Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIDN Zac Dannelly. May 2009: President's 60-day Cyberspace Policy Review – "expand and train the workforce” May 2010: The Ad Hoc Committee on Cyber Security.

Published byEdwin Lucas Modified over 8 years ago

Similar presentations

Presentation on theme: "MIDN Zac Dannelly. May 2009: President's 60-day Cyberspace Policy Review – "expand and train the workforce” May 2010: The Ad Hoc Committee on Cyber Security."— Presentation transcript:

1 MIDN Zac Dannelly

2 May 2009: President's 60-day Cyberspace Policy Review – "expand and train the workforce” May 2010: The Ad Hoc Committee on Cyber Security Curriculum Options August 22, 2011: First day of class; SI110 begins.

3 Educate each Midshipman about: 1.Cyber infrastructure and embedded systems 2.Inherent cyber vulnerabilities and threats 3.Appropriate defensive security procedures Thereby enabling them to make principled decisions regarding the potential benefits, consequences, and risks.

4 Introduction to Cyber Security – Technical Foundations Semester long (16-week) 3 credit course More than 1,000 students per year – Mandatory for graduation across all majors Precursor to EC 310 Applications of Cyber Engineering

5 Cyber Battlefield Introduction to Cyber Security Digital Data Hardware Operating Systems Web Networking Cyber Battlefield Introduction to Cyber Security Digital Data Hardware Operating Systems Web Networking Cyber Security Tools Encryption Hashing & Passwords Cryptography in Practice Firewalls Steganography Cyber Security Tools Encryption Hashing & Passwords Cryptography in Practice Firewalls Steganography Cyber Operations Forensics: Digital Forensics Reconnaissance Attack Defense Case Studies Cyber Operations Forensics: Digital Forensics Reconnaissance Attack Defense Case Studies

6

7

8

9 An XKCD-style password generator: The hard-to-remember passwords we're all using are not that secure and hard to remember. Choose four random words and sticking them together instead. This tool generates such a password for you. An XKCD-style password generator: The hard-to-remember passwords we're all using are not that secure and hard to remember. Choose four random words and sticking them together instead. This tool generates such a password for you.

10

11

12

13 CSS and webpage design is left up to instructor

14 Hands-On Collaborative Adaptive

15 “The omission of password rules provides us with a good teaching opportunity to discuss the utility of such password rules: length of password, use of special symbols, uppercase letters, characters different from last password, and so on. ” -------------------------------------------- “Users do not want to have to enter credentials to the browser each time that they make a request to a web server. “ “The omission of password rules provides us with a good teaching opportunity to discuss the utility of such password rules: length of password, use of special symbols, uppercase letters, characters different from last password, and so on. ” -------------------------------------------- “Users do not want to have to enter credentials to the browser each time that they make a request to a web server. “

16 “The instructor then begins announcing the passwords for every student by reading the webserver log for the server running on the instructor computer, demonstrating another weakness in authentication.” -------------------------------------------------------------- “To end the lab, the instructor discusses the importance of sanitizing inputs and how to accomplish this task by escaping the symbols used to denote HTML tags, the symbols. “ “The instructor then begins announcing the passwords for every student by reading the webserver log for the server running on the instructor computer, demonstrating another weakness in authentication.” -------------------------------------------------------------- “To end the lab, the instructor discusses the importance of sanitizing inputs and how to accomplish this task by escaping the symbols used to denote HTML tags, the symbols. “

17 “The professor sends an email with an enticing HTML attachment to an unsuspecting student, or to all students in the section. When a student opens the attachment, the student’s message-board login credentials are used to post a message to the message board. For example, a message is posted as follows: Student: My professor is a real doofus!”

18 Students look at code to make website and answer: “Is there a file mentioned within the mb.cgi script that might be of interest?” Students look at code to make website and answer: “Is there a file mentioned within the mb.cgi script that might be of interest?” rockyou.com break yielded 40 million user passwords that were stored all in an accessible plaintext file Case Study

19 INJECTION ATTACKS AND CROSS_SITE SCRIPTING USERS/PASSWORDS AND AUTHENTICATION

20 “There is no exaggerating our dependence on DoD’s information networks for command and control of our forces, the intelligence and logistics on which they depend, and the weapons technologies we develop and field.” - 2010 Quadrennial Defense Review

21

22

23 CAPT Paul J. Tortora, USN (ret.) Director, Center for Cyber Security Studies 117 Decatur Ave, Leahy Hall, Room 304 United States Naval Academy Annapolis Md 21402 410-293-0933 tortora@usna.edu MIDN 1/C Zac Dannelly | dannellyz@gmail.com

24

25

Download ppt "MIDN Zac Dannelly. May 2009: President's 60-day Cyberspace Policy Review – "expand and train the workforce” May 2010: The Ad Hoc Committee on Cyber Security."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.

17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
By Raymond Greenlaw United States Naval Academy, Annapolis, Maryland Chiang Mai University, Chiang Mai, Thailand Ray gratefully acknowledges partial support.

By Raymond Greenlaw United States Naval Academy, Annapolis, Maryland Chiang Mai University, Chiang Mai, Thailand Ray gratefully acknowledges partial support.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Getting Started in Blackboard. You will need… A web browser, preferably Internet Explorer, version 4.0 or higher An email account and the knowledge of.

Getting Started in Blackboard. You will need… A web browser, preferably Internet Explorer, version 4.0 or higher An account and the knowledge of.
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Chapter 6: Hostile Code Guide to Computer Network Security.

Chapter 6: Hostile Code Guide to Computer Network Security.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Secure Software Development Mini Zeng University of Alabama in Huntsville 1.

Secure Software Development Mini Zeng University of Alabama in Huntsville 1.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Prevent Cross-Site Scripting (XSS) attack

Prevent Cross-Site Scripting (XSS) attack
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
INE1020 Introduction to Internet Engineering Tutorial 8 All about Lab 6.

INE1020 Introduction to Internet Engineering Tutorial 8 All about Lab 6.

Similar presentations

Ads by Google