Presentation is loading. Please wait.

Presentation is loading. Please wait.

Got Security? Information Assurance Considerations for Your Research, Course Projects, and Everyday Life James Cannady, Ph.D. Assistant Professor.

Published byLorraine Taylor Modified over 9 years ago

Similar presentations

Presentation on theme: "Got Security? Information Assurance Considerations for Your Research, Course Projects, and Everyday Life James Cannady, Ph.D. Assistant Professor."— Presentation transcript:

1 Got Security? Information Assurance Considerations for Your Research, Course Projects, and Everyday Life James Cannady, Ph.D. Assistant Professor

2 Information Security  Those measures, procedures, or controls which provide an acceptable degree of safety of information resources from accidental or unauthorized intentional disclosure, modification, or destruction.  Based on the assumption that others either want your data or want to prevent you from having it.  Insecurity is the result of flaws, improper configurations, errors and bad design.  Patches and security add-ons merely address the symptoms, not the cause.

3 Information Security Problem  A large, rapidly growing international issue  Key to growth of digital environments  Critical infrastructure at risk  True magnitude of the problem unknown

4 Why bother with Information Security??  Some of our information needs to be protected against unauthorized disclosure for legal and competitive reasons  All of the information we store and refer to must be protected against accidental or deliberate modification  Information must be available in a timely fashion.  We must also establish and maintain the authenticity (correct attribution) of documents we create, send and receive  If poor security practices allow damage to our systems, we may be subject to criminal or civil legal proceedings  Good security can be seen as part of the market development strategy

5 The Changing Security Environment The landscape for information security is changing:  From closed systems and networks to Internet connectivity  From manual to automated processes  Increased emphasis of information security as core/critical requirement

6 Evidence  90%: businesses detected computer security breaches within the last twelve months  70%: reported a variety of serious computer security breaches (e.g., theft of proprietary information, financial fraud, system penetration from outsiders, denial of service attacks and sabotage of data or networks)  74%: acknowledged financial losses due to computer breaches  19%: reported ten or more incidents Source: Computer Security Institute 2000 Computer Crime and Security Survey

7 The Four Big Issues:  Authentication: Validation of transmissions, messages, and users  Confidentiality: Assurance that information is not disclosed to unauthorized entities or processes  Integrity: Assurance that information is not modified by unauthorized entities or processes  Reliability & Availability: Assurance that information systems will function when required Specific Security Issues & Solutions

8 Validation of transmissions, messages, and users  IP Spoofing: –Filtering routers  Fake Web Sites: –Web Site Certification –DNS certification  Unauthorized Users: –IP authentication –Identification devices –Intrusion Detection Systems Authentication

9 Assurance that information is not disclosed to unauthorized entities or processes  Sniffing: –Encryption –Intrusion Detection  Unauthorized File Access: –Firewalls –Intrusion Detection Systems Confidentiality

10 Assurance that data or processes have not been altered or corrupted by chance or by malice  Corrupted Web Sites: –Web Site Certification –Intrusion Detection  Corrupted Data Bases: –Encryption –Intrusion Detection Integrity

11 Assurance that information systems will function when required  Denial of Service Attacks (e.g. SYN flooding): –Bandwidth –Attack Detection –Redundancy Reliability & Availability

12 The Threat Environment  Information technology is more vulnerable than ever: –Open –Distributed –Complex –Highly Dynamic  Attacks are becoming more sophisticated  Tools to exploit system vulnerabilities are readily available and require minimal expertise

13 Typical Threats  Eavesdropping and “sniffing”  System Penetration  Authorization Violation  Spoofing/Masquerading  Tampering  Repudiation  Trojan Horse  Denial of Service

14 Common Security Mechanisms  Obscurity  Firewalls  Intrusion Detection  Vulnerability/Security Assessment Tools  Virus Detection  Host Security  Authentication Systems  Cryptography

15  1999 INFOSEC Research Council  Defines nine particularly difficult security problems impacting all aspects of IT. InfoSec Hard Problems

16 1.Intrusion Detection –The timely and accurate detection of network attacks –Extremely important –No shortage of COTS –Limited effectiveness and reliability InfoSec Hard Problems

17 2. Intrusion Response –What do you do after an attack is detected? –What do you do when you’re wrong? InfoSec Hard Problems

18 3. Malicious Code Detection –Trojan horses, “dead” code, etc. –Example: Windows 98 InfoSec Hard Problems

19 4. Controlled Sharing of Sensitive Information –Sharing information from a variety of sources to different recipients. –Classified information in an Open Environment InfoSec Hard Problems

20 5. Application Security –How do the applications enforce their own requirements? –How does it effect the rest of the network? InfoSec Hard Problems

21 6. Denial of Service –Simple and effective –“Unfortunately there is currently no method available of identifying and responding to a denial of service attack in an efficient and autonomous manner” (National Research Council, 1998). InfoSec Hard Problems

22 7. Communications Security –Protecting information in transit from unauthorized disclosure, and providing support for anonymity in networked environments. InfoSec Hard Problems

23 8. Security Management Infrastructure –Providing tools and techniques for managing the security services in very large networks that are subject to hostile attack. InfoSec Hard Problems

24 9. Information Security for Mobile Warfare –Developing information security techniques and systems that are responsive to the special needs of mobile tactical environments. –Wireless security InfoSec Hard Problems

25 Advantages of InfoSec Research  Important problem –Touches all aspects of IT  Little research has been done –Large variety of potential dissertation topics –Can be incorporated into other IT topics  Opportunities for publications –Growing number of publications –Can add InfoSec to more traditional topic to increase opportunities  Huge job market for those with experience –Job openings for network security professionals have increased 200 percent in the past six months

26 In Review Security is a complex and growing area of information technology There are numerous opportunities for InfoSec research Demonstrated security experience can be a key discriminator in any IT career

27 Ongoing Research at NSU  Benedict Eu – Dynamic Computer Defense in Depth  Dennis Bauer – Intrusion detection using evolution strategies  Jim Dollens – Intrusion detection using computer system DNA  Al Fundaburk – Developing an information security curriculum

28 Questions? Dr. James Cannady cannady@nova.edu (954) 262-2085 http://scis.nova.edu/~cannady

Download ppt "Got Security? Information Assurance Considerations for Your Research, Course Projects, and Everyday Life James Cannady, Ph.D. Assistant Professor."

Similar presentations

© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security

Applied Cryptography for Network Security

Similar presentations

Ads by Google