SlideShare a Scribd company logo

Intro (1).ppt

Download as PPT, PDF
Sameer Ali
Sameer Ali

inter

Education
1 of 27
Slide #1-1 Introductory Computer Security CS461/ECE422 Fall 2010 Susan Hinrichs
Slide #1-2 Outline • Administrative Issues • Class Overview • Information Assurance Overview – Components of computer security – Threats, Vulnerabilities, Attacks, and Controls – Policy – Assurance
Slide #1-3 Administrivia • Staff – Susan Hinrichs, lecturer – Sonia Jahid, TA – Jurand Nogiec, TA • Communications – Class web page http://www.cs.illinois.edu/class/fa09/cs461 – Newsgroup cs461 • Office Hours – Susan: 12:30-1:30pm Wednesday and after class – Sonia and Jurand: TBA
Slide #1-4 More Administrivia • Grades – 2 midterms worth 25% each. • Tentatively: October 6 and November 17. – Final worth 35%. • 8am, December 16. – Roughly weekly homework worth 15%. Can drop low homework. 8 homeworks last year. – Extra project worth 20% for grad students taking for 4 credits – Submit homework via compass • Class Sections – Online students: geographically distributed – ECE and CS 3 and 4 credit sections
Slide #1-5 A Few Words on Class Integrity • Review department and university cheating and honor codes: – https://agora.cs.illinois.edu/display/under gradProg/Honor+Code – http://admin.illinois.edu/policy/code/artic le1_part4_1-402.html • This has been an issue in the past • Expectations for exams, homeworks, projects, and papers
Slide #1-6 Class Readings • Text Computer Security: Art and Science by Matt Bishop • Additional readings provided via compass or public links • Books on reserve at the library
Slide #1-7 Class Format • Meet three times a week • Mostly lecture format – Will attempt to have a class exercise about once a week. Will be noted on class web site. – Will attempt to make this relevant for online students too. • Lectures video taped for online students – All have access to tapes. Link on class web site. • A few lectures will be video only. Noted on schedule – Will still play video in class • Posted slides not sufficient to master material alone
Slide #1-8 Class communication • Limited physical access – Lecturer part time on campus • Use technology to help – Newsgroup for timely, persistent information – Email and phone
Slide #1-9 Security Classes at UIUC • Three introductory courses – Information Assurance (CS461/ECE422) • Covers NSA 4011 security professional requirements • Taught every semester – Computer Security (CS463/ECE424) • Continues in greater depth on more advanced security topics • Taught every semester or so – Applied Computer Security Lab • Taught last spring as CS498sh Will be CS460 • With CS461 covers NSA 4013 system administrator requirements • Two of the three courses will satisfy the Security Specialization in the CS track for Computer Science majors.
Slide #1-10 More Security Classes at UIUC • Theoretical Foundations of Cryptography – Prof Manoj Prabhakaran and Prof. Borisov • Security Reading Group CS591RHC • Advanced Computer Security CS563 • Math 595/ECE 559 – Cryptography • Local talks http://www.iti.illinois.edu/content/seminars- and-events • ITI Security Roadmap – http://www.iti.illinois.edu/content/security
Slide #1-11 Security in the News • DNS flaws – Dan Kamisky found flaw in widely used DNS protocol requiring upgrade of network infrastructure – http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html • InfoWar – Estonia http://blog.wired.com/27bstroke6/2007/08/cyber-war-and-e.html • Extortion - – Threaten DDoS attack unless company pays up – DDoS protection from carriers can cost $12K per month • Privacy/Identity theft – Albert Gonzalez and 130 million credit card numbers. – Facebook – ChoicePoint, Bank of America, disgruntled waiter • Worms – Conflicker, twitter worms – Slammer worm crashed nuclear power plant network
Slide #1-12 Class Topics • Mix of motivation, design, planning, and mechanisms • See lecture page – http://www.cs.illinois.edu/class/fa10/cs461/ lectures.html • A few open lecture spots if there are topics of particular interest • May have some industry guest lectures
Slide #1-13 Security Components • Confidentiality – Keeping data and resources hidden • Integrity – Data integrity (integrity) – Origin integrity (authentication) • Availability – Enabling access to data and resources
Slide #1-14 CIA Examples
Slide #1-15 Threat Terms • Threat – Set of circumstances that has the potential to cause loss or harm. Or a potential violation of security. • Vulnerability – Weakness in the system that could be exploited to cause loss or harm • Attack – When an entity exploits a vulnerability on system • Control – A means to prevent a vulnerability from being exploited
Slide #1-16 Example
Slide #1-17 Classes of Threats • Disclosure – Unauthorized access to information • Deception – Acceptance of false data • Disruption – Interruption or prevention of correct operation • Usurpation – Unauthorized control of some part of a system
Slide #1-18 Some common threats • Snooping – Unauthorized interception of information • Modification or alteration – Unauthorized change of information • Masquerading or spoofing – An impersonation of one entity by another • Repudiation of origin – A false denial that an entity sent or created something. • Denial of receipt – A false denial that an entity received some information.
Slide #1-19 More Common Threats • Delay – A temporary inhibition of service • Denial of Service – A long-term inhibition of service
Slide #1-20 More definitions • Policy – A statement of what is and what is not allowed – Divides the world into secure and non-secure states – A secure system starts in a secure state. All transitions keep it in a secure state. • Mechanism – A method, tool, or procedure for enforcing a security policy
Slide #1-21 Is this situation secure? • Web server accepts all connections – No authentication required – Self-registration – Connected to the Internet
Slide #1-22 Trust and Assumptions • Locks prevent unwanted physical access. – What are the assumptions this statement builds on?
Slide #1-23 Policy Assumptions • Policy correctly divides world into secure and insecure states. • Mechanisms prevent transition from secure to insecure states.
Slide #1-24 Another Policy Example • Bank officers may move money between accounts. – Any flawed assumptions here?
Slide #1-25 Assurance • Evidence of how much to trust a system • Evidence can include – System specifications – Design – Implementation • Mappings between the levels
Slide #1-26 Aspirin Assurance Example • Why do you trust Aspirin from a major manufacturer? – FDA certifies the aspirin recipe – Factory follows manufacturing standards – Safety seals on bottles • Analogy to software assurance
Slide #1-27 Key Points • Must look at the big picture when securing a system • Main components of security – Confidentiality – Integrity – Availability • Differentiating Threats, Vulnerabilities, Attacks and Controls • Policy vs mechanism • Assurance

