SlideShare a Scribd company logo

Information security power point slides.ppt

Download as PPT, PDF
M
MuhammadAbdullah311866

Information security

Education
1 of 23
CS526 1 Information Security CS 526 Topic 1 Overview of the Course Topic 1
Recent Security News • Snowden leaks information about various NSA data collection programs – Phone call record – Supposedly email, instant message, etc. • National Security Agency – http://www.pbs.org/wgbh/pages/frontline/homefront/pre emption/nsa.html • Facebook CEO’s page hacked by Palestinian Khalil Shreateh to demonstrate bugs in Facebook CS526 Topic 1 2
In the News Last Year: Hackers Force Apple, Amazon to Change Security Policy • What happened? – Hackers gained access to Mat Honan (a reporter)’s iCloud account, then (according to Honan) • At 5:00 PM, they remote wiped my iPhone At 5:01 PM, they remote wiped my iPad At 5:05, they remote wiped my MacBook Air. • How did the attacker get access to iCloud account? Any guess? • Lessons? • Security only as strong as the weakest link. • Information sharing across platforms can lead to unexpected vulnerabilities CS526 Topic 1 3
Stuxnet (2010) • Stuxnet: Windows-based Worm – Worm: self-propagating malicious software (malware) • Attack Siemens software that control industrial control systems (ICS) and these systems – Used in factories, chemical plants, and nuclear power plants • First reported in June 2010, the general public aware of it only in July 2010 • Seems to be a digital weapon created by a nation-state – 60% (more than 62 thousand) of infected computers in Iran – Iran confirmed that nuclear program damaged by Stuxnet – Sophisticated design, special targets, expensive to develop CS526 4 Topic 1
Malware That Appear to Be Related to Stuxnet • Duqu (September 2011) – Use stolen certificates, exploits MS Word • Flame (May 2012) – A tool for cyber espionage in Middle East (infecting approx. 1000 machines, mostly in Iran) – “Suicide” after being discovered – 20 Mbytes, with SQLLite DB to store info, hide its own presence, exploit similar vulnerabilities as StuxNet, adjust its behavior to different Anti-Virus – Presents a novel way to produce MD5 hash collision to exploit certificates CS526 Topic 1 5
CS526 6 See the Course Homepage • http://www.cs.purdue.edu/homes/ninghui/courses/ 526_Fall13/index.html • Knowledge needed for the course – Programming knowledge (for two programming projects) • Web (PHP) • Low-level (C, knowledge of assembly) – Knowledge of computer/networking – Appropriate mathematical sophistication Topic 1
CS526 7 Readings for This Lecture Required readings: – Information Security on Wikipedia (Basic principles & Risk management) Optional Readings: – Counter Hack Reloaded • Chapter 1: Introduction – Security in Computing: Chapter 1 Topic 1
What is Information (Computer) Security? • Security = Sustain desirable properties under intelligent adversaries • Desirable properties – Understand what properties are needed. • Intelligent adversaries – Needs to understand/model adversaries – Always think about adversaries. CS526 Topic 1 8
CS526 9 Security Goals/Properties (C, I, A) • Confidentiality (secrecy, privacy) – only those who are authorized to know can know • Integrity (also authenticity in communication) – only modified by authorized parties and in permitted ways – do things that are expected • Availability – those authorized to access can get access Topic 1
Which of C, I, A are violated in .. • The Stuxnet attack compromises – integrity of software systems, – availability of some control functionalities, – confidentiality of some keys in order to sign malware to be loaded by Windows • The Apple/Amazon attack – Confidentiality of credit card digits – Integrity of password – Availability of data and devices • The Facebook attack – Integrity – Potential availability concern CS526 10 Topic 1
CS526 11 Computer Security Issues • Malware (Malicious Software) – Computer viruses – Trojan horses – Computer worms • E.g., Morris worm (1988), Melissa worm (1999), Stuxnet (2010), etc. – Spywares – Malwares on mobile devices • Computer break-ins • Email spams – E.g., Nigerian scam (419 scam, advanced fee fraud), stock recommendations Topic 1
More Computer Security Issues • Identity theft • Driveby downloads • Botnets • Distributed denial of service attacks • Serious security flaws in many important systems – electronic voting machines, ATM systems CS526 12 Topic 1
CS526 13 Why Do Computer Attacks Occur? • Who are the attackers? – bored teenagers, criminals, organized crime organizations, rogue (or other) states, industrial espionage, angry employees, … • Why they do it? – fun, – fame, – profit, … • computer systems are where the moneys are – Political/military objectives Topic 1
CS526 14 Why These Attacks Can Succeed? • Software/computer systems are buggy • Users make mistakes • Technological factors – Von Neumann architecture: stored programs – Unsafe program languages – Software are complex, dynamic, and increasingly so – Making things secure are hard – Security may make things harder to use Topic 1
CS526 15 Why Do These Factors Exist? • Economical factors – Lack of incentives for secure software – Security is difficult, expensive and takes time • Human factors – Lack of security training for software engineers – Largely uneducated population Topic 1
CS526 16 Security is Not Absolute • Is your car secure? • What does “secure” mean? • Are you secure when you drive your car? • Security is relative – to the kinds of loss one consider • security objectives/properties need to be stated – to the threats/adversaries under consideration. • security is always under certain assumptions Topic 1
CS526 17 Security is Secondary • What protection/security mechanisms one has in the physical world? • Why the need for security mechanisms arises? • Security is secondary to the interactions that make security necessary. Robert H. Morris : The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it. Topic 1
CS526 18 Information Security is Interesting • The most interesting/challenging threats to security are posed by human adversaries – Security is harder than reliability • Information security is a self-sustaining field – Can work both from attack perspective and from defense perspective • Security is about benefit/cost tradeoff – Thought often the tradeoff analysis is not explicit • Security is not all technological – Humans are often the weakest link Topic 1
CS526 19 Information Security is Challenging • Defense is almost always harder than attack. • In which ways information security is more difficult than physical security? – adversaries can come from anywhere – computers enable large-scale automation – adversaries can be difficult to identify – adversaries can be difficult to punish – potential payoff can be much higher • In which ways information security is easier than physical security? Topic 1
CS526 20 Tools for Information Security • Cryptography • Authentication and Access control • Hardware/software architecture for separation • Processes and tools for developing more secure software • Monitoring and analysis • Recovery and response Topic 1
CS526 21 What is This Course About? • Learn to think about security when doing things • Learn to understand and apply security principles • Learn how computers can be attacked, how to prevent attacks and/or limit their consequences. – No silver bullet; man-made complex systems will have errors; errors may be exploited – Large number of ways to attack – Large collection of specific methods for specific purposes Topic 1
CS526 22 Ethical Use of Security Information • We discuss vulnerabilities and attacks – Most vulnerabilities have been fixed – Some attacks may still cause harm – Do not try these outside the context of this course Topic 1
CS526 23 Coming Attractions … • Cryptography: terminology and classic ciphers. • Readings – Cryptography on Wikipedia Topic 1

