11. The Basics
• Information Systems 365/765 midterm
exam is this Thursday, October 23rd
• You may elect to take the exam on
Tuesday, October 28th, by sending me an
email prior to midnight on Wednesday,
October 22nd
>> 0 >> 1 >> 2 >> 3 >> 4 >>
12. The Format
• The format of the exam will be 50 multiple
choice questions
• Some are easy
• Some are hard
• You may hate me once you see the exam
• Multiple choices range A thru J in some
cases, with lots of “all of the above” and
“none of the above” choices appearing
>> 0 >> 1 >> 2 >> 3 >> 4 >>
13. • Have you
done the
readings?
• It might be a
good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
14. Keep the Five Pillars Of Information Security in
Mind Throughout the Course
• Protection
• Detection
• Reaction
• Documentation
• Prevention
>> 0 >> 1 >> 2 >> 3 >> 4 >>
15. Benefits of Technical Controls
• Strong and consistent, treat
everyone equally
• Can be audited with real
assurance of the truthfulness of
the data
>> 0 >> 1 >> 2 >> 3 >> 4 >>
16. Drawbacks of Technical Controls
• Costly
• Complex and time consuming
• When they break, they either fail
open or fail closed, neither of
which may be desirable
>> 0 >> 1 >> 2 >> 3 >> 4 >>
17. • Have you
done the
readings?
• It might be a
good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
18. Administrative Controls
• Using policies, procedures, safety signs,
training or supervision, or a combination of
these, to control risk.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
19. Benefits of Administrative Controls
• Usually inexpensive
• Easy to implement
• Very flexible
>> 0 >> 1 >> 2 >> 3 >> 4 >>
20. Drawbacks of Administrative
Controls
• Difficult to enforce
• Difficult to audit
• Impossible to verify
• Easy to evade by a dedicated
individual
>> 0 >> 1 >> 2 >> 3 >> 4 >>
21. Data Classification Levels
• Top Secret
• Highly Confidential
• Proprietary
• Internal Use Only
• Public Documents
• Terminology varies by organization
>> 0 >> 1 >> 2 >> 3 >> 4 >>
22. Authentication Defined of
“Electronic authentication provides a level
assurance as to whether someone or
something is who or what it claims to be in a
digital environment. Thus, electronic
authentication
plays a key role in the establishment of trust
relationships for electronic commerce,
electronic government and many other social
interactions. It is also an essential component
of any strategy to protect information systems
and networks, financial data, personal
information and other assets from
unauthorised access or identity theft.
Electronic authentication is therefore
essential for establishing accountability
online.”
>> 0 >> 1 >> 2 >> 3 >> 4 >>
23. Encryption
• Encryption is the coding or scrambling of
information so that it can only be decoded
and read by someone who has the correct
decoding key.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
24. • Have you
done the
readings?
• It might be a
good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
25. Single Factor vs. Multifactor vs Dual
Factor
• Single Factor – Using one method to
authenticate.
• Dual Factor – Using two different types of
authentication mechanism to authenticate
• Multifactor – Using multiple forms of the same
factor. (Password + identifying an image)
• Some people claim multi factor is just a way
around industry regulations. Good test is to ask,
could I memorize both of these?
>> 0 >> 1 >> 2 >> 3 >> 4 >>
26. If You Choose to Use Passwords..
• Be as long as possible (never shorter than 6 characters).
• Include mixed-case letters, if possible.
• Include digits and punctuation marks, if possible.
• Not be based on any personal information.
• Not be based on any dictionary word, in any language.
• Expire on a regular basis and may not be reused
• May not contain any portion of your name, birthday,
address or other publicly available information
>> 0 >> 1 >> 2 >> 3 >> 4 >>
27. One Time Password Devices
Demystified
• Have an assigned serial
number which relates to
user-id. For example,
ndavis = serial QB43
• Device generates a new
password every 30
seconds
• Server on other end
knows what to expect
from serial QB43 at any
point in time
>> 0 >> 1 >> 2 >> 3 >> 4 >>
28. One Time Password Devices
• Time based
• Event based
• Sold by RSA, Vasco,
Verisign, Aladdin,
Entrust and others
• How can event based
OTPs be defeated?
