Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 2 Page 1 CS 236 Online Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Published byAbner Adams Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 2 Page 1 CS 236 Online Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher."— Presentation transcript:

1 Lecture 2 Page 1 CS 236 Online Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

2 Lecture 2 Page 2 CS 236 Online What’s This Prolog Stuff? When I can, I will add a short presentation to each lecture Discussing application of material from the previous or recent lectures Generally stuff that’s pretty timely

3 Lecture 2 Page 3 CS 236 Online Do We Really Care About Security? Security gets a lot of lip-service But is the community out there really behind it? –Particularly the industrial community that builds our software? Three recent stories suggest maybe not

4 Lecture 2 Page 4 CS 236 Online 1. Fun With Firewire Many computers have firewire interfaces –Especially laptops These interfaces allow direct access to memory –No access control –No nuthin’

5 Lecture 2 Page 5 CS 236 Online What’s That Mean? Anyone who hooks up a firewire device to your laptop doesn’t need to log in He can just read and alter the memory Proof-of-concept tool 1 allows you to own Windows machine in seconds – 1 http://www.darkreading.com/document.asp?doc_id=147713&f_src=drweekly

6 Lecture 2 Page 6 CS 236 Online What’s the Response? “Well, duh, that’s what Firewire is supposed to do” In other words, we designed your computer to let anyone take it over –If they have physical access All this login stuff is just window dressing to impress the rubes

7 Lecture 2 Page 7 CS 236 Online 2. Backdoor Processors Many devices come with complete processors “hidden” inside –Printers, routers, storage devices, etc. They’re installed with complete OSes –Often very badly configured Allowing anyone access E.g., Samsung printers had default admin account (2012)

8 Lecture 2 Page 8 CS 236 Online The Implications If attacker knows about these, And you don’t, He’s got a hidden backdoor into your system Often these processors have network capabilities And can access the CPU you already knew you had

9 Lecture 2 Page 9 CS 236 Online What’s That Mean? The people who put these processors in neither knew nor cared about security System management (the purpose of them) was more important They didn’t care enough to even mention they were there

10 Lecture 2 Page 10 CS 236 Online 3. Apple Patching Everyone knows Macs are “more secure” than Windows machines Well, they’re not Study 1 shows Apple: –Has more vulnerabilities –Takes longer to patch them –Suffers more attacks on unpatched flaws 1 http://www.techzoom.net/papers/blackhat_0day_patch_2008.pdf

11 Lecture 2 Page 11 CS 236 Online What’s That Mean? Apple wasn’t entirely honest about really caring about security They weren’t spending the money to patch flaws –And they have plenty to patch They’re talking the talk, not walking the walk

12 Lecture 2 Page 12 CS 236 Online The General Lesson Just because people say they care about security doesn’t mean they do Many decisions seem to be made without even considering security implications

Download ppt "Lecture 2 Page 1 CS 236 Online Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher."

Similar presentations

Basic Computer Vocabulary

Basic Computer Vocabulary
Microsoft ® Office Outlook ® 2007 Training Retrieve, back up, or share messages Sweetwater ISD presents:

Microsoft ® Office Outlook ® 2007 Training Retrieve, back up, or share messages Sweetwater ISD presents:
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
Upgrading Software CIT 1100 Chapter4.

Upgrading Software CIT 1100 Chapter4.
Lecture 12 Page 1 CS 111 Online Devices and Device Drivers CS 111 On-Line MS Program Operating Systems Peter Reiher.

Lecture 12 Page 1 CS 111 Online Devices and Device Drivers CS 111 On-Line MS Program Operating Systems Peter Reiher.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Computer Systems.

Computer Systems.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Chapter 7 Securing your Wireless Network (WIFI). Synopsis What is a wireless home network? What damage can a wireless network snoop do? Who are the snoopers?

Chapter 7 Securing your Wireless Network (WIFI). Synopsis What is a wireless home network? What damage can a wireless network snoop do? Who are the snoopers?
Computers They're Not Magic! (for the most part)‏ Adapted from Ryan Moore.

Computers They're Not Magic! (for the most part)‏ Adapted from Ryan Moore.
CS101 Introduction to Computing Lecture 11 Operating Systems

CS101 Introduction to Computing Lecture 11 Operating Systems
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
BIT 286: Web Applications Work Breakdown Structure (WBS); Scheduling.

BIT 286: Web Applications Work Breakdown Structure (WBS); Scheduling.
Lecture 10 Page 1 CS 236 Online Prolog to Lecture 10 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 10 Page 1 CS 236 Online Prolog to Lecture 10 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Chloe Miles IMPROVING PRODUCTIVITY USING IT. Menu Using Word Advantages Disadvantages Conclusion E-Safety Social Media Dangers of Social Media Sites Staying.

Chloe Miles IMPROVING PRODUCTIVITY USING IT. Menu Using Word Advantages Disadvantages Conclusion E-Safety Social Media Dangers of Social Media Sites Staying.
Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.

Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
CSCD 303 Essential Computer Security Spring 2013 Lecture 8 - Desktop Security OS Security Compared Reading: See References.

CSCD 303 Essential Computer Security Spring 2013 Lecture 8 - Desktop Security OS Security Compared Reading: See References.

Similar presentations

Ads by Google