SlideShare a Scribd company logo

Mod1_cyber-law.ppt

Download as PPT, PDF
S
SumitKandwal2

The document provides an overview of cyber laws that are relevant for system administrators responding to security incidents. It discusses the Wiretap Act, Pen/Trap and Trace Statute, and Stored Communication Act. The key points covered include: 1) System administrators are often responsible for initial response and verification of security events as first responders. 2) The Wiretap Act governs real-time communications and distinguishes between non-content layers 2-4 data and content layer 5+ data in network packets. 3) The Stored Communication Act applies to stored electronic data accessed by public providers, distinguishing between access to transactional non-content data and protected content data.

Education
1 of 20
CERT® Training and Education Networked Systems Survivability Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2005 Carnegie Mellon University ® CERT, CERT Coordination Center, and Carnegie Mellon are registered in the U.S. Patent and Trademark Office This material is approved for public release. Distribution is limited by the Software Engineering Institute to attendees. Forensic Guide to Incident Response for Technical Staff Module 1: Cyber Law
© 2005 Carnegie Mellon University Module 1: Cyber Law Objectives • Understand the role of a system administrator as a first responder to a security incident • Understand the fundamentals of cyber laws: 1. The Wiretap Act 2. Pen/Trap and Trace Statute 3. Stored Electronic Communication Act • Understand the impact of cyber laws on incident response • Understand the fundamental areas of legal scrutiny that confront first responders to a security incident
© 2005 Carnegie Mellon University Module 1: Cyber Law Forensics and Computer Forensics 1248 C.E. Hi DuanYu “The Washing Away of Wrongs” 1200 1300 1400 1500 1600 1700 1800 1900 2000 1892 C.E. Fingerprint Identification 1921 C.E. Polygraph Test Developed 1930 C.E. First Physical Forensic Lab Established 1950 C.E. First Computer Developed (ENIAC) 1986 C.E. ECPA 2002 C.E. FISMA Mandates Incident Response Capabilities 1984 C.E. Computer Forensic Experts 1989 C.E. First Person Indicted Under Title 18 Section 1030 (“Morris”) 1991 C.E. FBI CART Team Established 1996 C.E.DNA Evidence First Used at Trial in U.S. History of Forensics / Computer Forensics
© 2005 Carnegie Mellon University Module 1: Cyber Law System Administrators as Incident First Responders Often responsible for verification of security events Fundamentals: Understanding the Forensic Process Cyber Laws that Govern Actions
© 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Cyber Security -1 U.S. Constitution 4th Amendment 5th Amendment U.S. Statutory Law 18 U.S.C. §§ 2510-22 18 U.S.C. §§ 2701-12 18 U.S.C. §§ 3121-27 Federal Rules of Evidence Hearsay Authentication Reliability Best Evidence
© 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Cyber Security -2 Authority to Monitor & Collect U.S. Constitution 4th Amendment U.S. Statutory Law (Stored Data) 18 U.S.C. §§ 2701-12 (Real Time) 18 U.S.C. §§ 2510-22 18 U.S.C. §§ 3121-27 Admissibility of Collection U.S. Constitution 5th Amendment Federal Rules of Evidence Hearsay Authentication Reliability Best Evidence
© 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Monitoring and Collection -1 U.S. Constitution (only limits government action) 4th Amendment: Protection against unreasonable search and seizure Katz Standard: 1. Subjective expectation of privacy 2. Viewed by society as reasonable 5th Amendment: Protection against self incrimination Encryption and private keys
© 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Monitoring and Collection -2 U.S. Statutory Law 18 U.S.C. §§ 2510-22 Wiretap Act 18 U.S.C. §§ 3121-27 Pen/Trap and Trace 18 U.S.C. §§ 2701-12 Stored Electronic Communication Act Real-Time Communication Stored Communication Non-Content Content Non-Content Content U.S. Cyber Law
© 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Monitoring and Collection -3 Real-Time Communication: Content vs. Non-Content 18 U.S.C. §§ 3121-27 Pen/Trap and Trace 18 U.S.C. §§ 2510-22 Wiretap Act Layer 2 Header Layer 3 Header Layer 4 Header Data Layer 2 Header Contains information such as Ethernet SRC addr: 80:00:20:fa:b2:36 Ethernet DESC addr: 20:00:15:45:3f:f3 It also contains information about how much data there is to carry. Layer 3 Header This is the IP packet inside the Ethernet packet. It contains information such as Source IP addr: 1.2.3.4 Dest IP addr: 5.6.7.8 It also contains information about the size of data carried. Layer 4 Header This is a TCP packet inside the IP packet. It contains information such as Source TCP port: 32892 Dest TCP port: 25 It also contains information about the data such as the checksum and the size of the data. Layer 5+ This could be a random chunk of data. Unlike all the other layers, the only thing constraining what is in here is whatever an application decides to put in here. 17 Bytes 20 Bytes 20 Bytes Content Non-Content
