Presentation is loading. Please wait.

Presentation is loading. Please wait.

Welcome Cyber Defense Bootcamp for High School Teacher

Similar presentations


Presentation on theme: "Welcome Cyber Defense Bootcamp for High School Teacher"— Presentation transcript:

1 Welcome Cyber Defense Bootcamp for High School Teacher
Cyber Defense Lab (ISAT/CS Room 140) Department of Computer Science James Madison University Summer, 2013

2 Introductions Bryan Conner Livia Griffith Hossain Heydari
Andrew Hutchson Evan Johnson Emil Salib Brett Tjaden Xunhua (Steve) Wang

3 Goals Have fun! Teach you about Cyber Defense so that you can:
Interest your students in Cyber Defense Teach your students about Cyber Defense Cyber Defense Clubs CyberPatriot Program (http://www.uscyberpatriot.org/)

4 Schedule Meet Monday – Friday: 9:00 – 10:15: Session #1
10:15 – 10:30: Break 10:30 – 11:45: Session #2 11:45 – 1:00: Lunch 1:00 – 2:15: Session #3 2:15 – 2:30: Break 2:30 – 4:45: Session #4

5 General Information No food or drinks near our brand-new laptops
Restrooms: Out the door and turn left Right at main hallway Right at next hallway Restrooms are on the right If you have a car on campus see us for a parking permit Fill out a W-9 form if you want your money

6 Questions Always welcome!

7 Cyber Defense Prepare Protect Detect Triage Respond

8 The Information Security Problem
Over the last couple of decades, our world has rapidly become very dependent on computers: Store medical information Guide aircrafts Handle the majority of financial transactions There are flaws in our computers’: Operating systems Applications Protocols Result: threats

9 Exacerbating the Problem
The problem of how to design secure OSs, applications, and protocols is hard Too few security professionals Many users do not understand the magnitude of the threat Many managers do not understand the magnitude of the threat

10 Threats A threat is a potential violation of system security
Examples (from Shirey): Disclosure – unauthorized access to information Deception – acceptance of false data Disruption – interruption or prevention of correct operation Usurpation – unauthorized control of some part of the system

11 Attackers Those who intentionally perform actions that cause security violations Outsiders: Competitors Hackers Organized crime Terrorists Foreign government, military, or law enforcement Insiders Customers, suppliers, vendors, or business partners Disgruntled current (or former) employees Contractors, temps, or consultants

12 Types of Attackers Third tier Second tier First tier
“Script kiddies” with little knowledge or skill Run attack scripts and other software written by more sophisticated attackers Second tier Moderately knowledgeable and skilled attackers Discover vulnerabilities; create and disseminate exploit tools First tier Elite attackers Discover vulnerabilities; create private tools

13 Why You Should Not Be an Attacker
It is illegal: United States Code, Title 18, Section 1030 (and others) USA Patriot Act, Homeland Security Act, PROTECT Act Basically: Unauthorized access or use of a computer or network system is illegal Unintentional attacks are illegal too

14 Understanding the Tools and Techniques of Attackers
Important for defenders Can evaluate systems you defend as attackers will Can implement countermeasures designed to thwart attackers Better understand the implications of certain decisions

15 The Pillars of Computer Security
The security “triad”: Confidentiality Integrity Availability

16 The Security Triad Which is most important? Confidentiality Integrity
Availability

17 Policy and Mechanism A security policy is a statement of what is, and what is not, allowed Examples? A security mechanism is a method, tool, or procedure for enforcing a security policy

18 Goals of Security Prevention – mechanism(s) that cause attacks to fail
Example? Detection – mechanism(s) that determines that an attack is under way, or has occurred, and reports it Recovery – mechanism(s) that stop attacks and assess and repair any damage caused

19 Justifying Policy and Mechanism
The benefits of protection should be justified by the cost of designing, implementing, and using the mechanism Cost-benefit analysis – the benefits of computer security is weighed against the cost Risk analysis – the level of protection is a function of the probability of an attack occurring and the effect of the attack should it succeed Laws and customs

20 Getting Started What to do first? Get to know you systems
You cannot effectively defend what you don't understand Attackers make it their job to understand systems better than the defenders and leverage their advantage in knowledge “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle” - Sun Tzu

21 Getting Started What to do first? Get to know you systems
You cannot effectively defend what you don't understand Attackers make it their job to understand systems better than the defenders and leverage their advantage in knowledge “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle” - Sun Tzu “You Don't Know Me” - Elvis

22 After You Know Your Systems
Think about threats and attackers Think about what needs to be protected (security triad) Think about what security policies and mechanisms you will employ Think about your goals (prevention, detection, recovery) Think about how what policies and mechanisms are justified

23 After You Have Thought About Your Systems
Start to plan, implement, and test improvements to your systems' security posture Respond to actions by attackers

24 Getting started Defending Computer Systems
Get to know your systems Assess the current security posture of your systems Identify what needs to be protected Think about how threats, attackers, the security triad, security policies/mechanisms, and security goals relate to your systems Plan, implement, and test improvements to your systems' security posture

25 Bootcamp Exercises You will not just be listening, you will be doing
Virtual machines (VMs) – a simulated computer running on another computer VMs are great for hands-on Cyber Defense exercises You can create and use VMs with your students using free software: VirtualBox (https://www.virtualbox.org/) VMWare Player (http://www.vmware.com/products/player/)

26 Accessing your VM for this Bootcamp
Turn on laptop Click on “CyberDefender” account to log in Double click on Firefox icon to open web browser Enter this information in the vSphere If you are not already on it, go to the following page: https:// :9443/vsphere-client/

27 Accessing your VM for this Bootcamp (cont)
Log in with the credentials you were given Click on “Host and Clusters” Expand the items on the left side until you see your “student” VM Click on your student VM to highlight it In the center window click on the “Summary” tab Click on “Launch Console” Power on the VM


Download ppt "Welcome Cyber Defense Bootcamp for High School Teacher"

Similar presentations


Ads by Google