Your SlideShare is downloading. ×
Internet Security - Lecture I
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Internet Security - Lecture I

895
views

Published on


0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
895
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
31
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. ITC 241 Introduction to Internet Security
  • 2. Computer Security Defined by NIST - National Institute of Standards and Technology http://csrc.nist.gov/ “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).”
  • 3. ●Confidentiality – information access and disclosure ●Integrity – modification or destruction of information ●Availability – timely, reliable access
  • 4. Impact Considerations ● Performance ● Organizational assets ● Financial loss ● Harm to Individuals
  • 5. http://www.youtube.com/watch?v=d-d5TDHa8jw
  • 6. Confidentiality ● Personal privacy ● Proprietary information ● Secret Info should remain secret The unauthorized disclosure (access) of information
  • 7. Confidentiality ● Mechanisms of Protection ● Cryptography ● Access Controls ● Examples of Threats ● Malware ● Intruders ● Social engineering ● Insecure networks ● Poorly administered systems
  • 8. How does Anonymous do this?
  • 9. What's the Impact Level of the following real world cases?
  • 10. http://www.cnn.com/2013/08/21/us/bradley-manning-sentencing
  • 11. http://www.cnn.com/2013/08/21/us/bradley-manning-sentencing
  • 12. http://www.forbes.com/sites/ruchikatulshyan/2013/08/23/is-your-spouse-your-biggest-online-security-risk/
  • 13. http://www.databreaches.net/university-of-north-carolina-servers-hacked-3500-employees-data-accessed/
  • 14. Integrity ● Trustworthiness ● Origin ● Completeness ● Correctness unauthorized modification or destruction of information
  • 15. Integrity ● Protective Mechanism ● Access controls to prevent modification ● Detective Mechanisms ● identify when modifications occur when protective mechanisms fail ● Integrity Controls ● Principles of least privilege ● Separation ● Rotation of duties
  • 16. http://www.cultofmac.com/183063/apple-responds-to-journalist-victim-of-icloud-hack/
  • 17. This all happened because the hackers were able to get a hold of Honan’s email address, his billing address and the last four digits of a credit card he has on file. Once the hacker had this info, he or she called Apple, asked for a reset to the iCloud account in Honan’s name, and was given a temporary password.
  • 18. Availability – disruption of access to or use of information or an information system. Confidentiality and Integrity matter not if the system is not available!
  • 19. Availability Threats ● Attacks against Availability = DoS ● Natural Disasters ● Manmade Disasters Protective Mechanisms ● Business continuity ● Disaster Recovery Planning ● regular/reliable backups to minimize loss
  • 20. How does Anonymous do this?
  • 21. Identification – scope, locality, uniqueness of IDs Authentication – prove to be the person you say you claim to be! Identify-authenticate-authorize login – password – permissions
  • 22. Methods of Authentication ● What you know (low strength) ● Passwords, passphrases, secret codes, PINs (low cost) ● What you have (low strength) ● Keys, smart cards, tokens ● (in possession of = higher cost) ● What you are (potential high strength) ● Biometrics
  • 23. Authorization ● Role Privileges, Rights, Permissions ● Guest ● Participant ● Admin permissions to view, insert, delete, modify, admin
  • 24. How does anybody do this? http://live.wsj.com/video/news-hub-google-gmail-hit-with-china-based-scam/D
  • 25. Accountability – who sent what where? Ability to trace actions back to a person, place and time, back to a system and what processes were performed on it! Provided by logs and audit trails.
  • 26. Accountability System/Application Logs ● Ordered list of: ● Events ● Actions ● Must have integrity ● Time Stamped across entire system ● High Level Actions (email, web page served) Audit Trail ● Ordered list of: ● Events ● Actions ● Open files ● Writing to files ● Sending packets across network
  • 27. http://www.theguardian.com/money/2011/aug/05/beware-hackers-take-over-gmail-account
  • 28. Privacy = do you really have any? Organizations should take necessary precautions to protect the confidentiality and integrity of personal information they collect, store and process.
  • 29. Some Things to Ponder: What are the types of threats? Who is conducting these? Why?