Recommended

15_526_topic01.ppt
15_526_topic01.ppt15_526_topic01.ppt
15_526_topic01.pptFaiz Fanani
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
Computer Security
Computer SecurityComputer Security
Computer SecurityGreater Noida Institute Of Technology
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Computer Security.ppt
Computer Security.pptComputer Security.ppt
Computer Security.pptSharudinBoriak1
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 

Recommended

15_526_topic01.ppt
15_526_topic01.ppt15_526_topic01.ppt
15_526_topic01.pptFaiz Fanani
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9Amanda Case
 
Computer Security
Computer SecurityComputer Security
Computer SecurityGreater Noida Institute Of Technology
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Computer Security.ppt
Computer Security.pptComputer Security.ppt
Computer Security.pptSharudinBoriak1
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
1_Introduction.pdf
1_Introduction.pdf1_Introduction.pdf
1_Introduction.pdfssuserfb92ae
 
Isys20261 lecture 11
Isys20261 lecture 11Isys20261 lecture 11
Isys20261 lecture 11Wiliam Ferraciolli
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...Mohammed Almeshekah
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01Wiliam Ferraciolli
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Intro (1).ppt
Intro (1).pptIntro (1).ppt
Intro (1).pptSameer Ali
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Isys20261 lecture 02
Isys20261 lecture 02Isys20261 lecture 02
Isys20261 lecture 02Wiliam Ferraciolli
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos De Pedro
 
ISM Chapter 1.ppt
ISM Chapter 1.pptISM Chapter 1.ppt
ISM Chapter 1.pptSajjadAbdullah4
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systemsCity Unrulyversity
 
System Security Beyond the Libraries
System Security Beyond the LibrariesSystem Security Beyond the Libraries
System Security Beyond the LibrariesEoin Woods
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingMukul Agarwal
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdfNVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdfMuhammadAbdullah311866
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxMuhammadAbdullah311866
 