>> 0 >> 1 >> 2 >> 3 >> 4 >>
30. • Have you
done the
readings?
• It might be a
good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
31. One Time Passwords - Benefits
• Provides true Dual Factor authentication,
making it very difficult to share
• Constantly changing password means it
can’t be stolen, shoulder surfed or sniffed
• Coolness factor!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
32. One Time Passwords - Drawbacks
• Cost!
• Rank very low on the
washability index
• Uncomfortable
• Expiration
• Battery Life
• Can be forgotten at
home
• Video 1
>> 0 >> 1 >> 2 >> 3 >> 4 >>
33. Biometrics
• Use a unique part of
your body to
authenticate you,
such as your voice
pattern, your retina,
or your fingerprint
>> 0 >> 1 >> 2 >> 3 >> 4 >>
34. Biometrics Benefits
• Harder to steal than even a One Time
Password since it is part of the user, not
simply in their possession like and OTP
device
• Absolute uniqueness of authentication
factor
• Coolness factor
>> 0 >> 1 >> 2 >> 3 >> 4 >>
35. Biometrics Drawbacks
• Cost
• Complexity of
Administration
• Highly invasive
• Not always reliable –
false negatives
• Not foolproof
• The Gummi Bear
thief!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
36. Digital Certificates
• A digital passport, either
contained on a secure
device, or on a hard disk
• Secured with a password,
making them truly a dual
factor solution
• Can be used to
authenticate machines as
well as humans
>> 0 >> 1 >> 2 >> 3 >> 4 >>
37. Digital Certificate Benefits
• True Dual Factor Authentication
• Low variable cost to produce
• Can contain authorization data as well as
authentication data
>> 0 >> 1 >> 2 >> 3 >> 4 >>
38. Digital Certificate Drawbacks
• High fixed cost to build initial infrastructure
• Can be copied and shared if not properly
stored
• Expiration
• Often require access to an interface such
as a card reader of USB port, not always
available at kiosks
>> 0 >> 1 >> 2 >> 3 >> 4 >>
39. Knowledge Based Authentication
• Authenticates the user via
verification of life events,
usually financial in nature,
such as:
• Looks great at first!
• However, most of this is public
information and that which isn’t
public can be easily stolen
• The credit reports on which
this knowledge based
authentication is based are
often contain factual errors
• Cost!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
40. • Have you
done the
readings?
• It might be a
good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
41. Steganography
• Steganography is
the art and science of
writing hidden
messages in such a
way that no one apart
from the sender and
intended recipient
even realizes there is
a hidden message
>> 0 >> 1 >> 2 >> 3 >> 4 >>
42. Encryption
• To encode information in such a way as to make
it unreadable by anyone aside from its intended
recipient
• Symmetric Encryption, where a single secret key
is used for both encryption and decryption.
• Asymmetric Encryption, where a pair of keys is
used -- one for Encryption and the other for
Decryption.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
43. Symmetric Encryption
• Simple substitution
C=5
O=1
W=7
517 = COW
• Shifting
Add two letters to each character (letter + 2)
AMU = COW (A + 2 = C, M + 2 = 0, etc)
Hmm, everything appears to = COW
>> 0 >> 1 >> 2 >> 3 >> 4 >>
44. Advantages and Disadvantages of
Symmetric Encryption
• Easy to use
• Decryption key can be memorized
• Easy to determine patterns and guess
decryption key (frequency of letters in the
English language)
• Anyone with the key can decrypt the
message even if it was not intended for
them
>> 0 >> 1 >> 2 >> 3 >> 4 >>
45. Asymmetric Encryption
• Uses one key to encrypt and a different
key to decrypt
• Public key to encrypt
• Private key to decrypt
• Keys are related, but not the same
>> 0 >> 1 >> 2 >> 3 >> 4 >>
46. Advantages and Disadvantages of
Asymmetric Encryption
• Much stronger, more complex keys
than used in symmetric encryption
• Only the intended recipient can
REALLY read the message since
only they possess the private key
• Far more complex than symmetric
encryption, requires larger
infrastructure to manage
• If private key is lost, you are out of
luck
>> 0 >> 1 >> 2 >> 3 >> 4 >>
47. Digital Certificates Do a Couple of
Things
• Authentication
• Digital signing
• Encryption
>> 0 >> 1 >> 2 >> 3 >> 4 >>
48. • Have you
done the
readings?
