introduction to security
play

Introduction to Security Course Introduction Ming Chow - PowerPoint PPT Presentation

Mar 27, 2023 •209 likes •382 views

Introduction to Security Course Introduction Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow What This Course Is NOT Hack all things Be an 31337 h4x0r ( leet speek for elite hacker) Introduction to Cryptography Save

  1. Introduction to Security Course Introduction Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow

  2. What This Course Is NOT • Hack all things • Be an 31337 h4x0r (“ leet speek ” for “elite hacker”) • Introduction to Cryptography • Save the world • The answer is “black or white”

  3. What This Course Will NOT Cover • Social engineering • x86, x64, ARM reverse engineering • Privacy • Cryptocurrency • Security management

  4. What This Course IS • Controversial • WARNING: A little about a lot • Why: Cyber Security is a very broad field as evident by list of topics that will not be covered in this course • Provides exposure to tools that the attackers and defenders are using • Understand tradeoffs • Make you think like an attacker • Be informed of the issues. Because most in Computer Science or in tech just do not know them. • Many developers don’t even consider security in software. • You can’t complete a Civil and Environmental Engineering degree without learning anything about health, safety, and security but you can complete a Computer Science degree without learning anything about critical infrastructure, health, safety, and security.

  5. Software and Hardware Requirements • Absolute Requirements • A modern web browser (e.g., Firefox, Google Chrome, Chromium, Safari, Microsoft Edge) • A command line interface to run Unix/Linux commands • Strongly Recommended Requirements • A computer with at least 40 GB of hard disk space free and 4 GB of RAM • Kali Linux and a Virtual Machine Hypervisor • Why is this strongly recommended and not mandatory? Telling students to have beefy computers especially to run virtual machines in order to take this course is sending the wrong message. Cyber Security must be accessible as possible.

  6. The Basic Skill Necessary: Exposure, Experience, and Comfort with Command Line Interface (CLI) / Terminal • Versatility, productivity, accessibility, scripting • Not everything can be accomplished by fancy graphics and GUIs (sometimes constrained to certain features too) • Many systems do not use a windows manager or have a graphical desktop interface (e.g., servers) • Graphical interface (especially on servers) => more software requirements, more overhead, more bloat, more vulnerabilities • Many security tools are command line based • Remote execution of commands – for good and bad. • This is the first lab

  7. Why is it Called Cyber Security? • Should it be called “Information Security”? No. Because there’s a lot more than information we are concerned with. Case-in-point: hardware and the “Internet of Things” • Should it be called “Computer Security”? No. Technology is not everything. Sometimes the best solution (or attack) is not technical. Examples: social engineering, lock picking, impersonation, phishing.

  8. Why is This Course Now Named “Introduction to Security” and not “Introduction to Cyber Security”? • Do we need to put “cyber” in front of every word now? • Cyber war • Cyber weapons • Cyber deterrence • Cyber espionage • Cyber __________

  9. Running List of Thoughts on What Cyber Security Is (from former students) • Make sure your data is protected • Want data to be private • Want to preserve the integrity of the data • Preservation of the status quo • Access control • Protection of hardware and networks => physical security • User security (protecting themselves) • Knowledge of what the attackers / adversaries are doing • Maintaining good governance • Punishment of the attackers, strike back? • Containment, stop the bleeding • Resilience, separation of concerns, redundancy • … and the list goes on …

  10. By Definition, What is Cyber Security? • The “CIA Triad” • Confidentiality • Integrity • Availability

  11. Convention Used in Notes • bold – keyword or definition • italic – to be discussed in more details later • code via Courier New font – code or command

  12. Basic Definitions • Why is vocabulary important? • There is a problem with vocabulary in this field. Many words have different context and meaning to different groups (e.g., the policy folks in the field). • Many words are also misused by media. • Event - Could be anything • Incident - A malicious event • Bug - An error that exists in the implementation-level (i.e. only exist in source code); very correctable • Flaw - An error at a much deeper level, particularly in the design, and likely in the code level; can be very difficult and costly to correct • Hacker - A creative programmer; a positive connotation • Cracker - The bad guy, the attacker, what media coins "hacker" (the negative connotation). We'll use attacker in this class.

  13. Basic Definitions (continued) • Black hat - An attacker with malicious intents • White hat - An attacker with good intents (i.e., the white knight) • Gray hat - An attacker with good and bad intents • Script kiddie or skiddie - Nuisance; not going away any time soon; 1337 (i.e., elite) wannabes; use scripts and exploits written by others and do not understand how they really work; always a lamer • Vulnerability - A security bug (thanks Giovanni Vigna); a weakness in a system that can potentially be exploited by an attacker • Exploiting or exploitation - The act of taking advantage of a vulnerability • Exploit - Software program that performs the exploiting • Risk - The likelihood that an attacker will take advantage of that vulnerability • Threat - The likelihood that an incident will happen • pwn3ed - Owned; successful exploitation; computer system completely compromised • Zero day - an undisclosed vulnerability that attackers can take advantage of. A zero-day attack happens once that flaw, or software/hardware vulnerability, is exploited and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability —hence “zero - day.” https://www.fireeye.com/current-threats/what-is-a-zero-day-exploit.html

  14. Violating the CIA Triad: If You Were An Attacker, What Are Your Goals? • Preventing enemies from communicating over network • Steal information for attacker's benefit and get away with it • Disruption of business, daily life, day-to-day operations • Inserting information that "shouldn't be there” • Destroy information, resources • Gain access to a system and maintain access to system for a long time • Monitoring people what they are doing (e.g., webcams) • Challenging adversaries, pinpointing weaknesses • For fun and profit (e.g., the black market) • Spread propaganda • Building a blueprint of weaknesses… • …and keep it for future reference

