ITC 241
Introduction to Internet Security
Computer Security Defined by
NIST - National Institute of Standards and Technology
http://csrc.nist.gov/
“The protection a...
●Confidentiality –
information access and
disclosure
●Integrity – modification
or destruction of
information
●Availability...
Impact Considerations
● Performance
● Organizational assets
● Financial loss
● Harm to Individuals
http://www.youtube.com/watch?v=d-d5TDHa8jw
Confidentiality
● Personal privacy
● Proprietary information
● Secret Info should remain secret
The unauthorized disclosur...
Confidentiality
● Mechanisms of
Protection
● Cryptography
● Access Controls
● Examples of Threats
● Malware
● Intruders
● ...
How does Anonymous do this?
What's the Impact Level of the following real world cases?
http://www.cnn.com/2013/08/21/us/bradley-manning-sentencing
http://www.cnn.com/2013/08/21/us/bradley-manning-sentencing
http://www.forbes.com/sites/ruchikatulshyan/2013/08/23/is-your-spouse-your-biggest-online-security-risk/
http://www.databreaches.net/university-of-north-carolina-servers-hacked-3500-employees-data-accessed/
Integrity
● Trustworthiness
● Origin
● Completeness
● Correctness
unauthorized modification or
destruction of information
Integrity
● Protective
Mechanism
● Access controls to
prevent modification
● Detective
Mechanisms
● identify when
modifica...
http://www.cultofmac.com/183063/apple-responds-to-journalist-victim-of-icloud-hack/
This all happened because the hackers were
able to get a hold of Honan’s email address,
his billing address and the last f...
Availability – disruption of access
to or use of information or an
information system.
Confidentiality and Integrity matte...
Availability
Threats
● Attacks against
Availability = DoS
● Natural Disasters
● Manmade Disasters
Protective
Mechanisms
● ...
How does Anonymous do this?
Identification – scope, locality,
uniqueness of IDs
Authentication – prove to be the
person you say you claim to be!
Ident...
Methods of Authentication
● What you know (low strength)
● Passwords, passphrases, secret codes,
PINs (low cost)
● What yo...
Authorization
● Role Privileges, Rights, Permissions
● Guest
● Participant
● Admin
permissions to view, insert, delete, mo...
How does anybody do this?
http://live.wsj.com/video/news-hub-google-gmail-hit-with-china-based-scam/D
Accountability – who sent
what where?
Ability to trace actions back to a
person, place and time, back to a
system and what...
Accountability
System/Application
Logs
● Ordered list of:
● Events
● Actions
● Must have integrity
● Time Stamped across
e...
http://www.theguardian.com/money/2011/aug/05/beware-hackers-take-over-gmail-account
Privacy = do you really have any?
Organizations should take necessary precautions
to protect the confidentiality and integ...
Some Things to Ponder:
What are the types of threats?
Who is conducting these?
Why?
Internet Security - Lecture I
Internet Security - Lecture I
Internet Security - Lecture I
Upcoming SlideShare
Loading in …5
×

Internet Security - Lecture I

1,016
-1

Published on

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,016
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
31
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Internet Security - Lecture I

  1. 1. ITC 241 Introduction to Internet Security
  2. 2. Computer Security Defined by NIST - National Institute of Standards and Technology http://csrc.nist.gov/ “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).”
  3. 3. ●Confidentiality – information access and disclosure ●Integrity – modification or destruction of information ●Availability – timely, reliable access
  4. 4. Impact Considerations ● Performance ● Organizational assets ● Financial loss ● Harm to Individuals
  5. 5. http://www.youtube.com/watch?v=d-d5TDHa8jw
  6. 6. Confidentiality ● Personal privacy ● Proprietary information ● Secret Info should remain secret The unauthorized disclosure (access) of information
  7. 7. Confidentiality ● Mechanisms of Protection ● Cryptography ● Access Controls ● Examples of Threats ● Malware ● Intruders ● Social engineering ● Insecure networks ● Poorly administered systems
  8. 8. How does Anonymous do this?
  9. 9. What's the Impact Level of the following real world cases?
  10. 10. http://www.cnn.com/2013/08/21/us/bradley-manning-sentencing
  11. 11. http://www.cnn.com/2013/08/21/us/bradley-manning-sentencing
  12. 12. http://www.forbes.com/sites/ruchikatulshyan/2013/08/23/is-your-spouse-your-biggest-online-security-risk/
  13. 13. http://www.databreaches.net/university-of-north-carolina-servers-hacked-3500-employees-data-accessed/
  14. 14. Integrity ● Trustworthiness ● Origin ● Completeness ● Correctness unauthorized modification or destruction of information
  15. 15. Integrity ● Protective Mechanism ● Access controls to prevent modification ● Detective Mechanisms ● identify when modifications occur when protective mechanisms fail ● Integrity Controls ● Principles of least privilege ● Separation ● Rotation of duties
  16. 16. http://www.cultofmac.com/183063/apple-responds-to-journalist-victim-of-icloud-hack/
  17. 17. This all happened because the hackers were able to get a hold of Honan’s email address, his billing address and the last four digits of a credit card he has on file. Once the hacker had this info, he or she called Apple, asked for a reset to the iCloud account in Honan’s name, and was given a temporary password.
  18. 18. Availability – disruption of access to or use of information or an information system. Confidentiality and Integrity matter not if the system is not available!
  19. 19. Availability Threats ● Attacks against Availability = DoS ● Natural Disasters ● Manmade Disasters Protective Mechanisms ● Business continuity ● Disaster Recovery Planning ● regular/reliable backups to minimize loss
  20. 20. How does Anonymous do this?
  21. 21. Identification – scope, locality, uniqueness of IDs Authentication – prove to be the person you say you claim to be! Identify-authenticate-authorize login – password – permissions
  22. 22. Methods of Authentication ● What you know (low strength) ● Passwords, passphrases, secret codes, PINs (low cost) ● What you have (low strength) ● Keys, smart cards, tokens ● (in possession of = higher cost) ● What you are (potential high strength) ● Biometrics
  23. 23. Authorization ● Role Privileges, Rights, Permissions ● Guest ● Participant ● Admin permissions to view, insert, delete, modify, admin
  24. 24. How does anybody do this? http://live.wsj.com/video/news-hub-google-gmail-hit-with-china-based-scam/D
  25. 25. Accountability – who sent what where? Ability to trace actions back to a person, place and time, back to a system and what processes were performed on it! Provided by logs and audit trails.
  26. 26. Accountability System/Application Logs ● Ordered list of: ● Events ● Actions ● Must have integrity ● Time Stamped across entire system ● High Level Actions (email, web page served) Audit Trail ● Ordered list of: ● Events ● Actions ● Open files ● Writing to files ● Sending packets across network
  27. 27. http://www.theguardian.com/money/2011/aug/05/beware-hackers-take-over-gmail-account
  28. 28. Privacy = do you really have any? Organizations should take necessary precautions to protect the confidentiality and integrity of personal information they collect, store and process.
  29. 29. Some Things to Ponder: What are the types of threats? Who is conducting these? Why?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×