Got Security? Information Assurance Considerations for Your Research, Course Projects, and Everyday Life James Cannady, Ph.D. Assistant Professor.

Slides:



Advertisements
Similar presentations
© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Lecture 1: Overview modified from slides of Lawrie Brown.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security
Lecture 11 Reliability and Security in IT infrastructure.
Introduction (Pendahuluan)  Information Security.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
CYBER CRIME AND SECURITY TRENDS
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
APA of Isfahan University of Technology In the name of God.
Securing Information Systems
SEC835 Database and Web application security Information Security Architecture.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
PART THREE E-commerce in Action Norton University E-commerce in Action.
BUSINESS B1 Information Security.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
C8- Securing Information Systems
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
ACM 511 Introduction to Computer Networks. Computer Networks.
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
The Digital Crime Scene: A Software Perspective Written By: David Aucsmith Presented By: Maria Baron.
Computer Security By Duncan Hall.
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 1: Why Study Information Security?
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Securing Information Systems
Securing Information Systems
INFORMATION SYSTEMS SECURITY and CONTROL
Mohammad Alauthman Computer Security Mohammad Alauthman
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Got Security? Information Assurance Considerations for Your Research, Course Projects, and Everyday Life James Cannady, Ph.D. Assistant Professor

Information Security  Those measures, procedures, or controls which provide an acceptable degree of safety of information resources from accidental or unauthorized intentional disclosure, modification, or destruction.  Based on the assumption that others either want your data or want to prevent you from having it.  Insecurity is the result of flaws, improper configurations, errors and bad design.  Patches and security add-ons merely address the symptoms, not the cause.

Information Security Problem  A large, rapidly growing international issue  Key to growth of digital environments  Critical infrastructure at risk  True magnitude of the problem unknown

Why bother with Information Security??  Some of our information needs to be protected against unauthorized disclosure for legal and competitive reasons  All of the information we store and refer to must be protected against accidental or deliberate modification  Information must be available in a timely fashion.  We must also establish and maintain the authenticity (correct attribution) of documents we create, send and receive  If poor security practices allow damage to our systems, we may be subject to criminal or civil legal proceedings  Good security can be seen as part of the market development strategy

The Changing Security Environment The landscape for information security is changing:  From closed systems and networks to Internet connectivity  From manual to automated processes  Increased emphasis of information security as core/critical requirement

Evidence  90%: businesses detected computer security breaches within the last twelve months  70%: reported a variety of serious computer security breaches (e.g., theft of proprietary information, financial fraud, system penetration from outsiders, denial of service attacks and sabotage of data or networks)  74%: acknowledged financial losses due to computer breaches  19%: reported ten or more incidents Source: Computer Security Institute 2000 Computer Crime and Security Survey

The Four Big Issues:  Authentication: Validation of transmissions, messages, and users  Confidentiality: Assurance that information is not disclosed to unauthorized entities or processes  Integrity: Assurance that information is not modified by unauthorized entities or processes  Reliability & Availability: Assurance that information systems will function when required Specific Security Issues & Solutions

Validation of transmissions, messages, and users  IP Spoofing: –Filtering routers  Fake Web Sites: –Web Site Certification –DNS certification  Unauthorized Users: –IP authentication –Identification devices –Intrusion Detection Systems Authentication

Assurance that information is not disclosed to unauthorized entities or processes  Sniffing: –Encryption –Intrusion Detection  Unauthorized File Access: –Firewalls –Intrusion Detection Systems Confidentiality

Assurance that data or processes have not been altered or corrupted by chance or by malice  Corrupted Web Sites: –Web Site Certification –Intrusion Detection  Corrupted Data Bases: –Encryption –Intrusion Detection Integrity

Assurance that information systems will function when required  Denial of Service Attacks (e.g. SYN flooding): –Bandwidth –Attack Detection –Redundancy Reliability & Availability

The Threat Environment  Information technology is more vulnerable than ever: –Open –Distributed –Complex –Highly Dynamic  Attacks are becoming more sophisticated  Tools to exploit system vulnerabilities are readily available and require minimal expertise

Typical Threats  Eavesdropping and “sniffing”  System Penetration  Authorization Violation  Spoofing/Masquerading  Tampering  Repudiation  Trojan Horse  Denial of Service

Common Security Mechanisms  Obscurity  Firewalls  Intrusion Detection  Vulnerability/Security Assessment Tools  Virus Detection  Host Security  Authentication Systems  Cryptography

 1999 INFOSEC Research Council  Defines nine particularly difficult security problems impacting all aspects of IT. InfoSec Hard Problems

1.Intrusion Detection –The timely and accurate detection of network attacks –Extremely important –No shortage of COTS –Limited effectiveness and reliability InfoSec Hard Problems

2. Intrusion Response –What do you do after an attack is detected? –What do you do when you’re wrong? InfoSec Hard Problems

3. Malicious Code Detection –Trojan horses, “dead” code, etc. –Example: Windows 98 InfoSec Hard Problems

4. Controlled Sharing of Sensitive Information –Sharing information from a variety of sources to different recipients. –Classified information in an Open Environment InfoSec Hard Problems

5. Application Security –How do the applications enforce their own requirements? –How does it effect the rest of the network? InfoSec Hard Problems

6. Denial of Service –Simple and effective –“Unfortunately there is currently no method available of identifying and responding to a denial of service attack in an efficient and autonomous manner” (National Research Council, 1998). InfoSec Hard Problems

7. Communications Security –Protecting information in transit from unauthorized disclosure, and providing support for anonymity in networked environments. InfoSec Hard Problems

8. Security Management Infrastructure –Providing tools and techniques for managing the security services in very large networks that are subject to hostile attack. InfoSec Hard Problems

9. Information Security for Mobile Warfare –Developing information security techniques and systems that are responsive to the special needs of mobile tactical environments. –Wireless security InfoSec Hard Problems

Advantages of InfoSec Research  Important problem –Touches all aspects of IT  Little research has been done –Large variety of potential dissertation topics –Can be incorporated into other IT topics  Opportunities for publications –Growing number of publications –Can add InfoSec to more traditional topic to increase opportunities  Huge job market for those with experience –Job openings for network security professionals have increased 200 percent in the past six months

In Review Security is a complex and growing area of information technology There are numerous opportunities for InfoSec research Demonstrated security experience can be a key discriminator in any IT career

Ongoing Research at NSU  Benedict Eu – Dynamic Computer Defense in Depth  Dennis Bauer – Intrusion detection using evolution strategies  Jim Dollens – Intrusion detection using computer system DNA  Al Fundaburk – Developing an information security curriculum

Questions? Dr. James Cannady (954)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.