  15. Why the Rash of Incidents: Behind the Breaches and Attacks (thoughts from former students) • Trust relationships, lots of implicit trust • Data is very valuable • Convenient to put everything online; sharing • Lack of education; people are not being informed • No barriers to entry • Lack of deterrence • Software vulnerabilities • Misconfigurations • Human elements, social engineering • Scapegoating

  16. The Trinity of Trouble: Why the Problem is Growing (by Gary McGraw) • Connectivity • Extensibility • Complexity • Read: https://freedom-to-tinker.com/2006/02/15/software-security- trinity-trouble/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Practices and Charter Research Branch Security Council Affairs Division Department of Political Affairs United Nations August

490 views • 28 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Affairs Division Department of Political Affairs United Nations August 2013 Outline What is the Security Council?

189 views • 16 slides
Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Cryptography pragmatics 7.1. Introduction Why need security mechanisms in DS? Share of resources

364 views • 24 slides
Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to data security. - Security requirements. - Types of security threats. - Security risks. - Technologies and security solutions. Introduction

411 views • 37 slides
Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics WWW HTTP: Hyper Text Transfer Protocol HTTP Security HTML Protocol HTML Security

1.09k views • 74 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security Landscape Meraki Security Demo Security Landscape The Growing Importance of Security MALWARE HAS RISEN BY MORE THAN 10X IN THE LAST YEAR 70% M ALW AR E

604 views • 35 slides
Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction to access control Policy matrix Specification Design Implementation Operation and Maintenance Security in the Course Lectures

784 views • 40 slides
Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack surface Recent vulnerabilities Security response Defensive technologies Next steps Introduction Security nerd, recovering

790 views • 39 slides
Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

CSS441 Introduction Concepts Architecture Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

678 views • 23 slides
Neutrino physics D.Duchesneau Neutrino activities since 2013 Scientific program for

Neutrino physics D.Duchesneau Neutrino activities since 2013 Scientific program for

Neutrino physics D.Duchesneau Neutrino activities since 2013 Scientific program for 2018-2028 SuperNEMO ENIGMASS General meeting April 28 th 2017 1 Neutrinos: The neutrino properties are less well tested than for quarks and

686 views • 34 slides
KLCCP Stapled Group Financial Results 3 rd Quarter ended 30 Sep 2017 13 Nov 2017 Disclaimer

KLCCP Stapled Group Financial Results 3 rd Quarter ended 30 Sep 2017 13 Nov 2017 Disclaimer

KLCCP Stapled Group Financial Results 3 rd Quarter ended 30 Sep 2017 13 Nov 2017 Disclaimer These materials contain historical information of the Company which should not be regarded as an indication of future performance or results. These

707 views • 24 slides
What Physics and Astrophysics can we learn with Gravita9onal

What Physics and Astrophysics can we learn with Gravita9onal

What Physics and Astrophysics can we learn with Gravita9onal Waves? IUCAA It It must be e a a Black k Str Strin ing. g. Sh Shh Let s s hea hear r wha hat No! It s a

511 views • 22 slides
CRIMSON CIRCLE N E T W O R K ALLOW-HA ALOHA SHAUMBRA Meanwhile, back at the

CRIMSON CIRCLE N E T W O R K ALLOW-HA ALOHA SHAUMBRA Meanwhile, back at the

CRIMSON CIRCLE N E T W O R K ALLOW-HA ALOHA SHAUMBRA Meanwhile, back at the ranch Watch Party at the studio S H O U D 6 F E B R U A R Y 2 0 2 0 SHOUD RECAP Recent Events Winter 2020 Workshops Energy Works workshop

1.02k views • 72 slides
More advanced application techniques, using Swift about this talk Talk about project that I

More advanced application techniques, using Swift about this talk Talk about project that I

More advanced application techniques, using Swift about this talk Talk about project that I spend most of my time working on: Swift Use that to introduce some more general concepts in describing applications and in executing

1.61k views • 64 slides
Network Security Philosphy & Introduction Dr. Enis Karaarslan Mula University Computer

Network Security Philosphy & Introduction Dr. Enis Karaarslan Mula University Computer

Network Security Philosphy & Introduction Dr. Enis Karaarslan Mula University Computer Engineering Department 4/30/15 Dr. Enis Karaarslan 1 4/30/15 Ar. Gr. Enis Karaaslan 2 SECURITY PHILOSPHY 4/30/15 Ar. Gr. Enis Karaaslan

779 views • 43 slides
IP over LAN Service (IPLS) Himanshu Shah Tenor Networks K Arvind Eric Rosen

IP over LAN Service (IPLS) Himanshu Shah Tenor Networks K Arvind Eric Rosen

IP over LAN Service (IPLS) Himanshu Shah Tenor Networks K Arvind Eric Rosen Giles Heron Francois Le Faucheur Vasile Radoaca 1 IPLS Service IPLS Service: IP-Only LAN Service Ethernet

228 views • 8 slides
Hybrid Virtual Private LAN <draft-lee-ppvpn-hybrid-vpls-00.txt> Contributors:

Hybrid Virtual Private LAN <draft-lee-ppvpn-hybrid-vpls-00.txt> Contributors:

Hybrid Virtual Private LAN <draft-lee-ppvpn-hybrid-vpls-00.txt> Contributors: Cheng-Yin.Lee@alcatel.com, Sasha.Cirkovic@alcatel.com, Jeremy.deClercq@alcatel.be Muneyoshi Suzuki suzuki.muneyoshi@lab.ntt.co.jp Siamack Ayandeh

533 views • 14 slides

More recommend