Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computing Security Paul Wagner Department of Computer Science.

Published byMervyn Gaines Modified over 9 years ago

Similar presentations

Presentation on theme: "Computing Security Paul Wagner Department of Computer Science."— Presentation transcript:

1 Computing Security Paul Wagner Department of Computer Science

2 Messages Security as a multi-faceted sub-discipline of computer science Security as a multi-faceted sub-discipline of computer science System securitySystem security Client security Client security Server security Server security Application securityApplication security Network securityNetwork security Database securityDatabase security Social engineeringSocial engineering Others….Others…. There are many interesting issues in each of these areas There are many interesting issues in each of these areas

3 Overview Not just viruses and worms Not just viruses and worms Understanding security issuesUnderstanding security issues Applying other areas of computer science (networking, operating systems)Applying other areas of computer science (networking, operating systems) Understanding and applying overall security principlesUnderstanding and applying overall security principles Using toolsUsing tools Developing a security frame of mindDeveloping a security frame of mind

4 System Security Probably single most important area Probably single most important area Multitude of sub-issues and tools Multitude of sub-issues and tools Information gatheringInformation gathering Packet sniffing (e.g. ethereal) Packet sniffing (e.g. ethereal) Port scanning (e.g. nmap) Port scanning (e.g. nmap) Vulnerability assessment (e.g. nessus)Vulnerability assessment (e.g. nessus) Intrusion detection (e.g. snort)Intrusion detection (e.g. snort) Applicability to client and server systems Applicability to client and server systems

5 System Security – Client-Side Viruses, worms, trojan horses Viruses, worms, trojan horses Spyware Spyware Spam Spam Patching Patching Human awareness Human awareness

6 System Security – Server-Side Client issues plus more Client issues plus more Servers are points for possibly harmful access Servers are points for possibly harmful access Program interactionProgram interaction Parameters passed inParameters passed in Data passed inData passed in Often running multiple applications Often running multiple applications Web server, file server, mail server, …Web server, file server, mail server, …

7 Application Security Secure transmission of information Secure transmission of information Protocols (e.g. SSL)Protocols (e.g. SSL) How to securely send information? How to securely send information? How to establish a channel for doing so? How to establish a channel for doing so? CryptographyCryptography Private key systems Private key systems DES (Data Encryption Standard) – olderDES (Data Encryption Standard) – older AES (Advanced Encryption Standard) - currentAES (Advanced Encryption Standard) - current Public key systems Public key systems RSA (Rivest, Shamir, Adelman)RSA (Rivest, Shamir, Adelman) Application security issuesApplication security issues C/C++ - buffer overflow on stack C/C++ - buffer overflow on stackbuffer overflow buffer overflow Java – “sandbox” issues Java – “sandbox” issues

8 Network Security Need Need Understanding of network protocolsUnderstanding of network protocols 7-layer OSI network stack 7-layer OSI network stack Issues Issues Network TopologyNetwork Topology FirewallsFirewalls Secure Communication on NetworkSecure Communication on Network Virtual Private Network (VPN) Virtual Private Network (VPN) Other Network Security ApproachesOther Network Security Approaches E.g. Network Address Translation (NAT) E.g. Network Address Translation (NAT)

9 Database Security Issues Issues Security of dataSecurity of data Security of transmission of dataSecurity of transmission of data Problems Problems SQL InjectionSQL Injection Vulnerabilities in DBMS systems codeVulnerabilities in DBMS systems code Primarily buffer overflows Primarily buffer overflows Data passed insecurelyData passed insecurely E.g. from web pages E.g. from web pages

10 Web Security Many Issues Many Issues Parameter Passing IssuesParameter Passing Issues Cross-Site ScriptingCross-Site Scripting Expose information Expose information Introduce vulnerabilities Introduce vulnerabilities Web Server ConfigurationWeb Server Configuration

11 Operating System Security General Issues General Issues How can an OS be made more secure?How can an OS be made more secure? How can an OS protect applications?How can an OS protect applications? Examples Examples WindowsWindows Heavy usage means more attempts Heavy usage means more attempts LinuxLinux Attacks starting (e.g. Luppi worm, PHP, XML-RPC) Attacks starting (e.g. Luppi worm, PHP, XML-RPC) MacMac Relatively rare Relatively rare

12 Social Engineering Technological security isn’t enough Technological security isn’t enough Best technology isn’t helpful if you can convince someone to turn it off, mis-configure it, tell you how it works… Best technology isn’t helpful if you can convince someone to turn it off, mis-configure it, tell you how it works… Many incidents throughout the years Many incidents throughout the years Best example: Kevin Mitnick Best example: Kevin Mitnick “The Art of Deception”, 2002“The Art of Deception”, 2002

13 Ethical, Privacy, Legal Issues Not just technology Not just technology Certain Sony CDs install root-kit on computerCertain Sony CDs install root-kit on computer Using a port-scanner against unknown systems from campus can get your system disconnected from networkUsing a port-scanner against unknown systems from campus can get your system disconnected from network Violation of security guidelines can lead to court action (Oregon vs. Schwartz)Violation of security guidelines can lead to court action (Oregon vs. Schwartz) Important to study computer security in an ethical, legal way that doesn’t interfere with anyone’s privacy Important to study computer security in an ethical, legal way that doesn’t interfere with anyone’s privacy

14 Other Areas Honeypots and Honeynets Honeypots and Honeynets Artificial Intelligence and Security Artificial Intelligence and Security Physical Security Physical Security Computer Forensics Computer Forensics

15 Employment Opportunities Systems administrator Systems administrator Network administrator Network administrator Security engineer Security engineer Security architect Security architect Security officer (CSO) Security officer (CSO)

16 Courses at UW-Eau Claire CS 255 – “Distributed OO Programming in Java” CS 255 – “Distributed OO Programming in Java” Java Security (SSL, basic crypto)Java Security (SSL, basic crypto) CS 370 – Computer Security CS 370 – Computer Security System securitySystem security Area security (e.g. database, web, operating systems)Area security (e.g. database, web, operating systems) Theory and toolsTheory and tools Cyberwar exercise – defense and investigationCyberwar exercise – defense and investigation CS 491 (special topic – Cryptography and Network Security) CS 491 (special topic – Cryptography and Network Security) Cryptography, including use in applicationsCryptography, including use in applications Network applications (e.g. email)Network applications (e.g. email) MIS 365 (proposed) – Security Policy Management MIS 365 (proposed) – Security Policy Management

Download ppt "Computing Security Paul Wagner Department of Computer Science."

Similar presentations

Intrusion Detection/Prevention Systems Charles Poff Bearing Point.

Intrusion Detection/Prevention Systems Charles Poff Bearing Point.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Web Server Administration

Web Server Administration
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Yan Chen Dept. of Computer Science Northwestern University Information Security Curriculum Development in Northwestern.

Yan Chen Dept. of Computer Science Northwestern University Information Security Curriculum Development in Northwestern.
E-Commerce Security and Fraud Issues and Protections

E-Commerce Security and Fraud Issues and Protections
March Intensive: XSS Exploits

March Intensive: XSS Exploits
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
Discovering Computers 2010

Discovering Computers 2010
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

Similar presentations

Ads by Google