© 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Monitoring and Collection -4 Wiretap Act 18 U.S.C. §§ 2510-22 Prohibited Acts: intentionally intercepts, endeavors to 18 USC 2511(1)(a) intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication Exceptions: 1) Provider Exception 2) Consent 3) Trespasser Exception
© 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Monitoring and Collection -5 Pen/Trap and Trace Act 18 U.S.C. §§ 3121-27 Prohibited Acts: No person may install or use a pen register or 18 U.S.C. 3121(a) a trap and trace device without first obtaining a court order under section 3123 of this title or under the Foreign Intelligence Surveillance Act. Exception: 1) Provider Exception 2) Verification of Service 3) Consent
© 2005 Carnegie Mellon University Module 1: Cyber Law Stored Wire & Electronic Communication Act 18 U.S.C. §§ 2701-12 Content vs. Non-Content Laws that Affect Monitoring and Collection -6 Focus: prohibited actions of a “public provider” in regards to accessing and voluntarily disclosing stored electronic communications Transactional Data (user logs, connection logs, session records, etc.) Communications/Content (emails, voice mails, electronic files on a file server, etc.)
© 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Monitoring and Collection -7 Stored Wire & Electronic Communication Act 18 U.S.C. §§ 2701-12 Prohibited Acts: a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service Disclosure of Content Exceptions: Disclosure of Non-Content Exceptions: 1) Consent 2) Provider Exception 3) Law Enforcement 4) Emergency Situation 1) Consent 2) Provider Exception 3) Emergency Situation
© 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Admissibility of Collection Federal Rules of Evidence (FRE) • Hearsay FRE 801(c) • Authentication FRE 901(a) • Reliability: Computer Records/Processes • Best Evidence: FRE 1001(3)
© 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Admissibility of Collection -1 Federal Rules of Evidence (FRE) FRE 801(c) Hearsay: FRE 801(c): “a statement, other than one made by the declarant while testifying at the trial or hearing, offered in evidence to prove the truth of the matter asserted." - Computer-generated records - Computer-stored records Exception: Rule 803(6) “Records of regularly conducted activity”
© 2005 Carnegie Mellon University Module 1: Cyber Law This has more to do with chain of custody than expert testimony Laws that Affect Admissibility of Collection -2 Authentication FRE 901(a) states: The requirement of authentication or identification as a condition precedent to admissibility is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.
© 2005 Carnegie Mellon University Module 1: Cyber Law Reliability: Computer Records/Processes Technical code analysis not required Verification of output Normal course of business Laws that Affect Admissibility of Collection -3
© 2005 Carnegie Mellon University Module 1: Cyber Law Best Evidence: FRE 1001(3): If data is stored in a computer or similar device, any printout or other output readable by sight, shown to reflect the data accurately, is an "original". Laws that Affect Admissibility of Collection -4
© 2005 Carnegie Mellon University Module 1: Cyber Law Summary 1. System administrator as the first responder to a security incident Authority to collect/admissibility of collection 2. Wiretap Act / Pen/Trap and Trace Layer 5+ is the content portion of the packet Layers 2, 3, and 4 are the non-content portion of the packet 3. Hearsay and Computer Records “Regular Course of Business” 4. Stored Communication Applied to public providers only 5. 4th and 5th Amendments 5th Amendment—Cannot be compelled to provide private key if memorized 4th Amendment—Some protection outside of the home
© 2005 Carnegie Mellon University Module 1: Cyber Law Review Where is the technical difference between content and non-content in the OSI Model? What cyber law governs the usage of tools like sniffers? How many people are required for “consent” to be given? What aspect of electronic communication does the Pen/Trap and Trace Statue cover? What is the important difference between computer- generated and computer-stored records in terms of cyber law?