• It might be a
good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
49. Public and Private Keys
The digital certificate has two parts, a
PUBLIC key and a PRIVATE key
The Public Key is distributed to
everyone
The Private Key is held very closely
And NEVER shared
Public Key is used for encryption and
verification of a digital signature
Private Key is used for Digital signing and
decryption
>> 0 >> 1 >> 2 >> 3 >> 4 >>
51. Getting Someone’s Public Key
The Public Key must be shared to be
Useful
It can be included as part of your
Email signature
It can be looked up in an LDAP
Directory
Can you think of the advantages and
disadvantages of each method?
>> 0 >> 1 >> 2 >> 3 >> 4 >>
52. What is PKI?
• PKI is an acronym for Public Key
Infrastructure
• It is the system which manages and
controls the lifecycle of digital certificates
• The PKI has many features
>> 0 >> 1 >> 2 >> 3 >> 4 >>
53. What Is In a PKI?
• Credentialing of individuals
• Generating certificates
• Distributing certificates
• Keeping copies of certificates
• Reissuing certificates
• Revoking Certificates
>> 0 >> 1 >> 2 >> 3 >> 4 >>
54. Keeping Copies – Key Escrow
• Benefit –
Available in case
of emergency
• Drawback – Can
be stolen
• Compromise is
the best!
• Use Audit Trails,
separation of
duties and good
accounting
controls for key
escrow
>> 0 >> 1 >> 2 >> 3 >> 4 >>
55. Certificate Renewal
• Just like your passport, digital certificates expire
• This is for the safety of the organization and
those who do business with it
• Short lifetime – more assurance of validity but a
pain to renew
• Long lifetime – less assurance of validity, but
easier to manage
• Use a Certificate Revocation List if you are
unsure of certificate validity
>> 0 >> 1 >> 2 >> 3 >> 4 >>
56. Trusted Root Authorities
• A certificate issuer
recognized by all
computers around the
globe
• Root certificates are
stored in the
computer’s central
certificate store
• Requires a stringent
audit and a lot of
money!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
57. It Is All About Trust
>> 0 >> 1 >> 2 >> 3 >> 4 >>
58. Digital Signing of Email
• Proves that the email came from you
• Invalidates plausible denial
• Proves through a checksum that the
contents of the email were not altered
while in transit
• Provides a mechanism to distribute your
public key
• Does NOT prove when you sent the email
>> 0 >> 1 >> 2 >> 3 >> 4 >>
59. Social Engineering Defined
• The use of psychological tricks in
order to get useful information
about a system
• Using psychological tricks to build
inappropriate trust relationships
with insiders
>> 0 >> 1 >> 2 >> 3 >> 4 >>
60. • Have you
done the
readings?
• It might be a
good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
61. Kevin Mitnick
• World’s most famous Social
Engineer
• “The weakest link in the security
chain is the human element”
• Half of his exploits involved using
social engineering
• See the master in action!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
62. Social Engineering
• Social Engineering goes back to
the first lie ever told and will
continue into the future.
