CS5261 Information Security CS 526 Topic 1 Overview of the Course Topic 1.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

How to protect yourself, your computer, and others on the internet
Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
4 Information Security.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
CS5261 Information Security CS 526 Topic 1 Overview of the Course Topic 1.
Lecture 1: Overview modified from slides of Lawrie Brown.
Security, Privacy, and Ethics Online Computer Crimes.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
CS426Fall 2010/Lecture11 Computer Security CS 426 Lecture 1 Overview of the Course.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Threats and Attacks Principles of Information Security, 2nd Edition
Financial Mathematics Math 373. Math 373 – Instructor MATH 175 (Tu & Th at 1:30) and LILLY G126 (Wed at 9:30) Jeff Beckley –
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
A First Course in Information Security
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Cyber Crimes.
PART THREE E-commerce in Action Norton University E-commerce in Action.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
BUSINESS B1 Information Security.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Anderson School of Management University of New Mexico.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
C HAPTER 5 General Computer Topics. 5.1 Computer Crimes Computer crime refers to any crime that involves a computer and a network. Net crime refers to.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
AGEC 640 Tues., August 26, 2014 Introduction to Agricultural Development & Policy Today: – Housekeeping – Motivation – Background reading (optional): WDR.
Information Warfare Playgrounds to Battlegrounds.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
7 Information Security.
Chapter 5: General Computer Topics Department of Computer Science Foundation Year Program Umm Alqura University, Makkah Computer Skills /1436.
School of Mechanical Engineering 1.Welcome! Please locate your seat on the seating chart provided (gold paper, 3 pages, alphabetical order). 2.Please take.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Topic 5: Basic Security.
CS5261 Information Security CS 526 Topic 1 Overview of the Course Topic 1.
Chap1: Is there a Security Problem in Computing?.
Computer Security By Duncan Hall.
Security Mindset Lesson Introduction Why is cyber security important?
Information Systems Week 7 Securing Information Systems.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Cybersecurity Test Review Introduction to Digital Technology.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.
Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
IT Security  .
Instructor Materials Chapter 7 Network Security
A Project on CYBER SECURITY
Emergency Preparedness
Securing Information Systems
EMERGENCY PREPAREDNESS – A MESSAGE FROM PURDUE
PHYS 241 Electricity & Optics
Security in Networking
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Cybersecurity Awareness
Risk of the Internet At Home
S.D. Sudhoff, S.D. Pekarek, O. Wasynczuk, D. Aliprantis Spring 2017
The Internet of Unsecure Things
Chapter 9 E-Commerce Security and Fraud Protection
System Programming CS 252 Topic 20
EMERGENCY PREPAREDNESS – A MESSAGE FROM PURDUE
EMERGENCY PREPAREDNESS – A MESSAGE FROM PURDUE
Presentation transcript:

CS5261 Information Security CS 526 Topic 1 Overview of the Course Topic 1

Today’s Security News Today: 220 million records stolen, 16 arrested in massive South Korean data breach Today: 220 million records stolen, 16 arrested in massive South Korean data breach –A number of online gaming & movie ticket sites –Real names, account names, passwords, resident registration numbers Today: Cybersecurity hiring crisis: Rockstars, anger and the billion dollar problemCybersecurity hiring crisis: Rockstars, anger and the billion dollar problem –Cisco's 2014 Annual Security Report projecting a global cybersecurity jobs shortage starting at 500,000 and domestically at least 30,000Cisco's 2014 Annual Security Report CS526Topic 12

Last Week’s Security News Aug 22: Facebook given 4 weeks to respond to "largest privacy class action in Europe" –In relation to unauthorized use of data, NSA’s PRISM program, tracking users on external websites and sharing data Aug 22: Malicious app can steal sensitive information from other apps, e.g., Gmail CS526Topic 13

In the News (2012): Hackers Force Apple, Amazon to Change Security Policy What happened? –Hackers gained access to Mat Honan (a reporter)’s iCloud account, then (according to Honan) At 5:00 PM, they remote wiped my iPhone At 5:01 PM, they remote wiped my iPad At 5:05, they remote wiped my MacBook Air. How did the attacker get access to iCloud account? Any guess? Lessons? Security only as strong as the weakest link. Information sharing across platforms can lead to unexpected vulnerabilities CS526Topic 14

Stuxnet (2010) Stuxnet: Windows-based Worm –Worm: self-propagating malicious software (malware) Attack Siemens software that control industrial control systems (ICS) and these systems –Used in factories, chemical plants, and nuclear power plants First reported in June 2010, the general public aware of it only in July 2010 A digital weapon created by nation states –60% (more than 62 thousand) of infected computers in Iran –Iran confirmed that nuclear program damaged by Stuxnet –Sophisticated design, special targets, expensive to develop CS5265Topic 1

CS5266 See the Course Homepage 526_Fall14/index.html 526_Fall14/index.html Piazza Knowledge needed for the course –Probability –Basic knowledge of algorithms –Programming knowledge (for two programming projects) Web (PHP) Low-level (C, some knowledge of assembly) –Knowledge of operating systems/networking Topic 1

