Gmail account recovery page, pretends he has forgotten password. Gmail says “OK, we have sent a recovery password to M****n@me.com” (an AppleID). ● Hacker executes a “Who Is” search to find Honan’s mailing address. ● He calls Amazon as Honan to add a credit card (verified by address and email). ● Hacker calls Amazon again, saying he has lost access. They reset account (after you verified with credit card). Now you can see last 4 digits of all account credit cards. ● Hacker now has Honan’s name, address, and credit card number. He can reset the password on the M****n@me.com address, and use that to reset Twitter password. He wipes Honan’s Apple account so Honan cannot trace the attack. ● Honan’s reputation was severely damaged and he lost all photos from his daughter’s first year of life when his Apple account was wiped.

  12. Class Attack Activity SQL Injection Explained: http://www.youtube.com/watch?v=_jKylhJtPmI 1. Start your “login” by closing the username string input request. In Processing, what are strings always surrounded by? 2. The statement now has something like username = ‘’ . This will not log you in because it will evaluate to false. How can you make it evaluate to true? 3. You don’t want to check the password - in Processing, how do you ignore the rest of a statement? Solution: enter ‘ OR 1=1 -- into the login screen

  13. How to Prevent SQL Injection For those of you who are really interested (because this is a bit technical): Use a prepared statement. This creates an escape, because it looks for the strings to be sent separately from the instruction. java.sql.PreparedStatement stmt = connection.prepareStatement( "SELECT * FROM users WHERE USERNAME = ? AND ROOM = ?"); stmt.setString(1, username); stmt.setInt(2, roomNumber); stmt.executeQuery(); For other languages: http://en.wikipedia.org/wiki/Prepared_statement

  14. UMBC Security Courses CMSC 487 - Introduction to Network Security CMSC 491 - Malware Analysis CMSC 433 - Introduction to Web Security CMSC 443 - Cryptology IS 430 - Information Systems and Security IS 432 - Computer Viruses IS 451 - Network Design and Management Cybersecurity graduate degree program

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer

Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer

Notes Security Metrics, Security Investment Models and Intro to R Tyler Moore CSE 7338 Computer Science & Engineering Department, SMU, Dallas, TX Lecture 2 Notes Outline Managing security investment 1 Security metrics 2 R 3

605 views • 16 slides
Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at

Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at

Intro Hardware Security Platform Security Hacking Q&A Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at Hamburg & Dublin City University 2010-12-16 1 / 54 Intro Hardware Security

974 views • 79 slides
Cryptography Well, a gentle intro to cryptography. Actually, a fairly hand-wavy intro to

Cryptography Well, a gentle intro to cryptography. Actually, a fairly hand-wavy intro to

Cryptography Well, a gentle intro to cryptography. Actually, a fairly hand-wavy intro to crypto (well discuss why) Fall 2018 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for

1.2k views • 51 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
CS333 Intro to Operating Systems Jonathan Walpole Security Overview Different aspects of

CS333 Intro to Operating Systems Jonathan Walpole Security Overview Different aspects of

CS333 Intro to Operating Systems Jonathan Walpole Security Overview Different aspects of security User authentication Protection mechanisms Attacks: - trojan horses, spoofing, logic bombs, trap doors, buffer overflow attacks, viruses,

1.2k views • 59 slides
Software$Security$ (finish) $ & $ Cryptography $(brief$intro) $ Spring'2016' '

Software$Security$ (finish) $ & $ Cryptography $(brief$intro) $ Spring'2016' '

CSE$484$/$CSE$M$584:$$Computer$Security$and$Privacy$ $ Software$Security$ (finish) $ & $ Cryptography $(brief$intro) $ Spring'2016' ' Franziska'(Franzi)'Roesner'' franzi@cs.washington.edu'

419 views • 29 slides
Computer Security: Intro B. Jacobs Institute for Computing and Information Sciences Digital

Computer Security: Intro B. Jacobs Institute for Computing and Information Sciences Digital

Organisation Introduction Radboud University Nijmegen A security protocol example Computer Security: Intro B. Jacobs Institute for Computing and Information Sciences Digital Security Radboud University Nijmegen Version: fall 2015 B.

