Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with."— Presentation transcript:

1 Bruce Schneier Lanette Dowell November 25, 2009

2 Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics” – Bruce Schneier in Applied Cryptography 1996  Security is a chain It's only as secure as the weakest link.  Security is a process, not a product.

3 Part 1: The Landscape  Who are the attackers?  What do they want?  What do we need to deal with threats?

4 Part 1: The Landscape  Real life vs Digital World  Criminal Attacks “How can I acquire the maximum financial return by attacking the system?”  Privacy Violations  Publicity Attacks  Legal Attacks

5 Part 1: The Landscape  Who are the bad guys? Hackers Criminals / Organized Crime Insiders Industrial Espionage Press Terrorists National Intelligent Organizations Infowarriors

6 Part 1: The Landscape  What do we need? Privacy Multilevel security Anonymity Authentication Integrity

7 Part 2: Technologies  Examples of security technologies and their limitations  Cryptography

8 Part 2: Technologies  Identification and Authentication Passwords Biometrics Access Tokens

9 Part 2: Technologies  Networked-Computer Security Malicious Software ○ Viruses ○ Worms ○ Trojan Horses Websites ○ URL hacking ○ Cookies Etc…

10 Part 2: Technologies  Network Defences Firewalls DMZ (Demilitarized Zones) VPN (Virtual Private Networks) Honey Pots and Burglar Zones Vulnerability Scanners Email Security

11 Part 2: Technologies  Software Reliability Faulty code Buffer overflows “Computers are stupid”  Secure Hardware Putting a $100K lock on a cardboard house

12 Part 2: Technologies  Human Factor Social engineering Risks Insiders

13 Part 3: Strategies  Given the requirements of landscape, and the limitations of the technology, what do we do now?

14 Part 3: Strategies  Threat Modeling and Risk Assessment Attack Trees  Product testing Verification  More software complexity = more security risks (next slide, Windows…)

15 Part 3: Strategies  Lines of code in Windows:  Windows 3.1: 3 million  Windows NT: 4 million  Windows 95: 15 million  Windows NT 4.0: 16.5 million  Windows 98: 18 million  Windows 2000: 35-60 million

16 Conclusion  Computer bugs, vulnerabilities. Should they be published publically?  Work towards stronger software and hardware

Download ppt "Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with."

Similar presentations

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk email o Over 70% of email traffic  Bugs ---

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
4 Information Security.

4 Information Security.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
1 Network Security Ola Flygt Växjö University +46 470 70 86 49.

1 Network Security Ola Flygt Växjö University
Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy

Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy
Chapter 10 Privacy and Security McGraw-Hill

Chapter 10 Privacy and Security McGraw-Hill
Chapter 10 Privacy and Security.

Chapter 10 Privacy and Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 10 Privacy and Security.

McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 10 Privacy and Security.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved. 10-2 Competencies Describe concerns associated with computer.

1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved Competencies Describe concerns associated with computer.
E-Commerce Security and Fraud Issues and Protections

E-Commerce Security and Fraud Issues and Protections
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Discovering Computers 2010

Discovering Computers 2010

Similar presentations

Ads by Google