CS5261 Information Security CS 526 Topic 1 Overview of the Course Topic 1.

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
How to protect yourself, your computer, and others on the internet
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Lecture 1: Overview modified from slides of Lawrie Brown.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
CS426Fall 2010/Lecture11 Computer Security CS 426 Lecture 1 Overview of the Course.
1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
E-Commerce Security and Fraud Issues and Protections
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
INTRODUCING F-SECURE POLICY MANAGER
Information Security Technological Security Implementation and Privacy Protection.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Storage Security and Management: Security Framework
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Cyber Crimes.
PART THREE E-commerce in Action Norton University E-commerce in Action.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
CS5261 Information Security CS 526 Topic 1 Overview of the Course Topic 1.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Security in Computer System 491 CS-G(172) By Manesh T
Working Connection Computer and Network Security - Introduction - Dr. Hwajung Lee Radford University.
Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Topic 5: Basic Security.
CS5261 Information Security CS 526 Topic 1 Overview of the Course Topic 1.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Computer Skills and Applications Computer Security.
Intro to Computer Security For COP3502, Intro to Computer Science Lecture 1 1.
Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.
Computer Security By Duncan Hall.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Security Mindset Lesson Introduction Why is cyber security important?
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Cybersecurity Test Review Introduction to Digital Technology.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
MIS323 – Business Telecommunications Chapter 10 Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Security, Ethics and the Law. Vocabulary Terms Copyright laws -software cannot be copied or sold without the software company’s permission. Copyright.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Computer Security Keeping you and your computer safe in the digital world.
October 28, 2015 Cyber Security Awareness Update.
A Project on CYBER SECURITY
Securing Information Systems
Security in Networking
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
The Internet of Unsecure Things
E-Commerce Security and Fraud Issues and Protections
Chapter 9 E-Commerce Security and Fraud Protection
System Programming CS 252 Topic 20
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

CS5261 Information Security CS 526 Topic 1 Overview of the Course Topic 1

Recent Security News Snowden leaks information about various NSA data collection programs –Phone call record –Supposedly , instant message, etc. National Security Agency – emption/nsa.htmlhttp:// emption/nsa.html Facebook CEO’s page hacked by Palestinian Khalil Shreateh to demonstrate bugs in Facebook CS526Topic 12

In the News Last Year: Hackers Force Apple, Amazon to Change Security Policy What happened? –Hackers gained access to Mat Honan (a reporter)’s iCloud account, then (according to Honan) At 5:00 PM, they remote wiped my iPhone At 5:01 PM, they remote wiped my iPad At 5:05, they remote wiped my MacBook Air. How did the attacker get access to iCloud account? Any guess? Lessons? Security only as strong as the weakest link. Information sharing across platforms can lead to unexpected vulnerabilities CS526Topic 13

Stuxnet (2010) Stuxnet: Windows-based Worm –Worm: self-propagating malicious software (malware) Attack Siemens software that control industrial control systems (ICS) and these systems –Used in factories, chemical plants, and nuclear power plants First reported in June 2010, the general public aware of it only in July 2010 Seems to be a digital weapon created by a nation-state –60% (more than 62 thousand) of infected computers in Iran –Iran confirmed that nuclear program damaged by Stuxnet –Sophisticated design, special targets, expensive to develop CS5264Topic 1

Malware That Appear to Be Related to Stuxnet Duqu (September 2011) –Use stolen certificates, exploits MS Word Flame (May 2012) –A tool for cyber espionage in Middle East (infecting approx machines, mostly in Iran) –“Suicide” after being discovered –20 Mbytes, with SQLLite DB to store info, hide its own presence, exploit similar vulnerabilities as StuxNet, adjust its behavior to different Anti-Virus –Presents a novel way to produce MD5 hash collision to exploit certificates CS526Topic 15

CS5266 See the Course Homepage 526_Fall13/index.html 526_Fall13/index.html Knowledge needed for the course –Programming knowledge (for two programming projects) Web (PHP) Low-level (C, knowledge of assembly) –Knowledge of computer/networking –Appropriate mathematical sophistication Topic 1

CS5267 Readings for This Lecture Required readings: –Information Security on Wikipedia (Basic principles & Risk management)Information Security on Wikipedia Optional Readings: –Counter Hack Reloaded Chapter 1: Introduction –Security in Computing: Chapter 1 Topic 1