More Related Content

Similar to Information security power point slides.ppt

Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
1_Introduction.pdf
1_Introduction.pdf1_Introduction.pdf
1_Introduction.pdfssuserfb92ae
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...Mohammed Almeshekah
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos De Pedro
 
System Security Beyond the Libraries
System Security Beyond the LibrariesSystem Security Beyond the Libraries
System Security Beyond the LibrariesEoin Woods
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 

Similar to Information security power point slides.ppt (20)

Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
 
1_Introduction.pdf
1_Introduction.pdf1_Introduction.pdf
1_Introduction.pdf
 
Isys20261 lecture 11
Isys20261 lecture 11Isys20261 lecture 11
Isys20261 lecture 11
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Intro (1).ppt
Intro (1).pptIntro (1).ppt
Intro (1).ppt
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
Isys20261 lecture 02
Isys20261 lecture 02Isys20261 lecture 02
Isys20261 lecture 02
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1
 
ISM Chapter 1.ppt
ISM Chapter 1.pptISM Chapter 1.ppt
ISM Chapter 1.ppt
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systems
 
System Security Beyond the Libraries
System Security Beyond the LibrariesSystem Security Beyond the Libraries
System Security Beyond the Libraries
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 

More from MuhammadAbdullah311866

NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdfNVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdfMuhammadAbdullah311866
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxMuhammadAbdullah311866
 
presentationcloud-18123333331185718.pptx
presentationcloud-18123333331185718.pptxpresentationcloud-18123333331185718.pptx
presentationcloud-18123333331185718.pptxMuhammadAbdullah311866
 
cybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptxcybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptxMuhammadAbdullah311866
 
Security-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptxSecurity-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptxMuhammadAbdullah311866
 
Responsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptxResponsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptxMuhammadAbdullah311866
 
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptxFusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptxMuhammadAbdullah311866
 
bash_1_2021-command line introduction.pdf
bash_1_2021-command line introduction.pdfbash_1_2021-command line introduction.pdf
bash_1_2021-command line introduction.pdfMuhammadAbdullah311866
 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxMuhammadAbdullah311866
 
cybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxcybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxMuhammadAbdullah311866
 
package module in the python environement.pptx
package module in the python environement.pptxpackage module in the python environement.pptx
package module in the python environement.pptxMuhammadAbdullah311866
 
Supply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptxSupply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptxMuhammadAbdullah311866
 
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...MuhammadAbdullah311866
 
overview of principles of computerss.ppt
overview of principles of computerss.pptoverview of principles of computerss.ppt
overview of principles of computerss.pptMuhammadAbdullah311866
 
information security importance and use.ppt
information security importance and use.pptinformation security importance and use.ppt
information security importance and use.pptMuhammadAbdullah311866
 
implementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptimplementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptMuhammadAbdullah311866
 
compatibility and complexity in the IS.ppt
compatibility and complexity in the IS.pptcompatibility and complexity in the IS.ppt
compatibility and complexity in the IS.pptMuhammadAbdullah311866
 
turning test, how it works and winners.ppt
turning test, how it works and winners.pptturning test, how it works and winners.ppt
turning test, how it works and winners.pptMuhammadAbdullah311866
 
games, infosec, privacy, adversaries .ppt
games, infosec, privacy, adversaries .pptgames, infosec, privacy, adversaries .ppt
games, infosec, privacy, adversaries .pptMuhammadAbdullah311866
 
Authentication Authorization-Lesson-2-Slides.ppt
Authentication Authorization-Lesson-2-Slides.pptAuthentication Authorization-Lesson-2-Slides.ppt
Authentication Authorization-Lesson-2-Slides.pptMuhammadAbdullah311866
 

More from MuhammadAbdullah311866 (20)

NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdfNVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptx
 
presentationcloud-18123333331185718.pptx
presentationcloud-18123333331185718.pptxpresentationcloud-18123333331185718.pptx
presentationcloud-18123333331185718.pptx
 
cybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptxcybersecurity assessS-Ment-and-I(1).pptx
cybersecurity assessS-Ment-and-I(1).pptx
 
Security-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptxSecurity-Monitoring-and-Improvement.pptx
Security-Monitoring-and-Improvement.pptx
 
Responsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptxResponsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptx
 
