Presentation is loading. Please wait.

Presentation is loading. Please wait.

Week 12 - Friday CS363.

Published byRandolf Wood Modified over 6 years ago

Similar presentations

Presentation on theme: "Week 12 - Friday CS363."— Presentation transcript:

1 Week 12 - Friday CS363

2 Last time What did we talk about last time? Security planning
Risk analysis Security policies

3 Questions?

4 Project 3

5 Bradley Levine Presents

6 Physical Security

7 Natural disasters Flood Fire Everything else
Water is problematic, but usually there is some warning Hardware and software is replaceable Data often is not Backups should be made Critical hard drives should be marked so that they can be removed first Fire Fire is worse There is usually less time to react and the threat to humans is bigger Fire suppression systems for computing facilities should not use water Using CO2 or similar is good for computers but can kill humans Everything else Have contingency plans Insure physical assets Maintain off-site backups of critical data

8 Power issues Power loss Uninterruptible power supplies (UPS)
Causes vary In some countries, multiple power losses per day are routine Uninterruptible power supplies (UPS) Stores energy when there is power so that you can keep your systems running when there isn't Consumer UPSs are usually batteries Not a good solution for a large data center Large scale solutions are kinetic storage systems or generators UPSs generally only give you enough time to save data and do a safe shutdown Surge suppressor Power is not constant and can have drops, spikes, and surges Surge suppressors are inexpensive and should be used for all computer power supplies If possible, computers should be disconnected from power (and from phone and other outside lines) during a thunderstorm

9 Human vandals Unauthorized access Theft Preventing access
With networked systems everywhere, people eavesdropping on connections is easier Normal employees are also using computing resources for personal use Theft PCs, laptops, phones, PDAs, and portable media are easy to steal Preventing access Use a guard, a lock (traditional or swipe card) Preventing portability PCs can be locked to the desk Motion sensors to see when someone is where they shouldn't be Detecting theft RFID tags

10 Disposing of sensitive information
Shredding paper documents Some kinds of tape can also be shredded High sensitivity data should be burned after shredding Overwriting magnetic data Deleting files does not stop digital forensics experts Data on disks should be overwritten many times with random patterns of 1s and 0s (burning) Degaussing Passing a disk through a magnetic field so intense that all data is lost Van Eck phreaking safeguards Many computer components emanate electromagnetic radiation that can be reconstructed Tempest is a government certification standard for blocking these emissions (meeting the standard can be expensive) An entire building (such as the NSA headquarters near DC) can be shielded in copper to protect emissions

11 Backups Everything should be backed up, always
A complete backup covers the current state of all data Revolving backups keep the last few complete backups A selective (or incremental) backup stores only the files that have changed since the last backup Ideally, you should have an offsite backup of all your data in case of fire or flood Burning your critical data to a few DVDs and keeping them at home or school or vice versa is a good idea for you guys

12 Recovery Networked storage can allow for continuous offsite backups and make recovery easier If a computing center is destroyed or unusable, a cold site or shell is a facility with power and cooling where you can quickly rebuild a data center You have to supply the hardware A hot site has ready to run computer systems of the kind you might need You can pay a monthly fee to be ready to move into such a site at a moment's notice A kind of data availability insurance

13 Lockpicking

14 Locks Locks have been in use since ancient times and probably developed independently in the great ancient civilizations Locks you are likely to run into are: Warded locks Wafer tumbler locks Pin tumbler locks Combination locks

15 Warded locks Warded locks have existed since antiquity
The shape of the key must be able to pass through and around wards, shapes that could block poorly made keys Warded locks provide poor security but are still used for sheds, cabinets, and other low security applications

16 Skeleton keys All warded locks have the problem that they can be defeated by a skeleton key, a key stripped down to only the part needed to turn the mechanism In popular culture, the term skeleton key is often misused to mean old style keys for warded locks in general

17 Wafer tumbler locks Wafer tumbler locks have better security than warded locks A series of wafers blocks the rotation of a plug When a key pushes each wafer up to an appropriate height, the plug is free to turn They are picked in the same way as a pin tumbler lock, but they are easier because you can't push them up too far and you can generally pick each wafer in sequence

