SlideShare a Scribd company logo

Design and Analyze Secure Networked Systems - 1

Download as PPTX, PDF
D
Don Kim

Design and Analyze Secure Networked Systems Prof. Edward Chow @ Colorado Univ. Note by waegaein@github.com

Software
1 of 8
Design and Analyze Secure Networked Systems Prof. Edward Chow @ Colorado Univ. Note by waegaein@github.com
Glossary • Vulnerability • A weakness in the security system that might be exploited to cause loss or harm. • e.g. HW / SW / Policy / Procedure • Attack Surface • Sum of the vulnerabilities in a given system that are accessible to a hacker. • Threat • A set pf circumstances that has the potential to cause loss or harm. • e.g. Interception / Interruption / Modification / Fabrication • Control • Removes or reduces a vulnerability. Control of vulnerabilities blocks threat.
System ControlVulnerability ∑ = Attack Surface Threat Threat
Glossary • Method • The skill, knowledge, tools and other things with which to be able to pull off the attack. • Opportunity • The time and access to accomplish attack. • Motive • A reason to want to perform this attack against this system.
Attack How? Method Opportunity When? Why? Motive
Security Analysis • Denying any of M.O.M. prevents attacks. • Why difficult? • Knowledge/Specification/Source available of Internet. • Access to computer systems available through Internet. • Motives are financial, to show prowess, or random. • Case: First Bank ATM Heist in Taiwan • Method: Hackers remotely accessed server and dispatched false patch to ATMs. • Opportunity: Hackers were able to enter IT equipment room in London branch. • Motive: $2.2M financial gain.
Glossary • Confidentiality • The concealment of information or resources. • Attack: Intercept the message in transit or hack into data storage. • Defense: Encrypt data both in storage and in transit. • Integrity • The trustworthiness of data and resources. • Attack: Intercept and alter the message in transit or hack into server and modify data. • Defense: Create digest and digitally sign it. • Availability • The ability to use the information or resources as desired. • Attack: Send large volume of dubious requests to servers. • Defense: Duplicate servers on different locations or trace back and push back attackers.
Confidentiality Is it secret? Integrity Is it original? Availability Is it on sale?

Recommended

Information security introduction
Information security introductionInformation security introduction
Information security introduction
G Prachi
 
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
Kevin Fisher
 
Security and Penetration Testing Overview
Security and Penetration Testing OverviewSecurity and Penetration Testing Overview
Security and Penetration Testing Overview
QA InfoTech
 
1 db security
1 db security1 db security
1 db securityMr Patrick NIYISHAKA
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
Security
Security Security
Security chian417
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
vishnukp34
 

Recommended

Information security introduction
Information security introductionInformation security introduction
Information security introduction
G Prachi
 
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
DRC - Cybersecurity Concepts 2015 - 5 Basics you must know!
Kevin Fisher
 
Security and Penetration Testing Overview
Security and Penetration Testing OverviewSecurity and Penetration Testing Overview
Security and Penetration Testing Overview
QA InfoTech
 
1 db security
1 db security1 db security
1 db securityMr Patrick NIYISHAKA
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
Security
Security Security
Security chian417
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
vishnukp34
 
Introduction to computer security syllabus
Introduction to computer security syllabusIntroduction to computer security syllabus
Introduction to computer security syllabusAyebazibwe Kenneth
 
BAIT1103 Course Overview
BAIT1103 Course OverviewBAIT1103 Course Overview
BAIT1103 Course Overviewlimsh
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3
Kabul Education University
 
Information and network security 6 security attacks
Information and network security 6 security attacksInformation and network security 6 security attacks
Information and network security 6 security attacks
Vaibhav Khanna
 
Concept of physical protection and its principals
Concept of physical protection and its principalsConcept of physical protection and its principals
Concept of physical protection and its principals
Rasheed Abbasi
 
Information and network security 7 security services
Information and network security 7 security servicesInformation and network security 7 security services
Information and network security 7 security services
Vaibhav Khanna
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
Agung Suwandaru
 
