Welcome Cyber Defense Bootcamp for High School Teacher

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 1: Overview modified from slides of Lawrie Brown.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hands-On Ethical Hacking and Network Defense
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
1 An Overview of Computer Security computer security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
Introducing Computer and Network Security
Chapter 1 Introduction. Art of War  If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
SEC835 Database and Web application security Information Security Architecture.
Computer Crime and Information Technology Security
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Computer & Network Security
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Summer,
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
CSCD 434 Network Security Spring 2014 Lecture 1 Course Overview.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
Wrap-up. Goals Have fun! Teach you about Cyber Defense so that you can: –Interest your students in Cyber Defense –Teach your students about Cyber Defense.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
JMU GenCyber Boot Camp Summer, Welcome Cyber Defense Boot camp for High School Teachers Cyber Defense Lab (ISAT/CS Room 140) Department of Computer.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.
Introduction to Information Security
Scott Charney Cybercrime and Risk Management PwC.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure.
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
Computer Security By Duncan Hall.
Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.
Copyright © 2013 – Curt Hill Computer Security An Overview.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Best Cyber Security Practices for Counties An introduction to cybersecurity framework.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Cyber Security Foundations Part 1. Cyber Security defined:  Protects computer base information and equipment  Deals with confidentiality of data  Protects.
JMU GenCyber Boot Camp Summer, 2016
Computer Security Introduction
CS457 Introduction to Information Security Systems
Chapter 1: Introduction
UNIT I INTRODUCTION Growing IT Security Importance and New Career Opportunities – Becoming an Information Security Specialist – Conceptualizing.
A Thread Relevant to all Levels of the EA Cube
I have many checklists: how do I get started with cyber security?
Advanced Services Cyber Security 101 © ABB February, | Slide 1.
Chapter 1: Introduction
Understanding your enemy!
Edvinas Pranculis MM, CISA, CISM
A Gift of Fire Third edition Sara Baase
JMU GenCyber Boot Camp Wrap up
Computer Security Introduction
Cybersecurity Threat Assessment
Presentation transcript:

Welcome Cyber Defense Bootcamp for High School Teacher Cyber Defense Lab (ISAT/CS Room 140) Department of Computer Science James Madison University Summer, 2013

Introductions Bryan Conner Livia Griffith Hossain Heydari Andrew Hutchson Evan Johnson Emil Salib Brett Tjaden Xunhua (Steve) Wang

Goals Have fun! Teach you about Cyber Defense so that you can: Interest your students in Cyber Defense Teach your students about Cyber Defense Cyber Defense Clubs CyberPatriot Program (http://www.uscyberpatriot.org/)

Schedule Meet Monday – Friday: 9:00 – 10:15: Session #1 10:15 – 10:30: Break 10:30 – 11:45: Session #2 11:45 – 1:00: Lunch 1:00 – 2:15: Session #3 2:15 – 2:30: Break 2:30 – 4:45: Session #4

General Information No food or drinks near our brand-new laptops Restrooms: Out the door and turn left Right at main hallway Right at next hallway Restrooms are on the right If you have a car on campus see us for a parking permit Fill out a W-9 form if you want your money

Questions Always welcome!

Cyber Defense Prepare Protect Detect Triage Respond

The Information Security Problem Over the last couple of decades, our world has rapidly become very dependent on computers: Store medical information Guide aircrafts Handle the majority of financial transactions There are flaws in our computers’: Operating systems Applications Protocols Result: threats

Exacerbating the Problem The problem of how to design secure OSs, applications, and protocols is hard Too few security professionals Many users do not understand the magnitude of the threat Many managers do not understand the magnitude of the threat

Threats A threat is a potential violation of system security Examples (from Shirey): Disclosure – unauthorized access to information Deception – acceptance of false data Disruption – interruption or prevention of correct operation Usurpation – unauthorized control of some part of the system

Attackers Those who intentionally perform actions that cause security violations Outsiders: Competitors Hackers Organized crime Terrorists Foreign government, military, or law enforcement Insiders Customers, suppliers, vendors, or business partners Disgruntled current (or former) employees Contractors, temps, or consultants

Types of Attackers Third tier Second tier First tier “Script kiddies” with little knowledge or skill Run attack scripts and other software written by more sophisticated attackers Second tier Moderately knowledgeable and skilled attackers Discover vulnerabilities; create and disseminate exploit tools First tier Elite attackers Discover vulnerabilities; create private tools

Why You Should Not Be an Attacker It is illegal: United States Code, Title 18, Section 1030 (and others) USA Patriot Act, Homeland Security Act, PROTECT Act www.cybercrime.gov Basically: Unauthorized access or use of a computer or network system is illegal Unintentional attacks are illegal too

Understanding the Tools and Techniques of Attackers Important for defenders Can evaluate systems you defend as attackers will Can implement countermeasures designed to thwart attackers Better understand the implications of certain decisions

The Pillars of Computer Security The security “triad”: Confidentiality Integrity Availability

The Security Triad Which is most important? Confidentiality Integrity Availability

Policy and Mechanism A security policy is a statement of what is, and what is not, allowed Examples? A security mechanism is a method, tool, or procedure for enforcing a security policy

Goals of Security Prevention – mechanism(s) that cause attacks to fail Example? Detection – mechanism(s) that determines that an attack is under way, or has occurred, and reports it Recovery – mechanism(s) that stop attacks and assess and repair any damage caused

Justifying Policy and Mechanism The benefits of protection should be justified by the cost of designing, implementing, and using the mechanism Cost-benefit analysis – the benefits of computer security is weighed against the cost Risk analysis – the level of protection is a function of the probability of an attack occurring and the effect of the attack should it succeed Laws and customs

Getting Started What to do first? Get to know you systems You cannot effectively defend what you don't understand Attackers make it their job to understand systems better than the defenders and leverage their advantage in knowledge “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle” - Sun Tzu

Getting Started What to do first? Get to know you systems You cannot effectively defend what you don't understand Attackers make it their job to understand systems better than the defenders and leverage their advantage in knowledge “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle” - Sun Tzu “You Don't Know Me” - Elvis

After You Know Your Systems Think about threats and attackers Think about what needs to be protected (security triad) Think about what security policies and mechanisms you will employ Think about your goals (prevention, detection, recovery) Think about how what policies and mechanisms are justified

After You Have Thought About Your Systems Start to plan, implement, and test improvements to your systems' security posture Respond to actions by attackers

Getting started Defending Computer Systems Get to know your systems Assess the current security posture of your systems Identify what needs to be protected Think about how threats, attackers, the security triad, security policies/mechanisms, and security goals relate to your systems Plan, implement, and test improvements to your systems' security posture

Bootcamp Exercises You will not just be listening, you will be doing Virtual machines (VMs) – a simulated computer running on another computer VMs are great for hands-on Cyber Defense exercises You can create and use VMs with your students using free software: VirtualBox (https://www.virtualbox.org/) VMWare Player (http://www.vmware.com/products/player/)

Accessing your VM for this Bootcamp Turn on laptop Click on “CyberDefender” account to log in Double click on Firefox icon to open web browser Enter this information in the vSphere If you are not already on it, go to the following page: https://10.0.0.250:9443/vsphere-client/

Accessing your VM for this Bootcamp (cont) Log in with the credentials you were given Click on “Host and Clusters” Expand the items on the left side until you see your “student” VM Click on your student VM to highlight it In the center window click on the “Summary” tab Click on “Launch Console” Power on the VM

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.