Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTRO TO CYBER SECURITY [SI110] LT Brian Kiehl |

Published bySamantha Sara O’Brien’ Modified over 8 years ago

Similar presentations

Presentation on theme: "INTRO TO CYBER SECURITY [SI110] LT Brian Kiehl |"— Presentation transcript:

1 INTRO TO CYBER SECURITY [SI110] LT Brian Kiehl | kiehl@usna.edu

2  Introductions & Attendance  Section Leader / Assistant Section Leader  LT Kiehl’s Page: http://rona.cs.usna.edu/~kiehl http://rona.cs.usna.edu/~kiehl  Message Board  To share information…later on we’ll attack it!  Course Page: http://rona.academy.usna.edu/~si110/ http://rona.academy.usna.edu/~si110/  Calendar, Outline, Resources, Info  Public Mirror Site: http://www.usna.edu/cs/si110 http://www.usna.edu/cs/si110  Use when off-yard, or if regular course site is down  Not always updated! * Bookmark these links!

3  Bring your laptop and power supply to class  Enough charge to last for the whole class period  NO Surfing, Facebook, Email, Other Work  Homework Policy  Homework – Printed from the course calendar and completed prior to entering the classroom.  Read the online lesson, and then complete the HW!  Grading & Late Policy  Tonight’s HW & Software Installs  Labs  You must make up any missed labs – usually Sunday night @ MGSP  Exams  Common Exams (X-Period / See Calendar)  Grading Breakdown  Final grade break-down  6-week Exam: 15%  12-week Exam: 15%  Final Exam: 30%  Homework: 15%  Labs: 15%  Instructor Option: 10% (Quizzes, Participation, etc.)

4 Cyber Operations: Attack & Defense Digital Forensics, Basic Forensics Lab Malware, Attack Vectors Case Studies Phases of a Cyber Attack & Cyber Reconnaissance Cyber Attack Discussion, Cyber Attack Lab Cyber Defense, Cyber Defense Lab, All-out Attack Lab Security Tools: Information Assurance Symmetric, Asymmetric Encryption Hashing & Passwords Cryptography/ Digital Cryptography Digital Certificates Lab Network, Port security, Firewalls Steganography, Hidden files, File Security Network Risk assessment Cyber Battlefield: Defining the Digital World Digital Data: Bits & Bytes (0’s &1’s) Basics of Computer Components System Overviews: Windows, Linux Basics of Coding & Scripting Basic Web & HTML Client & Server Side Scripting Web Injection Attacks Networking Basics, Ports Protocols Wired & Wireless Network

5 Consider recent attackers:  Syrian Electronic Army  Chinese Hackers  Anonymous  Lauri Love Or victims of attacks:  Sony  NASA  US Army, US Navy  Adobe  Target  JP Morgan  Apple  Facebook, Google, Yahoo  Cost of cyber security breaches  stats stats Why should you care?  DoD Networks – sensitive information  Networked nature of warfare  Every member of the military is an operator in the cyber domain when using a networked system, a keyboard,…  Aircraft, Ships, Subs, ground or shore forces, command and control system, etc

6  Cyber threats = 3rd greatest threat to U.S. (behind Nuclear & WMD)  Inexpensive  Easily developed  Don’t need physical access to country or target  Low Risk / High Reward for adversaries  Creation of a Cyber Weapon requires only a few things:  Means: software developers, tools  Vulnerability  Intent  Over 100 countries worldwide have cyber weapons development efforts underway...

7 Computer Network ProgramsTerrorist Organized Crime Botnets EspionagePhysical Destruction

8

9  Network?  Disconnect it from the Internet  Computers?  Turn it off and store in a waterproof/fireproof safe  Data?  Disconnect the hard drive and store in a waterproof/fireproof safe  Then what? Information Assurance

10  Data: raw facts with no context  Often stored in a database  Just numbers and text stored on disk  Example: Is 70301?  The date 7/03/01  $70,301  The zip code for Thibodaux, LA  Data is only useful when put into context  Data with context is information Information Assurance

11  Systems that store, process, and transmit data in some context  Storing, processing, transmitting of data is a service  Thus, information systems provide services  What service is provided depends on the system and data/information  The goal – what we defend: Provide services to authorized users AND Protect key attributes of the information called the Pillars of Information Assurance AND Achieve INFORMATION DOMINANCE Information Assurance Security for an Information System means the ongoing ability for the system to provide its services while maintaining the pillars of Information Assurance…

12  C – Confidentiality  I – Integrity  A – Availability  N – Non-repudiation  A – Authentication Fundamental properties of information that must be maintained! These properties are what we defend (or attack)! Information Assurance This is CIANA. She will help you remember the pillars of IA.

