1. Computers and Security by Calder Jones

2. What is Computer Security Computer Security is the protection of computing systems and the data that they store or access

3. Early history - 1950’s ➔ Development of the Tempest Security Standard ➔ Organization of the U.S. Communications Security Board

4. 1960’s ➔ 1967 Spring Joint Computer Conference ◆ First comprehensive computer security presentation ➔ 1967 Defense Advanced Research Projects Agency (DARPA) established

5. History 1970-1977 ➔ 1970 Tiger Teams ➔ 1973 Robert Metcalfe warns the ARPANET working group that it is far too easy to gain access to the network ➔ 1977 Abraham A. Ribicoff introduces the federal computer systems protection act which defines “computer crimes” and recommends penalties for them

6. Condensed History 1977-1988 ➔ 1983 The Orange Book ➔ 1986 The first pc virus “The Brain” is created ➔ 1988 Morris Worm ◆ crashes 600 of the 60,000 computer linked to the internet ◆ Robert Tappan Morris is the first person convicted by a jury under the Computer Fraud and Abuse Act

7. Condensed History 1988-2000 ➔ 1996 hackers find web tools that allow them to take remote control of computers on the internet ➔ 2000 new computer worms spread across the internet

8. Condensed History 2000 - Present Day ➔ Many new viruses and malware appear as the internet explodes in popularity ➔ New exploits found in smartphones ➔ Security researchers publish a guide to hacking automobiles

9. Problems ➔ Finding new ways to secure a system encourages hackers to find new ways to break in

10. Goals of hackers ➔ STRIDE ◆ Spoofing ◆ Tampering ◆ Repudiation ◆ Information disclosure ◆ Denial of service ◆ Elevation of Privilege

11. Spoofing ➔ Attempting to gain access to a system by using a false identity CounterMeasures ➔ Use strong authentication ➔ Do not store secrets (i.e. passwords) in plain text

12. Tampering Unauthorized modification of data CounterMeasures ➔ Use data hashing and signing ➔ Use digital signatures ➔ Use strong authorization ➔ Use tamper-resistant protocols across communication links

13. Repudiation The ability of users to deny that they performed specific actions or transactions. CounterMeasure ➔ Create secure audit trails ➔ Use digital signatures

14. Information disclosure Unwanted exposure of private data. CounterMeasures ➔ Use strong authorization ➔ Use Strong encryption ➔ Secure communication links with protocols that provide message confidentiality

15. Denial of service The process of making a system or application unavailable CounterMeasures ➔ Use resource and bandwidth throttling techniques ➔ Validate and filter input

16. Elevation of privilege When a user with limited privileges assumes the identity of a privileged user to gain privileged access to an application CounterMeasures ➔ Follow the principle of least privilege

17. Current and Future issues ➔ Hackers gain more avenues for entry the more we become connected with technology (i.e. homes,cars,personal devices) ➔ Keeping the Cloud secure

18. Sources "Chapter 2 – Threats and Countermeasures." Threats and Countermeasures. Microsoft, n.d. Web. 31 Jan. 2016. "Computer Security Threats: A Brief History - Power More." Power More Computer Security Threats A Brief History Comments. N.p., 28 Aug. 2014. Web. 31 Jan. 2016. Gasser, Morrie. Building a Secure Computer System. New York: Van Nostrand Reinhold, 1988. Web. Hirose, Shoichi. "Security Analysis of DRBG Using HMAC in NIST SP 800-90." Information Security Applications Lecture Notes in Computer Science (n.d.): 278-91. Web. "Timeline: The U.S. Government and Cybersecurity." Washington Post. The Washington Post, n.d. Web. 31 Jan. 2016.