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptxFusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
 
bash_1_2021-command line introduction.pdf
bash_1_2021-command line introduction.pdfbash_1_2021-command line introduction.pdf
bash_1_2021-command line introduction.pdf
 
framework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptxframework_update_report-yer20170301.pptx
framework_update_report-yer20170301.pptx
 
cybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptxcybersecurity_framework_webinar_2017.pptx
cybersecurity_framework_webinar_2017.pptx
 
package module in the python environement.pptx
package module in the python environement.pptxpackage module in the python environement.pptx
package module in the python environement.pptx
 
Supply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptxSupply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptx
 
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
 
overview of principles of computerss.ppt
overview of principles of computerss.pptoverview of principles of computerss.ppt
overview of principles of computerss.ppt
 
information security importance and use.ppt
information security importance and use.pptinformation security importance and use.ppt
information security importance and use.ppt
 
implementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptimplementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.ppt
 
compatibility and complexity in the IS.ppt
compatibility and complexity in the IS.pptcompatibility and complexity in the IS.ppt
compatibility and complexity in the IS.ppt
 
turning test, how it works and winners.ppt
turning test, how it works and winners.pptturning test, how it works and winners.ppt
turning test, how it works and winners.ppt
 
games, infosec, privacy, adversaries .ppt
games, infosec, privacy, adversaries .pptgames, infosec, privacy, adversaries .ppt
games, infosec, privacy, adversaries .ppt
 
Authentication Authorization-Lesson-2-Slides.ppt
Authentication Authorization-Lesson-2-Slides.pptAuthentication Authorization-Lesson-2-Slides.ppt
Authentication Authorization-Lesson-2-Slides.ppt
 

Recently uploaded

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 

Recently uploaded (20)

