INLS 566 December 5, 2006 Objectives Review & Wrapup
Housekeeping <ul><li>Let me know of any grading issues </li></ul><ul><li>Any questions about material so far? </li></ul><u...
Class Objectives <ul><li>Understand information security issues  </li></ul><ul><li>Evaluate and formulate security policie...
Alexandria <ul><li>An early failure of information security  </li></ul><ul><li>Burned  (stories vary) </li></ul><ul><li>No...
New Threats Photo via Rob Wilcox, AT&T
Schneier’s Five Steps <ul><li>What assets are you trying to protect? </li></ul><ul><li>What are the  risks  to these asset...
A Few Basics <ul><li>Identification / Authentication </li></ul><ul><li>Access control </li></ul><ul><ul><li>Discretionary ...
Common Criteria <ul><li>International standard (ISO 15408) </li></ul><ul><li>Replaces varying national standards </li></ul...
Security Policy <ul><li>Security policy is a people effort </li></ul><ul><ul><li>Need agreement and support from all level...
Network Basics <ul><li>(7-layer) OSI Reference Model </li></ul>wires, radio (later) packet, mac address IP, ICMP TCP, UDP ...
Firewalls    <ul><li>Have software firewall on your laptop </li></ul><ul><ul><li>Especially if you connect to different n...
Cryptology <ul><li>Know a little history and context </li></ul><ul><li>Know important ideas & uses </li></ul><ul><ul><li>A...
Wireless <ul><li>W ired  E quivalent  P rivacy  ( WEP ) </li></ul><ul><ul><li>RC4 , several issues (per previous slides) <...
Browser Security <ul><li>IE security zones </li></ul><ul><li>Antivirus (various) </li></ul><ul><li>Virtual machine  (vario...
Application Security <ul><li>Know your system </li></ul><ul><li>Configure carefully </li></ul><ul><li>Validate (sanitize) ...
Trusted Computing <ul><li>TCG ,  Safford : “this is good” </li></ul><ul><ul><li>Makes PC’s more secure </li></ul></ul><ul>...
End of Course <ul><li>Grades in SILS office by Tuesday Dec 12 th </li></ul><ul><li>Any ideas for improving this course? </...
Upcoming SlideShare
Loading in...5
×

061205_Review_and_Wrapup.ppt

174

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
174
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

061205_Review_and_Wrapup.ppt

  1. 1. INLS 566 December 5, 2006 Objectives Review & Wrapup
  2. 2. Housekeeping <ul><li>Let me know of any grading issues </li></ul><ul><li>Any questions about material so far? </li></ul><ul><li>Any interesting security news? ( 5 min ) </li></ul>
  3. 3. Class Objectives <ul><li>Understand information security issues </li></ul><ul><li>Evaluate and formulate security policies </li></ul><ul><li>Skill assessing information security risks </li></ul><ul><li>Understand unique electronic threats </li></ul>
  4. 4. Alexandria <ul><li>An early failure of information security </li></ul><ul><li>Burned (stories vary) </li></ul><ul><li>No backups </li></ul>Fire photo thanks to Ernest von Rosen, www.amgmedia.com
  5. 5. New Threats Photo via Rob Wilcox, AT&T
  6. 6. Schneier’s Five Steps <ul><li>What assets are you trying to protect? </li></ul><ul><li>What are the risks to these assets? </li></ul><ul><li>How well does the security solution mitigate those risks? </li></ul><ul><li>What other risks does the security solution cause? </li></ul><ul><li>What costs and trade-offs does the security solution impose? </li></ul>
  7. 7. A Few Basics <ul><li>Identification / Authentication </li></ul><ul><li>Access control </li></ul><ul><ul><li>Discretionary access control </li></ul></ul><ul><ul><li>Mandatory access control </li></ul></ul><ul><li>Authority / privilege </li></ul><ul><ul><li>Least privilege </li></ul></ul>
  8. 8. Common Criteria <ul><li>International standard (ISO 15408) </li></ul><ul><li>Replaces varying national standards </li></ul><ul><li>Wide range of security behaviors </li></ul><ul><li>Better organized (separates function and assurance), but large and complex </li></ul>
  9. 9. Security Policy <ul><li>Security policy is a people effort </li></ul><ul><ul><li>Need agreement and support from all levels of Management, IT, HR, Legal, etc. </li></ul></ul><ul><ul><li>Ditto from individuals doing the detail work </li></ul></ul><ul><li>These people are the stakeholders </li></ul><ul><li>Every element of a security policy is somebody’s responsibility (say who) </li></ul>
  10. 10. Network Basics <ul><li>(7-layer) OSI Reference Model </li></ul>wires, radio (later) packet, mac address IP, ICMP TCP, UDP Physical Data Link Network Transport Session Presentation Application
  11. 11. Firewalls  <ul><li>Have software firewall on your laptop </li></ul><ul><ul><li>Especially if you connect to different networks </li></ul></ul><ul><li>Have software firewall on your PC </li></ul><ul><ul><li>Unexpected traffic out – surprise, you’re infected </li></ul></ul><ul><li>Have hardware firewall at home </li></ul><ul><ul><li>Another layer, harder for malware to turn off </li></ul></ul><ul><li>(But find out details of what they do) </li></ul>
  12. 12. Cryptology <ul><li>Know a little history and context </li></ul><ul><li>Know important ideas & uses </li></ul><ul><ul><li>Algorithms (weak/strong), key length </li></ul></ul><ul><ul><li>Secret key algorithms </li></ul></ul><ul><ul><ul><li>key distribution </li></ul></ul></ul><ul><ul><li>Public/private key algorithms </li></ul></ul><ul><ul><ul><li>Puiblic Key Infrastructure (PKI) </li></ul></ul></ul><ul><ul><li>Hash functions </li></ul></ul>
  13. 13. Wireless <ul><li>W ired E quivalent P rivacy ( WEP ) </li></ul><ul><ul><li>RC4 , several issues (per previous slides) </li></ul></ul><ul><li>IEEE 802.11i (security architecture) </li></ul><ul><li>W i-Fi P rotected A ccess ( WPA ) </li></ul><ul><ul><li>Temporary, RC4 (old hardware), adds TKIP </li></ul></ul><ul><li>WPA2 ( AES ) </li></ul><ul><ul><li>AES (new hardware), still need good passwords </li></ul></ul>
  14. 14. Browser Security <ul><li>IE security zones </li></ul><ul><li>Antivirus (various) </li></ul><ul><li>Virtual machine (various) </li></ul><ul><li>Knoppix </li></ul><ul><li>MS Software Restriction Policy </li></ul><ul><li>IE browsershield (some day) </li></ul>
  15. 15. Application Security <ul><li>Know your system </li></ul><ul><li>Configure carefully </li></ul><ul><li>Validate (sanitize) input </li></ul><ul><li>Maybe filter (sanitize) output </li></ul><ul><li>OWASP guide [PDF, 300 pp] </li></ul>
  16. 16. Trusted Computing <ul><li>TCG , Safford : “this is good” </li></ul><ul><ul><li>Makes PC’s more secure </li></ul></ul><ul><ul><li>Improves usability </li></ul></ul><ul><li>Stallman , Anderson : “this is bad” </li></ul><ul><ul><li>Takes control away from user </li></ul></ul><ul><ul><li>Enables Big Brother scenarios </li></ul></ul>
  17. 17. End of Course <ul><li>Grades in SILS office by Tuesday Dec 12 th </li></ul><ul><li>Any ideas for improving this course? </li></ul><ul><ul><li>Please let us know </li></ul></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×