1. Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information Security Risks, Part I Module 1: Denial of Service Attacks Module 2: Network Intrusions –Spoofing Module 3: Network Intrusions –Session Hijacking, ARP Poisoning, etc. Module 4: Software Vulnerabilities Module 5: Malicious Code  Module 6: Summary

2. Module 6 Summary

3. Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 3 Summary Information Security Risks, Part I Several network based threats exist in information systems –Intrusion –Denial of service –Propagation of malicious code No single method is sufficient to defend against all the attacks –Several different controls need to be imposed to gain effective security –Several concepts have been presented in the literature –Defense in Depth –Layered Defense –Onion peel model –All different approaches point to multiple defense strategies

4. Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 4 CERT, CERIAS, & NIST Websites Pfleeger, C.P., & Pfleeger, S.L. (2002). Security in Computing, Third Edition. Prentice Hall: Upper Saddle River, NJ. Cole, E. (2001). Hackers Beware: The Ultimate Guide to Network Security. SANS Security Institute. Computer Knowledge. (2003). Computer Virus Tutorial. http://www.cknow.com/vtutor/ http://www.cknow.com/vtutor/ Schweitzer, D. (2002). Securing the Network from Malicious Code: A Complete Guide to Defending Against Viruses, Worms, and Trojans. Indianapolis, IN: Wiley Publishing, Inc. Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-30. 1-55. Suggested Reading Information Security Risks, Part I

5. Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 5 Acknowledgements Grants and Personnel Support for this work has been provided through grants from the following agencies –National Science Foundation (NSF 0210379) –Department of Education (FIPSE) Damira Pon, from the Center of Information Forensics and Assurance contributed extensively by reviewing and editing the material Robert Bangert-Drowns from the School of Education reviewed the material from a pedagogical view. Melissa Dark & Ting Zhuang from Purdue University provided a critique of the material and facilitated creation of a distance delivery version of the course.