18 Pin tumbler locks Most house locks, office locks, and many car locks are pin tumbler locks Pin tumbler locks are similar to wafer tumbler locks A series of two part pins blocks the rotation of the plug A key that pushes all the pins up to their shear lines will allow the plug to turn Pins that are too high or too low will block the plug Pin tumbler locks can offer relatively high security at a reasonable cost

19 Picking locks Picking a pin tumbler (or wafer tumbler) lock is done by manipulating each pin (or wafer) into the correct position It is impossible to machine a lock perfectly, thus, if you try to turn the plug, one pin will be holding more pressure than the others If you can push that pin up to the shear line, it will snap in place, and another pin will now be holding more pressure If you can move through all the pins without letting any drop, the plug will turn

20 Tools of the trade You must apply a constant steady turning pressure while picking a lock This pressure is supplied by a tension wrench The wrench is usually just an L-shaped piece of spring steel Picks are also pieces of spring steel with a tip that is good for manipulating pins Popular picks include hook, ball, half diamond, and other types A pick set with a tension wrench and broken key extractor can be bought for around $20 on the Internet

21 Combination locks Removing combination locks without knowing the combination is called bypassing the lock Some techniques rely on hearing or feeling clicks made when turning the cams, particularly when pressure is applied to the shank Multiple dial combination locks are vulnerable to this attack All combination locks can be bypassed by brute force (if you have the time) Many of the methods rely on the fact that low-security locks are engineered with several digits of play This play can be exploited for drastically reduced brute force times (usually still hours)

22 Quiz

23 Upcoming

24 Next time… Intellectual property Information law

25 Reminders Read Sections 11.1 and 11.2
Keep working on Project 3 Phase 1 Due next Friday

Download ppt "Week 12 - Friday CS363."

Similar presentations

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
A new standard in Enterprise File Backup. Contents 1.Comparison with current backup methods 2.Introducing Snapshot EFB 3.Snapshot EFB features 4.Organization.

A new standard in Enterprise File Backup. Contents 1.Comparison with current backup methods 2.Introducing Snapshot EFB 3.Snapshot EFB features 4.Organization.
Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.

Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.
Backup Strategy. An Exam question will ask you to describe a backup strategy. Be able to explain: Safe, secure place in different location. Why? – For.

Backup Strategy. An Exam question will ask you to describe a backup strategy. Be able to explain: Safe, secure place in different location. Why? – For.
Chief Technology Officer (CTO) Council

Chief Technology Officer (CTO) Council
Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.

Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.
Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.

Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Preservasi Informasi Digital.  It will never happen here!  Common Causes of Loss of Data  Accidental Erasure (delete, power, backup)  Viruses and.

Preservasi Informasi Digital.  It will never happen here!  Common Causes of Loss of Data  Accidental Erasure (delete, power, backup)  Viruses and.
Saving Your Business from a Data Loss Randy Clark.

Saving Your Business from a Data Loss Randy Clark.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Identify a few method to dispose of the hard drive of computers.

Identify a few method to dispose of the hard drive of computers.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Physical Security.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Physical Security.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.
Week 11 - Friday.  What did we talk about last time?  Security planning  Risk analysis  Security policies.

Week 11 - Friday.  What did we talk about last time?  Security planning  Risk analysis  Security policies.
COMPUTER CARE & MAINTENANCE. Protecting Your Computer From Damage Like any kind of equipment, your computer requires care and maintenance to run smoothly.

COMPUTER CARE & MAINTENANCE. Protecting Your Computer From Damage Like any kind of equipment, your computer requires care and maintenance to run smoothly.
Module 7. Data Backups  Definitions: Protection vs. Backups vs. Archiving  Why plan for and execute data backups?  Considerations  Issues/Concerns.

Module 7. Data Backups  Definitions: Protection vs. Backups vs. Archiving  Why plan for and execute data backups?  Considerations  Issues/Concerns.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Similar presentations

Ads by Google