CS470, A.SelcukThe Big Picture1 The Big Picture Practical, Economic, Legal Considerations CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin.

Slides:



Advertisements
Similar presentations
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
Advertisements

Chapter 1  Introduction 1 Chapter 1: Introduction.
Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
Upgrading Software CIT 1100 Chapter4.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
VM: Chapter 5 Guiding Principles for Software Security.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
1 The Cost Approach An introduction Wayne Foss, MBA, MAI Wayne Foss Appraisals, Inc.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.
Key Distribution CS 470 Introduction to Applied Cryptography
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
Installing and Configuring a Secure Web Server COEN 351 David Papay.
AN INTRODUCTION TO LINUX OPERATING SYSTEM Zihui Han.
The Top Ten of Security. Ten best practices for securing your network. Ten best security web sites. Eight certifications.
Introduction to Network Defense
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
SEC835 Database and Web application security Information Security Architecture.
10 Tips for keeping MCL safe 1. Set up your defenses. Do you have adequate firewalls and antivirus software to protect you from hackers who could steal.
Part 2- An IT Auditing Framework
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
Honeypot and Intrusion Detection System
The Beneficent the MERCIFUL In the NAME of. “ASSURING RELIABLE AND SECURE IT SERVICES”
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
CPT 123 Internet Skills Class Notes Internet Security Session A.
Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
RootKit By Parrag Mehta OUTLINE What is a RootKit ? Installation Types How do RootKits work ? Detection Removal Prevention Conclusion References.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Mario Čagalj Sveučilište u Splitu 2014/15. Sigurnost računala i podataka.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Trusted Operating Systems
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.
Big Data – Practical Steps Patricia Van Dyke Why do we care…  For the right reasons › Customers  For the forced reasons › Legislation.
By Kyle Bickel.  Securing a host computer is making sure that your computer is secure when it’s connected to the internet  This be done by several protective.
Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Understanding Security Policies Lesson 3. Objectives.
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Understanding Security Policies
Working at a Small-to-Medium Business or ISP – Chapter 8
Security+ All-In-One Edition Chapter 1 – General Security Concepts
Chapter3 Security Strategies.
Firewall Configuration and Administration
HARDENING CLIENT COMPUTERS
Computer Security for Businesses
O.S. Security.
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Network Security in Academia: an Oxymoron?
Presentation transcript:

CS470, A.SelcukThe Big Picture1 The Big Picture Practical, Economic, Legal Considerations CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk

CS470, A.SelcukThe Big Picture2 Prudent Practices for Info.Sec. Compartmentalize –Not everyone should have access to everything –e.g. root vs. user accounts, kernel vs. user mode –“least privilege” principle –need-to-know basis Secure the weakest link (10,000 bit symmetric key doesn’t make sense) Use chock points –Constrain access to the system (gateways, firewalls, etc.)

CS470, A.SelcukThe Big Picture3 Prudent Practices (cont’d) Provide “defense in depth” E.g., in bank security: door lock – alarm – safe E.g., firewall – IDS – an internal firewall Don’t release unnecessary information E.g., version of the OS, of the program running, etc. Embrace simplicity Educate & convince users Question your assumptions constantly

CS470, A.SelcukThe Big Picture4 80/20 Rule of InfoSec Pareto principle: Top 20% owns 80% of the land. 80/20 Rule of InfoSec (according to Symantec): Remove unneeded services –remove components, programs, services from your system until the minimum "business needed" remain. Keep Patch Levels Current (helped by Item 1) –use automation whenever possible –priority to public and internal servers Enforce Strong Passwords –long, mixed-character passwords –periodic changes

CS470, A.SelcukThe Big Picture5 Economic Drawbacks Ordinary users don’t care much about security (care more about fancy features) First mover advantage –Ship the product now; get it right by v3. (e.g., Microsoft IE) Asymmetric information –There is no easy way to tell a good security product from a bad one –which pulls prices & quality down

CS470, A.SelcukThe Big Picture6 Economic Drawbacks (of lesser significance) Differentiated pricing –To keep low-cost alternatives poorer in quality (on purpose) –any security-product applications? Network effects –Number of users determine the value of product –E.g., telephone, fax, the Internet, E-bay, etc. –Security: not-so-tight security helps attracting developers & users (any practical cases?)

CS470, A.SelcukThe Big Picture7 Legal Drawbacks Who is liable (in addition to the attacker)? –the faulty software manufacturer? –the attack origin ISP? –the victim’s system administrator? –the network operators? Involved parties can help to reduce the potential of an attack, but don’t have much incentive to do so.

CS470, A.SelcukThe Big Picture8 Other Drawbacks Lack of information sharing –Market forces discourage revealing past incidents (for consumer confidence) –e.g., Citibank, 1995 (“Don’t publicize”) –Result: No reliable information or estimates (Sol’n attempt: CERTs, “Center for Internet Security”) Position of the interior –Attacker has the initiative of when & where to hit Potential Solution (partial): –UL model, pushed by the insurance industry (may solve the problem of product evaluation) –Limitation: Hard to evaluate software security

CS470, A.SelcukThe Big Picture9 Detection, Response, Risk Management Prevention alone is not sufficient. Detection & response mechanisms are also needed. (E.g., no door lock can alone prevent burglaries) Risk management –Risks will always be with us; it’s important to know how to manage them. Every security system must answer: –Defense against what kind of adversary, with what resources? –What is the potential loss?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.