We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byHaley Owen
Modified over 2 years ago
© Ravi Sandhu Introduction to Information Security Ravi Sandhu
© 2005 Ravi Sandhu 2 Cyber-security goals have changedCyber-security goals electronic commerce information sharing etcetera multi-party security objectives fuzzy objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose USAGE
© 2005 Ravi Sandhu 3 Cyber-security attacks have changed The professionals have moved in Hacking for fun and fame Hacking for cash, espionage and sabotage
© 2005 Ravi Sandhu 4 INTERNET INSECURITY Internet insecurity spreads at Internet speed Morris worm of 1987 Password sniffing attacks in 1994 IP spoofing attacks in 1995 Denial of service attacks in borne viruses 1999 Distributed denial of service attacks 2000 Fast spreading worms and viruses 2003 Spam 2004 Phishing 2005 Botnets 2005 … no end in sight Internet insecurity grows at super-Internet speed security incidents are growing faster than the Internet (which has roughly doubled every year since 1988)
© 2005 Ravi Sandhu SECURITY TECHNIQUES Prevention access control Detection and Recovery auditing/intrusion detection incident response Acceptance practicality
© 2005 Ravi Sandhu THREATS, VULNERABILITIES ASSETS AND RISK THREATS are possible attacks VULNERABILITIES are weaknesses ASSETS are information and resources that need protection RISK requires assessment of threats, vulnerabilities and assets
© 2005 Ravi Sandhu 7 RISK Outsider Attack – insider attack Insider Attack – outsider attack
© 2005 Ravi Sandhu PERSPECTIVE ON SECURITY No silver bullets A process NOT a turn-key product Requires a conservative stance Requires defense-in-depth A secondary objective Absolute security does not exist Security in most systems can be improved
© 2005 Ravi Sandhu 9 PERSPECTIVE ON SECURITY absolute security is impossible does not mean absolute insecurity is acceptable
© 2005 Ravi Sandhu 10 CLASSICAL INTRUSIONS SCENARIO 1 Insider attack The insider is already an authorized user Insider acquires privileged access exploiting bugs in privileged system programs exploiting poorly configured privileges Install backdoors/Trojan horses to facilitate subsequent acquisition of privileged access
© 2005 Ravi Sandhu 11 CLASSICAL INTRUSIONS SCENARIO 2 Outsider attack Acquire access to an authorized account Perpetrate an insider attack
© 2005 Ravi Sandhu 12 NETWORK INTRUSIONS SCENARIO 3 Outsider/Insider attack Spoof network protocols to effectively acquire access to an authorized account
© 2005 Ravi Sandhu 13 DENIAL OF SERVICE ATTACKS Flooding network ports with attack source masking TCP/SYN flooding of internet service providers in 1996
© 2005 Ravi Sandhu 14 INFRASTRUCTURE ATTACKS router attacks modify router configurations domain name server attacks internet service attacks web sites ftp archives
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
Information Assurance: A Personal Perspective Ravi Sandhu
1-1/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 INFORMATION WARFARE Part 1: Fundamentals Advanced Course in Engineering 2006 Cyber.
Incident Response Managing Security at Microsoft Published: April 2004.
© 2009 Pearson Education, Inc. Publishing as Prentice Hall Chapter 9 Pankos Business Data Networks and Telecommunications, 7th edition © 2009 Pearson Education,
ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.
Course Overview and Introduction Nick Feamster CS 6262: Network Security Spring 2009.
Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
Security Presented by: Mark Davis & Shahein Moussavi.
1 E-business Security and Control 2 Opening Case: Visa 10 commandments for online merchants – Maintaining a network firewall – Keeping security patches.
Introduction to Network Security INFSCI 1075: Network Security Amir Masoumzadeh.
1 Sensitive Data Management in Financial Systems Mike Gurevich President and CEO INVENTIGO.
Chapter 11 E-Commerce Security. Electronic CommercePrentice Hall © Learning Objectives 1.Document the trends in computer and network security attacks.
Security Threats and Protection Mechanisms. Learning Objectives Internet security issues (intellectual property rights, client, communication channels,
Securing a Virtualized Environment Stefano Alei Senior Systems Engineer.
Common types of online attacks Dr.Talal Alkharobi.
Unwanted Network Traffic: Threats and Countermeasures CS 3251 Prof. Nick Feamster November 13, 2006.
Copyright, The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce.
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
Attacks and Defenses Nick Feamster CS 4251 Spring 2008.
E. Gelbstein A. Kamal Information Insecurity Part I: The Problem Next slide: PgDn or Click Previous slide: PgUp To quit the presentation: Esc 1 of 49 Information.
Copyright, Information Security Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce.
Chapter 11 E-COMMERCE SECURITY. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall1 Learning Objectives Explain EC-related.
1 CS5038 The Electronic Society Lecture 12: Security and Crime Online Lecture Outline Types of Attacks Security Problems Major security issues in online.
International Telecommunication Union IP NGN Security Framework Mikhail Kader, Distinguished Systems Engineer, Cisco, Russia ITU-T Workshop.
Malware, Viruses, Worms Nick Feamster CS 6262 Spring 2009.
© 2016 SlidePlayer.com Inc. All rights reserved.