Presentation is loading. Please wait.

Presentation is loading. Please wait.

Welcome Cyber Defense Bootcamp for High School Teacher

Published byRaquel Harvard Modified over 10 years ago

Similar presentations

Presentation on theme: "Welcome Cyber Defense Bootcamp for High School Teacher"— Presentation transcript:

1 Welcome Cyber Defense Bootcamp for High School Teacher
Cyber Defense Lab (ISAT/CS Room 140) Department of Computer Science James Madison University Summer, 2013

2 Introductions Bryan Conner Livia Griffith Hossain Heydari
Andrew Hutchson Evan Johnson Emil Salib Brett Tjaden Xunhua (Steve) Wang

3 Goals Have fun! Teach you about Cyber Defense so that you can:
Interest your students in Cyber Defense Teach your students about Cyber Defense Cyber Defense Clubs CyberPatriot Program (

4 Schedule Meet Monday – Friday: 9:00 – 10:15: Session #1
10:15 – 10:30: Break 10:30 – 11:45: Session #2 11:45 – 1:00: Lunch 1:00 – 2:15: Session #3 2:15 – 2:30: Break 2:30 – 4:45: Session #4

5 General Information No food or drinks near our brand-new laptops
Restrooms: Out the door and turn left Right at main hallway Right at next hallway Restrooms are on the right If you have a car on campus see us for a parking permit Fill out a W-9 form if you want your money

6 Questions Always welcome!

7 Cyber Defense Prepare Protect Detect Triage Respond

8 The Information Security Problem
Over the last couple of decades, our world has rapidly become very dependent on computers: Store medical information Guide aircrafts Handle the majority of financial transactions There are flaws in our computers’: Operating systems Applications Protocols Result: threats

9 Exacerbating the Problem
The problem of how to design secure OSs, applications, and protocols is hard Too few security professionals Many users do not understand the magnitude of the threat Many managers do not understand the magnitude of the threat

10 Threats A threat is a potential violation of system security
Examples (from Shirey): Disclosure – unauthorized access to information Deception – acceptance of false data Disruption – interruption or prevention of correct operation Usurpation – unauthorized control of some part of the system

11 Attackers Those who intentionally perform actions that cause security violations Outsiders: Competitors Hackers Organized crime Terrorists Foreign government, military, or law enforcement Insiders Customers, suppliers, vendors, or business partners Disgruntled current (or former) employees Contractors, temps, or consultants

12 Types of Attackers Third tier Second tier First tier
“Script kiddies” with little knowledge or skill Run attack scripts and other software written by more sophisticated attackers Second tier Moderately knowledgeable and skilled attackers Discover vulnerabilities; create and disseminate exploit tools First tier Elite attackers Discover vulnerabilities; create private tools

13 Why You Should Not Be an Attacker
It is illegal: United States Code, Title 18, Section 1030 (and others) USA Patriot Act, Homeland Security Act, PROTECT Act Basically: Unauthorized access or use of a computer or network system is illegal Unintentional attacks are illegal too

14 Understanding the Tools and Techniques of Attackers
Important for defenders Can evaluate systems you defend as attackers will Can implement countermeasures designed to thwart attackers Better understand the implications of certain decisions

15 The Pillars of Computer Security
The security “triad”: Confidentiality Integrity Availability

16 The Security Triad Which is most important? Confidentiality Integrity
Availability

17 Policy and Mechanism A security policy is a statement of what is, and what is not, allowed Examples? A security mechanism is a method, tool, or procedure for enforcing a security policy

18 Goals of Security Prevention – mechanism(s) that cause attacks to fail
Example? Detection – mechanism(s) that determines that an attack is under way, or has occurred, and reports it Recovery – mechanism(s) that stop attacks and assess and repair any damage caused

19 Justifying Policy and Mechanism
The benefits of protection should be justified by the cost of designing, implementing, and using the mechanism Cost-benefit analysis – the benefits of computer security is weighed against the cost Risk analysis – the level of protection is a function of the probability of an attack occurring and the effect of the attack should it succeed Laws and customs

20 Getting Started What to do first? Get to know you systems
You cannot effectively defend what you don't understand Attackers make it their job to understand systems better than the defenders and leverage their advantage in knowledge “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle” - Sun Tzu

21 Getting Started What to do first? Get to know you systems
You cannot effectively defend what you don't understand Attackers make it their job to understand systems better than the defenders and leverage their advantage in knowledge “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle” - Sun Tzu “You Don't Know Me” - Elvis

22 After You Know Your Systems
Think about threats and attackers Think about what needs to be protected (security triad) Think about what security policies and mechanisms you will employ Think about your goals (prevention, detection, recovery) Think about how what policies and mechanisms are justified

23 After You Have Thought About Your Systems
Start to plan, implement, and test improvements to your systems' security posture Respond to actions by attackers

24 Getting started Defending Computer Systems
Get to know your systems Assess the current security posture of your systems Identify what needs to be protected Think about how threats, attackers, the security triad, security policies/mechanisms, and security goals relate to your systems Plan, implement, and test improvements to your systems' security posture

25 Bootcamp Exercises You will not just be listening, you will be doing
Virtual machines (VMs) – a simulated computer running on another computer VMs are great for hands-on Cyber Defense exercises You can create and use VMs with your students using free software: VirtualBox ( VMWare Player (

26 Accessing your VM for this Bootcamp
Turn on laptop Click on “CyberDefender” account to log in Double click on Firefox icon to open web browser Enter this information in the vSphere If you are not already on it, go to the following page:

27 Accessing your VM for this Bootcamp (cont)
Log in with the credentials you were given Click on “Host and Clusters” Expand the items on the left side until you see your “student” VM Click on your student VM to highlight it In the center window click on the “Summary” tab Click on “Launch Console” Power on the VM

Download ppt "Welcome Cyber Defense Bootcamp for High School Teacher"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.

1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
Introducing Computer and Network Security

Introducing Computer and Network Security
Chapter 1 Introduction. Art of War  If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself.

Chapter 1 Introduction. Art of War  If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google