We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byHaley Owen
Modified over 3 years ago
© Ravi Sandhu Introduction to Information Security Ravi Sandhu
© 2005 Ravi Sandhu 2 Cyber-security goals have changedCyber-security goals electronic commerce information sharing etcetera multi-party security objectives fuzzy objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose USAGE
© 2005 Ravi Sandhu 3 Cyber-security attacks have changed The professionals have moved in Hacking for fun and fame Hacking for cash, espionage and sabotage
© 2005 Ravi Sandhu 4 INTERNET INSECURITY Internet insecurity spreads at Internet speed Morris worm of 1987 Password sniffing attacks in 1994 IP spoofing attacks in 1995 Denial of service attacks in borne viruses 1999 Distributed denial of service attacks 2000 Fast spreading worms and viruses 2003 Spam 2004 Phishing 2005 Botnets 2005 … no end in sight Internet insecurity grows at super-Internet speed security incidents are growing faster than the Internet (which has roughly doubled every year since 1988)
© 2005 Ravi Sandhu SECURITY TECHNIQUES Prevention access control Detection and Recovery auditing/intrusion detection incident response Acceptance practicality
© 2005 Ravi Sandhu THREATS, VULNERABILITIES ASSETS AND RISK THREATS are possible attacks VULNERABILITIES are weaknesses ASSETS are information and resources that need protection RISK requires assessment of threats, vulnerabilities and assets
© 2005 Ravi Sandhu 7 RISK Outsider Attack – insider attack Insider Attack – outsider attack
© 2005 Ravi Sandhu PERSPECTIVE ON SECURITY No silver bullets A process NOT a turn-key product Requires a conservative stance Requires defense-in-depth A secondary objective Absolute security does not exist Security in most systems can be improved
© 2005 Ravi Sandhu 9 PERSPECTIVE ON SECURITY absolute security is impossible does not mean absolute insecurity is acceptable
© 2005 Ravi Sandhu 10 CLASSICAL INTRUSIONS SCENARIO 1 Insider attack The insider is already an authorized user Insider acquires privileged access exploiting bugs in privileged system programs exploiting poorly configured privileges Install backdoors/Trojan horses to facilitate subsequent acquisition of privileged access
© 2005 Ravi Sandhu 11 CLASSICAL INTRUSIONS SCENARIO 2 Outsider attack Acquire access to an authorized account Perpetrate an insider attack
© 2005 Ravi Sandhu 12 NETWORK INTRUSIONS SCENARIO 3 Outsider/Insider attack Spoof network protocols to effectively acquire access to an authorized account
© 2005 Ravi Sandhu 13 DENIAL OF SERVICE ATTACKS Flooding network ports with attack source masking TCP/SYN flooding of internet service providers in 1996
© 2005 Ravi Sandhu 14 INFRASTRUCTURE ATTACKS router attacks modify router configurations domain name server attacks internet service attacks web sites ftp archives
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
Got Security? Information Assurance Considerations for Your Research, Course Projects, and Everyday Life James Cannady, Ph.D. Assistant Professor.
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.
Network security Cs634 IS Course Content Materials Assessment 2 Agenda.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Network security Cs634 IS Course Content Materials Assessment Agenda 2.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
October 12th, 2004U.S. National Cybersecurity U.S. National Cybersecurity Understanding Internet Security William J. Perry Martin Casado Keith Coleman.
Information Assurance: A Personal Perspective Ravi Sandhu
Network Security Lecture 31 Presented by: Dr. Munam Ali Shah.
2013 Pearson Education, Inc. Publishing as Prentice Hall, AIS, 11/e, by Bodnar/Hopwood Chapter 6 6 – 1 Information Security.
Chapter 11 E-Commerce Security. What is Security? Dictionary Definition: protection or defense against attack, interference, espionage, etc. Computer.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
1/42 Arab Academy for Banking &Financial Sciences Faculty of Information Systems & Technology - Department of CIS Information System Security Ph.D Prepared.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Business Plug-In B6 Information Security.
ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.
1 Introduction to Information Security Spring 2012.
Chapter 15 Computer Crime and Information Technology Security Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
1 Introduction to Network Security Spring Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.
Information Security Xiangming Mu. What is Information Security About information policy, information privacy, information ownership About information.
1-1/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 INFORMATION WARFARE Part 1: Fundamentals Advanced Course in Engineering 2006 Cyber.
Stephen S. Yau CSE , Fall Security Strategies.
Chapter 01: Introduction to Network Security. Network A Network is the inter-connection of communications media, connectivity equipment, and electronic.
Incident Response Managing Security at Microsoft Published: April 2004.
Prentice Hall, Chapter 13 E-Commerce Security.
© 2017 SlidePlayer.com Inc. All rights reserved.