Presentation is loading. Please wait.

Presentation is loading. Please wait.

Session 7 LBSC 690 Information Technology Security.

Published byPrimrose Cunningham Modified over 9 years ago

Similar presentations

Presentation on theme: "Session 7 LBSC 690 Information Technology Security."— Presentation transcript:

1 Session 7 LBSC 690 Information Technology Security

2 Agenda Questions Complex systems Security Midterm exam review

3 Complex System Issues Critical system availability –Who needs warfare - we do it to ourselves! Understandability –Why can’t we predict what systems will do? Nature of bugs –Why can’t we get rid of them? Auditability –How can we learn to do better in the future?

4 Crisis Management Computer Emergency Response Team –Issues advisories about known problems –Need to make sure these reach the right people Information Warfare –We depend on our information infrastructure –How can we prevent attacks against it? Hacking is individual, this would be organized –Policy for this is still being worked out

5 Ownership Who has the right to use a computer? Who establishes this policy? How? –What equity considerations are raised? Can someone else deny access? –Denial of service attacks How can denial of service be prevented? –Who can gain access and what can they do?

6 Denial of Service Attacks Viruses –Platform dependent –Typically binary –Virus checkers need frequent updates Flooding –The Internet worm –Chain letters

7 Identity Establishing identity permits access control What is identity in cyberspace? –Attribution When is it desirable? –Impersonation How can it be prevented? Forgery is really easy –Just set up your mailer with bogus name and email

8 Authentication Used to establish identity Two types –Physical (Keys, badges, cardkeys, thumbprints) –Electronic (Passwords, digital signatures) Protected with social structures –Report lost keys –Don’t tell anyone your password Password sniffers will eventually find it

9 Good Passwords Long enough not to be guessed –Programs can try every combination of 4 letters Not in the dictionary –Programs can try every word in a dictionary –And every date, and every proper name,... –And even every pair of words Mix upper case, lower case, numbers, etc. Change it often and use one for each account

10 Other Access Control Issues Protect system administrator access –Greater potential for damaging acts –What about nefarious system administrators? Trojan horses –Intentionally undocumented access techniques Firewalls –Prevent unfamiliar packets from passing through –Makes it harder for hackers to hurt your system

11 Privacy What privacy rights do computer users have? –On email? –When using computers at work? At school? –What about your home computer? What about data about you? –In government computers? –Collected by companies and organizations? Does obscurity offer any privacy?

12 Cookies Web servers know a little about you –Machine, prior URL, browser, From this they can guess a little more –Path you followed, who is on that machine Cookies allow them to remember things –They send you a string and your browser stores it –If they ask for the string, your browser provides it –The string can represent identity and/or information

13 Integrety How do you know what’s there is correct? –Attribution is invalid if the contents can change Access control would be one solution –No system with people has perfect access control Risks digest provides plenty of examples! Encryption offers an alternative

14 Encryption Separate keys for writing and reading –Pretty Good Privacy (PGP) is one “standard” Identity –“Digital signature” from a private write key Integrety –Public read key will decode only one write key Privacy –Either write key or read key can be kept secret

15 Policy Solutions Five guidelines –Establish policies –Authenticate –Authorize –Audit –Supervise CSC Acceptable Use Policy

16 Exam Structure One hour and 15 minutes Approximately 4 questions –Each may have multiple parts Open Book (Oakman only) –You may hand write anything in your Oakman –No extra pages of notes The software you may use will be specified You may bring a calculator

17 Exam Advice The only goal is to get points! –Spend each minute in the best place Develop a strategy for each question type –Guessing can’t hurt on multiple choice This is a change from prior exams –Don’t write a page when a sentence will do Study concepts, not details –Grading rewards conceptual understanding –Don’t expect a clone of the sample exams

18 Questions ????????????

Download ppt "Session 7 LBSC 690 Information Technology Security."

Similar presentations

4 Information Security.

4 Information Security.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.

Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
Acceptable Use Policy –The Acceptable Use Policy defines the rules of the machine and internet connection you are on. –Specific policies differ by machine.

Acceptable Use Policy –The Acceptable Use Policy defines the rules of the machine and internet connection you are on. –Specific policies differ by machine.
Week 13 LBSC 690 Information Technology Social Issues.

Week 13 LBSC 690 Information Technology Social Issues.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.

James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Class 7 LBSC 690 Information Technology Social Issues & Control of Information.

Class 7 LBSC 690 Information Technology Social Issues & Control of Information.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Class 7 LBSC 690 Information Technology Security.

Class 7 LBSC 690 Information Technology Security.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Similar presentations

Ads by Google