FIT3105 Security and Identity Management Lecture 1.

Slides:



Advertisements
Similar presentations
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Advertisements

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Created by: Robert McAndrews Career & Technology Education Humble Independent School District.
Crime and Security in the Networked Economy Part 4.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 9: Privacy, Crime, and Security
Internet, Intranet and Extranets
BUSINESS PLUG-IN B6 Information Security.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security, Privacy, and Ethics Online Computer Crimes.
CSA 223 network and web security Chapter one
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
FIT3105 Smart card based authentication and identity management Lecture 4.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Security. Introduction to Security Why do we need security? What happens if data is lost? –Wrong business decisions through lack of information –Long-term.
BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
Chapter 5 Security Threats to Electronic Commerce
Security Chapter 8 Objectives Societal impact of information and information technology –Explain the meaning of terms related to computer security and.
Cyber crime & Security Prepared by : Rughani Zarana.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Internet Security for Small & Medium Business Week 6
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
Topic 5: Basic Security.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
Computer Security and Cryptography Partha Dasgupta, Arizona State University.
CONTROLLING INFORMATION SYSTEMS
SECURITY ISSUES. TYPES BLUE JACKING SENDING MESSAGES TO OPEN BLUETOOTH CONNECTION VIRUSES HARMFUL PROGRAMS THAT SPREAD WITHIN DIGITAL DEVICES COOKIES.
DoS Attacks Phishing Keylogging Computer Laws/Acts.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Information Systems Design and Development Security Precautions Computing Science.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Information Management System Ali Saeed Khan 29 th April, 2016.
Technical Implementation: Security Risks
Add video notes to lecture
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Securing Information Systems
Security in Networking
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
INFORMATION SYSTEMS SECURITY and CONTROL
Faculty of Science IT Department By Raz Dara MA.
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

FIT3105 Security and Identity Management Lecture 1

FIT Security and Identity Management2 Schedule  1. Introduction to computer system security and Identity management: software, hardware, data and users  2. Cryptography for authentication and identification (2 lectures)  3. Smart card based identification systems  4. Biometric based identification systems  5. Crypto-based identification systems  6. Strong authentication for system components and mobile users  7. Authentication and identity systems: design and implementation (2 lectures)  9. Large scale identity systems: privacy, security and efficiency (2 lectures)  11. Case studies and discussion  12. Research in security and identification system

FIT Security and Identity Management3 Outline  Introduction to the subject.  Discuss the method to study this unit.  Discuss the assessments and lab exercises.  Discuss the exam format.  Discuss the assignments and methods to do them.  Introduction to security and identity management –The importance of authentication and identity management –Problems with many id systems –Examples and possible solutions

FIT Security and Identity Management4 Assessments  Exam of 50%  Two assignments of 20% each  Lab exercises of 10%  You are required to attend all the lab sessions to be able to finish some parts of the assignments and most parts of the lab work.

FIT Security and Identity Management5 Why study security and identity management  Who has done the bad things to your organisation using a computer?  Who should be allowed to access to the bank money?  Who should be allowed to see government documents?  Who are the people working at your organisation?  Who can use your computer network?  Who can listen to your network communications?

FIT Security and Identity Management6 Computer Security and Identity Management Company‘s computer systems Internet communictions Database systems Etc. Business partners (customers, competitors, suppliers, etc.) Hackers, investigator, reporters etc. Government and private intelligence communities Internal threats (dishonest employees, software failures etc.)

FIT Security and Identity Management7 Vulnerabilities  Things can go wrong without strong security and identity management: –hardware  interruption (denial of service), interception (theft) –software  interruption (deletion), interception (theft), modification –data  interruption (loss), interception (theft), modification and fabrication

FIT Security and Identity Management8 Security facts without strong authentication and identity management – believe it or not!  Bank robbery through computers, code breaking, rouge servers, etc.  Industrial espionage on corporate information  Loss of individual information and privacy (files, s, money transfer, internet transactions, private video conferencing,...)  Information vandalism using fake ids (destroy backup, delete files, vandalise web pages, …)  Computer viruses: sending viruses using fake addresses.  (more can be found in “comp.risks” and other websites)

FIT Security and Identity Management9 Security and identity management– e.g  Attacks can be INTERNAL and EXTERNAL.  INTERNAL: –altering data; stealing secrete information; carrying out illegal transactions; stealing source code; –damaging computer systems and revealing confidential information without a trace. – intentionally writing bad code for later use or trap other users; – Using fake ids for blackmailing, and vandalizing.  EXTERNAL –Send malicious programs from different ids or fake systems; –Scanning your network for vulnerabilities and attack it without leaving any ids; –Sending logic bombs, worms, etc. (for Windows and Unix)- annoying, destructive, or causing disruption; –Etc.