Recommended

15_526_topic01.ppt
15_526_topic01.ppt15_526_topic01.ppt
15_526_topic01.pptFaiz Fanani
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systemsCity Unrulyversity
 
Information security power point slides.ppt
Information security power point slides.pptInformation security power point slides.ppt
Information security power point slides.pptMuhammadAbdullah311866
 
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...Robert Straus
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 

Recommended

15_526_topic01.ppt
15_526_topic01.ppt15_526_topic01.ppt
15_526_topic01.pptFaiz Fanani
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systemsCity Unrulyversity
 
Information security power point slides.ppt
Information security power point slides.pptInformation security power point slides.ppt
Information security power point slides.pptMuhammadAbdullah311866
 
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...Robert Straus
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 
Network Security- Lecture-01-03-1.pdf
Network Security- Lecture-01-03-1.pdfNetwork Security- Lecture-01-03-1.pdf
Network Security- Lecture-01-03-1.pdfMuhammadShahid677091
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecturebabak danyal
 
Chap01
Chap01Chap01
Chap01KASSAWMAR AYALEW
 
Security, Devices and Education
Security, Devices and EducationSecurity, Devices and Education
Security, Devices and EducationUniversidad Nacional de Educación a Distancia
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityElumalai Vasan
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...Investorideas.com
 
Educause2011PresentationFinal
Educause2011PresentationFinalEducause2011PresentationFinal
Educause2011PresentationFinaltbanks
 
Caveon Webinar Series: The Good and Bad of Online Proctoring
Caveon Webinar Series: The Good and Bad of Online ProctoringCaveon Webinar Series: The Good and Bad of Online Proctoring
Caveon Webinar Series: The Good and Bad of Online ProctoringCaveon Test Security
 
introduction.pptx
introduction.pptxintroduction.pptx
introduction.pptxKelvinDube4
 
Responsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptxResponsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptxMuhammadAbdullah311866
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Securityprimeteacher32
 
Information and network security 3 security challenges
Information and network security 3 security challengesInformation and network security 3 security challenges
Information and network security 3 security challengesVaibhav Khanna
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptxdiaa46
 
BAIT1103 Course Overview
BAIT1103 Course OverviewBAIT1103 Course Overview
BAIT1103 Course Overviewlimsh
 
Security.ppt
Security.pptSecurity.ppt
Security.pptssuser50c54b
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)Rohana K Amarakoon
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfVishwanathMahalle
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
Lecture 1 - Introduction to Course & Course outline.pptx
Lecture 1 - Introduction to Course & Course outline.pptxLecture 1 - Introduction to Course & Course outline.pptx
Lecture 1 - Introduction to Course & Course outline.pptxSameer Ali
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.pptSameer Ali
 

More Related Content

Similar to Intro (1).ppt

Network Security- Lecture-01-03-1.pdf
Network Security- Lecture-01-03-1.pdfNetwork Security- Lecture-01-03-1.pdf
Network Security- Lecture-01-03-1.pdfMuhammadShahid677091
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecturebabak danyal
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityElumalai Vasan
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...Investorideas.com
 
Educause2011PresentationFinal
Educause2011PresentationFinalEducause2011PresentationFinal
Educause2011PresentationFinaltbanks
 
Caveon Webinar Series: The Good and Bad of Online Proctoring
Caveon Webinar Series: The Good and Bad of Online ProctoringCaveon Webinar Series: The Good and Bad of Online Proctoring
Caveon Webinar Series: The Good and Bad of Online ProctoringCaveon Test Security
 
introduction.pptx
introduction.pptxintroduction.pptx
introduction.pptxKelvinDube4
 
Responsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptxResponsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptxMuhammadAbdullah311866
 
Information and network security 3 security challenges
Information and network security 3 security challengesInformation and network security 3 security challenges
Information and network security 3 security challengesVaibhav Khanna
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptxdiaa46
 
BAIT1103 Course Overview
BAIT1103 Course OverviewBAIT1103 Course Overview
BAIT1103 Course Overviewlimsh
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)Rohana K Amarakoon
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfVishwanathMahalle
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 

Similar to Intro (1).ppt (20)

Network Security- Lecture-01-03-1.pdf
Network Security- Lecture-01-03-1.pdfNetwork Security- Lecture-01-03-1.pdf
Network Security- Lecture-01-03-1.pdf
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
 
Chap01
Chap01Chap01
Chap01
 
Security, Devices and Education
Security, Devices and EducationSecurity, Devices and Education
Security, Devices and Education
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
 
Educause2011PresentationFinal
Educause2011PresentationFinalEducause2011PresentationFinal
Educause2011PresentationFinal
 
Caveon Webinar Series: The Good and Bad of Online Proctoring
Caveon Webinar Series: The Good and Bad of Online ProctoringCaveon Webinar Series: The Good and Bad of Online Proctoring
Caveon Webinar Series: The Good and Bad of Online Proctoring
 
introduction.pptx
introduction.pptxintroduction.pptx
introduction.pptx
 
Responsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptxResponsibilities of the CSIRT--abss.pptx
Responsibilities of the CSIRT--abss.pptx
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
 
Information and network security 3 security challenges
Information and network security 3 security challengesInformation and network security 3 security challenges
Information and network security 3 security challenges
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptx
 
BAIT1103 Course Overview
BAIT1103 Course OverviewBAIT1103 Course Overview
BAIT1103 Course Overview
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 

More from Sameer Ali

Lecture 1 - Introduction to Course & Course outline.pptx
Lecture 1 - Introduction to Course & Course outline.pptxLecture 1 - Introduction to Course & Course outline.pptx
Lecture 1 - Introduction to Course & Course outline.pptxSameer Ali
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.pptSameer Ali
 
secure_mobile.ppt
secure_mobile.pptsecure_mobile.ppt
secure_mobile.pptSameer Ali
 
F14_Class1.pptx
F14_Class1.pptxF14_Class1.pptx
F14_Class1.pptxSameer Ali
 
bruce-sdn.pptx
bruce-sdn.pptxbruce-sdn.pptx
bruce-sdn.pptxSameer Ali
 
SINDH SALES TAX ON SERVICES ACT 2011.pdf
SINDH SALES TAX ON SERVICES ACT 2011.pdfSINDH SALES TAX ON SERVICES ACT 2011.pdf
SINDH SALES TAX ON SERVICES ACT 2011.pdfSameer Ali
 