• Social Engineering is successful
because people are generally
helpful, especially to those who
are:
• Nice
• Knowledgeable
• Insistent
>> 0 >> 1 >> 2 >> 3 >> 4 >>
63. Three Primary Methods of Social
Engineering
• Flattery
• Authority Impersonation
• Threatening Behavior
>> 0 >> 1 >> 2 >> 3 >> 4 >>
64. How to Keep Social
Engineering From Working
• Administrators need to:
• Establish Policies
• Train Employees
• Run Drills
• Office Workers:
• Need to be aware of Social
Engineering tactics
• Follow policies
>> 0 >> 1 >> 2 >> 3 >> 4 >>
65. Road Apples
• Road Apples are also known as
Baiting
• Uses physical media and relies on the
curiosity or greed of the victim
• USB drives or CDs found in the
parking lot, with label: 3M Executive
Salaries
• Autorun on inserted media
>> 0 >> 1 >> 2 >> 3 >> 4 >>
66. Digital Forensics
• Defined: Pertains to legal
evidence found in computers
and digital storage mediums.
• Goal: To explain the current
state of a “digital artifact.”
• A digital artifact is a computer
system, storage media (such
as a hard disk or CD-ROM), an
electronic document (e.g. an
email message or JPEG
image) or even a sequence of
packets moving over a
computer network.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
67. Digital Forensics
• Can be as simple as retrieving a
single piece of data
• Can be as complex as piecing
together a trail of many digital
artifacts
>> 0 >> 1 >> 2 >> 3 >> 4 >>
68. Why Use Digital Forensics?
• In legal cases,
computer forensic
techniques are
frequently used to
analyze computer
systems belonging to
defendants (in criminal
cases) or litigants (in
civil cases).
>> 0 >> 1 >> 2 >> 3 >> 4 >>
69. Why Use Digital Forensics?
• To recover data in the event of a hardware or
software failure.
• To analyze a computer system after a break-in, for
example, to determine how the attacker gained
access and what the attacker did.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
70. Why Use Digital
Forensics?
• To gather evidence
against an employee
that an organization
wishes to terminate.
• To gain information
about how computer
systems work for the
purpose of debugging,
performance
optimization, or
reverse-engineering.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
71. • “Chain of Custody” is a
fancy way of saying
“The ability to
Chain of Custody
demonstrate who has
had access to the
digital information
being used as
evidence”
• Special measures
should be taken when
conducting a forensic
investigation if it is
desired for the results
to be used in a court of
law.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
72. Chain of Custody
One of the most important measures is to
assure that the evidence has been
accurately collected and that there is a
clear chain of custody from the scene of
the crime to the investigator---and
ultimately to the court.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
73. 5 Steps in Performing Digital
• Preparation (of Forensics
the investigator,
not the data)
• Collection (the
data)
• Examination
• Analysis
• Reporting
>> 0 >> 1 >> 2 >> 3 >> 4 >>
74. A Great Tool Which YOU
Can Impress People With
• Knoppix
• An OS which runs directly from a
CD
• Will not alter data on hard disk
• Great for grabbing copies of files
from a hard disk!
• Can be loaded from a USB flash
drive
>> 0 >> 1 >> 2 >> 3 >> 4 >>
75. Knoppix
• Can also scan RAM and Registry
information to show recently
accessed web-based email sites
and the login/password
combination used. Additionally
these tools can also yield
login/password for recently access
local email applications including
MS Outlook.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
77. • Have you
done the
readings?
• It might be a
good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
78. What does an IDS Detect?
• Attacks against a specific service,
such as File Transfer Protocol
(FTP)
• Data driven attacks at the
application layer. For example,
SQL injection error could be used
to crash an application.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
79. What Does and IDS Detect?
• Host Based Attacks
(privilege escalation)
• Malware, Viruses,
Trojan Horses,
Worms
>> 0 >> 1 >> 2 >> 3 >> 4 >>
80. IDS Components
• Sensors - Generate security
events such as log files
• Console – Monitors events, alerts
and controls sensors
• Engine – Analyzes the data using
artificial intelligence to generate
alerts from the events received
• 3 in 1 (sometimes all three are in
one appliance)
>> 0 >> 1 >> 2 >> 3 >> 4 >>
82. Types of Intrusion Detection Systems
• Network Based Intrusion Detection
System (NDS)
• Protocol Based Intrusion Detection
System (PIDS)
• Application Protocol Based
Intrusion Detection System
(APIDS)
• Host Based Intrusion Detection
System (HIDS)
• Hybrid System
>> 0 >> 1 >> 2 >> 3 >> 4 >>
83. How Is A Firewall Different from and IDS?
• Firewalls look outwardly
and protect from external
attacks
• An IDS evaluates a
suspected intrusion once
it has taken place and
signals an alarm.