FIT Security and Identity Management10 Computer Threat   35% annual increases in data sabotage incidents from 1997 to 1999   25 % annual increases in financial fraud penetrated on-line (9% using fake ids)   Abuse of network access increased over 20% resulting losses of billions of dollars   Security breaches caused US$15 billions damage in 2000 in US alone – many of them left no trace. Internet sources

FIT Security and Identity Management11 Other Surveys  Poll of 1,400 companies with > 100 employees –About 90% are confident with their firm’s security –But 50% failed to report break-ins –58% increased in spending on security  ,fortune firms lost US$45 billions ; high-tech firms most vulnerable  , US$215 billions spent on Security and Identity systems (US and Europe). Internet sources

FIT Security and Identity Management12 Security with strong authentication and identification mechanisms  Why strong authentication is an essential part of security?  Why do we need good identity management?  How do we provide strong authentication and good identification mechanisms for things we want to protect: – computer systems and subsystem components – software and hardware components – client-server applications – users – data – etc.

FIT Security and Identity Management13 Examples  How do you authenticate a computer user of your company? –Passwords? Good enough?  What is the identification of the computer user? –Employee id and password? Good enough?  What is the identification of a software package? –No need to worry about this because it is not part of id management!  How do you mange all the user identities in your company? –Store them on a database server and protect it with firewalls?  How can you design and implement a strong authentication system or a secure and efficient identity system, especially a large one?

FIT Security and Identity Management14 Examples  How do you authenticate a web server? –Using a shared key? –Using a digital certificate?  What is the identification of a computer or a network? –The name of the network? –A digital signature of the network? –An IP address?  What is the identification of a script that you have to run in a web application? –Hash value of the script? –Certificate of the owner of the script? –Certificate of the script itself?  How do you mange all the software on your company computer system? –Using a certificate for each piece of software? –Using a certificate for a group of related pieces of software?

FIT Security and Identity Management15Examples  Can we apply the same authentication for all identities? –an associated password for each identity? –A smart card for each identity?  What is the best authentication for users?  What is the best authentication for client-server applications?  What is the best authentication for different types of users of different environments? –Users and mobile users –Wireless and wired environments

FIT Security and Identity Management16 More examples  How do you identify a process on your computer network? –A user process on a Unix computer (beast.csse.monash.edu.au) of Monash network  How do you authenticate a mobile user of your computer network? –A wireless user of Monash network has to have a valid MAC address and password?  How do you authenticate a web server that I am going to pay something using my credit card? –Pay your bills using a safe connection with encryption?  How do you authenticate a client who wants to access sensitive information on your computer system? –Require a certificate from the client and verify it?

FIT Security and Identity Management17 Authentication and identity management: design and implementation  How do you design and implement authentication and identity management of your company? –E.g: monash uni, commonwealth bank, Telstra, etc  How do you design and implement authentication and identity management of a national system? –E.g: national id. system, health care system, national education systems, etc.  How do you design and implement authentication and identity management of international system? –E.g: Euro trade systems, Euro rail systems, International money transfer systems, international trade systems, etc.

FIT Security and Identity Management18 Example of a corporate id system  Photo id with finger print or facial recognition  Smart cards for computer system usages  Password for computer system access  Private and public key crypto system for sensitive information sharing and data transmission  Log files for record tracking  Intrusion detection system to detect misuses of the system or illegal access.

FIT Security and Identity Management19 How about wireless identities  Heavily relies on crypto-based authentication –Device registration and authentication –Private and public key or certificates –Smart cards can still be useful –Biometric methods are less effective

FIT Security and Identity Management20 Career in security and identity system design implementation  Does every organisation need an id system?  Can we use one id system for all organisation?  Security analysis  Security policy design  Id system design and implementation  Software security  Security experts needed for authentication design and implementation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.