Download presentation
Presentation is loading. Please wait.
Published bySamantha Sara O’Brien’ Modified over 8 years ago
1
INTRO TO CYBER SECURITY [SI110] LT Brian Kiehl | kiehl@usna.edu
2
Introductions & Attendance Section Leader / Assistant Section Leader LT Kiehl’s Page: http://rona.cs.usna.edu/~kiehl http://rona.cs.usna.edu/~kiehl Message Board To share information…later on we’ll attack it! Course Page: http://rona.academy.usna.edu/~si110/ http://rona.academy.usna.edu/~si110/ Calendar, Outline, Resources, Info Public Mirror Site: http://www.usna.edu/cs/si110 http://www.usna.edu/cs/si110 Use when off-yard, or if regular course site is down Not always updated! * Bookmark these links!
3
Bring your laptop and power supply to class Enough charge to last for the whole class period NO Surfing, Facebook, Email, Other Work Homework Policy Homework – Printed from the course calendar and completed prior to entering the classroom. Read the online lesson, and then complete the HW! Grading & Late Policy Tonight’s HW & Software Installs Labs You must make up any missed labs – usually Sunday night @ MGSP Exams Common Exams (X-Period / See Calendar) Grading Breakdown Final grade break-down 6-week Exam: 15% 12-week Exam: 15% Final Exam: 30% Homework: 15% Labs: 15% Instructor Option: 10% (Quizzes, Participation, etc.)
4
Cyber Operations: Attack & Defense Digital Forensics, Basic Forensics Lab Malware, Attack Vectors Case Studies Phases of a Cyber Attack & Cyber Reconnaissance Cyber Attack Discussion, Cyber Attack Lab Cyber Defense, Cyber Defense Lab, All-out Attack Lab Security Tools: Information Assurance Symmetric, Asymmetric Encryption Hashing & Passwords Cryptography/ Digital Cryptography Digital Certificates Lab Network, Port security, Firewalls Steganography, Hidden files, File Security Network Risk assessment Cyber Battlefield: Defining the Digital World Digital Data: Bits & Bytes (0’s &1’s) Basics of Computer Components System Overviews: Windows, Linux Basics of Coding & Scripting Basic Web & HTML Client & Server Side Scripting Web Injection Attacks Networking Basics, Ports Protocols Wired & Wireless Network
5
Consider recent attackers: Syrian Electronic Army Chinese Hackers Anonymous Lauri Love Or victims of attacks: Sony NASA US Army, US Navy Adobe Target JP Morgan Apple Facebook, Google, Yahoo Cost of cyber security breaches stats stats Why should you care? DoD Networks – sensitive information Networked nature of warfare Every member of the military is an operator in the cyber domain when using a networked system, a keyboard,… Aircraft, Ships, Subs, ground or shore forces, command and control system, etc
6
Cyber threats = 3rd greatest threat to U.S. (behind Nuclear & WMD) Inexpensive Easily developed Don’t need physical access to country or target Low Risk / High Reward for adversaries Creation of a Cyber Weapon requires only a few things: Means: software developers, tools Vulnerability Intent Over 100 countries worldwide have cyber weapons development efforts underway...
7
Computer Network ProgramsTerrorist Organized Crime Botnets EspionagePhysical Destruction
9
Network? Disconnect it from the Internet Computers? Turn it off and store in a waterproof/fireproof safe Data? Disconnect the hard drive and store in a waterproof/fireproof safe Then what? Information Assurance
10
Data: raw facts with no context Often stored in a database Just numbers and text stored on disk Example: Is 70301? The date 7/03/01 $70,301 The zip code for Thibodaux, LA Data is only useful when put into context Data with context is information Information Assurance
11
Systems that store, process, and transmit data in some context Storing, processing, transmitting of data is a service Thus, information systems provide services What service is provided depends on the system and data/information The goal – what we defend: Provide services to authorized users AND Protect key attributes of the information called the Pillars of Information Assurance AND Achieve INFORMATION DOMINANCE Information Assurance Security for an Information System means the ongoing ability for the system to provide its services while maintaining the pillars of Information Assurance…
12
C – Confidentiality I – Integrity A – Availability N – Non-repudiation A – Authentication Fundamental properties of information that must be maintained! These properties are what we defend (or attack)! Information Assurance This is CIANA. She will help you remember the pillars of IA.
13
Protection of information from disclosure to unauthorized individuals, systems, or entities Example: In December 2013, national retailer Target reported the theft of records for 40 million credit and debit cards used at its stores. Not long after the breach, the card data was being sold at underground forums to thieves. The credit card data was supposed to be confidential, but confidentiality was not preserved. Information Assurance
14
Protection of information, systems, and services from unauthorized modification or destruction Example: In 2010, the Stuxnet computer worm was used to infiltrate the computer systems controlling Iran's nuclear enrichment centrifuges. The Stuxnet code modified the programmable logic controller (PLC) software, causing the centrifuges to spin out of control, while giving the console operators only normal indications. The integrity of the PLC software was violated in this attack. Information Assurance
15
Timely, reliable access to data and information services by authorized users Example: In 2008, computer systems supporting banks, media, communications, transportation, and other infrastructure in the nation of Georgia experienced a widespread denial-of-service (DOS) attack originating from Russia. At the time, a dispute had flared up between Georgia and Russia over control of areas along the Georgia-Russia border. The availability of critical systems through Georgia's public internet was greatly diminished. Information Assurance
16
The ability to correlate, with high certainty, a recorded action with its originating individual or entity Example: In early December, 2012, all personnel at the Naval Academy received an email from the Superintendent of the Naval Academy declaring that Navy would lose to Army, and other lies. The Superintendent did not send the email, it was spoofed. The spoofed email is an attack on non-repudiation because it wasn’t really from the Superintendent. Information Assurance
17
The ability to verify the identity of an individual or entity. Example: In 2011, a company called RSA, which provides security services, acknowledged its proprietary authentication system, which is employed by some defense contractors and other high-security industries, was compromised. As a result, the attackers were also able to log into systems at Lockheed Martin, and other companies, using the stolen credentials of legitimate users, violating authentication. Information Assurance
18
Fundamental balance between security and functionality Computer in a fireproof/waterproof safe is very secure Not very usable – no way for data to flow in or out More services provided/allowed → the more opportunities for an attacker (more ways in/out of the system that need to be secured) Risk management approach Must weigh the value of a service against the security implications of allowing it Information Assurance
19
Risk Management Assess the risk(s) against an information system’s Confidentiality Integrity Availability Non-repudiation Authentication Mitigate risk to maintain the above attributes Risks can include Hardware and software errors Malicious threats Human error Accidents Natural disasters Information Assurance
20
No one right answer Example: Remote Desktop for Windows allows someone to access the computer remotely from anywhere, i.e. without physically sitting at the keyboard / monitor Consider the decision whether or not to turn on Remote Desktop in two cases: -Your grandmother’s computer -The Chief of Naval Operation’s Computer Information Assurance
21
For full credit on your homework and exam answers, where appropriate, you should identify the pillar(s) as they relate to the question. - Ask yourself: which pillar applies? Have any been violated? Spelling & grammar count! Information Assurance
22
We will study many exciting topics in this class in a CONTROLLED ENVIRONMENT The tools and techniques we learn & discuss could be used in an unethical/illegal way – DON’T! Read and understand the course policy Track the learning objectives See me or your classmates if you’re not “tracking” Participate, Participate, Participate 5% of final grade – HW effort, discussion & questions in class, and no sleeping! Homework #0 is due the next time we meet! Have Fun!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.