Presentation is loading. Please wait.

Presentation is loading. Please wait.

Welcome Cyber Defense Bootcamp for High School Teacher Cyber Defense Lab (ISAT/CS Room 140) Department of Computer Science James Madison University Summer,

Similar presentations


Presentation on theme: "Welcome Cyber Defense Bootcamp for High School Teacher Cyber Defense Lab (ISAT/CS Room 140) Department of Computer Science James Madison University Summer,"— Presentation transcript:

1 Welcome Cyber Defense Bootcamp for High School Teacher Cyber Defense Lab (ISAT/CS Room 140) Department of Computer Science James Madison University Summer, 2013

2 Introductions Bryan Conner Livia Griffith Hossain Heydari Andrew Hutchson Evan Johnson Emil Salib Brett Tjaden Xunhua (Steve) Wang

3 Goals Have fun! Teach you about Cyber Defense so that you can: –Interest your students in Cyber Defense –Teach your students about Cyber Defense Cyber Defense Clubs CyberPatriot Program (http://www.uscyberpatriot.org/)

4 Schedule Meet Monday – Friday: –9:00 – 10:15: Session #1 –10:15 – 10:30: Break –10:30 – 11:45: Session #2 –11:45 – 1:00: Lunch –1:00 – 2:15: Session #3 –2:15 – 2:30: Break –2:30 – 4:45: Session #4

5 General Information No food or drinks near our brand-new laptops Restrooms: –Out the door and turn left –Right at main hallway –Right at next hallway –Restrooms are on the right If you have a car on campus see us for a parking permit Fill out a W-9 form if you want your money

6 Questions Always welcome!

7 Cyber Defense Prepare Protect Detect Triage Respond

8 The Information Security Problem Over the last couple of decades, our world has rapidly become very dependent on computers: –Store medical information –Guide aircrafts –Handle the majority of financial transactions There are flaws in our computers: –Operating systems –Applications –Protocols Result: threats

9 Exacerbating the Problem The problem of how to design secure OSs, applications, and protocols is hard Too few security professionals Many users do not understand the magnitude of the threat Many managers do not understand the magnitude of the threat

10 Threats A threat is a potential violation of system security Examples (from Shirey): –Disclosure – unauthorized access to information –Deception – acceptance of false data –Disruption – interruption or prevention of correct operation –Usurpation – unauthorized control of some part of the system

11 Attackers Those who intentionally perform actions that cause security violations –Outsiders: Competitors Hackers Organized crime Terrorists Foreign government, military, or law enforcement –Insiders Customers, suppliers, vendors, or business partners Disgruntled current (or former) employees Contractors, temps, or consultants

12 Types of Attackers Third tier –Script kiddies with little knowledge or skill –Run attack scripts and other software written by more sophisticated attackers Second tier –Moderately knowledgeable and skilled attackers –Discover vulnerabilities; create and disseminate exploit tools First tier –Elite attackers –Discover vulnerabilities; create private tools

13 Why You Should Not Be an Attacker It is illegal: –United States Code, Title 18, Section 1030 (and others) –USA Patriot Act, Homeland Security Act, PROTECT Act –www.cybercrime.gov Basically: –Unauthorized access or use of a computer or network system is illegal –Unintentional attacks are illegal too

14 Understanding the Tools and Techniques of Attackers Important for defenders –Can evaluate systems you defend as attackers will –Can implement countermeasures designed to thwart attackers –Better understand the implications of certain decisions

15 The Pillars of Computer Security The security triad: –Confidentiality –Integrity –Availability

16 The Security Triad Which is most important? –Confidentiality –Integrity –Availability

17 Policy and Mechanism A security policy is a statement of what is, and what is not, allowed –Examples? A security mechanism is a method, tool, or procedure for enforcing a security policy –Examples?

18 Goals of Security Prevention – mechanism(s) that cause attacks to fail –Example? Detection – mechanism(s) that determines that an attack is under way, or has occurred, and reports it –Example? Recovery – mechanism(s) that stop attacks and assess and repair any damage caused –Example?

19 Justifying Policy and Mechanism The benefits of protection should be justified by the cost of designing, implementing, and using the mechanism –Cost-benefit analysis – the benefits of computer security is weighed against the cost –Risk analysis – the level of protection is a function of the probability of an attack occurring and the effect of the attack should it succeed –Laws and customs

20 Getting Started What to do first? –Get to know you systems You cannot effectively defend what you don't understand Attackers make it their job to understand systems better than the defenders and leverage their advantage in knowledge If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle - Sun Tzu

21 Getting Started What to do first? –Get to know you systems You cannot effectively defend what you don't understand Attackers make it their job to understand systems better than the defenders and leverage their advantage in knowledge If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle - Sun Tzu You Don't Know Me - Elvis

22 After You Know Your Systems Think about threats and attackers Think about what needs to be protected (security triad) Think about what security policies and mechanisms you will employ Think about your goals (prevention, detection, recovery) Think about how what policies and mechanisms are justified

23 After You Have Thought About Your Systems Start to plan, implement, and test improvements to your systems' security posture Respond to actions by attackers

24 Getting started Defending Computer Systems Get to know your systems Assess the current security posture of your systems Identify what needs to be protected Think about how threats, attackers, the security triad, security policies/mechanisms, and security goals relate to your systems Plan, implement, and test improvements to your systems' security posture

25 Bootcamp Exercises You will not just be listening, you will be doing Virtual machines (VMs) – a simulated computer running on another computer VMs are great for hands-on Cyber Defense exercises You can create and use VMs with your students using free software: –VirtualBox (https://www.virtualbox.org/) –VMWare Player (http://www.vmware.com/products/player/)

26 Accessing your VM for this Bootcamp Turn on laptop Click on CyberDefender account to log in Double click on Firefox icon to open web browser Enter this information in the vSphere If you are not already on it, go to the following page: https:// :9443/vsphere-client/

27 Accessing your VM for this Bootcamp (cont) Log in with the credentials you were given Click on Host and Clusters Expand the items on the left side until you see yourstudent VM Click on your student VM to highlight it In the center window click on the Summary tab Click on Launch Console Power on the VM


Download ppt "Welcome Cyber Defense Bootcamp for High School Teacher Cyber Defense Lab (ISAT/CS Room 140) Department of Computer Science James Madison University Summer,"

Similar presentations


Ads by Google