Presentation is loading. Please wait.

Presentation is loading. Please wait.

Telecommunications Networking II Lecture 41a Information Assurance.

Published byEzra Young Modified over 8 years ago

Similar presentations

Presentation on theme: "Telecommunications Networking II Lecture 41a Information Assurance."— Presentation transcript:

1 Telecommunications Networking II Lecture 41a Information Assurance

2 Historical perspective Ever since people have been able to express their views about anything, they have expressed concerns about privacy: -British common law: “A man’s home is his castle” -the U.S. Constitution: protections against “search and seizure” - “Gentlemen don’t read each other’s mail” (President Harry Truman)

3 Historical perspective Ever since people have been able to express their views, they have expressed concerns about privacy (continued): -attorney/client, doctor/patient, and priest/parishioner….protections of information discussed from legal discovery -penalties for tampering with U.S. mail -“wiretapping” laws

4 Historical perspective Ever since people began competing for power, territorial control, physical assets, and money they have recognized the importance of timely and accurate information -lifting the “fog of war” -understanding the enemy’s intentions -“getting inside the enemy’s decision cycle” -“loose lips sink ships” (continued on next slide)

5 Historical perspective Ever since people began competing for power, territorial control, physical assets, and money they have recognized the importance of timely and accurate information (continued) -Understanding the customer’s needs -Understanding the competition (industrial espionage as well as legal industrial intelligence activities)

6 Historical perspective Ever since people began competing for power, territorial control, physical assets, and money, they have attempted to gain more information through whatever means is at their disposal; and they have also tried to disrupt their adversary’s information flows Likewise, they have tried to protect their information and their information infrastructures

7 Historical perspective...they have also tried to intercept and/or disrupt their adversaries’ information flows - “steaming” open envelopes -electronic eavesdropping -cutting communication lines between enemy commanders and troops -jamming radio communications -sending intentionally misleading messages -code breaking (e.g., in WWII)

8 Historical perspective...they have tried to protect their information and their information infrastructures -wax “seals” -cryptography -signatures -notarized documents -LPI (low probability of intercept) communication systems -“hardened” satellite communication systems

9 Information Assurance and Network Integrity: the Present More and more people and organizations are becoming dependent upon computers, networks, and network-based applications (e.g., electronic commerce moving toward $1T/year very rapidly)

10 Information Assurance and Network Integrity: the Present There is a growing concern with regard to: -Privacy (unauthorized access to personal/sensitive/proprietary/classified DoD information) -Theft (e.g., using stolen credit card numbers) -Reliability (i.e., will my network-based applications work when I need to use them?)

11 Information Assurance and Network Integrity: the Present If a single new virus, worm, or Trojan horse attack causes each of 100 million computer users to spend 1 hour learning about the new threat, downloading software to defend against the threat, taking other actions… … and if an hour of each person’s time is, on average, worth $50.00… …then each new “event” produces a societal cost of $5B

12 Information Assurance and Network Integrity: the Present Recent examples of information assurance problems: -Major loss of paging systems in the US (single satellite failure) -Increasing numbers of virus/worm/Trojan horse/etc., incidents -Intrusions into government/DoD systems -E-bay outage for ~24 hours

13 Information Assurance and Network Integrity: the Present -Incorrect data downloaded into the Internet’s Domain Name System (DNS) root servers disrupted conversion of Internet “names” like sdp@ece.drexel.edu into Internet addresses like 144.118.31.1 for ~24 hours -others that can’t be discussed in public

14 Information Assurance and Network Integrity: the Present Some of these problems are associated with things which we “do to ourselves”. I.e., no malicious intent Some of these problems are the result of intentional acts, ranging from mischief to criminal activities to state-sponsored terrorism

15 Information Assurance and Network Integrity: the Present Some of these problems are associated with violations of privacy, unauthorized access to information, providing false identities, or unauthorized modification of information Some of these problems are associated with “denial of service” (disrupting systems and applications)

16 Attacks

17 Types of attacks Eavesdropping: - I read your message while it is passing through a network - I listen in on your conversation with one or more other person(s) - I monitor which Web pages you are accessing - I monitor how many messages you send, and to whom they are sent (traffic analysis) - I monitor where you are, by looking at your messages

18 Types of attacks Eavesdropping (continued): Eavesdropping is a passive, read-only activity, in the sense that I don’t change anything about your messages. Eavesdrop: To secretly listen in on a private conversation

19 Types of attacks Unauthorized “read” access I read a file that is stored on one of your servers or other computers This requires that I obtain access to your computer, either via a network, or by some other means. E.g., I physically access your computer; I loan you a floppy disk that contains a malicious application, that copies your files on to the disk…which you return to me (Trojan horse attack)

20 Types of attacks Content tampering -I change the content of a message passing through a network, or I change the contents of a database (e.g., I change the information on one of your Web pages) Tampering with a message in transit can be done by substitution Tampering with the contents of a computer requires access and “write” privileges

21 Types of attacks Impersonation -I send you a document or a message that appears to have been sent by someone else The ability to prove that a message is “authentic” : the sender is who he or she claims to be, and the content has not been modified since it was created by the authentic sender is called “non-repudiation”

22 Types of attacks “Denial-of- service” attacks -I prevent your messages from being delivered by attacking one or more routers or by attacking the domain name system -I cause congestion your network that prevents you from doing what you want to do (e.g., I send you a gigantic E-mail file, and clog your mail server) -I bombard you with junk messages -I disable your network’s password authentication system

23 Prognosis Of all of these attacks, denial-of-service attacks are the most problematic, on a forward-looking basis The attacker has the advantage. He or she only has to find one vulnerability to exploit. The defender needs to anticipate all possible attacks.

Download ppt "Telecommunications Networking II Lecture 41a Information Assurance."

Similar presentations

CS5038 The Electronic Society

CS5038 The Electronic Society
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 Agendas Chapter 5 (Recap) Chapters 6 – Diverse IT Infrastructures Case – The iPremier Company: Denial of Service Attack.

1 Agendas Chapter 5 (Recap) Chapters 6 – Diverse IT Infrastructures Case – The iPremier Company: Denial of Service Attack.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

Similar presentations

Ads by Google