More from Sameer Ali (8)

Lecture 1 - Introduction to Course & Course outline.pptx
Lecture 1 - Introduction to Course & Course outline.pptxLecture 1 - Introduction to Course & Course outline.pptx
Lecture 1 - Introduction to Course & Course outline.pptx
 
cloud-complete.ppt
cloud-complete.pptcloud-complete.ppt
cloud-complete.ppt
 
secure_mobile.ppt
secure_mobile.pptsecure_mobile.ppt
secure_mobile.ppt
 
CDP_2(1).pptx
CDP_2(1).pptxCDP_2(1).pptx
CDP_2(1).pptx
 
hel1 (1).ppt
hel1 (1).ppthel1 (1).ppt
hel1 (1).ppt
 
F14_Class1.pptx
F14_Class1.pptxF14_Class1.pptx
F14_Class1.pptx
 
bruce-sdn.pptx
bruce-sdn.pptxbruce-sdn.pptx
bruce-sdn.pptx
 
SINDH SALES TAX ON SERVICES ACT 2011.pdf
SINDH SALES TAX ON SERVICES ACT 2011.pdfSINDH SALES TAX ON SERVICES ACT 2011.pdf
SINDH SALES TAX ON SERVICES ACT 2011.pdf
 

Recently uploaded

Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 

Recently uploaded (20)

Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 

Intro (1).ppt

  • 1. Slide #1-1 Introductory Computer Security CS461/ECE422 Fall 2010 Susan Hinrichs
  • 2. Slide #1-2 Outline • Administrative Issues • Class Overview • Information Assurance Overview – Components of computer security – Threats, Vulnerabilities, Attacks, and Controls – Policy – Assurance
  • 3. Slide #1-3 Administrivia • Staff – Susan Hinrichs, lecturer – Sonia Jahid, TA – Jurand Nogiec, TA • Communications – Class web page http://www.cs.illinois.edu/class/fa09/cs461 – Newsgroup cs461 • Office Hours – Susan: 12:30-1:30pm Wednesday and after class – Sonia and Jurand: TBA
  • 4. Slide #1-4 More Administrivia • Grades – 2 midterms worth 25% each. • Tentatively: October 6 and November 17. – Final worth 35%. • 8am, December 16. – Roughly weekly homework worth 15%. Can drop low homework. 8 homeworks last year. – Extra project worth 20% for grad students taking for 4 credits – Submit homework via compass • Class Sections – Online students: geographically distributed – ECE and CS 3 and 4 credit sections
  • 5. Slide #1-5 A Few Words on Class Integrity • Review department and university cheating and honor codes: – https://agora.cs.illinois.edu/display/under gradProg/Honor+Code – http://admin.illinois.edu/policy/code/artic le1_part4_1-402.html • This has been an issue in the past • Expectations for exams, homeworks, projects, and papers
  • 6. Slide #1-6 Class Readings • Text Computer Security: Art and Science by Matt Bishop • Additional readings provided via compass or public links • Books on reserve at the library
  • 7. Slide #1-7 Class Format • Meet three times a week • Mostly lecture format – Will attempt to have a class exercise about once a week. Will be noted on class web site. – Will attempt to make this relevant for online students too. • Lectures video taped for online students – All have access to tapes. Link on class web site. • A few lectures will be video only. Noted on schedule – Will still play video in class • Posted slides not sufficient to master material alone
  • 8. Slide #1-8 Class communication • Limited physical access – Lecturer part time on campus • Use technology to help – Newsgroup for timely, persistent information – Email and phone
  • 9. Slide #1-9 Security Classes at UIUC • Three introductory courses – Information Assurance (CS461/ECE422) • Covers NSA 4011 security professional requirements • Taught every semester – Computer Security (CS463/ECE424) • Continues in greater depth on more advanced security topics • Taught every semester or so – Applied Computer Security Lab • Taught last spring as CS498sh Will be CS460 • With CS461 covers NSA 4013 system administrator requirements • Two of the three courses will satisfy the Security Specialization in the CS track for Computer Science majors.
  • 10. Slide #1-10 More Security Classes at UIUC • Theoretical Foundations of Cryptography – Prof Manoj Prabhakaran and Prof. Borisov • Security Reading Group CS591RHC • Advanced Computer Security CS563 • Math 595/ECE 559 – Cryptography • Local talks http://www.iti.illinois.edu/content/seminars- and-events • ITI Security Roadmap – http://www.iti.illinois.edu/content/security
  • 11. Slide #1-11 Security in the News • DNS flaws – Dan Kamisky found flaw in widely used DNS protocol requiring upgrade of network infrastructure – http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html • InfoWar – Estonia http://blog.wired.com/27bstroke6/2007/08/cyber-war-and-e.html • Extortion - – Threaten DDoS attack unless company pays up – DDoS protection from carriers can cost $12K per month • Privacy/Identity theft – Albert Gonzalez and 130 million credit card numbers. – Facebook – ChoicePoint, Bank of America, disgruntled waiter • Worms – Conflicker, twitter worms – Slammer worm crashed nuclear power plant network
  • 12. Slide #1-12 Class Topics • Mix of motivation, design, planning, and mechanisms • See lecture page – http://www.cs.illinois.edu/class/fa10/cs461/ lectures.html • A few open lecture spots if there are topics of particular interest • May have some industry guest lectures
  • 13. Slide #1-13 Security Components • Confidentiality – Keeping data and resources hidden • Integrity – Data integrity (integrity) – Origin integrity (authentication) • Availability – Enabling access to data and resources
  • 15. Slide #1-15 Threat Terms • Threat – Set of circumstances that has the potential to cause loss or harm. Or a potential violation of security. • Vulnerability – Weakness in the system that could be exploited to cause loss or harm • Attack – When an entity exploits a vulnerability on system • Control – A means to prevent a vulnerability from being exploited
  • 17. Slide #1-17 Classes of Threats • Disclosure – Unauthorized access to information • Deception – Acceptance of false data • Disruption – Interruption or prevention of correct operation • Usurpation – Unauthorized control of some part of a system
  • 18. Slide #1-18 Some common threats • Snooping – Unauthorized interception of information • Modification or alteration – Unauthorized change of information • Masquerading or spoofing – An impersonation of one entity by another • Repudiation of origin – A false denial that an entity sent or created something. • Denial of receipt – A false denial that an entity received some information.
  • 19. Slide #1-19 More Common Threats • Delay – A temporary inhibition of service • Denial of Service – A long-term inhibition of service
  • 20. Slide #1-20 More definitions • Policy – A statement of what is and what is not allowed – Divides the world into secure and non-secure states – A secure system starts in a secure state. All transitions keep it in a secure state. • Mechanism – A method, tool, or procedure for enforcing a security policy
  • 21. Slide #1-21 Is this situation secure? • Web server accepts all connections – No authentication required – Self-registration – Connected to the Internet
  • 22. Slide #1-22 Trust and Assumptions • Locks prevent unwanted physical access. – What are the assumptions this statement builds on?
  • 23. Slide #1-23 Policy Assumptions • Policy correctly divides world into secure and insecure states. • Mechanisms prevent transition from secure to insecure states.
  • 24. Slide #1-24 Another Policy Example • Bank officers may move money between accounts. – Any flawed assumptions here?
  • 25. Slide #1-25 Assurance • Evidence of how much to trust a system • Evidence can include – System specifications – Design – Implementation • Mappings between the levels
  • 26. Slide #1-26 Aspirin Assurance Example • Why do you trust Aspirin from a major manufacturer? – FDA certifies the aspirin recipe – Factory follows manufacturing standards – Safety seals on bottles • Analogy to software assurance
  • 27. Slide #1-27 Key Points • Must look at the big picture when securing a system • Main components of security – Confidentiality – Integrity – Availability • Differentiating Threats, Vulnerabilities, Attacks and Controls • Policy vs mechanism • Assurance