Recommended

Security Regulatory Framework
Security Regulatory FrameworkSecurity Regulatory Framework
Security Regulatory Framework
anthonywong
 
Internet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP InstituteInternet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP Institute
Internet Law Center
 
Working Remotely Vpn Paradigm
Working Remotely Vpn ParadigmWorking Remotely Vpn Paradigm
Working Remotely Vpn Paradigm
pparam02
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
ssuser5162c9
 
Network service providers retain records for various lengths of time.pdf
Network service providers retain records for various lengths of time.pdfNetwork service providers retain records for various lengths of time.pdf
Network service providers retain records for various lengths of time.pdf
eyevision3
 
michael hamilton startegic dm case team
michael hamilton startegic dm case team michael hamilton startegic dm case team
michael hamilton startegic dm case team
michaelhamilton
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Brian Miller, Solicitor
 
CEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertCEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expert
jmbrrvgzhr
 

Recommended

Security Regulatory Framework
Security Regulatory FrameworkSecurity Regulatory Framework
Security Regulatory Framework
anthonywong
 
Internet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP InstituteInternet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP Institute
Internet Law Center
 
Working Remotely Vpn Paradigm
Working Remotely Vpn ParadigmWorking Remotely Vpn Paradigm
Working Remotely Vpn Paradigm
pparam02
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
ssuser5162c9
 
Network service providers retain records for various lengths of time.pdf
Network service providers retain records for various lengths of time.pdfNetwork service providers retain records for various lengths of time.pdf
Network service providers retain records for various lengths of time.pdf
eyevision3
 
michael hamilton startegic dm case team
michael hamilton startegic dm case team michael hamilton startegic dm case team
michael hamilton startegic dm case team
michaelhamilton
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Brian Miller, Solicitor
 
CEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertCEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expert
jmbrrvgzhr
 
Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Ethical Hacking and Network Defense
Ethical Hacking and Network Defense
Rishab garg
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal Issues
Ikuo Takahashi
 
Ajs 524 Enhance teaching-snaptutorial.com
Ajs 524 Enhance teaching-snaptutorial.comAjs 524 Enhance teaching-snaptutorial.com
Ajs 524 Enhance teaching-snaptutorial.com
robertleew4
 
File000116
File000116File000116
File000116
Desmond Devendran
 
Ajs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.comAjs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.com
HarrisGeorg5
 
Privacy & The Smart Grid (Susanlyon Chtlj01292010)
Privacy & The Smart Grid (Susanlyon Chtlj01292010)Privacy & The Smart Grid (Susanlyon Chtlj01292010)
Privacy & The Smart Grid (Susanlyon Chtlj01292010)
Susan Lyon-Hintze
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
Lance Michalson
 
Ajs 524Believe Possibilities / snaptutorial.com
Ajs 524Believe Possibilities / snaptutorial.comAjs 524Believe Possibilities / snaptutorial.com
Ajs 524Believe Possibilities / snaptutorial.com
StokesCope5
 
Election Petition ICT Experts Report : What you need to Know
Election Petition ICT Experts Report : What you need to KnowElection Petition ICT Experts Report : What you need to Know
Election Petition ICT Experts Report : What you need to Know
Africa Centre For Open Governance
 
The Cyber Law Regime in India
The Cyber Law Regime in IndiaThe Cyber Law Regime in India
The Cyber Law Regime in India
Dr. Prashant Vats
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
John Intindolo
 
Privacy And Surveillance
Privacy And SurveillancePrivacy And Surveillance
Privacy And Surveillance
Sarah Cortes
 
Cyber security
Cyber securityCyber security
Cyber security
SAKSHIMAHADIK
 
Ajs 524 Extraordinary Success/newtonhelp.com
Ajs 524 Extraordinary Success/newtonhelp.com Ajs 524 Extraordinary Success/newtonhelp.com
Ajs 524 Extraordinary Success/newtonhelp.com
amaranthbeg130
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Infosec Law (Feb 2006)
Infosec Law (Feb 2006)
Lance Michalson
 
