1 / 19

Quick Overview of the Course

Computer Security. Quick Overview of the Course. Saeed Rajput, Ph.D. Wikileaks. Issues: Confidentiality Authentication Non-repudiation Availability Audit Privacy Anonymity. Google Versus China. http://www.cnn.com/2010/TECH/01/12/google.china/index.html Please read this Blog:

manchu
Download Presentation

Quick Overview of the Course

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security Quick Overview of the Course Saeed Rajput, Ph.D.

  2. Wikileaks • Issues: • Confidentiality • Authentication • Non-repudiation • Availability • Audit • Privacy • Anonymity

  3. Google Versus China • http://www.cnn.com/2010/TECH/01/12/google.china/index.html • Please read this Blog: • http://googleblog.blogspot.com/2010/01/new-approach-to-china.html SANS: SysAdmin, Audit, Network, Security, Institute • http://www.sans.org/about/sans.php

  4. Recent News: Record data breaches in 2007 http://news.yahoo.com/s/ap/20071231/ap_on_hi_te/data_breaches_5 • Loss or theft of personal data soared to unprecedented levels in 2007: • credit card numbers • Social Security numbers, • Foley’s Group: 79 million+ records reported compromised in the United States through Dec. 18. • Nearly fourfold increase from the nearly 20 million records reported in all of 2006. • Attrition.org, estimates more than 162 million records compromised through Dec. 21 — both in the U.S. and overseas, unlike the other group's U.S.-only list. Attrition reported 49 million last year. • Trend isn't expected to turn around anytime soon: (Why?) • Hackers stay a step ahead of security • Laptops disappear with sensitive information. • Companies, government agencies, schools and other institutions: • spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption

  5. Older News: 2005 • Polo Ralph Lauren Customers' Data Stolen • Theft of Credit Card Information at Polo Ralph Lauren Leaves 180,000 Vulnerable: • Thursday April 14, 11:52 pm ET • Possible security breach "of transaction data associated with a U.S.-based retailer" in January 2005. • Polo Ralph Lauren shares dropped 55 cents, or 1.4 percent, to $37.91 in afternoon trading on the New York Stock Exchange where they have traded in a 52-week range of $31.01 to $42.83. • Shares Outstanding:102.68M (Loss?) • http://www.usatoday.com/tech/news/computersecurity/infotheft/2005-04-14-polo-data-theft_x.htm

  6. Recent News • ChoicePoint Inc., which is based in suburban Atlanta, disclosed in February 2005 that thieves, who operated undetected for more than a year, opened up 50 accounts and received vast amounts of data on some 145,000 consumers nationwide. Authorities said some 750 people were defrauded

  7. Overview of the Course • What is Security? • Background • Basics of Operating Systems • Attacks and Threats • Attacks Against Information Systems • Classification of Threats • Security Concerns • Cryptography • Access Control • Confidentiality • Integrity • Security Areas: • Operating System Security • Database Security

  8. Basics of Operating System • Memory and Paging • General Object Access Control • Procedures • Files • User Authentication

  9. Risk Analysis • Vulnerabilities • Threats • Controls (Countermeasures) • MOM • Method • Opportunity • Motive

  10. Attacks • Known Attacks • Attack Classifications • Passive • Interception • Active • Modification • Fabrication • Denial of Service • Interruption

  11. Security Services • Availability • Integrity • Confidentiality • Authentication

  12. Cryptography • Symmetric Key Cryptography • Public Key Cryptography • Some Algorithms

  13. Other Algorithms Needed for Cryptography • Cryptographic Hash Functions • True Random Number Generators.

  14. Security Services based on Cryptography • Availability • Integrity (Hash Algorithms) • Confidentiality (Symmetric Key) • Authentication (Public/Symmetric Key Cryptography)

  15. Security Infrastructures based on Cryptography • Public Key Infrastructures • Some Security Protocols • SSL • IPSEC

  16. Access Control • Classical Security Models • Bell-La Padula Confidentiality Model • Biba Integrity Model • Graham-Denning Model • Lattice Model • Role Base Access Control (RBAC) • State Machine Model • Information Flow Model • Brewer Nash Model • Clark Wilson Model

  17. Network/Infrastructure Security • Attacks through Networks • Firewalls and their types • Virtual Private Networks • Intrusion Detection Systems

  18. Operating System Security • Memory Protection • Access Control to General Objects • File Protection • User Authentication • Designing Trusted Operating Systems

  19. Database Security • Integrity • Access Control • Inference and Aggregation • Multilevel secure databases • Partitioned • Cryptographically Sealed, and filtered

More Related