13  Protection of information from disclosure to unauthorized individuals, systems, or entities Example: In December 2013, national retailer Target reported the theft of records for 40 million credit and debit cards used at its stores. Not long after the breach, the card data was being sold at underground forums to thieves. The credit card data was supposed to be confidential, but confidentiality was not preserved. Information Assurance

14  Protection of information, systems, and services from unauthorized modification or destruction Example: In 2010, the Stuxnet computer worm was used to infiltrate the computer systems controlling Iran's nuclear enrichment centrifuges. The Stuxnet code modified the programmable logic controller (PLC) software, causing the centrifuges to spin out of control, while giving the console operators only normal indications. The integrity of the PLC software was violated in this attack. Information Assurance

15  Timely, reliable access to data and information services by authorized users Example: In 2008, computer systems supporting banks, media, communications, transportation, and other infrastructure in the nation of Georgia experienced a widespread denial-of-service (DOS) attack originating from Russia. At the time, a dispute had flared up between Georgia and Russia over control of areas along the Georgia-Russia border. The availability of critical systems through Georgia's public internet was greatly diminished. Information Assurance

16  The ability to correlate, with high certainty, a recorded action with its originating individual or entity Example: In early December, 2012, all personnel at the Naval Academy received an email from the Superintendent of the Naval Academy declaring that Navy would lose to Army, and other lies. The Superintendent did not send the email, it was spoofed. The spoofed email is an attack on non-repudiation because it wasn’t really from the Superintendent. Information Assurance

17  The ability to verify the identity of an individual or entity. Example: In 2011, a company called RSA, which provides security services, acknowledged its proprietary authentication system, which is employed by some defense contractors and other high-security industries, was compromised. As a result, the attackers were also able to log into systems at Lockheed Martin, and other companies, using the stolen credentials of legitimate users, violating authentication. Information Assurance

18  Fundamental balance between security and functionality  Computer in a fireproof/waterproof safe is very secure  Not very usable – no way for data to flow in or out  More services provided/allowed → the more opportunities for an attacker (more ways in/out of the system that need to be secured)  Risk management approach  Must weigh the value of a service against the security implications of allowing it Information Assurance

19  Risk Management  Assess the risk(s) against an information system’s  Confidentiality  Integrity  Availability  Non-repudiation  Authentication  Mitigate risk to maintain the above attributes  Risks can include  Hardware and software errors  Malicious threats  Human error  Accidents  Natural disasters Information Assurance

20  No one right answer Example: Remote Desktop for Windows allows someone to access the computer remotely from anywhere, i.e. without physically sitting at the keyboard / monitor Consider the decision whether or not to turn on Remote Desktop in two cases: -Your grandmother’s computer -The Chief of Naval Operation’s Computer Information Assurance

21  For full credit on your homework and exam answers, where appropriate, you should identify the pillar(s) as they relate to the question. - Ask yourself: which pillar applies? Have any been violated?  Spelling & grammar count! Information Assurance

22  We will study many exciting topics in this class in a CONTROLLED ENVIRONMENT  The tools and techniques we learn & discuss could be used in an unethical/illegal way – DON’T!  Read and understand the course policy  Track the learning objectives  See me or your classmates if you’re not “tracking”  Participate, Participate, Participate  5% of final grade – HW effort, discussion & questions in class, and no sleeping!  Homework #0 is due the next time we meet!  Have Fun!

Download ppt "INTRO TO CYBER SECURITY [SI110] LT Brian Kiehl |"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Chapter 13 Network Security. Contents Definition of information security Role of network security Vulnerabilities, threats and controls Network security.

Chapter 13 Network Security. Contents Definition of information security Role of network security Vulnerabilities, threats and controls Network security.
Securing Information Systems

Securing Information Systems
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
A First Course in Information Security

A First Course in Information Security

Similar presentations

Ads by Google