Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by: Dr. Munam Ali Shah

Published byThomas Fitzgerald Modified over 9 years ago

Similar presentations

Presentation on theme: "Presented by: Dr. Munam Ali Shah"— Presentation transcript:

1 Presented by: Dr. Munam Ali Shah
Network Security Lecture 2 Presented by: Dr. Munam Ali Shah

2 Summary of the previous lecture
We discussed the security problem. Can you recall when a system is Secure. When resources are used and accessed as intended under all circumstances.

3 Summary of the previous lecture
We also discussed security violation categories Breach of Confidentiality Unauthorized reading of data Breach of Integrity Unauthorized modification of data Breach of Availability Unauthorized destruction of data Theft of service Unauthorized use of resources Denial of Service (DoS) Prevention of legitimate use

4 Summary of the previous lecture
We also discussed that Security must be deployed at following four levels effective: Physical Use of locks, safe rooms, restricting physical access Human Insider job, attacker preventing to be a genuine user Operating System Protection mechanisms such as passwords on accounts Privileged access etc. Network Attack coming form the other networks or Internet

5 Outlines We will discuss more on security with some examples and a case study Threat Modelling and Risk Assessment Security tradeoffs

6 Objectives To describe the threats and vulnerabilities in a computing environment. To understand and distinguish the tradeoffs between the security and the ease of use.

7 A case study Read the following incident and try to find which security breach/breaches occurred, and what can go wrong. "The U.S The Department of Energy (DOE) has confirmed a recent cyber incident that occurred at the end of July 2013 and resulted in the unauthorized disclosure of federal employee Personally Identifiable Information (PII). It is believed about 14,000 past and current DOE employees PII may have been affected, The incident included the compromise of 14 servers and 20 workstations. The data that was exposed includes names, date of births, blood types, Social Security Numbers, other government-issued identification numbers, and contact information. At the time, officials blamed Chinese hackers, but two weeks later a group calling itself Parastoo (a common girls name in Farsi) claimed they were behind the breach, posting data that was hacked from a DOE webserver. [

8 Another case study Read the following incident and try to find which security breach/breaches occurred, and what can go wrong. "In early February, a hotel franchise management company that manages 168 hotels in 21 states suffered a data breach that exposed hundreds of guests’ debit and credit cards information in 2013. White Lodging Services Corporation maintains hotel franchises for some of the top names in lodging such as Hilton, Marriott, Westin and Sheraton. Sources reported that the data breach centered mainly around the gift shops and restaurants within these hotels managed by White Lodging, not necessarily the front desk computers where guests pay for their rooms”. [

9 Finding about the case studies
There are hundreds and hundreds of security breaches accruing around us. All companies, organizations and individual needs to be vigilant. Security must be deployed at multiple levels

10 Security needs and objectives
Authentication (who is the person, server, software etc.) Authorization (what is that person allowed to do) Privacy (controlling one’s personal information) Anonymity (remaining unidentified to others) Non-repudiation (user can’t deny having taken an action) Audit (having traces of actions in separate systems/places)

11 Safety vs. security Safety is about protecting from accidental risks
road safety air travel safety Security is about mitigating risks of dangers caused by intentional, malicious actions homeland security airport and aircraft security information and computer security Easier to protect against accidental than malicious misuse

12 The Hackers Intruders (crackers) attempt to breach security
A person who breaks in to the system and destruct data or steal sensitive information. Cracker/Intruder/Attacker Intruders (crackers) attempt to breach security Intention is not destruction

13 Historical hackers (prior to 2000)
Profile: Male Between 14 and 34 years of age Computer addicted No Commercial Interest !!! Source: Raimund Genes

14 Threat, Vulnerability and Attack
What can go wrong A weakness in the system which allows an attacker to reduce it usage. Attack When something really happen and the computer system has been compromised.

15 Hackers and Attackers are Evil-genius
Hackers and attackers are not ordinary people They are expert level programmers They know most of the systems’ working and functionality They don’t create risks or vulnerability, they simply exploit it.

16 Why security is difficult to achieve?
A system is as secure as its weakest element like in a chain Defender needs to protect against all possible attacks (currently known, and those yet to be discovered) Attacker chooses the time, place, method

17 Why security is difficult to achieve?
Security in computer systems – even harder: great complexity dependency on the Operating System, File System, network, physical access etc. Software/system security is difficult to measure function a() is 30% more secure than function b() ? there are no security metrics How to test security? Deadline pressure Clients don’t demand security … and can’t sue a vendor

18 Threat Modeling and Risk Assessment
Threat modeling: what threats will the system face? what could go wrong? how could the system be attacked and by whom? Risk assessment: how much to worry about them? calculate or estimate potential loss and its likelihood risk management – reduce both probability and consequences of a security breach

19 Summary of today’s lecture
Today we discussed about who the hackers are and what is their motivation We also discussed the differences between vulnerability and attack. We continued our discussion on Threat Modelling and Risk Assessment We have seen that there are security tradeoffs. Too much security can be inconvenient. And lastly, we discussed about different security testing tools that can be used for penetration testing.

20 Next lecture topics We will discuss, the difference between Protection and Security\ How protection, detection and reaction can make our networks and systems more secure The concept of Firewalls will form part of next lecture.

21 The End

Download ppt "Presented by: Dr. Munam Ali Shah"

Similar presentations

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
1 Network Security Ola Flygt Växjö University +46 470 70 86 49.

1 Network Security Ola Flygt Växjö University
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
HACKER NOT CRACKER. HACKER IS  A person who enjoys exploring the details of programmable systems and how to stretch their capabilities  Most often programmers.

HACKER NOT CRACKER. HACKER IS  A person who enjoys exploring the details of programmable systems and how to stretch their capabilities  Most often programmers.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.
Introducing Computer and Network Security

Introducing Computer and Network Security
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Similar presentations

Ads by Google