Working Connection Computer and Network Security - Introduction - Dr. Hwajung Lee Radford University.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Advertisements

Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.
L0. Introduction Rocky K. C. Chang, January 2013.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introducing Computer and Network Security
MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
CMSC 414 Computer (and Network) Security Jonathan Katz.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Storage Security and Management: Security Framework
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Cryptography and Network Security
Introduction to Network Security J. H. Wang Feb. 24, 2011.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
@Yuan Xue CS 285 Network Security Fall 2008.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Information Assurance Policy Tim Shimeall
Another perspective on Network Security Network Security Essentials: Applications and Standards, 4/E William Stallings ISBN-10: ISBN-13:
NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Computer and Network Security Rabie A. Ramadan. Organization of the Course (Cont.) 2 Textbooks William Stallings, “Cryptography and Network Security,”
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
CIS 4930/6930: Systems Security Instructor: Xinming “Simon” Ou TA: Xiaolong “Daniel” Wang Class time: MW 2-3:15 1.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.
Introduction to Information Security J. H. Wang Sep. 18, 2012.
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
Computer and Network Security - Message Digests, Kerberos, PKI –
Polytechnic University Introduction1 CS 393/682: Network Security Professor Keith W. Ross.
General Concerns on WWW Security Name: Huaying Chen ID# Instructor: Dr Mort Anvari.
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
I NTRODUCTION TO C OMPUTER S ECURITY Dr. Shahriar Bijani Shahed University.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
THE NEED FOR NETWORK SECURITY Hunar & Nawzad & Kovan & Abdulla & Aram.
CST 312 Pablo Breuer. measures to deter, prevent, detect, and correct security violations that involve the transmission of information.
@Yuan Xue CS 285 Network Security Fall 2013 Yuan Xue.
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
Fundamentals of Network Security Ravi Mukkamala SCI 101 October 6, 2003.
CEN 621 Cryptography and Network Security Spring Term CEN 621 Cryptography and Network Security Spring Term INTERNATIONAL BURCH UNIVERSITY.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
Network security Vlasov Illia
CS457 Introduction to Information Security Systems
Computer and Network Security
Information Security, Theory and Practice.
Information System and Network Security
Introduction to Information Security
Security in Networking
IT Vocab IT = information technology Server Client or host
Computer and Network Security
Introduction to the course
Another perspective on Network Security
Introduction to Cryptography
Introduction to Course
Presentation transcript:

Working Connection Computer and Network Security - Introduction - Dr. Hwajung Lee Radford University

Assignment A description of yourself, which includes: –Your name, , affiliation –Your area specialty (be specific) –The reason you are taking this class –A statement saying your level of knowledge on computer networks and discrete mathematics.

Topics will include: 1. Introduction –a. Security, Threats, and Vulnerabilities –b. Security Models –c. Cryptography and Cryptanalysis 2. Security Basics and Theory –a. Authentication –b. Protocols 3. Network Security –a. IPsec –b. Firewalls 4. Special Topics –a. Web security

Course textbook Textbook: Kaufman, C., Perlman, R. and Speciner, M., Network Security (Private Communication in a Public World), 2 nd edition, Prentice Hall References: William Stalling, Cryptography and Network Security, 2 nd edition, Prentice Hall Class notes: Computer Security, Pennsylvania State University

Class website s/itec693/itec693_SecurityBasic/ITE C693_schedule.htmhttp:// s/itec693/itec693_SecurityBasic/ITE C693_schedule.htm Group Presentation –See details in the class website

You need a basic understanding of Networks Discrete Mathematics

What is Computer/Information Security? Garfinkel and Spafford (1991) – “A computer is secure if you can depend on it and its software to behave as expected.” – Not really satisfactory – does not truly capture that security speaks to the behavior of others Expected by whom? Under what circumstances? McDaniel (2003) – “… information security (research) is the study of technologies that guarantee the privacy, access, and quality of electronic resources.”

Risk At-risk valued resources that can be misused – Monetary – Data (loss or integrity) – Time – Confidence – Trust What does being misused mean? – Privacy (personal) – Confidentiality (communication) – Integrity (personal or communication) – Availability (existential or quality) Q: What is at stake in your life?

Threat A threat is a specific means by which a risk can be realized – Context specific (a fact of the environment) – An attack vector is a specific threat (e.g., key logger) A threat model is a collection of threats that deemed important for a particular environment – E.g., should be addressed – A set of “ security requirements” for a system

Vulnerability A vulnerability is a systematic artifact that exposes the user, data, or system to a threat – E.g., buffer-overflow, WEP key leakage What is the source of a vulnerability? – Bad software (or hardware) – Bad design, requirements – Bad policy/configuration – System Misuse unintended purpose or environment E.g., student IDs for liquor store

Adversary An adversary is any entity trying to circumvent the security infrastructure – The curious and otherwise generally clueless (e.g., scriptkiddies) – Casual attackers seeking to understand systems – Venal people with an ax to grind – Malicious groups of largely sophisticated users (e.g, chaos clubs) – Competitors (industrial espionage) – Governments (seeking to monitor activities)

Are Users Adversaries? Have you ever tried to circumvent the security of a system you were authorized to access? Have you ever violated a security policy (knowingly or through carelessness)?

Attacks An attack occurs when someone attempts to exploit a vulnerability Kinds of attacks – Passive (e.g., eavesdropping) – Active (e.g., password guessing) A compromise occurs when an attack is successful –Typically associated with taking over/altering resources

Participants Participants are expected system entities – Computers, agents, people, enterprises, … – Depending on context referred to as: servers, clients, users, entities, hosts, routers, … – Security is defined with respect to these entitles Implication: every party may have unique view A trusted third party – Trusted by all parties for some set of actions – Often used as introducer or arbiter

Trust Trust refers to the degree to which an entity is expected to behave – What the entity not expected to do? E.g., not expose password – What the entity is expected to do (obligations)? E.g., obtain permission, refresh A trust model describes, for a particular environment, who is trusted to do what? Note: you make trust decisions every day – Q: What are they? – Q: Whom do you trust?

Security Model A security model is the combination of a trust and threat models that address the set of perceived risks – The “security requirements” used to develop some cogent and comprehensive design – Every design must have security model LAN network or global information system Java applet or operating system – The single biggest mistake seen in use of security is the lack of a coherent security model – It is very hard to retrofit security (design time) This class is going to talk a lot about security models – What are the security concerns (risks)? – What are the threats? – Who are our adversaries? – Who do we trust and to do what? Systems must be explicit about these things to be secure.

Example: Security Models Assume we have a University website that hosts courses through the web –Syllabus, other course information – Assignments submissions – Online Grading In class: elements of the security model – Participants – Adversaries – Risks – Threats

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.