633 views • 50 slides
Psychology of Security Security as human behaviour and experience Stefan Schumacher

Psychology of Security Security as human behaviour and experience Stefan Schumacher

Intro Fundamental Research Organizational Development and Security Cultural Differences Didactics of Security Knowledge Base Psychology of Security Security as human behaviour and experience Stefan Schumacher

721 views • 43 slides
Psychology of Security Security as human behaviour and experience Stefan Schumacher

Psychology of Security Security as human behaviour and experience Stefan Schumacher

Intro Fundamental Research Organizational Development and Security Cultural Differences Didactics of Security Knowledge Base Psychology of Security Security as human behaviour and experience Stefan Schumacher

495 views • 34 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example

269 views • 7 slides
Software Security Continued + Cryptography Intro Autumn 2018 Tadayoshi (Yoshi) Kohno

Software Security Continued + Cryptography Intro Autumn 2018 Tadayoshi (Yoshi) Kohno

CSE 484 / CSE M 584: Computer Security and Privacy Software Security Continued + Cryptography Intro Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,

445 views • 22 slides
From the Ground Up Security DNS-based Security of the

From the Ground Up Security DNS-based Security of the

From the Ground Up Security DNS-based Security of the Internet Infrastructure Benno Overeinder NLnet Labs http://www.nlnetlabs.nl/ INTRO NLnet

795 views • 28 slides
Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2014 CS 334: Computer Security 2

730 views • 47 slides
Web Architecture 253 Privacy & Security who's this guy? columbia university school of

Web Architecture 253 Privacy & Security who's this guy? columbia university school of

Web Architecture 253 Web Architecture 253 Web Architecture 253 Privacy & Security who's this guy? columbia university school of engineering and applied science bs in computer science 1999 who's this guy? 13+ years writing software and

878 views • 63 slides
Resilience in Information Stewardship Christos Ioannidis, David Pym, Julian Williams, and Iat

Resilience in Information Stewardship Christos Ioannidis, David Pym, Julian Williams, and Iat

Resilience in Information Stewardship Christos Ioannidis, David Pym, Julian Williams, and Iat Gheyas -WEIS 2014 - PENNSYLVANIA STATE UNIVERSITY 23 June 2014 (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 1 / 33 Resilience in

446 views • 32 slides
UCI International, Inc. Q1 2015 Results | May 13, 2015 Confidential Disclaimer This

UCI International, Inc. Q1 2015 Results | May 13, 2015 Confidential Disclaimer This

UCI International, Inc. Q1 2015 Results | May 13, 2015 Confidential Disclaimer This presentation may contain forward-looking statements as that term is defined in the Private Securities Litigation Reform Act of 1995. The words

176 views • 15 slides
emagnification: 2019 Nordic and Baltic Stata Users a tool f for e esti timati ting e effect

emagnification: 2019 Nordic and Baltic Stata Users a tool f for e esti timati ting e effect

emagnification: 2019 Nordic and Baltic Stata Users a tool f for e esti timati ting e effect t size m magnificati tion Group Meeting and performing design c calcu culations i in epidemiological s studies Karolinska Institute

700 views • 51 slides
CSE 127: Introduction to Security Deian Stefan UCSD Winter 2020 Lecture 1 Course staff

CSE 127: Introduction to Security Deian Stefan UCSD Winter 2020 Lecture 1 Course staff

CSE 127: Introduction to Security Deian Stefan UCSD Winter 2020 Lecture 1 Course staff Instructor: Deian Stefan deian@cs.ucsd.edu Lecture: Mon & Wed 5-6:20pm Center 109 Discussion: Fri 2-2:50pm Center 216 Office Hours: Wed

628 views • 49 slides
Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop

Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop

Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop September 14, 2017 Why Prove Things? Attackers often have more motivation/resources than defenders Heuristic defenses: arms race between attack and

738 views • 52 slides
CS615 - Aspects of System Administration System Security Department of Computer Science Stevens

CS615 - Aspects of System Administration System Security Department of Computer Science Stevens

CS765 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration System Security Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu

921 views • 76 slides
Cybersecurity Research Needs Vendor Perspective Bryan Owen PE, OSIsoft LLC cred-c.org | 1

Cybersecurity Research Needs Vendor Perspective Bryan Owen PE, OSIsoft LLC cred-c.org | 1

Cybersecurity Research Needs Vendor Perspective Bryan Owen PE, OSIsoft LLC cred-c.org | 1 Beliefs Awareness and training are fundamental We need to advance defensive skills Cyber defense is a team sport We need collaborative approaches

650 views • 9 slides

More recommend