1 / 33

Security and Ethical Challenges

Security and Ethical Challenges. Prof. Dr. Yang Dehua School of Economics and Management Tongji University. Outlines. Security Challenges Societal Challenges Ethical Issues Security Management Security Measures. Security, and Societal Challenges of IT. Some Important Aspects Crime

leda
Download Presentation

Security and Ethical Challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Ethical Challenges Prof. Dr. Yang Dehua School of Economics and Management Tongji University

  2. Outlines • Security Challenges • Societal Challenges • Ethical Issues • Security Management • Security Measures

  3. Security, and Societal Challenges of IT • Some Important Aspects • Crime • Privacy • Employment • Health • Individuality • Working conditions • Computer monitoring

  4. Security Attacks • Normal Flow of Data Interruption • Interception

  5. Security Attacks • Modification • Fabrication

  6. Computer Crime Types • Virus and Malicious Code • Denial of Service • Spam E-Mail • Unauthorized Access by an Insider • Phishing • Unauthorized Access by an Outsider • Fraud

  7. Computer Crime Types • Theft of Intellectual Property • Theft of Other Proprietary Info • Employee Identity Theft • Sabotage by An Insider • Sabotage by An Outsider • Extortion by An Insider • Extortion by An Outsider • Other

  8. Computer Crime Categories • Computer Crime Categories • Hacking • Cyber theft • Unauthorized use at work • Software piracy • Piracy of intellectual property • Computer viruses and worms

  9. Ethical Responsibility of Business Professionals • Ethical Responsibility of Business Professionals • Business ethics • Equity • Rights • Honesty • Exercise of corporate power

  10. Technology Ethics • Technology Ethics • Proportionality • Informed Consent • Justice • Minimized risk

  11. Privacy Issues • Privacy Issues • Privacy on the Internet • Computer matching • Privacy laws • Computer libel and censorship • Some examples

  12. Other Challenges • Other Challenges • Employment • Computer monitoring • Working conditions • Individuality • Health • Society

  13. Security Services • Conerstones of Security • Confidentiality • Authenticity • Integrity • Nonrepudiation • Access Control • Availability/Survivability

  14. Security Management • Managerial Issues • Enterprise Security Policies • Security Processes and Procedures • Enterprise Best Practices • Security Life Cycle Management

  15. Security Management • Security Knowledge in Practice

  16. Security Management • Technical Security Measures • Firewalls • Encryption • Access control • Intrusion detection • Monitoring • Others

  17. Firewalls • Protecting Intranets from Attacking • Using Proxies • Application Level Proxy • Circuit Level Proxy • Packet Filtering

  18. Firewalls • Two-Homed Bastion

  19. Firewalls • Screened Subnet Bastion

  20. Intranet Router Internet Routing Table Filtering via Routers • Filtering

  21. Encryptions • Symmetric encryption • Asymmetric encryption • Cryptography • Reviews of encryption issues • Strength • Key length • Algorithm

  22. Asymmetric Encryptions • Public key encryption principle • PKI components • Plaintext • Encryption algorithm • Public/Private key • Ciphertext • Decryption algorithm

  23. Encryption and Decryption • Public Key Cryptography Encryption Decryption Public Key Private Key Plaintext Plaintext Ciphertext

  24. Public Key Encryptions • CA and certificate • Public key cryptography algorithms • RSA • Digital Signature standard(SHA-1, DSA) • Elliptic-Curve cryptography(ECC) • Diffie-Hellman key exchange • Many others

  25. Public Key Encryptions • Applications of public key cryptosystem • Encryption/Decryption • Digital signature • Key exchange • Authentication • Integrity checkup

  26. Encryption Protocols • Security Protocols • SSL • SET • Characteristics • VPN • IPSec VPN • SSL VPN

  27. SSL Protocol Message Digest Digital Signature Digital Envelope Message Digest Secret Key Message Message Private Key Private Signature Key Compare Secret Encrypted Encrypted Key Message Message Sender Certificate Message Digital Signature Receiver Certificate Digital Sender Public Public Key Digest Envelope Signature Key

  28. SET

  29. VPN • An Example of IPSec VPN

  30. RAID Disks Anti-Virus Server Network Mgmt Fiber Switch App/Data Server IDS SSL VPN Gateway Switch Apps and Data Area FTP Server Firewall Web Server Router E-Mail Server DMZ Area InternetSSL VPN Tunnel VPN • Example of SSL VPN

  31. Other Defense Measures • Other Defense Measures • Protection from denial of service • E-Mail monitoring • Anti-Virus • Implementation of security codes • Backup systems • Intrude detection system • Biometric security measures

  32. Defense Measures • Failure controls • Fault tolerant systems • Disaster recovery • BPCM

  33. System Controls and Auditing • System Data Input • System Auditing and Logging • System Controls • Hardware • System software • Applications • Utilities

More Related