To report an emergency, call 911. To obtain updates regarding an ongoing emergency, sign up for Purdue Alert text messages, view There are nearly 300 Emergency Telephones outdoors across campus and in parking garages that connect directly to the PUPD. If you feel threatened or need help, push the button and you will be connected immediately. If we hear a fire alarm during class we will immediately suspend class, evacuate the building, and proceed outdoors. Do not use the elevator. If we are notified during class of a Shelter in Place requirement for a tornado warning, we will suspend class and shelter in [the basement]. If we are notified during class of a Shelter in Place requirement for a hazardous materials release, or a civil disturbance, including a shooting or other use of weapons, we will suspend class and shelter in the classroom, shutting the door and turning off the lights. Please review the Emergency Preparedness website for additional information. EMERGENCY PREPAREDNESS – A MESSAGE FROM PURDUE

CS5268 Readings for This Lecture Required readings: –Information Security on Wikipedia (Basic principles & Risk management)Information Security on Wikipedia Optional Readings: –Counter Hack Reloaded Chapter 1: Introduction –Security in Computing: Chapter 1 Topic 1

What is Information (Computer) Security? Security = Sustain desirable properties under intelligent adversaries Desirable properties –Understand what properties are needed. Intelligent adversaries –Needs to understand/model adversaries –Always think about adversaries. CS526Topic 19

CS52610 Security Goals/Properties (C, I, A) Confidentiality (secrecy, privacy) –only those who are authorized to know can know Integrity (also authenticity in communication) –only modified by authorized parties and in permitted ways –do things that are expected Availability –those authorized to access can get access Topic 1

Which of C, I, A are violated in.. The Stuxnet attack compromises –integrity of software systems, –availability of some control functionalities, –confidentiality of some keys in order to sign malware to be loaded by Windows The Apple/Amazon attack –Confidentiality of credit card digits –Integrity of password –Availability of data and devices The Android App attack –Confidentiality –Potential integrity/availability concern CS52611Topic 1

CS52612 Computer Security Issues Malware (Malicious Software) –Computer viruses –Trojan horses –Computer worms E.g., Morris worm (1988), Melissa worm (1999), Stuxnet (2010), etc. –Spywares –Malwares on mobile devices Computer break-ins spams –E.g., Nigerian scam (419 scam, advanced fee fraud), stock recommendations Topic 1

More Computer Security Issues Identity theft Driveby downloads Botnets Distributed denial of service attacks Serious security flaws in many important systems –electronic voting machines, ATM systems CS52613Topic 1

CS52614 Why Do Computer Attacks Occur? Who are the attackers? –bored teenagers, criminals, organized crime organizations, rogue (or other) states, industrial espionage, angry employees, … Why they do it? –fun, –fame, –profit, … computer systems are where the moneys are –Political/military objectives Topic 1

CS52615 Why These Attacks Can Succeed? Software/computer/information systems/designs are buggy –They are complex, dynamic, and increasingly so Users make mistakes Some Technological factors –Von Neumann architecture: stored programs mixing code and data –Unsafe program languages Topic 1

CS52616 Why Do These Factors Exist? Economical factors –Lack of incentives for secure software –Security is difficult, expensive and takes time Human factors –Lack of security training for software engineers –Largely uneducated population Topic 1

CS52617 Security is Not Absolute Is your phone secure? What does “secure” mean? Security is relative –to the kinds of loss one consider security objectives/properties need to be stated –to the threats/adversaries under consideration. security is always under certain assumptions Topic 1

CS52618 Security is Secondary What protection/security mechanisms one has in the physical world? Why the need for security mechanisms arises? Security is secondary to the interactions that make security necessary. Robert H. Morris : The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it. Topic 1

CS52619 Information Security is Interesting The most interesting/challenging threats to security are posed by human adversaries –Security is harder than reliability Information security is a self-sustaining field –Can work both from attack perspective and from defense perspective Security is about benefit/cost tradeoff –Thought often the tradeoff analysis is not explicit Security is not all technological –Humans are often the weakest link Topic 1

CS52620 Information Security is Challenging Defense is almost always harder than attack. In which ways information security is more difficult than physical security? –adversaries can come from anywhere –computers enable large-scale automation –adversaries can be difficult to identify –adversaries can be difficult to punish –potential payoff can be much higher In which ways information security is easier than physical security? Topic 1

CS52621 Tools for Information Security Cryptography Authentication and Access control Hardware/software architecture for separation Processes and tools for developing more secure software Monitoring and analysis Recovery and response Topic 1

CS52622 What is This Course About? Learn to think about security when doing things Learn how computers can be attacked, how to prevent attacks and/or limit their consequences. –No silver bullet; man-made complex systems will have errors; errors may be exploited –Large number of ways to attack –Large collection of specific methods for specific purposes Learn to understand and apply security principles when designing/building/analyzing systems Topic 1

CS52623 Ethical Use of Security Information We discuss vulnerabilities and attacks –Most vulnerabilities have been fixed –Some attacks may still cause harm –Do not try these outside the context of this course Topic 1

Policies for Homework Cheating It is allowed/encouraged to discuss homework problems However, if you looks at another student’s written or typed answers, or let another student look at your written or typed answers, that is considered cheating. If caught for the first time, receive 0 in the assignment. For the second time, receive a failing grade in class. CS526Topic 124

CS52625 Coming Attractions … Cryptography: terminology and classic ciphers. Readings –Cryptography on WikipediaCryptography on Wikipedia Topic 1