Presentation is loading. Please wait.

Presentation is loading. Please wait.

Midterm Review Questions SOEN321 – Information-Systems Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Midterm Review Questions SOEN321 – Information-Systems Security."— Presentation transcript:

1 Midterm Review Questions SOEN321 – Information-Systems Security

2 Trust What is Trust Model? –Its entities? –Implications?

3 Trust What is a trustworthy NIS? How can trustworthiness be achieved? –SOEN –Social –Detection/reaction What does trustworthiness include? –Correctness –Availability –…? :-)

4 Terminology What is –A vulnerability [tr1, tu1] –An attack [tr1, tu1] –An attacker [tu1] –A threat [tr1, tu1]

5 CIA N IS Requirements: CIA N What’s is it? –C … ? –I … ? –A … ? Related: non-repudiation

6 Terminology (2) Risk[tr2, tu1] –A combo of what? Risk management[tr2, tu1] Red teaming[tr2, tu1]

7 Concepts Cryptography Hashing Encryption

8 Crypto Symmetric Asymmetric

9 Protection and OS Security Protection? What does it provide? –… Access control –Authent. –Authorization Security policy

10 Protection and OS Security (2) What is UNIX Security Model? –Roles (accounts)? –Access control? –What are real and effective UID? Which one more important? –Permissions? –Suid-root programs & shell script –Password database NFS and file handles

11 Inside and Outside of your computer What is a security perimeter? Computer Security vs. Network Security Sandboxes and chrooted environment (WRT file and network access) Firewalls – What? Why? Where? –What they do and don’t do.

12 Inside and Outside of your computer (2) What does networking change? –Connectivity –New programs –Daemons –RPC –-> new holes

13 Know the differences… Security vs. Crypto Encryption vs. Hashing Discretionary vs. Mandatory Access controls Accidental vs. Deliberate causes of IS problems. In terms of –Scale –Harm –“Visibility” –… Computer Security vs. Network Security

14 Bellovin’s Firewall Theorems 1 2 3

Download ppt "Midterm Review Questions SOEN321 – Information-Systems Security."

Similar presentations

Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.

Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
SECURITY ISSUES IN NETWORKS WITH INTERNET ACCESS PRESENTED BY Sri Vallabh Aida Janciragic Sashidhar Reddy.

SECURITY ISSUES IN NETWORKS WITH INTERNET ACCESS PRESENTED BY Sri Vallabh Aida Janciragic Sashidhar Reddy.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Web services security I

Web services security I
A Comparison of the Security of Windows NT and UNIX Hans Hedbom, Stefan Lindskog, Stefan Axelsson and Erland Jonsson Originally presented at the Third.

A Comparison of the Security of Windows NT and UNIX Hans Hedbom, Stefan Lindskog, Stefan Axelsson and Erland Jonsson Originally presented at the Third.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Computer Engineering II Computer and Network Security Rabie A. Ramadan

Computer Engineering II Computer and Network Security Rabie A. Ramadan
1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.

1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (1) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (1) Information Security.
Computer & Network Security

Computer & Network Security
Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.

Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Similar presentations

Ads by Google