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 

Information security power point slides.ppt

  • 1. CS526 1 Information Security CS 526 Topic 1 Overview of the Course Topic 1
  • 2. Recent Security News • Snowden leaks information about various NSA data collection programs – Phone call record – Supposedly email, instant message, etc. • National Security Agency – http://www.pbs.org/wgbh/pages/frontline/homefront/pre emption/nsa.html • Facebook CEO’s page hacked by Palestinian Khalil Shreateh to demonstrate bugs in Facebook CS526 Topic 1 2
  • 3. In the News Last Year: Hackers Force Apple, Amazon to Change Security Policy • What happened? – Hackers gained access to Mat Honan (a reporter)’s iCloud account, then (according to Honan) • At 5:00 PM, they remote wiped my iPhone At 5:01 PM, they remote wiped my iPad At 5:05, they remote wiped my MacBook Air. • How did the attacker get access to iCloud account? Any guess? • Lessons? • Security only as strong as the weakest link. • Information sharing across platforms can lead to unexpected vulnerabilities CS526 Topic 1 3
  • 4. Stuxnet (2010) • Stuxnet: Windows-based Worm – Worm: self-propagating malicious software (malware) • Attack Siemens software that control industrial control systems (ICS) and these systems – Used in factories, chemical plants, and nuclear power plants • First reported in June 2010, the general public aware of it only in July 2010 • Seems to be a digital weapon created by a nation-state – 60% (more than 62 thousand) of infected computers in Iran – Iran confirmed that nuclear program damaged by Stuxnet – Sophisticated design, special targets, expensive to develop CS526 4 Topic 1
  • 5. Malware That Appear to Be Related to Stuxnet • Duqu (September 2011) – Use stolen certificates, exploits MS Word • Flame (May 2012) – A tool for cyber espionage in Middle East (infecting approx. 1000 machines, mostly in Iran) – “Suicide” after being discovered – 20 Mbytes, with SQLLite DB to store info, hide its own presence, exploit similar vulnerabilities as StuxNet, adjust its behavior to different Anti-Virus – Presents a novel way to produce MD5 hash collision to exploit certificates CS526 Topic 1 5
  • 6. CS526 6 See the Course Homepage • http://www.cs.purdue.edu/homes/ninghui/courses/ 526_Fall13/index.html • Knowledge needed for the course – Programming knowledge (for two programming projects) • Web (PHP) • Low-level (C, knowledge of assembly) – Knowledge of computer/networking – Appropriate mathematical sophistication Topic 1
  • 7. CS526 7 Readings for This Lecture Required readings: – Information Security on Wikipedia (Basic principles & Risk management) Optional Readings: – Counter Hack Reloaded • Chapter 1: Introduction – Security in Computing: Chapter 1 Topic 1
  • 8. What is Information (Computer) Security? • Security = Sustain desirable properties under intelligent adversaries • Desirable properties – Understand what properties are needed. • Intelligent adversaries – Needs to understand/model adversaries – Always think about adversaries. CS526 Topic 1 8
  • 9. CS526 9 Security Goals/Properties (C, I, A) • Confidentiality (secrecy, privacy) – only those who are authorized to know can know • Integrity (also authenticity in communication) – only modified by authorized parties and in permitted ways – do things that are expected • Availability – those authorized to access can get access Topic 1
  • 10. Which of C, I, A are violated in .. • The Stuxnet attack compromises – integrity of software systems, – availability of some control functionalities, – confidentiality of some keys in order to sign malware to be loaded by Windows • The Apple/Amazon attack – Confidentiality of credit card digits – Integrity of password – Availability of data and devices • The Facebook attack – Integrity – Potential availability concern CS526 10 Topic 1
  • 11. CS526 11 Computer Security Issues • Malware (Malicious Software) – Computer viruses – Trojan horses – Computer worms • E.g., Morris worm (1988), Melissa worm (1999), Stuxnet (2010), etc. – Spywares – Malwares on mobile devices • Computer break-ins • Email spams – E.g., Nigerian scam (419 scam, advanced fee fraud), stock recommendations Topic 1
  • 12. More Computer Security Issues • Identity theft • Driveby downloads • Botnets • Distributed denial of service attacks • Serious security flaws in many important systems – electronic voting machines, ATM systems CS526 12 Topic 1
  • 13. CS526 13 Why Do Computer Attacks Occur? • Who are the attackers? – bored teenagers, criminals, organized crime organizations, rogue (or other) states, industrial espionage, angry employees, … • Why they do it? – fun, – fame, – profit, … • computer systems are where the moneys are – Political/military objectives Topic 1
  • 14. CS526 14 Why These Attacks Can Succeed? • Software/computer systems are buggy • Users make mistakes • Technological factors – Von Neumann architecture: stored programs – Unsafe program languages – Software are complex, dynamic, and increasingly so – Making things secure are hard – Security may make things harder to use Topic 1
  • 15. CS526 15 Why Do These Factors Exist? • Economical factors – Lack of incentives for secure software – Security is difficult, expensive and takes time • Human factors – Lack of security training for software engineers – Largely uneducated population Topic 1
  • 16. CS526 16 Security is Not Absolute • Is your car secure? • What does “secure” mean? • Are you secure when you drive your car? • Security is relative – to the kinds of loss one consider • security objectives/properties need to be stated – to the threats/adversaries under consideration. • security is always under certain assumptions Topic 1
  • 17. CS526 17 Security is Secondary • What protection/security mechanisms one has in the physical world? • Why the need for security mechanisms arises? • Security is secondary to the interactions that make security necessary. Robert H. Morris : The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it. Topic 1
  • 18. CS526 18 Information Security is Interesting • The most interesting/challenging threats to security are posed by human adversaries – Security is harder than reliability • Information security is a self-sustaining field – Can work both from attack perspective and from defense perspective • Security is about benefit/cost tradeoff – Thought often the tradeoff analysis is not explicit • Security is not all technological – Humans are often the weakest link Topic 1
  • 19. CS526 19 Information Security is Challenging • Defense is almost always harder than attack. • In which ways information security is more difficult than physical security? – adversaries can come from anywhere – computers enable large-scale automation – adversaries can be difficult to identify – adversaries can be difficult to punish – potential payoff can be much higher • In which ways information security is easier than physical security? Topic 1
  • 20. CS526 20 Tools for Information Security • Cryptography • Authentication and Access control • Hardware/software architecture for separation • Processes and tools for developing more secure software • Monitoring and analysis • Recovery and response Topic 1
  • 21. CS526 21 What is This Course About? • Learn to think about security when doing things • Learn to understand and apply security principles • Learn how computers can be attacked, how to prevent attacks and/or limit their consequences. – No silver bullet; man-made complex systems will have errors; errors may be exploited – Large number of ways to attack – Large collection of specific methods for specific purposes Topic 1
  • 22. CS526 22 Ethical Use of Security Information • We discuss vulnerabilities and attacks – Most vulnerabilities have been fixed – Some attacks may still cause harm – Do not try these outside the context of this course Topic 1
  • 23. CS526 23 Coming Attractions … • Cryptography: terminology and classic ciphers. • Readings – Cryptography on Wikipedia Topic 1