CNT5410 - Computer and Network Security Review/Wrapup Professor - - PowerPoint PPT Presentation

cnt5410 computer and network security review wrapup
SMART_READER_LITE
LIVE PREVIEW

CNT5410 - Computer and Network Security Review/Wrapup Professor - - PowerPoint PPT Presentation

Mar 10, 2023 627 likes •832 views

CNT5410 - Computer and Network Security Review/Wrapup Professor Kevin Butler Fall 2015 Florida Institute for Cyber Security (FICS) Review What did we talk about this semester? Cryptography secret vs public-key key exchange

slide-1
SLIDE 1

Florida Institute for Cyber Security (FICS)

CNT5410 - Computer and Network Security Review/Wrapup

Professor Kevin Butler Fall 2015

slide-2
SLIDE 2

Florida Institute for Cyber Security (FICS)

Review

  • What did we talk about this semester?
  • Cryptography
  • secret vs public-key
  • key exchange (Diffie-Hellman)
  • symmetric ciphers and modes of operation
  • hashing, MAC, HMAC
  • encryption and digital signatures
  • constructions based on crypto primitives (e.g., hash

chains)

2

slide-3
SLIDE 3

Florida Institute for Cyber Security (FICS)

Review

  • Authentication
  • credentials and types thereof (passwords, biometrics, tokens)
  • Kerberos
  • PKI
  • Network security
  • TCP sequence number attacks
  • ARP spoofing
  • DNS security
  • Securing legacy protocols
  • IPsec

3

slide-4
SLIDE 4

Florida Institute for Cyber Security (FICS)

Review

  • Intrusion detection
  • Insider threat
  • rootkit
  • network and host intrustion detection system
  • behavior and signature based IDS
  • anomaly detection
  • Bayesian rate fallacy
  • Firewalls
  • blacklisting vs whitelisting
  • firewall policy

4

slide-5
SLIDE 5

Florida Institute for Cyber Security (FICS)

Review

  • Malware and bonnets
  • Ransomware
  • C&C architectures
  • Fraud
  • Bot cycles (scan-infect-download-communicate)
  • Prevention mechanisms
  • Bayesian fallacy
  • ROC curves

5

slide-6
SLIDE 6

Florida Institute for Cyber Security (FICS)

Review

  • Web security
  • legacy and new web models
  • cookie design
  • content injection
  • IFRAME compromise
  • cross-site scripting
  • browser security architectures
  • SSL

6

slide-7
SLIDE 7

Florida Institute for Cyber Security (FICS)

Review

  • Cloud computing
  • Types of cloud service architectures
  • Threat and trust models
  • Multi-Tenancy
  • Cloud side channels

7

slide-8
SLIDE 8

Florida Institute for Cyber Security (FICS)

Review

  • Anonymous networks and censorship resistance
  • TOR
  • Hidden services
  • Mix vs DC-nets
  • Limitations
  • Anonymous publishing
  • Private browsing

8

slide-9
SLIDE 9

Florida Institute for Cyber Security (FICS)

  • Mobile Networks and Devices
  • Rigidity in cellular networks
  • SMS attacks
  • Android communication mechanisms
  • Secure application design and deployment
  • End-to-end principle

9

slide-10
SLIDE 10

Florida Institute for Cyber Security (FICS)

Wrapup

  • So, what does it all mean?

10

slide-11
SLIDE 11

Florida Institute for Cyber Security (FICS)

The state of security

  • … issues are in public 


consciousness

  • Press coverage is increasing …
  • Losses mounting … (billions 


and billions)

  • Affect increasing …… (ATMs, 


commerce, infrastructure)

  • Public is at risk ....
  • What are we doing?

“… sound and fury signifying nothing …”

(well, it’s not quite that bad)

11

slide-12
SLIDE 12

Florida Institute for Cyber Security (FICS)

The problems …

  • What is the root cause?
  • Security is not a key goal ...

... and it never has been... ... so, we need to figure out how to change the way we do engineering (and science) ... ... to make computers secure.

  • Far too much misunderstanding about basic security and the

use of technology (security theatre)

12

slide-13
SLIDE 13

Florida Institute for Cyber Security (FICS)

The current solutions …

  • Make better software
  • “we mean it” - B. Gates (2002)
  • “no really …” - B. Gates (2003)
  • “Linux/OS X/Sun OS etc. is bad too …” - B. Gates (2005)
  • “Vista will fix everything” - B. Gates (2006)
  • “Vista fixes everything” - B. Gates (2007)
  • “Sorry about Vista ....” - B. Gates (2007.5)
  • “Windows 7.0 will fix everything” - B. Gates (2008)
  • CERT/SANS-based problem/event tracking
  • Experts tracking vulnerabilities
  • Patch system completely broken
  • Destructive research
  • Back-pressure on product developers
  • Arms-race with bad guys
  • Problem: reactive, rather than proactive

13

slide-14
SLIDE 14

Florida Institute for Cyber Security (FICS)

The real solutions …

  • Fix the economic incentive equation …
  • Eventually, MS/Sun/Apple/*** will be in enough pain that they

change the way they make software

  • Education
  • Things will get better when people understand when how to use

technology

  • Fix engineering practices
  • Design for security
  • Apply technology
  • What we have been talking about
  • Policy: how do we as technologists balance security and privacy?

14

slide-15
SLIDE 15

Florida Institute for Cyber Security (FICS)

Your new skills arsenal

  • “A little knowledge is a dangerous thing”
  • More and more, real lives at stake through

subverting computers

  • “With great power comes great


responsibility”

15

slide-16
SLIDE 16

Florida Institute for Cyber Security (FICS)

The bottom line

  • The Web/Internet and new technologies have limited

ability to address security and privacy concerns …

  • … computer science is making the world less safe!!
  • … it is incumbent on us as scientists to meet these

challenges.

  • Evangelize importance of security …
  • Provide sound technologies …
  • Define better practices …
  • Choose your questions wisely…

16

slide-17
SLIDE 17

Florida Institute for Cyber Security (FICS)

Additional Courses

  • Systems Security (grad. certificate)
  • Cryptography
  • Hardware security
  • Embedded systems security
  • Mobile computing security
  • Research opportunities

17

slide-18
SLIDE 18

Florida Institute for Cyber Security (FICS)

Thank You

butler@ufl.edu

18