PC213.L3.pdf
PC213.L3.pdfPC213.L3.pdf
PC213.L3.pdf
JohnRyanManual
 
The Role of Security and Penetration Testers
The Role of Security and Penetration TestersThe Role of Security and Penetration Testers
The Role of Security and Penetration Testers
yasirabdullah15
 
Foot printing and Reconnaissance Techniques
Foot printing and Reconnaissance TechniquesFoot printing and Reconnaissance Techniques
Foot printing and Reconnaissance Techniques
yasirabdullah15
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
Jim Brashear
 
The Ball Poem- John Berryman_20240518_001617_0000.pptx
The Ball Poem- John Berryman_20240518_001617_0000.pptxThe Ball Poem- John Berryman_20240518_001617_0000.pptx
The Ball Poem- John Berryman_20240518_001617_0000.pptx
NehaChandwani11
 
MOOD STABLIZERS DRUGS.pptx
MOOD STABLIZERS DRUGS.pptxMOOD STABLIZERS DRUGS.pptx
MOOD STABLIZERS DRUGS.pptx
PoojaSen20
 

More Related Content

Similar to Mod1_cyber-law.ppt

Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
Lance Michalson
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
John Intindolo
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 

Similar to Mod1_cyber-law.ppt (20)

Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Ethical Hacking and Network Defense
Ethical Hacking and Network Defense
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal Issues
 
Ajs 524 Enhance teaching-snaptutorial.com
Ajs 524 Enhance teaching-snaptutorial.comAjs 524 Enhance teaching-snaptutorial.com
Ajs 524 Enhance teaching-snaptutorial.com
 
File000116
File000116File000116
File000116
 
Ajs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.comAjs 524 Effective Communication / snaptutorial.com
Ajs 524 Effective Communication / snaptutorial.com
 
Privacy & The Smart Grid (Susanlyon Chtlj01292010)
Privacy & The Smart Grid (Susanlyon Chtlj01292010)Privacy & The Smart Grid (Susanlyon Chtlj01292010)
Privacy & The Smart Grid (Susanlyon Chtlj01292010)
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
 
Ajs 524Believe Possibilities / snaptutorial.com
Ajs 524Believe Possibilities / snaptutorial.comAjs 524Believe Possibilities / snaptutorial.com
Ajs 524Believe Possibilities / snaptutorial.com
 
Election Petition ICT Experts Report : What you need to Know
Election Petition ICT Experts Report : What you need to KnowElection Petition ICT Experts Report : What you need to Know
Election Petition ICT Experts Report : What you need to Know
 
The Cyber Law Regime in India
The Cyber Law Regime in IndiaThe Cyber Law Regime in India
The Cyber Law Regime in India
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
 
Privacy And Surveillance
Privacy And SurveillancePrivacy And Surveillance
Privacy And Surveillance
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ajs 524 Extraordinary Success/newtonhelp.com
Ajs 524 Extraordinary Success/newtonhelp.com Ajs 524 Extraordinary Success/newtonhelp.com
Ajs 524 Extraordinary Success/newtonhelp.com
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Infosec Law (Feb 2006)
Infosec Law (Feb 2006)
 
PC213.L3.pdf
PC213.L3.pdfPC213.L3.pdf
PC213.L3.pdf
 
The Role of Security and Penetration Testers
The Role of Security and Penetration TestersThe Role of Security and Penetration Testers
The Role of Security and Penetration Testers
 
Foot printing and Reconnaissance Techniques
Foot printing and Reconnaissance TechniquesFoot printing and Reconnaissance Techniques
Foot printing and Reconnaissance Techniques
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
 

Recently uploaded

Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
MysoreMuleSoftMeetup
 
Basic Civil Engineering notes on Transportation Engineering, Modes of Transpo...
Basic Civil Engineering notes on Transportation Engineering, Modes of Transpo...Basic Civil Engineering notes on Transportation Engineering, Modes of Transpo...
Basic Civil Engineering notes on Transportation Engineering, Modes of Transpo...
Denish Jangid
 
