22 November 2010. Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.

Slides:



Advertisements
Similar presentations
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.
Advertisements

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
K. Salah1 Introduction to Security Overview of Computer Security.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Cryptography and Network Security Chapter 1
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
1 An Overview of Computer Security computer security.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
FIT3105 Security and Identity Management Lecture 1.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Introduction to Security Dr.Talal Alkharobi. 2 Why is security important? Computers and networks are the nerves of the basic services and critical infrastructures.
Introduction (Pendahuluan)  Information Security.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
An Introduction to Information Assurance COEN 150 Spring 2007.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
Introduction to Computer and Network Security
C8- Securing Information Systems
Dimensions of E – Commerce Security
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
Information Security in Distributed Systems Distributed Systems1.
Chap1: Is there a Security Problem in Computing?.
Cybercrime What is it, what does it cost, & how is it regulated?
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Computer Security By Duncan Hall.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Information Management System Ali Saeed Khan 29 th April, 2016.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Network Security Overview
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Privacy and Security.
Issues and Protections
Network Security (the Internet Security)
Computers in Society 12/1/2018.
Information Security: Terminology
Presentation transcript:

22 November 2010

Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when it comes to handling his or her personal information

Consider  1994: Vladimir Levin breaks into Citibank's network and transfers $10 million dollars into his accounts  Mid 90’s: Phonemasters stole tens of thousands of phone card numbers found private White House telephone lines  1996: Tim Lloyd, disgruntled employee inserts time bomb that destroys all copies of Omega Engineering machining code. Estimated lost: $10 million.

Security “Gospel”  The Morris Internet worm of 1988 cost $98 million to clean up  The Melissa virus crashed networks at 300 of the Fortune 500 companies  The Chernobyl virus destroyed up to a million PCs throughout Asia  The ExploreZip virus alone cost $7.6 billion to clean up

Security Reality  The Morris Internet worm of 1988 cost $98 under $1 million to clean up  The Melissa virus crashed scared executives into disconnecting networks at 300 of the Fortune 500 companies  The Chernobyl virus destroyed caused replacement of up to a million PCs throughout Asia  The ExploreZip virus alone could have cost $7.6 billion to clean up

Information Systems Security  Deals with Security of (end) systems ○ Operating system, files, databases, accounting information, logs,... Security of information in transit over a network ○ e-commerce transactions, online banking, confidential s, file transfers,...

Basic Components of Security  Confidentiality Keeping data and resources secret or hidden  Integrity Ensuring authorized modifications Refers to both data and origin integrity  Availability Ensuring authorized access to data and resources when desired  Accountability Ensuring that an entity’s action is traceable uniquely to that entity  Security assurance Assurance that all four objectives are met

Info Security 20 Years Ago  Physical security Information was primarily on paper Lock and key Safe transmission  Administrative security Control access to materials Personnel screening Auditing

Information Security Today  Emergence of the Internet and distributed systems Increasing system complexity  Digital information needs to be kept secure Competitive advantage Protection of assets Liability and responsibility  Financial losses FBI estimates that an insider attack results in an average loss of $2.8 million Estimates of annual losses: $5 billion - $45 billion ○ Why such a big range?  National defense Protection of critical infrastructures ○ Power grid ○ Air transportation Interlinked government agencies ○ Severe concerns regarding security management and access control measures (GAO report 2003) ○ Grade F for most of the agencies

Attack Vs Threat  A threat is a “potential” violation of security Violation need not actually occur Fact that the violation might occur makes it a threat  The actual violation (or attempted violation) of security is called an attack

Common security attacks  Interruption, delay, denial of receipt or denial of service System assets or information become unavailable or are rendered unavailable  Interception or snooping Unauthorized party gains access to information by browsing through files or reading communications  Modification or alteration Unauthorized party changes information in transit or information stored for subsequent access  Fabrication, masquerade, or spoofing Spurious information is inserted into the system or network by making it appear as if it is from a legitimate source  Repudiation of origin False denial that the source created something

Denial of Service Attacks  explicit attempt to prevent legitimate users from using service  two types of attacks denial of service (DOS) distributed denial of service (DDOS)  asymmetric attack attacker with limited resource (old PC and slow modem) may be able to disable much faster and more sophisticated machines or networks  methods Bots or Zombie machines Trojans or Smurf attack: distributed attack that sends specified number of data packets to a victim

Phishing (Spoofing)  use 'spoofed' s and fraudulent websites  designed to fool recipients into divulging personal financial data credit card numbers account usernames and passwords social security numbers  hijacking of trusted brands banks online retailers credit card companies  able to convince up to 5% of recipients to respond 

Goals of Security  Prevention Prevent someone from violating a security policy  Detection Detect activities in violation of a security policy Verify the efficacy of the prevention mechanism  Recovery Stop attacks Assess and repair damage Ensure availability in presence of ongoing attack Fix vulnerabilities to prevent future attacks Deal with the attacker

Human Issues  Outsiders and insiders Which do you think is the real threat?  Social engineering How much do you disclose about security? Claim more or less security than exists

Honeypots  Setting up a server to attract hackers Used by corporations as early warning system Used to attract spam to improve filters Used to attract viruses to improve detection 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.