Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010

Published byJustina Freeman Modified over 6 years ago

Similar presentations

Presentation on theme: "ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010"— Presentation transcript:

1 ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010
Various Security Videos

2 Course Overview Why the CISSP Exam Review Web Site Contacting Me
Grading

3 Why In CyberWar, China is Just a Skirmish Sony Rootkit of 2005
Crackers & Open Sources Methods Schneier on Security Security News Portal Current Vulnerabilities

4 How to Worry About Linux Security (Linux Journal 8/28/06)
“Worry about a networked system is good, the trick is to worry about the right things & to act on our worries” Folks you should worry about Weapons you should worry about Vulnerabilities You Should Worry About How to channel worries into constructive action

5 Folks You Should Worry About
Mostly work you way outward, but once in awhile look from cracker's viewpoint Identity Thieves Resource Thieves Malicious Code Vandals Corporate Spies Stalkers Not all crackers are remote: INSIDERS

6 Weapons You Should Worry About
Mid 90's weapon was cracker at PC (or) Direct interaction: attacker – victim Usually correct, sometimes not Today vast majority are automated viruses, trojans and worms botnet: spammers paid per distribution node DdoSers, Phishers Crackers still here but most are “script kiddies”

7 Vulnerabilities You Should Worry About
a threat equals an attacker plus some vulnerability If a vulnerability cannot be exploited it does not constitute a risk No such thing as a completely invulnerable system but can lower %

8 Common types of vulnerabilities
Bugs in user-space software (applications) Bugs in system software (kernel, drivers/modules, etc.) Extraneous user accounts Extraneous software (with bugs or sloppy/default settings) Unused security features in applications Unused security features in the OS Gullible users

9 Recipe to convert worry to action
Define system function Sun Tzu: analyze terrain you need to defend Prioritize types of attacks most likely What data/resources most likely target What vulnerabilities give access to #3 How can I lower/remove vulnerability

10 CISSP International Information Systems Security Consortium (ISC)2
Common Body of Knowledge Ten Domains: created to establish a common communications platform CISSP: NOT THE PURPOSE of THIS COURSE

11 Ten Domains Security Management Practices Access Control Systems
Telecommunications & Network Security Cryptography Security Architecture & Modules Operations Security Applications & Systems Development Business Continuity & Disaster Recovery Law, Investigation & Politics Physical Security

12 Ch 1: Security Management Practices
Basic Security Concepts Policies, Standards, Guidelines, & Procedures Roles played in security management Security Awareness Risk Management Data & Information Classification

13 Ch 2: Access Control Systems
A means of ensuring a system’s C.I.A (Confidentiality, Integrity, & Availability) given the threats, vulnerabilities, & risks its infrastructure

14 Ch 3 : Telecommunications & Network Security
C.I.A. as it applies to Network Security Protocols & Layered Network Architectures OSI and TCP/IP TCP/IP protocol architecture IP addressing & Routing TCP Applications IPv6

15 Ch 4 : Cryptography Purpose: to protect transmitted information from being read or altered by non authorized subjects

16 Ch 5 : Security Architecture & Models
“The security architecture of an information system is fundamental to enforcing an organization’s information security policy.”

17 Ch 6 : Operations Security
“Controls over the hardware in a computing facility, over the data media used, and over the operators using these resources.” Controls & Protections needed to insure CIA Monitoring & Auditing above Controls Threats & Vulnerabilities

18 Ch 7 : Application & System Development
A very brief overview of the SDLC and the security issues involved. Generic Systems Engineering Waterfall Model, Spiral Model Cost Estimations Models Security Components of the Models Agile Development, AI Systems Database, BI, & Application Controls

19 Ch 8 : Business Continuity & Disaster Recovery Planning
Assumes the Worst Has Happened Preparation, testing, & updating of actions required to protect critical business processes from the effects of major system & network failures Specific Procedures Plan Development Testing Bus. Impact Assess. (BIA) Planning Plan initiation Disaster Recovery (DRP) Buss Continuity (BCP)

20 Ch 9 : Law, Investigation, & Ethics
What laws apply to computer crimes, how to determine a crime has occurred, how to preserve evidenced, conduct an investigation, & what are the liabilities.

21 Ch 10: Physical Security “Least sexy of the 10 domains but the best firewall in the world will not stand up to a well placed brick.” Addresses threats, vulnerabilities, countermeasures to physically protect org’s resources & sensitive info Natural disasters Unauthorized entry and/or theft

22 “The World is Flat” by Thomas Friedman
Internet, High bandwidth, Ubiquitous Global Connectivity Outsourcing Education The Post-American World (The Rise of the Rest) The next 100 Years: A History of the 21st Century

Download ppt "ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010"

Similar presentations

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
Security and Personnel

Security and Personnel
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.

IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Certification and Training Presented by Sam Jeyandran.

Certification and Training Presented by Sam Jeyandran.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
Securing Information Systems

Securing Information Systems
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.

Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.

Similar presentations

Ads by Google