CIT 380: Securing Computer Systems Security Solutions Part 2.

Slides:



Advertisements
Similar presentations
An Overview of Computer and Network Security Nick Feamster CS 6262 Spring 2009.
Advertisements

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Countering Trusting Trust with Diverse Double-Compiling (by David A Wheeler) Dan Frohlich.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp Copyright 1984, Association for Computing.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Trusting the Trust Budi Rahardjo Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
BACKDOORS in Software Seminar on Software University of Turku January 2008 Eino Malinen.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Lesson 19: Configuring Windows Firewall
1 Lecture 24 Hiding Exploit in Compilers bootstrapping, self-generating code, tombstone diagrams Ras Bodik Mangpo and Ali Hack Your Language! CS164: Introduction.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
Adware, Spyware, and Malware Anand Dedhia Bharath Raj ECE 4112 Project 28 April 2005.
Information Security Technological Security Implementation and Privacy Protection.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
PART THREE E-commerce in Action Norton University E-commerce in Action.
CIT 380: Securing Computer Systems Security Solutions.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
VNC Greg Fankhanel Jessica Nunn Jennifer Romero. What is it? Stands for Virtual Network Computing It is remote control software which allows you to view.
1 Precise Enforcement of Policies After we have a policy, is there always a mechanism to enforce it? If so, can we devise a generic procedure for developing.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
1 NEW GENERATION SECURE COMPUTING BASE. 2 INTRODUCTION  Next Generation Secure Computing Base,formerly known as Palladium.  The aim for palladium is.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Threat Modeling.
CSC 682: Advanced Computer SecuritySlide #1 CSC 682: Advanced Computer Security Introduction.
11 CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11.
Introduction University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD.
IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Identity.
Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
Security & Trusting Trust Swarun Kumar Based on slides courtesy: Jorge Simosa MIT Spring 2013.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
Security fundamentals Topic 1 Addressing security threats and vulnerabilities.
Polytechnic University Introduction1 CS 393/682: Network Security Professor Keith W. Ross.
CIT 380: Securing Computer SystemsSlide #1 CIT 380 Securing Computer Systems Threats.
MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.
Basic Security Concepts University of Sunderland CIT304 Harry R Erwin, PhD.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Covert Channels Eric Pennington COSC480. Common Network Threats  Viruses, Trojans, Worms, etc.  Password Attacks  Eavesdropping  Port Scanning  Not.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Insecure PCs virus malware phishing spam spyware botnets DNS spoofing identity theft Trojan horse buffer overflow DoS attack worm keyloggers cross-site.
CIT 480: Securing Computer Systems
Mark Ryan Professor of Computer Security 25 November 2009
CSC 482/582: Computer Security
Backdoor Attacks.
Threats and Survivability Architectures
QuickBooks is a leading accounting software, trusted by millions of small and medium-sized businesses. It’s a multi-tasking software that helps businesspersons.
CSC 482/582: Computer Security
Executive Director and Endowed Chair
Executive Director and Endowed Chair
Chapter 27 Security Engineering
What you will need to Register
CS-3013 Operating Systems Hugh C. Lauer
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Presentation transcript:

CIT 380: Securing Computer Systems Security Solutions Part 2

CIT 380: Securing Computer Systems Slide #2 Assumptions Security rests on assumptions specific to type of security required and environment.

Assumptions Example: – TCP/IP designed for pre-commercial Internet. Assumed only legitimate administrators had root access. Trusted IP addresses, since only root can set IP address. What happens to network when Windows 95 systems added to network, where desktop user has all privileges? CIT 380: Securing Computer Systems Slide #3

CIT 380: Securing Computer Systems Slide #4 Assurance How much can you trust a system? Example: – Purchasing aspirin from a drugstore. – Bases for trust: Certification of drug by FDA. Reputation of manufacturer. Safety seal on bottle.

CIT 380: Securing Computer Systems Slide #5 How much do you trust? Ken Thompson’s compiler hack from “Reflections on Trusting Trust.” – Modified C compiler does two things: If compiling a compiler, inserts the self-replicating code into the executable of the new compiler. If compiling login, inserts code to allow a backdoor password.

How much do you trust? – After recompiling and installing old C compiler: Source code for Trojan horse does not appear anywhere in login or C compiler. Only method of finding Trojan is analyzing binary. CIT 380: Securing Computer Systems Slide #6

CIT 380: Securing Computer Systems Slide #7 Key Points Components of security – Confidentiality – Integrity – Availability States of information – Storage, Processing, Transmission Evaluating risk and security solutions. – Security is a matter of trade-offs. Security is a human problem.

Discussion: Gas Drive Away Without Paying What measures can be imposed? What are the costs for the merchant and the customer? Do the benefits outweigh the costs?

CIT 380: Securing Computer Systems Slide #9 References 1.Ross Anderson, Security Engineering, Wiley, Matt Bishop, Introduction to Computer Security, Addison-Wesley, Peter Neumann, (moderator), Risks Digest, 4.Bruce Schneier, Beyond Fear, Copernicus Books, Ken Thompson, “Reflections on Trusting Trust”, Communication of the ACM, Vol. 27, No. 8, August 1984, pp (

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.