Implanted Devices - VP Shunts: EMGuidewire's Radiology Reading Room
Implanted Devices - VP Shunts: EMGuidewire's Radiology Reading RoomImplanted Devices - VP Shunts: EMGuidewire's Radiology Reading Room
Implanted Devices - VP Shunts: EMGuidewire's Radiology Reading Room
Sean M. Fox
 
MSc Ag Genetics & Plant Breeding: Insights from Previous Year JNKVV Entrance ...
MSc Ag Genetics & Plant Breeding: Insights from Previous Year JNKVV Entrance ...MSc Ag Genetics & Plant Breeding: Insights from Previous Year JNKVV Entrance ...
MSc Ag Genetics & Plant Breeding: Insights from Previous Year JNKVV Entrance ...
Krashi Coaching
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
中 央社
 

Recently uploaded (20)

The Ball Poem- John Berryman_20240518_001617_0000.pptx
The Ball Poem- John Berryman_20240518_001617_0000.pptxThe Ball Poem- John Berryman_20240518_001617_0000.pptx
The Ball Poem- John Berryman_20240518_001617_0000.pptx
 
MOOD STABLIZERS DRUGS.pptx
MOOD STABLIZERS DRUGS.pptxMOOD STABLIZERS DRUGS.pptx
MOOD STABLIZERS DRUGS.pptx
 
Features of Video Calls in the Discuss Module in Odoo 17
Features of Video Calls in the Discuss Module in Odoo 17Features of Video Calls in the Discuss Module in Odoo 17
Features of Video Calls in the Discuss Module in Odoo 17
 
UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024
 
Championnat de France de Tennis de table/
Championnat de France de Tennis de table/Championnat de France de Tennis de table/
Championnat de France de Tennis de table/
 
II BIOSENSOR PRINCIPLE APPLICATIONS AND WORKING II
II BIOSENSOR PRINCIPLE APPLICATIONS AND WORKING IIII BIOSENSOR PRINCIPLE APPLICATIONS AND WORKING II
II BIOSENSOR PRINCIPLE APPLICATIONS AND WORKING II
 
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
 
Capitol Tech Univ Doctoral Presentation -May 2024
Capitol Tech Univ Doctoral Presentation -May 2024Capitol Tech Univ Doctoral Presentation -May 2024
Capitol Tech Univ Doctoral Presentation -May 2024
 
An Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge AppAn Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge App
 
Basic Civil Engineering notes on Transportation Engineering, Modes of Transpo...
Basic Civil Engineering notes on Transportation Engineering, Modes of Transpo...Basic Civil Engineering notes on Transportation Engineering, Modes of Transpo...
Basic Civil Engineering notes on Transportation Engineering, Modes of Transpo...
 
Word Stress rules esl .pptx
Word Stress rules esl .pptxWord Stress rules esl .pptx
Word Stress rules esl .pptx
 
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjStl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
 
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
 
Implanted Devices - VP Shunts: EMGuidewire's Radiology Reading Room
Implanted Devices - VP Shunts: EMGuidewire's Radiology Reading RoomImplanted Devices - VP Shunts: EMGuidewire's Radiology Reading Room
Implanted Devices - VP Shunts: EMGuidewire's Radiology Reading Room
 
Removal Strategy _ FEFO _ Working with Perishable Products in Odoo 17
Removal Strategy _ FEFO _ Working with Perishable Products in Odoo 17Removal Strategy _ FEFO _ Working with Perishable Products in Odoo 17
Removal Strategy _ FEFO _ Working with Perishable Products in Odoo 17
 
Improved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio AppImproved Approval Flow in Odoo 17 Studio App
Improved Approval Flow in Odoo 17 Studio App
 
MSc Ag Genetics & Plant Breeding: Insights from Previous Year JNKVV Entrance ...
MSc Ag Genetics & Plant Breeding: Insights from Previous Year JNKVV Entrance ...MSc Ag Genetics & Plant Breeding: Insights from Previous Year JNKVV Entrance ...
MSc Ag Genetics & Plant Breeding: Insights from Previous Year JNKVV Entrance ...
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
 
The Liver & Gallbladder (Anatomy & Physiology).pptx
The Liver & Gallbladder (Anatomy & Physiology).pptxThe Liver & Gallbladder (Anatomy & Physiology).pptx
The Liver & Gallbladder (Anatomy & Physiology).pptx
 