• An IDS also watches for
attacks that originate
from within a system.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
84. What is a Denial of Service Attack Anyway?
>> 0 >> 1 >> 2 >> 3 >> 4 >>
86. Regulations
• Knowing regulations is impressive to
employers, I’m not sure why…
• GLB, SOX and HIPAA all require similar
things
• Authentication
• Auditing
• Protection
• Data Integrity Proof
• 80% 20% rule!!!
>> 0 >> 1 >> 2 >> 3 >> 4 >>
87. Full Disclosure
• Disclose all the details of a security problem
which are known. It is a philosophy of security
management completely opposed to the idea of
security through obscurity
>> 0 >> 1 >> 2 >> 3 >> 4 >>
88. Full Disclosure
• The theory behind full disclosure is that
releasing vulnerability information
immediately results in quicker fixes and
better security.
• Fixes are produced faster because
vendors and authors are forced to
respond in order to save face.
• Security is improved because the
window of exposure, the amount of time
the vulnerability is open to attack, is
reduced.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
89. Responsible Disclosure
• Some believe that in the absence
of any public exploits for the
problem, full and public disclosure
should be preceded by disclosure
of the vulnerability to the vendors
or authors of the system. This
private advance disclosure allows
the vendor time to produce a fix or
workaround.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
90. • Have you
done the
readings?
• It might be a
good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
91. Limited Disclosure
• With full details going to a
restricted community of developers
and vendors, and only the
existence of the problem being
released to the public, is another
possible approach
• Nick doesn’t like Limited
Disclosure
>> 0 >> 1 >> 2 >> 3 >> 4 >>
92. Buffer Overflow
• A condition where a
process attempts to
store data beyond
the boundaries of a
fixed-length buffer.
• The result is that the
extra data overwrites
adjacent memory
locations.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
93. Buffer Overflow
• The overwritten data may include other
buffers, variables and program flow
data, and may result in erratic program
behavior, a memory access exception,
program termination (a crash), incorrect
results or ― especially if deliberately
caused by a malicious user ― a
possible breach of system security.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
94. Basic example
• In the following example, a program has
defined two data items which are
adjacent in memory: an 8-byte-long
string buffer, A, and a two-byte integer,
B. Initially, A contains nothing but zero
bytes, and B contains the number 3.
Characters are one byte wide.
A B
0 0 0 0 0 0 0 0 0 3
>> 0 >> 1 >> 2 >> 3 >> 4 >>
95. Buffer Overflow Example
• Now, the program attempts to store
the character string "excessive" in
the A buffer, followed by a zero
byte to mark the end of the string.
By not checking the length of the
string, it overwrites the value of B:
A B
'e' 'x' 'c' 'e' 's' 's' 'i' 'v' 'e' 0
>> 0 >> 1 >> 2 >> 3 >> 4 >>
96. SQL Injection
• User input is either incorrectly filtered
for string literal escape characters
embedded in SQL statements or user
input is not strongly typed and thereby
unexpectedly executed. It is in fact an
instance of a more general class of
vulnerabilities that can occur whenever
one programming or scripting language
is embedded inside another.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
98. Email Injection
• A security vulnerability that can
occur in Internet applications that
are used to send e-mail
messages. Like SQL injection
attacks, this vulnerability is one of
a general class of vulnerabilities
that occur when one programming
language is embedded within
another.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
100. • Have you
done the
readings?
• It might be a
good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>
101. Directory Traversal
• The goal of this attack is to order an
application to access a computer file that is
not intended to be accessible. This attack
exploits a lack of security (the software is
acting exactly as it is supposed to) as
opposed to exploiting a bug in the code.
