Presentation is loading. Please wait.

Presentation is loading. Please wait.

NKU James Walden Director of the CIS

Published byWhitney Phillips Modified over 8 years ago

Similar presentations

Presentation on theme: "NKU James Walden Director of the CIS"— Presentation transcript:

1 Cybersecurity @ NKU James Walden Director of the CIS http://cis.nku.edu/

2 We all have Assets http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/

3 Who are the threats? Hacktivists VandalsCriminals Spies

4 Components of Security Integrity ConfidentialityAvailability

5 States of Information 1.Storage: information in permanent storage (disk or tape) that is not currently being accessed. 2.Processing: information in memory (RAM or cache) that is currently being used by a program. 3.Transmission: information in transit between one node and another on a network.

6 Attack Surface System surface The attack surface of a system consists of the ways in which a threat can enter the system. 1. Methods 2. Channels 3. Data Attacks Entry/Exit Points Methods are code components that receive input. Channels are avenues of communication (sockets, environment, keyboard, files, etc.) Data are the actual input strings.

7 Automotive Attack Surface

8 Firewalls reduce Attack Surface Firewall Port 80 HTTP Traffic Web Client Web Server Application Database Server telnet ftp

9 Vulnerabilities

10 SQL Injection – Illustrated Firewall Hardened OS Web Server App Server Firewall Databases Legacy Systems Web Services Directories Human Resrcs Billing Custom Code APPLICATION ATTACK Network Layer Application Layer Accounts Finance Administration Transactions Communication Knowledge Mgmt E-Commerce Bus. Functions HTTP request  SQL query  DB Table   HTTP response   "SELECT * FROM accounts WHERE acct=‘’ OR 1=1-- ’" 1. Application presents a form to the attacker 2. Attacker sends an attack in the form data 3. Application forwards attack to the database in a SQL query Account Summary Acct:5424-6066-2134-4334 Acct:4128-7574-3921-0192 Acct:5424-9383-2039-4029 Acct:4128-0004-1234-0293 4. Database runs query containing attack and sends encrypted results back to application 5. Application decrypts data as normal and sends results to the user Account: SKU: Account: SKU

11 Malware

12 Malware is a Growing Threat

13 Botnets

14 CAE in IA/CD Center of Academic Excellence in – Information Assurance and – Cyber Defense Only CAE in Kentucky; only IA/CD in region. Benefits – Scholarship for Service program eligibility. – Employers look for CAE graduates. – Cybersecurity certificate.

15 Cybersecurity Certificate INF 282: Introduction to Databases BIS 382: Principles of Information Security CIT 247: Networking Fundamentals CIT 371: UNIX Systems CIT 480: Securing Computer Systems CIT 481: Cybersecurity Capstone

16 Ugrad Cybersecurity Classes CSC 482: Computer Security CSC 483: Cryptology CIT 430: Computer Forensics CIT 480: Securing Computer Systems CIT 481: Cybersecurity Capstone CIT 484: Network Security BIS 382: Principles of Information Security

Download ppt "NKU James Walden Director of the CIS"

Similar presentations

Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Hands on Demonstration for Testing Security in Web Applications

Hands on Demonstration for Testing Security in Web Applications
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.
M0254 - ERP (Enterprise Resources Planning) M0254 - ERP (Enterprise Resources Planning) Session 7 - ERP Technology Ir. Ekananta Manalif, MM, MKom (D2664)

M ERP (Enterprise Resources Planning) M ERP (Enterprise Resources Planning) Session 7 - ERP Technology Ir. Ekananta Manalif, MM, MKom (D2664)
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
SNA, Step 2, 10/31 Survivable Network Analysis Oracle Financial Management Services Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian Song.

SNA, Step 2, 10/31 Survivable Network Analysis Oracle Financial Management Services Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian Song.
Client – Server Architecture A Basic Introduction Kathleen R. Murray, Ph.D. May 2002.

Client – Server Architecture A Basic Introduction Kathleen R. Murray, Ph.D. May 2002.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.

Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.
Chapter 4: Core Web Technologies

Chapter 4: Core Web Technologies
Networked Application Architecture Design. Application Building Blocks Application Software Data Infrastructure Software Local Area Network Server Desktop.

Networked Application Architecture Design. Application Building Blocks Application Software Data Infrastructure Software Local Area Network Server Desktop.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Database Architecture Introduction to Databases. The Nature of Data Un-structured Semi-structured Structured.

Database Architecture Introduction to Databases. The Nature of Data Un-structured Semi-structured Structured.

Similar presentations

Ads by Google