1 / 16

Secrets & Lies Digital Security in a Networked World

Bruce Schneier. Secrets & Lies Digital Security in a Networked World. Lanette Dowell November 25, 2009. Introduction. “It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics” – Bruce Schneier in Applied Cryptography 1996 Security is a chain

yagil
Download Presentation

Secrets & Lies Digital Security in a Networked World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bruce Schneier Secrets & LiesDigital Security in a Networked World Lanette Dowell November 25, 2009

  2. Introduction • “It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics” – Bruce Schneier in Applied Cryptography 1996 • Security is a chain • It's only as secure as the weakest link. • Security is a process, not a product.

  3. Part 1: The Landscape • Who are the attackers? • What do they want? • What do we need to deal with threats?

  4. Part 1: The Landscape • Real life vs Digital World • Criminal Attacks • “How can I acquire the maximum financial return by attacking the system?” • Privacy Violations • Publicity Attacks • Legal Attacks

  5. Part 1: The Landscape • Who are the bad guys? • Hackers • Criminals / Organized Crime • Insiders • Industrial Espionage • Press • Terrorists • National Intelligent Organizations • Infowarriors

  6. Part 1: The Landscape • What do we need? • Privacy • Multilevel security • Anonymity • Authentication • Integrity

  7. Part 2: Technologies • Examples of security technologies and their limitations • Cryptography

  8. Part 2: Technologies • Identification and Authentication • Passwords • Biometrics • Access Tokens

  9. Part 2: Technologies • Networked-Computer Security • Malicious Software • Viruses • Worms • Trojan Horses • Websites • URL hacking • Cookies • Etc…

  10. Part 2: Technologies • Network Defences • Firewalls • DMZ (Demilitarized Zones) • VPN (Virtual Private Networks) • Honey Pots and Burglar Zones • Vulnerability Scanners • Email Security

  11. Part 2: Technologies • Software Reliability • Faulty code • Buffer overflows • “Computers are stupid” • Secure Hardware • Putting a $100K lock on a cardboard house

  12. Part 2: Technologies • Human Factor • Social engineering • Risks • Insiders

  13. Part 3: Strategies • Given the requirements of landscape, and the limitations of the technology, what do we do now?

  14. Part 3: Strategies • Threat Modeling and Risk Assessment • Attack Trees • Product testing • Verification • More software complexity = more security risks (next slide, Windows…)

  15. Part 3: Strategies • Lines of code in Windows: • Windows 3.1: 3 million • Windows NT: 4 million • Windows 95: 15 million • Windows NT 4.0: 16.5 million • Windows 98: 18 million • Windows 2000: 35-60 million

  16. Conclusion • Computer bugs, vulnerabilities. • Should they be published publically? • Work towards stronger software and hardware

More Related