© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
Copyright, The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce.
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
CS5038 The Electronic Society
Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Information Society Security Risks.  Attacks  Origin  Consequences RISKS...
Security+ Guide to Network Security Fundamentals
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Introducing Computer and Network Security
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Securing Information Systems
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
Computer Crime and Information Technology Security
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Got Security? Information Assurance Considerations for Your Research, Course Projects, and Everyday Life James Cannady, Ph.D. Assistant Professor.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
C8- Securing Information Systems
Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.
Communications-Electronics Security Group. Excellence in Infosec.
IS Network and Telecommunications Risks Chapter Six.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
Module 11: Designing Security for Network Perimeters.
Scott Charney Cybercrime and Risk Management PwC.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Security Discussion IST Retreat June IT Security Statement definition In the context of computer science, security is the prevention of, or protection.
Computer Security By Duncan Hall.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.
Computer Security Mike Asoodeh & Ray Dejean Office of Technology Southeastern Louisiana University.
Information Management System Ali Saeed Khan 29 th April, 2016.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
© SYBEX Inc All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”
Securing Information Systems
Network Security Basics: Malware and Attacks
Instructor Materials Chapter 7 Network Security
Secure Software Confidentiality Integrity Data Security Authentication
Securing Information Systems
Security in Networking
Introduction and Basic Concepts
Networking for Home and Small Businesses – Chapter 8
Security week 1 Introductions Class website Syllabus review
Chapter # 3 COMPUTER AND INTERNET CRIME
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Presentation transcript:

© Ravi Sandhu Introduction to Information Security Ravi Sandhu

© 2005 Ravi Sandhu 2 Cyber-security goals have changedCyber-security goals electronic commerce information sharing etcetera multi-party security objectives fuzzy objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose USAGE

© 2005 Ravi Sandhu 3 Cyber-security attacks have changed The professionals have moved in Hacking for fun and fame Hacking for cash, espionage and sabotage

© 2005 Ravi Sandhu 4 INTERNET INSECURITY Internet insecurity spreads at Internet speed Morris worm of 1987 Password sniffing attacks in 1994 IP spoofing attacks in 1995 Denial of service attacks in borne viruses 1999 Distributed denial of service attacks 2000 Fast spreading worms and viruses 2003 Spam 2004 Phishing 2005 Botnets 2005 … no end in sight Internet insecurity grows at super-Internet speed security incidents are growing faster than the Internet (which has roughly doubled every year since 1988)

© 2005 Ravi Sandhu SECURITY TECHNIQUES Prevention access control Detection and Recovery auditing/intrusion detection incident response Acceptance practicality

© 2005 Ravi Sandhu THREATS, VULNERABILITIES ASSETS AND RISK THREATS are possible attacks VULNERABILITIES are weaknesses ASSETS are information and resources that need protection RISK requires assessment of threats, vulnerabilities and assets

© 2005 Ravi Sandhu 7 RISK Outsider Attack – insider attack Insider Attack – outsider attack

© 2005 Ravi Sandhu PERSPECTIVE ON SECURITY No silver bullets A process NOT a turn-key product Requires a conservative stance Requires defense-in-depth A secondary objective Absolute security does not exist Security in most systems can be improved

© 2005 Ravi Sandhu 9 PERSPECTIVE ON SECURITY absolute security is impossible does not mean absolute insecurity is acceptable

© 2005 Ravi Sandhu 10 CLASSICAL INTRUSIONS SCENARIO 1 Insider attack The insider is already an authorized user Insider acquires privileged access exploiting bugs in privileged system programs exploiting poorly configured privileges Install backdoors/Trojan horses to facilitate subsequent acquisition of privileged access

© 2005 Ravi Sandhu 11 CLASSICAL INTRUSIONS SCENARIO 2 Outsider attack Acquire access to an authorized account Perpetrate an insider attack

© 2005 Ravi Sandhu 12 NETWORK INTRUSIONS SCENARIO 3 Outsider/Insider attack Spoof network protocols to effectively acquire access to an authorized account

© 2005 Ravi Sandhu 13 DENIAL OF SERVICE ATTACKS Flooding network ports with attack source masking TCP/SYN flooding of internet service providers in 1996

© 2005 Ravi Sandhu 14 INFRASTRUCTURE ATTACKS router attacks modify router configurations domain name server attacks internet service attacks web sites ftp archives

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.