Escolar Documentos
Profissional Documentos
Cultura Documentos
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)
C.I.A.
Confidentiality-prevent unauthorized disclosure (Threat: unauthorized access)
we need them
(Threat: Denial of service)
Other Concerns
Liability: someone can use our computers to do bad things that leave us with the liability Reputation: security issues can make us look bad, affecting parental trust, recruiting Legal: a growing body of law requires that we do certain things to secure our systems (FERPA, HIPAA)
Easy Negotiability
$$
virus
Security attacks
Computer Viruses Trojan Horses Address Book theft DNS Poisoning Zombies, IP Spoofing Password Grabbers Network Worms Logic Bombs Hijacked Home Pages Denial of Service Attacks Buffer Overruns Password Crackers
Popular Fallacies
If I never log off then my computer can never get a virus If I lock my office door then my computer can never get a virus Companies create viruses so they can sell anti-virus software will protect me
Microsoft
Hacker Motivations
Attack the Evil Empire (Microsoft)
Typical Symptoms
File deletion
File corruption
Visual effects
Pop-Ups
6.
7. 8. 9. 10.
not simple easy to get it wrong must consider potential attacks procedures used counter-intuitive involve algorithms and secret info must decide where to deploy mechanisms battle of wits between attacker / admin not perceived on benefit until fails requires regular monitoring a process, not an event too often an after-thought regarded as impediment to using system Unusable security is not secure
Aspects of Security
consider three aspects of e-security: security attack security mechanism (control) security service
Security Attacks:
Interruption
Interceptor
Modification Fabrication Viruses
Security Attack
Passive Attacks:
Release of message contents Interception(confidentiality) Traffic Analysis
Fabricate message
Modify message
Handling Attacks
Passive attacks focus on Prevention
Easy to stop
Hard to detect
Easy to detect
Security Perimeter
o Firewalls o Authentication
Directory structure
Access to system directories could be a threat
Security Strategies
Use a separate host
Permanently connected to the Internet, not to your network. Users dial in to a separate host and get onto the Internet through it.
Passwords
Most important protection Should be at least eight characters long
Change regularly
Security Services
Authentication - assurance that communicating entity is the one
claimed have both peer-entity & data origin authentication
authorized entity
Non-Repudiation - protection against denial by one of the parties in a communication Availability resource accessible/usable
Security Mechanism
feature designed to detect, prevent, or recover from a security attack
Security Mechanisms
specific security mechanisms:
digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization
algorithm
develop methods to distribute and share the secret information