What is Information (Computer) Security? Security = Sustain desirable properties under intelligent adversaries Desirable properties –Understand what properties are needed. Intelligent adversaries –Needs to understand/model adversaries –Always think about adversaries. CS526Topic 18

CS5269 Security Goals/Properties (C, I, A) Confidentiality (secrecy, privacy) –only those who are authorized to know can know Integrity (also authenticity in communication) –only modified by authorized parties and in permitted ways –do things that are expected Availability –those authorized to access can get access Topic 1

Which of C, I, A are violated in.. The Stuxnet attack compromises –integrity of software systems, –availability of some control functionalities, –confidentiality of some keys in order to sign malware to be loaded by Windows The Apple/Amazon attack –Confidentiality of credit card digits –Integrity of password –Availability of data and devices The Facebook attack –Integrity –Potential availability concern CS52610Topic 1

CS52611 Computer Security Issues Malware (Malicious Software) –Computer viruses –Trojan horses –Computer worms E.g., Morris worm (1988), Melissa worm (1999), Stuxnet (2010), etc. –Spywares –Malwares on mobile devices Computer break-ins spams –E.g., Nigerian scam (419 scam, advanced fee fraud), stock recommendations Topic 1

More Computer Security Issues Identity theft Driveby downloads Botnets Distributed denial of service attacks Serious security flaws in many important systems –electronic voting machines, ATM systems CS52612Topic 1

CS52613 Why Do Computer Attacks Occur? Who are the attackers? –bored teenagers, criminals, organized crime organizations, rogue (or other) states, industrial espionage, angry employees, … Why they do it? –fun, –fame, –profit, … computer systems are where the moneys are –Political/military objectives Topic 1

CS52614 Why These Attacks Can Succeed? Software/computer systems are buggy Users make mistakes Technological factors –Von Neumann architecture: stored programs –Unsafe program languages –Software are complex, dynamic, and increasingly so –Making things secure are hard –Security may make things harder to use Topic 1

CS52615 Why Do These Factors Exist? Economical factors –Lack of incentives for secure software –Security is difficult, expensive and takes time Human factors –Lack of security training for software engineers –Largely uneducated population Topic 1

CS52616 Security is Not Absolute Is your car secure? What does “secure” mean? Are you secure when you drive your car? Security is relative –to the kinds of loss one consider security objectives/properties need to be stated –to the threats/adversaries under consideration. security is always under certain assumptions Topic 1

CS52617 Security is Secondary What protection/security mechanisms one has in the physical world? Why the need for security mechanisms arises? Security is secondary to the interactions that make security necessary. Robert H. Morris : The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it. Topic 1

CS52618 Information Security is Interesting The most interesting/challenging threats to security are posed by human adversaries –Security is harder than reliability Information security is a self-sustaining field –Can work both from attack perspective and from defense perspective Security is about benefit/cost tradeoff –Thought often the tradeoff analysis is not explicit Security is not all technological –Humans are often the weakest link Topic 1

CS52619 Information Security is Challenging Defense is almost always harder than attack. In which ways information security is more difficult than physical security? –adversaries can come from anywhere –computers enable large-scale automation –adversaries can be difficult to identify –adversaries can be difficult to punish –potential payoff can be much higher In which ways information security is easier than physical security? Topic 1

CS52620 Tools for Information Security Cryptography Authentication and Access control Hardware/software architecture for separation Processes and tools for developing more secure software Monitoring and analysis Recovery and response Topic 1

CS52621 What is This Course About? Learn to think about security when doing things Learn to understand and apply security principles Learn how computers can be attacked, how to prevent attacks and/or limit their consequences. –No silver bullet; man-made complex systems will have errors; errors may be exploited –Large number of ways to attack –Large collection of specific methods for specific purposes Topic 1

CS52622 Ethical Use of Security Information We discuss vulnerabilities and attacks –Most vulnerabilities have been fixed –Some attacks may still cause harm –Do not try these outside the context of this course Topic 1

CS52623 Coming Attractions … Cryptography: terminology and classic ciphers. Readings –Cryptography on WikipediaCryptography on Wikipedia Topic 1