• Directory traversal is also known as the ../
(dot dot slash) attack, directory climbing, and
backtracking.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
102. Cross-Site Scripting
• (XSS) is a type of computer security
vulnerability typically found in web applications
which allow code injection by malicious web
users into the web pages viewed by other
users. Examples of such code include HTML
code and client-side scripts. An exploited
cross-site scripting vulnerability can be used
by attackers to bypass access controls such
as the same origin policy.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
103. Time-of-check-to-time-of-use
• TOCTTOU − pronounced "TOCK too") is a
software bug caused by changes in a system
between the checking of a condition (such as a
security credential) and the use of the results of
that check. It is a kind of race condition.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
104. Confused Deputy
• A confused deputy is a computer
program that is innocently fooled by
some other party into misusing its
authority. It is a specific type of privilege
escalation. In information security, the
confused deputy problem is often cited
as an example of why capability-based
security is important.
• Billing example
>> 0 >> 1 >> 2 >> 3 >> 4 >>
105. Blaming The Victim
• Prompting a user to
make a security
decision without
giving the user
enough information to
answer it.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
106. Physical Security
• Physical security
describes measures
that prevent or deter
attackers from
accessing a facility,
resource, or
information stored on
physical media. It can
be as simple as a
locked door or as
elaborate as multiple
layers of armed
guardposts.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
107. 3 Elements to Physical Security
• Obstacles, to frustrate trivial attackers
and delay serious ones;
• Alarms, security lighting, security guard
patrols or closed-circuit television
cameras, to make it likely that attacks
will be noticed; and
• Security response, to repel, catch or
frustrate attackers when an attack is
detected.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
108. 4 Layers to Physical Security
• Environmental design
• Mechanical and electronic access control
• Intrusion detection
• Video monitoring
>> 0 >> 1 >> 2 >> 3 >> 4 >>
109. What Are Physical Security Goals?
• The goal is to convince potential
attackers that the likely costs of
attack exceed the value of making
the attack.
• If you are unable to convince
them, then the second goal comes
into play—to keep them from
entering
>> 0 >> 1 >> 2 >> 3 >> 4 >>
110. Layer One - Physical
• The initial layer of security for a campus,
building, office, or physical space uses
Crime Prevention Through
Environmental Design to deter threats.
Some of the most common examples
are also the most basic - barbed wire,
warning signs and fencing, concrete
bollards, metal barriers, vehicle height-
restrictors, site lighting and trenches.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
111. Layer Two - Mechanical
• Includes gates, doors, and locks.
• Key control of the locks becomes a problem
with large user populations and any user
turnover.
• Keys quickly become unmanageable forcing
the adoption of electronic access control.
• Electronic access control easily manages large
user populations, controlling for user lifecycles
times, dates, and individual access points.
• For example a user's access rights could allow
access from 0700 to 1900 Monday through
Friday and expires in 90 days.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
112. Layer Three – Intrusion Detection
• Monitors for attacks. It is
less a preventative measure
and more of a response
measure, although some
would argue that it is a
deterrent. Intrusion detection
has a high incidence of false
alarms. In many
jurisdictions, law
enforcement will not
respond to alarms from
intrusion detection systems.
>> 0 >> 1 >> 2 >> 3 >> 4 >>
113. Layer Four - Monitoring
• Typically video monitoring systems. Like
intrusion detection, these are not much of a
deterrent.
• Video monitoring systems are more useful
for incident verification and historical
analysis.
• For instance, if alarms are being generated
and there is a camera in place, the camera
could be viewed to verify the alarms.
• In instances when an attack has already
occurred and a camera is in place at the
point of attack, the recorded video can be
reviewed.
• Monitoring is ALWAYS active
>> 0 >> 1 >> 2 >> 3 >> 4 >>
114. • Have you
done the
readings?
• It might be a
good idea…
>> 0 >> 1 >> 2 >> 3 >> 4 >>