Presentation is loading. Please wait.

Presentation is loading. Please wait.

LM 2. Information Security Essentials

Published byLene Aagaard Modified over 5 years ago

Similar presentations

Presentation on theme: "LM 2. Information Security Essentials"— Presentation transcript:

1 LM 2. Information Security Essentials
Dr. Lei Li Wireless Security

2 Road Map Introduction WLAN Security Mobile Security
Overview WLAN Threats & Vulnerabilities Mobile Security Security Auditing & Risk Analysis Evolution of Wireless Network Mobile Network Overview Infor. Security Essentials Cellular Network Security WLAN Security Mobile Security Threats WLAN Security Tools Mobile Devices Security

3 Learning Outcomes After this module, a student will be able to:
Define Information Security and Wireless Security Describe the five pillars of information security. Discuss defense in depth in information security Define the AAA of information security Describe the five principles Information security: CIA triad, Non-repudiation and Accountability. Explain the difference between symmetric key cryptography (SKC) and public key cryptography (PKC). Describe how integrity is achieved through hash function. Describe how digital signature works Discuss the threats category to wireless network/device Discuss inf0rmation security standards and regulatory compliances Discuss different types of attackers

4 Information Security “Preservation of confidentiality, integrity and availability of information. Note: In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved." (ISO/IEC 27000:2009) Wireless Security Specific to wireless networks and mobile devices Balanced approach among security, implementation efficiency, & employee productivity.

5 5 Security Principles Confidentiality Integrity Availability
Non-repudiation Authentication

6 Cryptography For confidentiality Symmetric-key cryptography
Same key for encryption and decryption Simple and fast Two parties must exchange the key in a secure way beforehand

7 Public Key Cryptography
A pair of keys Public key – available for public and other user may use it for encryption Private key – only known to owner. Decrypt the message encoded using public key Solved the key exchange problem of SKC Strong security More computationally intensive

8 Hybrid Cryptosystem Combine the benefit of SKC and PKC
Use PKC for the key exchange Use SKC for the communication afterward

9 Digital Signature Using PKC Applications Private key for signing
Public key for verification Applications Authentication Integrity Non-repudiation

10 Integrity Threats to integrity Hash function Passive and active
Mathematical function that converts a numerical input value into another compressed numerical value Minor changes in hash input will cause significant change in hash value

11 5 Pillars of Information Security
Protection Detection Reaction Documentation Prevention

12 Access Control - AAA Authentication Authorization Accounting

13 Defense in Depth Physical controls Technical controls
Administrative controls

14 https://www. slideshare

15 Threats to Wireless Network
System access Device control Data theft

16 Information Security Standards
ISO 27001, 27002 NIST ETSI CISQ

17 Regulatory Compliance
Sarbanes-Oxley Act GLBA HIPPA PCI-DSS.

18 General Profiles of A Cyber Attacker
Attacker Example Motive Action Script Kiddie/Skid People interested in or only partially engaged in understanding offensive tools Curious, Mischievous, Street Cred Since they don’t know the tools they may be very noisy when attacking and perform a lot of attempts, may have the most harmful consequences Expert Attackers @th3j35t3r, Ed Skodus, Kevin Mitnick, Various motives, curiosity, money, patriotism, etc. Only limited by their imagination, can steal, spy, and sell exploits on the unethical market Activist/Hack tivists Manning, Snowden, Anonymous Further a Cause Reveal Information, further a cause, deface websites, or disrupt progress of opposition Nation States Stuxnet Espionage: Stealing, Disrupting Services Logic Bombs, support law enforcement & military Gain a greater understanding of allies and enemies Terrorists ISIS Defacement of US disabled Veteran websites, DDoS of power grids, Chemical Changes in Water Infiltrate, destroy data, cause political upheaval, death, manipulate data in order to promote a cause Cybercrime Mafia Money DOS against financial institutions, steal credentials, sell illegal goods, anything for money, Crime as a Service (CaaS), Ransomware variants, credit card theft, etc. Insider Attacker Current or Former Employee Revenge, could be clueless employees too Destruction of data, altering data, or stealing information

19 Reference Praphul Chandra, Bulletproof Wireless Security: GSM, UMTS, , and Ad Hoc Security, ELSEVIER, 2005. Jim Doherty, Wireless and Mobile Device Security, Jones & Bartlett Learning, 2016. SKC: AKC: Hybrid cryptograph:

Download ppt "LM 2. Information Security Essentials"

Similar presentations

Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Security Controls – What Works

Security Controls – What Works
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Computer Crime and Information Technology Security

Computer Crime and Information Technology Security
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Scott Charney Cybercrime and Risk Management PwC.

Scott Charney Cybercrime and Risk Management PwC.
Chap1: Is there a Security Problem in Computing?.

Chap1: Is there a Security Problem in Computing?.
CIA AAA. C I A Confidentiality I A Confidentiality Integrity A.

CIA AAA. C I A Confidentiality I A Confidentiality Integrity A.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.

INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.
TAG Presentation 18th May 2004 Paul Butler

TAG Presentation 18th May 2004 Paul Butler
Security Management in Practice

Security Management in Practice
CS457 Introduction to Information Security Systems

CS457 Introduction to Information Security Systems
Introduction to Information Security Introduction & Overview

Introduction to Information Security Introduction & Overview
Threat Modeling for Cloud Computing

Threat Modeling for Cloud Computing

Similar presentations

Ads by Google