Internet Security and Implications on Transportation Systems 1 Yan Chen Department of Electrical Engineering and Computer Science Northwestern University.

Slides:



Advertisements
Similar presentations
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Advertisements

Botnets. Botnet Threat Botnets are a major threat to the Internet because: Consist of a large pool of compromised computers that are organized by a master.
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Taxonomy of Botnets Team Mag Five Valerie Buitron Jaime Calahorrano Derek Chow Julia Marsh Mark Zogbaum.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 Yan Chen Northwestern Lab for Internet and Security Technology (LIST) Dept. of Computer Science Northwestern University
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Slides to add  Botnet slides  Security regulations  Do we have similar laws for transportation?  Terrorism (look for some examples if possible)  Company.
FIT3105 Security and Identity Management Lecture 1.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
(Geneva, Switzerland, September 2014)
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
CERN - IT Department CH-1211 Genève 23 Switzerland t Update on the underground economy and making profit on the black market Wojciech Lapka.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
Evolving Threats. Application Security - Understanding the Problem DesktopTransportNetworkWeb Applications Antivirus Protection Encryption (SSL) Firewalls.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Confidential On-line Banking Risks & Countermeasures By Vishal Salvi – CISO HDFC Bank IBA Banking Security Summit 2009.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.
Security and Control Brian Mennecke. Planning for Security and Control In today’s net-enabled environment, an increasingly important part of IT planning.
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
7 Information Security.
NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.
HDSB Security Awareness Training. Introduction Good security standards follow the 90/10 rule: 10% of security safeguards are technical. 90% of security.
Internal Reporting Internal Controls Mike Willis, CPA Partner, PricewaterhouseCoopers, LLP Founding Chairman, XBRL International
INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.
Internet Security Breach & Its Impact on Business Operations Kim Nguyen Manish Shirke Wa Mo Saravanan Velrajan.
What is Network and Security Research? Network and Security Research, or Information Communication Technology (ICT) Research involves: the collection,
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
1 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar.
Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.
Information Security: Current Threats Marc Scarborough Information Security Officer
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
MIS323 – Business Telecommunications Chapter 10 Security.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.
Big Data Analytics Are we at risk? Dr. Csilla Farkas Director Center for Information Assurance Engineering (CIAE) Department of Computer Science and Engineering.
Types of Cybercrime (FBI, 2000) 1.Unauthorized access by insiders (such as employees) 2.System penetration by outsiders (such as hackers) 3.Theft of proprietary.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
Information Management System Ali Saeed Khan 29 th April, 2016.
DEPARTMENT OF COMPUTER SCIENCE INTRODUCTION TO CYBER AND SECURITY.
Surveillance and Security Systems Cyber Security Integration.
Securing Information Systems
Botnets A collection of compromised machines
Cyber Security Zafar Sadik
Information Security – Current Challenges
Public Facilities and Cyber Security
Botnets.
Challenges We Face On the Internet
Threats to computers Andrew Cormack UKERNA.
Botnets A collection of compromised machines
Securing Information Systems
Information Security based on International Standard ISO 27001
Chapter 9 E-Commerce Security and Fraud Protection
The Current Internet: Connectivity and Processing
Protect Your Ecommerce Site From Hacking and Fraud
Cybersecurity and its Relevance to CIT
Presentation transcript:

Internet Security and Implications on Transportation Systems 1 Yan Chen Department of Electrical Engineering and Computer Science Northwestern University Lab for Internet & Security Technology (LIST)

Outline  Internet Threat Landscape  Security regulations  System Diagnosis

Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN Regional Wireline Regional Voice Cell Cable Modem LAN Premises- based WLAN Premises- based Operator- based H.323 Data RAS Analog DSLAM H.323

The Spread of the Sapphire/Slammer SQL Worm

Evolution of Botnets Motivation change in computer hacking – Vandalism  Financial gains – Loss of $67.2 billion (2006 figure)

Botnet Architecture Botmaster Bot Recruiting Bot

Attack Behaviors r Stealing personal information m Keylogger and Network sniffer used on compromised systems to spy on users and compile personal information r Phishing and spam proxy m Aggregated computing power and proxy capability allow spammers to impact larger groups without being traced. r Distributed Denial of Service (DDoS) m Impair or eliminate availability of a network to extort or disrupt business

8 eCrime Market Operation Raw MaterialsGoal Market S S S Buy, Sell, & Trade Wealth Goods(Re)Application

9 Sensitive Data and Market Significance Credit Card #s SSNs Bank Account #s Percentage of Labeled Data Sensitive Data Type

r Cyber spies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system. r Transportation systems (air, truck, bus) the next? m Next generation 9/11 without suicide bombers!

Security Regulations r Business and security compliance is top-of-mind for executives r Protecting sensitive business & customer data is the key focus of regulatory compliance requirement

Business Impact of Lack of Compliance r Direct financial ramifications m FTC fines m Compensation payout to customers m Cost of external security audits m Lost customer confidence r Research shows substantial indirect costs associated with brand damage

Do We Have Any Security Regulations for Transportation Systems? r E.g., any FAA rules?

r Many applications & services m Traffic monitoring, authentication, command & control, etc. r Critical for running business r Large enterprise networks m 1,000s network applications m 1,000s staffs in IT support m $$ millions of dollars spent every year Transportation Control System Management & Diagnosis