Internet Security - Lecture I
Upcoming SlideShare
Loading in...5

Internet Security - Lecture I






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Internet Security - Lecture I Internet Security - Lecture I Presentation Transcript

  • ITC 241 Introduction to Internet Security
  • Computer Security Defined by NIST - National Institute of Standards and Technology “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).”
  • ●Confidentiality – information access and disclosure ●Integrity – modification or destruction of information ●Availability – timely, reliable access
  • Impact Considerations ● Performance ● Organizational assets ● Financial loss ● Harm to Individuals
  • Confidentiality ● Personal privacy ● Proprietary information ● Secret Info should remain secret The unauthorized disclosure (access) of information
  • Confidentiality ● Mechanisms of Protection ● Cryptography ● Access Controls ● Examples of Threats ● Malware ● Intruders ● Social engineering ● Insecure networks ● Poorly administered systems
  • How does Anonymous do this?
  • What's the Impact Level of the following real world cases?
  • Integrity ● Trustworthiness ● Origin ● Completeness ● Correctness unauthorized modification or destruction of information
  • Integrity ● Protective Mechanism ● Access controls to prevent modification ● Detective Mechanisms ● identify when modifications occur when protective mechanisms fail ● Integrity Controls ● Principles of least privilege ● Separation ● Rotation of duties
  • This all happened because the hackers were able to get a hold of Honan’s email address, his billing address and the last four digits of a credit card he has on file. Once the hacker had this info, he or she called Apple, asked for a reset to the iCloud account in Honan’s name, and was given a temporary password.
  • Availability – disruption of access to or use of information or an information system. Confidentiality and Integrity matter not if the system is not available!
  • Availability Threats ● Attacks against Availability = DoS ● Natural Disasters ● Manmade Disasters Protective Mechanisms ● Business continuity ● Disaster Recovery Planning ● regular/reliable backups to minimize loss
  • How does Anonymous do this?
  • Identification – scope, locality, uniqueness of IDs Authentication – prove to be the person you say you claim to be! Identify-authenticate-authorize login – password – permissions
  • Methods of Authentication ● What you know (low strength) ● Passwords, passphrases, secret codes, PINs (low cost) ● What you have (low strength) ● Keys, smart cards, tokens ● (in possession of = higher cost) ● What you are (potential high strength) ● Biometrics
  • Authorization ● Role Privileges, Rights, Permissions ● Guest ● Participant ● Admin permissions to view, insert, delete, modify, admin
  • How does anybody do this?
  • Accountability – who sent what where? Ability to trace actions back to a person, place and time, back to a system and what processes were performed on it! Provided by logs and audit trails.
  • Accountability System/Application Logs ● Ordered list of: ● Events ● Actions ● Must have integrity ● Time Stamped across entire system ● High Level Actions (email, web page served) Audit Trail ● Ordered list of: ● Events ● Actions ● Open files ● Writing to files ● Sending packets across network
  • Privacy = do you really have any? Organizations should take necessary precautions to protect the confidentiality and integrity of personal information they collect, store and process.
  • Some Things to Ponder: What are the types of threats? Who is conducting these? Why?