Threats By Dr. Shadi Masadeh.

Slides:

Advertisements

Similar presentations

Security Presented by: Mark Davis & Shahein Moussavi.

Advertisements

Attacks Framework Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism Dialog Attacks -- Eavesdropping Impersonation Message Alteration.

Security and Systems. Three tenets of security Confidentiality Integrity Availability.

ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

FIT3105 Security and Identity Management Lecture 1.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Introduction & Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Revised by Huei Lee.

Web server security Dr Jim Briggs WEBP security1.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Securing Information Systems

PART THREE E-commerce in Action Norton University E-commerce in Action.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Overview of Security Dr. Sriram Chellappan These slides are available at BlackBoard.

C8- Securing Information Systems

Computer Threats Cybercrimes are criminal acts conducted through the use of computers by cybercriminals. © 2009 Prentice-Hall, Inc. 1.

Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.

1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

7 Information Security.

Management Information Systems Chapter Eight Securing Information Systems Md. Golam Kibria Lecturer, Southeast University.

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

8/30/2010CS 686 Definition of Security/Privacy EJ Jung CS 686 Special Topics in CS Privacy and Security.

Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.

Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Chap1: Is there a Security Problem in Computing?.

Introduction to Security Dr. John P. Abraham Professor UTPA.

Computer Security By Duncan Hall.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

1 TMK 264: COMPUTER SECURITY CHAPTER ONE: AN OVERVIEW OF COMPUTER SECURITY.

Network Security Celia Li Computer Science and Engineering York University.

1 Figure 1-6: Attacks and Defenses (Study Figure) Access Control  Access control is the body of strategies and practices that a company uses to prevent.

ESTABLISHING AND MANAGING IT SECURITY Prepared by : Siti Mahani Mahmud Yong Azua Mat Zaliza Azan.

1 Figure 1-3: Attack Trends Growing Incident Frequency  Incidents reported to the Computer Emergency Response Team/Coordination Center  1997: 2,134.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

7 Chapter Securing Information Systems 1. The Boston Celtics Score Big Points Against Spyware Problem: frequency of wireless usage exposed Celtics’ proprietary.

8.1 © 2010 by Prentice Hall 7 Chapter Securing Information Systems.

Security Risks Todays Lesson Security Risks Security Precautions

Security Protecting information data confidentiality

Securing Information Systems

Securing Information Systems

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

Unit 32 – Networked Systems Security

Chapter 5 Electronic Commerce | Security

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Objectives Overview Define the term, digital security risks, and briefly describe the types of cybercriminals Describe various types of Internet and network.

Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek

Unit 1: Class overview, general security concept, threats and defenses

Chapter 5 Electronic Commerce | Security

Figure 1-7: Eavesdropping on a Dialog

Chapter 13 Security and Ethical Challenges.

Prepared By : Binay Tiwari

Societal Issues in Computing (COMP466)

INFORMATION SYSTEMS SECURITY and CONTROL

Faculty of Science IT Department By Raz Dara MA.

Mohammad Alauthman Computer Security Mohammad Alauthman

Cyber Security For Civil Engineering

Presentation transcript:

Threats By Dr. Shadi Masadeh

Security Threats and Attacks A threat is a potential violation of security. Flaws in design, implementation, and operation. An attack is any action that violates security. Active adversary.

Types of Security Threats and Attacks Eavesdropping - Message Interception (Attack on Confidentiality) Unauthorized access to information Packet sniffers and wiretappers Illicit copying of files and programs R S Eavesdropper

Types of Security Threats and Attacks Integrity Attack - Tampering With Messages Stop the flow of the message Delay and optionally modify the message Release the message again Interruption an asset becomes lost, unavailable, or unusable R S Perpetrator

Types of Security Threats and Attacks Authenticity Attack - Fabrication Unauthorized assumption of other’s identity Generate and distribute objects under this identity R S Masquerader: from S

Types of Security Threats and Attacks Attack on Availability Destroy hardware (cutting fiber) or software Modify software in a subtle way (alias commands) Corrupt packets in transit Blatant denial of service (DoS): Crashing the server Overwhelm the server (use up its resource) S R

Who are the Attackers 1. Elite Hackers White hat hackers This is still illegal Break into system but notify firm or vendor of vulnerability Black hat hackers Do not hack to find and report vulnerabilities Gray hat hackers go back and forth between the two ways of hacking Hack but with code of ethics Codes of conduct are often amoral “Do not harm,” but delete log files, destroy security settings, etc. Distrust of evil businesses and government Still illegal

Who are the Attackers (Cont.) 2. Virus Writers and Releasers Virus writers versus virus releasers Only releasing viruses is punishable

Who are the Attackers (Cont.) 3. Script Kiddies Use prewritten attack scripts (kiddie scripts) Viewed as alamers and script kiddies Large numbers make dangerous Noise of kiddie script attacks makes more sophisticated attacks

Who are the Attackers (Cont.) 4. Criminals Many attackers are ordinary garden-variety criminals Credit card and identity theft Side note on threat to Credit Card #. How do attacker capture credit card information? Via “Sniffing” traffic? How many of the audience have worries when shopping online? How many of the audience ever used a credit card to pay for a restaurant meal? Stealing trade secrets (intellectual property) Extortion

Who are the Attackers (Cont.) 5. Corporate Employees Have access and knowledge Financial theft Theft of trade secrets (intellectual property) Sabotage Consultants and contractors IT and security staff are biggest danger

Who are the Attackers (Cont.) 6. Cyberterrorism and Cyberwar New level of danger Infrastructure destruction Attacks on IT infrastructure Use IT to establish physical infrastructure (energy, banks, etc.) Simultaneous multi-pronged attacks Cyberterrorists by terrorist groups versus cyberwar by national governments Amateur information warfare

Framework for Attacks Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism Social Engineering -- Opening Attachments Password Theft Information Theft Dialog Attacks -- Eavesdropping Impersonation Message Alteration Penetration Attacks Malware -- Viruses Worms Denial of Service Scanning (Probing) Break-in

Methods of Defense Encryption (DES and RSA) Software Controls (access limitations in a data base, in operating system protect each user from other users) Hardware Controls (smartcard) Policies (frequent changes of passwords) Physical Controls (key lockers)