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
 

Mod1_cyber-law.ppt

  • 1. CERT® Training and Education Networked Systems Survivability Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2005 Carnegie Mellon University ® CERT, CERT Coordination Center, and Carnegie Mellon are registered in the U.S. Patent and Trademark Office This material is approved for public release. Distribution is limited by the Software Engineering Institute to attendees. Forensic Guide to Incident Response for Technical Staff Module 1: Cyber Law
  • 2. © 2005 Carnegie Mellon University Module 1: Cyber Law Objectives • Understand the role of a system administrator as a first responder to a security incident • Understand the fundamentals of cyber laws: 1. The Wiretap Act 2. Pen/Trap and Trace Statute 3. Stored Electronic Communication Act • Understand the impact of cyber laws on incident response • Understand the fundamental areas of legal scrutiny that confront first responders to a security incident
  • 3. © 2005 Carnegie Mellon University Module 1: Cyber Law Forensics and Computer Forensics 1248 C.E. Hi DuanYu “The Washing Away of Wrongs” 1200 1300 1400 1500 1600 1700 1800 1900 2000 1892 C.E. Fingerprint Identification 1921 C.E. Polygraph Test Developed 1930 C.E. First Physical Forensic Lab Established 1950 C.E. First Computer Developed (ENIAC) 1986 C.E. ECPA 2002 C.E. FISMA Mandates Incident Response Capabilities 1984 C.E. Computer Forensic Experts 1989 C.E. First Person Indicted Under Title 18 Section 1030 (“Morris”) 1991 C.E. FBI CART Team Established 1996 C.E.DNA Evidence First Used at Trial in U.S. History of Forensics / Computer Forensics
  • 4. © 2005 Carnegie Mellon University Module 1: Cyber Law System Administrators as Incident First Responders Often responsible for verification of security events Fundamentals: Understanding the Forensic Process Cyber Laws that Govern Actions
  • 5. © 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Cyber Security -1 U.S. Constitution 4th Amendment 5th Amendment U.S. Statutory Law 18 U.S.C. §§ 2510-22 18 U.S.C. §§ 2701-12 18 U.S.C. §§ 3121-27 Federal Rules of Evidence Hearsay Authentication Reliability Best Evidence
  • 6. © 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Cyber Security -2 Authority to Monitor & Collect U.S. Constitution 4th Amendment U.S. Statutory Law (Stored Data) 18 U.S.C. §§ 2701-12 (Real Time) 18 U.S.C. §§ 2510-22 18 U.S.C. §§ 3121-27 Admissibility of Collection U.S. Constitution 5th Amendment Federal Rules of Evidence Hearsay Authentication Reliability Best Evidence
  • 7. © 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Monitoring and Collection -1 U.S. Constitution (only limits government action) 4th Amendment: Protection against unreasonable search and seizure Katz Standard: 1. Subjective expectation of privacy 2. Viewed by society as reasonable 5th Amendment: Protection against self incrimination Encryption and private keys
  • 8. © 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Monitoring and Collection -2 U.S. Statutory Law 18 U.S.C. §§ 2510-22 Wiretap Act 18 U.S.C. §§ 3121-27 Pen/Trap and Trace 18 U.S.C. §§ 2701-12 Stored Electronic Communication Act Real-Time Communication Stored Communication Non-Content Content Non-Content Content U.S. Cyber Law
  • 9. © 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Monitoring and Collection -3 Real-Time Communication: Content vs. Non-Content 18 U.S.C. §§ 3121-27 Pen/Trap and Trace 18 U.S.C. §§ 2510-22 Wiretap Act Layer 2 Header Layer 3 Header Layer 4 Header Data Layer 2 Header Contains information such as Ethernet SRC addr: 80:00:20:fa:b2:36 Ethernet DESC addr: 20:00:15:45:3f:f3 It also contains information about how much data there is to carry. Layer 3 Header This is the IP packet inside the Ethernet packet. It contains information such as Source IP addr: 1.2.3.4 Dest IP addr: 5.6.7.8 It also contains information about the size of data carried. Layer 4 Header This is a TCP packet inside the IP packet. It contains information such as Source TCP port: 32892 Dest TCP port: 25 It also contains information about the data such as the checksum and the size of the data. Layer 5+ This could be a random chunk of data. Unlike all the other layers, the only thing constraining what is in here is whatever an application decides to put in here. 17 Bytes 20 Bytes 20 Bytes Content Non-Content