Computer Security
Computer SecurityComputer Security
Computer Security
AkNirojan
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
Manesh T
 
Software Security
Software SecuritySoftware Security
Software Security
AkNirojan
 
Information and network security 4 osi architecture
Information and network security 4 osi architectureInformation and network security 4 osi architecture
Information and network security 4 osi architecture
Vaibhav Khanna
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
Vibrant Event
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Securitydrkelleher
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Nasir Arafat
 
Networks
NetworksNetworks
Networks
janani thirupathi
 
Information and network security 1 introduction
Information and network security 1 introductionInformation and network security 1 introduction
Information and network security 1 introduction
Vaibhav Khanna
 
EthicalHacking_AakashTakale
EthicalHacking_AakashTakaleEthicalHacking_AakashTakale
EthicalHacking_AakashTakaleAakash Takale
 
Ethical hacking11601031 (1)
Ethical hacking11601031 (1)Ethical hacking11601031 (1)
Ethical hacking11601031 (1)Mohammad Affan
 
Information and network security 5 security attacks mechanisms and services
Information and network security 5 security attacks mechanisms and servicesInformation and network security 5 security attacks mechanisms and services
Information and network security 5 security attacks mechanisms and services
Vaibhav Khanna
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15Benjamin D. Brooks, CISSP
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptx
SubhadipDutta36
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
vamshimatangi
 

More Related Content

What's hot

Introduction to computer security syllabus
Introduction to computer security syllabusIntroduction to computer security syllabus
Introduction to computer security syllabusAyebazibwe Kenneth
 
BAIT1103 Course Overview
BAIT1103 Course OverviewBAIT1103 Course Overview
BAIT1103 Course Overviewlimsh
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3
Kabul Education University
 
Information and network security 6 security attacks
Information and network security 6 security attacksInformation and network security 6 security attacks
Information and network security 6 security attacks
Vaibhav Khanna
 
Concept of physical protection and its principals
Concept of physical protection and its principalsConcept of physical protection and its principals
Concept of physical protection and its principals
Rasheed Abbasi
 
Information and network security 7 security services
Information and network security 7 security servicesInformation and network security 7 security services
Information and network security 7 security services
Vaibhav Khanna
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
Agung Suwandaru
 
Computer Security
Computer SecurityComputer Security
Computer Security
AkNirojan
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
Manesh T
 
Software Security
Software SecuritySoftware Security
Software Security
AkNirojan
 
Information and network security 4 osi architecture
Information and network security 4 osi architectureInformation and network security 4 osi architecture
Information and network security 4 osi architecture
Vaibhav Khanna
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
Vibrant Event
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Securitydrkelleher
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Nasir Arafat
 
Networks
NetworksNetworks
Networks
janani thirupathi
 
Information and network security 1 introduction
Information and network security 1 introductionInformation and network security 1 introduction
Information and network security 1 introduction
Vaibhav Khanna
 
EthicalHacking_AakashTakale
EthicalHacking_AakashTakaleEthicalHacking_AakashTakale
EthicalHacking_AakashTakaleAakash Takale
 
Ethical hacking11601031 (1)
Ethical hacking11601031 (1)Ethical hacking11601031 (1)
Ethical hacking11601031 (1)Mohammad Affan
 
Information and network security 5 security attacks mechanisms and services
Information and network security 5 security attacks mechanisms and servicesInformation and network security 5 security attacks mechanisms and services
Information and network security 5 security attacks mechanisms and services
Vaibhav Khanna
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15Benjamin D. Brooks, CISSP
 

What's hot (20)

Introduction to computer security syllabus
Introduction to computer security syllabusIntroduction to computer security syllabus
Introduction to computer security syllabus
 
BAIT1103 Course Overview
BAIT1103 Course OverviewBAIT1103 Course Overview
BAIT1103 Course Overview
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3
 
