Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability Analysis Stefanie Wilcox. Vulnerabilities zHardware zSoftware zData.

Published byWalter Smith Modified over 9 years ago

Similar presentations

Presentation on theme: "Vulnerability Analysis Stefanie Wilcox. Vulnerabilities zHardware zSoftware zData."— Presentation transcript:

1 Vulnerability Analysis Stefanie Wilcox

2 Vulnerabilities zHardware zSoftware zData

3 Hardware Vulnerabilities zDevices-adding, removing zTraffic-interrupting, flooding zPhysical Attacks yInvoluntary machine slaughter yMachinicide yTheft x“... thousands of dollars worth of equipment sits unattended on desks. Curiously, the supply cabinet, containing only a few hundred dollars worth of pens, pencils and paper clips is often locked....”

4 Software Vulnerabilities zSoftware Deletion zSoftware Modification yLogic Bombs yTrojan Horse yVirus yTrapdoor yInformation Leaks zSoftware Theft yUnauthorized copying

5 Data Vulnerabilities zConfidentiality yunauthorized disclosure of a data item zIntegrity yunauthorized modification zAvailability ydenial of authorized access

6 Penetration Studies zAlso called tiger team attack or red team attack zTests the system once it is in place. zGoal is to violate the site security policy. yType 1 yAuthorized attempt to violate specific constraints stated in the for of a security or integrity policy. yPenetration Test Example. yType 2 yNo specific target. Find some number of vulnerabilities in a set period of time. yPenetration Test Example.

7 Penetration Studies cont’ zLayering of tests y1) External attacker with no knowledge of the system y2) External attacker with access to the system. y3) Internal attacker with access to the system.

8 Flaw Hypothesis Methodology z1) Information Gathering z2)Flaw Hypothesis z3)Flaw Testing z4)Flaw Generalization z5)Flaw Elimination

9 Vulnerability Classification z1)The ability to specify, design, and implement a computer system without vulnerabilities. z2)The ability to analyze a computer system to detect vulnerabilities. z3)The ability to address any vulnerabilities introduced during the operation of the computer system. z4)The ability to detect attempted exploitation's of vulnerabilities

10 Frameworks zThe RISOS Study zProtection Analysis Model zNRL Taxonomy zAslam’s Model

11 Bibliography zBishop, Matt. Computer Security

Download ppt "Vulnerability Analysis Stefanie Wilcox. Vulnerabilities zHardware zSoftware zData."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Practical Preparations Planning for Safety and Emergencies.

Practical Preparations Planning for Safety and Emergencies.
Introduction to Security in Computing 01204427 Computer and Network Security Semester 1, 2011 Lecture #01.

Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000.

A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000.
A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,

A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Vulnerability Analysis CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 26, 2004.

1 Vulnerability Analysis CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 26, 2004.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Introducing Computer and Network Security

Introducing Computer and Network Security
Midterm Exam. Problem 1: Short Answer Access Control –Subject, object, rights Common Criteria –Government Assurance Standard Originator Controlled Access.

Midterm Exam. Problem 1: Short Answer Access Control –Subject, object, rights Common Criteria –Government Assurance Standard Originator Controlled Access.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Similar presentations

Ads by Google