  • 10. © 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Monitoring and Collection -4 Wiretap Act 18 U.S.C. §§ 2510-22 Prohibited Acts: intentionally intercepts, endeavors to 18 USC 2511(1)(a) intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication Exceptions: 1) Provider Exception 2) Consent 3) Trespasser Exception
  • 11. © 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Monitoring and Collection -5 Pen/Trap and Trace Act 18 U.S.C. §§ 3121-27 Prohibited Acts: No person may install or use a pen register or 18 U.S.C. 3121(a) a trap and trace device without first obtaining a court order under section 3123 of this title or under the Foreign Intelligence Surveillance Act. Exception: 1) Provider Exception 2) Verification of Service 3) Consent
  • 12. © 2005 Carnegie Mellon University Module 1: Cyber Law Stored Wire & Electronic Communication Act 18 U.S.C. §§ 2701-12 Content vs. Non-Content Laws that Affect Monitoring and Collection -6 Focus: prohibited actions of a “public provider” in regards to accessing and voluntarily disclosing stored electronic communications Transactional Data (user logs, connection logs, session records, etc.) Communications/Content (emails, voice mails, electronic files on a file server, etc.)
  • 13. © 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Monitoring and Collection -7 Stored Wire & Electronic Communication Act 18 U.S.C. §§ 2701-12 Prohibited Acts: a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service Disclosure of Content Exceptions: Disclosure of Non-Content Exceptions: 1) Consent 2) Provider Exception 3) Law Enforcement 4) Emergency Situation 1) Consent 2) Provider Exception 3) Emergency Situation
  • 14. © 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Admissibility of Collection Federal Rules of Evidence (FRE) • Hearsay FRE 801(c) • Authentication FRE 901(a) • Reliability: Computer Records/Processes • Best Evidence: FRE 1001(3)
  • 15. © 2005 Carnegie Mellon University Module 1: Cyber Law Laws that Affect Admissibility of Collection -1 Federal Rules of Evidence (FRE) FRE 801(c) Hearsay: FRE 801(c): “a statement, other than one made by the declarant while testifying at the trial or hearing, offered in evidence to prove the truth of the matter asserted." - Computer-generated records - Computer-stored records Exception: Rule 803(6) “Records of regularly conducted activity”
  • 16. © 2005 Carnegie Mellon University Module 1: Cyber Law This has more to do with chain of custody than expert testimony Laws that Affect Admissibility of Collection -2 Authentication FRE 901(a) states: The requirement of authentication or identification as a condition precedent to admissibility is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.
  • 17. © 2005 Carnegie Mellon University Module 1: Cyber Law Reliability: Computer Records/Processes Technical code analysis not required Verification of output Normal course of business Laws that Affect Admissibility of Collection -3
  • 18. © 2005 Carnegie Mellon University Module 1: Cyber Law Best Evidence: FRE 1001(3): If data is stored in a computer or similar device, any printout or other output readable by sight, shown to reflect the data accurately, is an "original". Laws that Affect Admissibility of Collection -4
  • 19. © 2005 Carnegie Mellon University Module 1: Cyber Law Summary 1. System administrator as the first responder to a security incident Authority to collect/admissibility of collection 2. Wiretap Act / Pen/Trap and Trace Layer 5+ is the content portion of the packet Layers 2, 3, and 4 are the non-content portion of the packet 3. Hearsay and Computer Records “Regular Course of Business” 4. Stored Communication Applied to public providers only 5. 4th and 5th Amendments 5th Amendment—Cannot be compelled to provide private key if memorized 4th Amendment—Some protection outside of the home
  • 20. © 2005 Carnegie Mellon University Module 1: Cyber Law Review Where is the technical difference between content and non-content in the OSI Model? What cyber law governs the usage of tools like sniffers? How many people are required for “consent” to be given? What aspect of electronic communication does the Pen/Trap and Trace Statue cover? What is the important difference between computer- generated and computer-stored records in terms of cyber law?

Editor's Notes

  1. Page 1
  2. Page 3
  3. Page 4