Information and network security 6 security attacks
Information and network security 6 security attacksInformation and network security 6 security attacks
Information and network security 6 security attacks
 
Concept of physical protection and its principals
Concept of physical protection and its principalsConcept of physical protection and its principals
Concept of physical protection and its principals
 
Information and network security 7 security services
Information and network security 7 security servicesInformation and network security 7 security services
Information and network security 7 security services
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
Software Security
Software SecuritySoftware Security
Software Security
 
Information and network security 4 osi architecture
Information and network security 4 osi architectureInformation and network security 4 osi architecture
Information and network security 4 osi architecture
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Networks
NetworksNetworks
Networks
 
Information and network security 1 introduction
Information and network security 1 introductionInformation and network security 1 introduction
Information and network security 1 introduction
 
EthicalHacking_AakashTakale
EthicalHacking_AakashTakaleEthicalHacking_AakashTakale
EthicalHacking_AakashTakale
 
Ethical hacking11601031 (1)
Ethical hacking11601031 (1)Ethical hacking11601031 (1)
Ethical hacking11601031 (1)
 
Information and network security 5 security attacks mechanisms and services
Information and network security 5 security attacks mechanisms and servicesInformation and network security 5 security attacks mechanisms and services
Information and network security 5 security attacks mechanisms and services
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15
 

Similar to Design and Analyze Secure Networked Systems - 1

3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptx
SubhadipDutta36
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
vamshimatangi
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
Manesh T
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
Kabul Education University
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
GovandJamalSaeed
 
Session Slide
Session SlideSession Slide
Session Slide
Muralidharan Radhakrishnan
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
Web attacks
Web attacksWeb attacks
Web attacks
husnara mohammad
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Јаѓќеѕн Јажѕшаф
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
VSAM Technologies India Private Limited
 
building foundation for ethical hacking.ppt
building foundation for ethical hacking.pptbuilding foundation for ethical hacking.ppt
building foundation for ethical hacking.ppt
ShivaniSingha1
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Chetanmalviya8
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
Greg Foss
 
Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Topic 5.0 basic security part 1
Topic 5.0 basic security part 1
Atika Zaimi
 
Introduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf fileIntroduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf file
debmajumder741249
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
James Cash
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
Murali Mohan
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
ankit sarode
 

Similar to Design and Analyze Secure Networked Systems - 1 (20)

3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptx
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
 
Session Slide
Session SlideSession Slide
Session Slide
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Web attacks
Web attacksWeb attacks
Web attacks
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
building foundation for ethical hacking.ppt
building foundation for ethical hacking.pptbuilding foundation for ethical hacking.ppt
building foundation for ethical hacking.ppt
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
 
Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Topic 5.0 basic security part 1
Topic 5.0 basic security part 1
 
Introduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf fileIntroduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf file
 
Network Security
Network SecurityNetwork Security
Network Security
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 

More from Don Kim

Clean Code - 5
Clean Code - 5Clean Code - 5
Clean Code - 5
Don Kim
 
Clean Code - 4
Clean Code - 4Clean Code - 4
Clean Code - 4
Don Kim
 
Clean Code - 3
Clean Code - 3Clean Code - 3
Clean Code - 3
Don Kim
 
Clean Code - 2
Clean Code - 2Clean Code - 2
Clean Code - 2
Don Kim
 
Clean Code - 1
Clean Code - 1Clean Code - 1
Clean Code - 1
Don Kim
 
Design and Analyze Secure Networked Systems - 7
Design and Analyze Secure Networked Systems - 7Design and Analyze Secure Networked Systems - 7
Design and Analyze Secure Networked Systems - 7
Don Kim
 
Design and Analyze Secure Networked Systems - 6
Design and Analyze Secure Networked Systems - 6Design and Analyze Secure Networked Systems - 6
Design and Analyze Secure Networked Systems - 6
Don Kim
 
Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5
Don Kim
 
Design and Analyze Secure Networked Systems - 4
Design and Analyze Secure Networked Systems - 4Design and Analyze Secure Networked Systems - 4
Design and Analyze Secure Networked Systems - 4
Don Kim
 
Design and Analyze Secure Networked Systems - 3
Design and Analyze Secure Networked Systems - 3Design and Analyze Secure Networked Systems - 3
Design and Analyze Secure Networked Systems - 3
Don Kim
 
Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2
Don Kim
 

More from Don Kim (11)

Clean Code - 5
Clean Code - 5Clean Code - 5
Clean Code - 5
 
Clean Code - 4
Clean Code - 4Clean Code - 4
Clean Code - 4
 
Clean Code - 3
Clean Code - 3Clean Code - 3
Clean Code - 3
 
Clean Code - 2
Clean Code - 2Clean Code - 2
Clean Code - 2
 
Clean Code - 1
Clean Code - 1Clean Code - 1
Clean Code - 1
 
Design and Analyze Secure Networked Systems - 7
Design and Analyze Secure Networked Systems - 7Design and Analyze Secure Networked Systems - 7
Design and Analyze Secure Networked Systems - 7
 
Design and Analyze Secure Networked Systems - 6
Design and Analyze Secure Networked Systems - 6Design and Analyze Secure Networked Systems - 6
Design and Analyze Secure Networked Systems - 6
 
Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5
 
Design and Analyze Secure Networked Systems - 4
Design and Analyze Secure Networked Systems - 4Design and Analyze Secure Networked Systems - 4
Design and Analyze Secure Networked Systems - 4
 
Design and Analyze Secure Networked Systems - 3
Design and Analyze Secure Networked Systems - 3Design and Analyze Secure Networked Systems - 3
Design and Analyze Secure Networked Systems - 3
 
Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2
 

Recently uploaded

Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
IES VE
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Hivelance Technology
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
MayankTawar1
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
KrzysztofKkol1
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
Peter Caitens
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
varshanayak241
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Anthony Dahanne
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
Jelle | Nordend
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
ayushiqss
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
Tier1 app
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 

Recently uploaded (20)

Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 

Design and Analyze Secure Networked Systems - 1

  • 1. Design and Analyze Secure Networked Systems Prof. Edward Chow @ Colorado Univ. Note by waegaein@github.com
  • 2. Glossary • Vulnerability • A weakness in the security system that might be exploited to cause loss or harm. • e.g. HW / SW / Policy / Procedure • Attack Surface • Sum of the vulnerabilities in a given system that are accessible to a hacker. • Threat • A set pf circumstances that has the potential to cause loss or harm. • e.g. Interception / Interruption / Modification / Fabrication • Control • Removes or reduces a vulnerability. Control of vulnerabilities blocks threat.
  • 4. Glossary • Method • The skill, knowledge, tools and other things with which to be able to pull off the attack. • Opportunity • The time and access to accomplish attack. • Motive • A reason to want to perform this attack against this system.
  • 6. Security Analysis • Denying any of M.O.M. prevents attacks. • Why difficult? • Knowledge/Specification/Source available of Internet. • Access to computer systems available through Internet. • Motives are financial, to show prowess, or random. • Case: First Bank ATM Heist in Taiwan • Method: Hackers remotely accessed server and dispatched false patch to ATMs. • Opportunity: Hackers were able to enter IT equipment room in London branch. • Motive: $2.2M financial gain.
  • 7. Glossary • Confidentiality • The concealment of information or resources. • Attack: Intercept the message in transit or hack into data storage. • Defense: Encrypt data both in storage and in transit. • Integrity • The trustworthiness of data and resources. • Attack: Intercept and alter the message in transit or hack into server and modify data. • Defense: Create digest and digitally sign it. • Availability • The ability to use the information or resources as desired. • Attack: Send large volume of dubious requests to servers. • Defense: Duplicate servers on different locations or trace back and push back attackers.
  • 8. Confidentiality Is it secret? Integrity Is it original? Availability Is it on sale?