Computer Security Workshops Security 101 - Introduction, Central Principles and Concepts.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Ethics, Privacy and Information Security
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Security+ Guide to Network Security Fundamentals
Firewall Ercan Sancar & Caner Sahin. Index History of Firewall Why Do You Need A Firewall Working Principle Of Firewalls Can a Firewall Really Protect.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
A Network Security Overview Thomas Kernes November 1, 2000.
Lecture 11 Reliability and Security in IT infrastructure.
Computer Security: Principles and Practice
Computer Security Fundamentals
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Computer Networks IGCSE ICT Section 4.
Department Of Computer Engineering
Introduction to Network Defense
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
SEC835 Database and Web application security Information Security Architecture.
Intranet, Extranet, Firewall. Intranet and Extranet.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Honeypot and Intrusion Detection System
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
7 Information Security.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
COMP1321 Networks in Organisations Richard Henson March 2014.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Firewall Security.
1.1 1 Purpose of firewall : –Control access to or from a protected network; –Implements network access policy connections pass through firewall and are.
Topic 5: Basic Security.
Module 11: Designing Security for Network Perimeters.
Lecture 1 Page 1 CS 236 Online What Are Our Security Goals? CIA Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.
Copyright © 2015 Cyberlight Global Associates Cyberlight GEORGIAN CYBER SECURITY & ICT INNOVATION EVENT 2015 Tbilisi, Georgia19-20 November 2015 Hardware.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Introduction to Security Dr. John P. Abraham Professor UTPA.
Computer Security By Duncan Hall.
Network and Computer Security in the Fermilab Accelerator Control System Timothy E. Zingelman Control System Cyber-Security Workshop (CS)2/HEP Knoxville,
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Introduction to Networking. What is a Network? Discuss in groups.
Elements of an ICT networks COMMUNICATION DEVICES: 1.Network interface card 2.Hub 3.Switch 4.Router STANDARDS AND PROCEDURES: 1.Enable devices to communicate.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
EN Spring 2016 Lecture Notes FUNDAMENTALS OF SECURE DESIGN (NETWORK TOPOLOGY)
Network Security. Introduction to Networking What is Network ? The ISO/OSI Reference Model - The International Standards Organization (ISO) Open Systems.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Stop Those Prying Eyes Getting to Your Data
Cybersecurity - What’s Next? June 2017
Control system network security issues and recommendations
Introduction to Networking
Security in Networking
Security Essentials for Small Businesses
Introduction to Computers
How to Mitigate the Consequences What are the Countermeasures?
Cybersecurity Threat Assessment
6. Application Software Security
Presentation transcript:

Computer Security Workshops Security Introduction, Central Principles and Concepts

Why Study Computer Security? Increasingly important issue for: Computer system and network administrators Computer system and network administrators Application programmers Application programmers Security issues follow technology Desktop systems, wireless networks, handheld devices Desktop systems, wireless networks, handheld devices Security issues affect software, laws, profits and businesses

Computer Security Definition – ensuring the security of resources in a computing environment “ensuring” – work to make it so – a process “ensuring” – work to make it so – a process “resources” – data, network, hardware, applications, … “resources” – data, network, hardware, applications, … “computing environment” – mix of hardware, software and people “computing environment” – mix of hardware, software and people

Information Assurance A broader category than computer security, information security, etc. Concerned with the Security of information in system Security of information in system Quality/Reliability of information in system Quality/Reliability of information in system

Core Security Concepts Vulnerability, Exploit, Threat Vulnerability – a weakness in some aspect of a system Vulnerability – a weakness in some aspect of a system Exploit – a known method for taking advantage of a vulnerability Exploit – a known method for taking advantage of a vulnerability Threat – the likelihood of some agent using an exploit to compromise security Threat – the likelihood of some agent using an exploit to compromise security Note: not all users/groups are equal threats to various systems “Hackers” more of a threat to popular web sites, businesses “Hackers” more of a threat to popular web sites, businesses Disgruntled employees more of a threat to isolated businesses Disgruntled employees more of a threat to isolated businesses

Interesting Security Lists Cryptogram Newsletter, Bruce Schneier Library, Crypto-gram Library, Crypto-gram US/CERT Advisory List (Dept. of Homeland Security) ; Advisories by ; Advisories by Bugtraq List subscription information about 2/3 down the page subscription information about 2/3 down the page

Principles To Consider Security is a very difficult topic to comprehend No silver bullets However, consideration of major principles will help develop a good set of security processes and policies

1 st Principle “Security is a process, not a product” – attributed to Bruce Schneier of Counterpane Security Systems, others Not something you purchase Not something you purchase Rather, a set of processes (approved set of steps) and policies (rules for behavior) you create and enforce in your environment Rather, a set of processes (approved set of steps) and policies (rules for behavior) you create and enforce in your environment Must be dealt with continually Must be dealt with continually

2 nd Principle Computer Security is not just about computer systems Three major aspects to computer security Three major aspects to computer securityTechnology Hardware (systems, networks, any connected equipment) Hardware (systems, networks, any connected equipment) Software (programming, configuration) Software (programming, configuration) People, in many different roles Legitimate users, disgruntled users, hackers Legitimate users, disgruntled users, hackers Insiders vs. outsiders – fuzzy line! Insiders vs. outsiders – fuzzy line! Social engineering is a large concern Social engineering is a large concern Best technological security is worthless is someone is tricked into turning it off / allowing access through it Physical environment Surroundings, access, proximity Surroundings, access, proximity

3 rd Principle Security and convenience are inversely proportional Lack of security generally makes it easier to get work done Lack of security generally makes it easier to get work done Addition of security may interfere with the ease of getting a job done Addition of security may interfere with the ease of getting a job done Goal: find the balance point that supports both Goal: find the balance point that supports both

4 th Principle Security succeeds or fails based on the weakest link All aspects (technology, people, environment) must be attended to equally All aspects (technology, people, environment) must be attended to equally Must remain current with each aspect Must remain current with each aspect E.g. software patches should be applied as they come out, not when you “get around to it” Corollary: “People are the weakest link” – Kevin Mitnick

5 th Principle Hackers are generally technologists (as opposed to programmers) Smaller group of hackers program exploits, viruses Smaller group of hackers program exploits, viruses More hackers apply technology already available, sometimes in creative ways More hackers apply technology already available, sometimes in creative ways Poor configuration of systems is a major security problem Poor configuration of systems is a major security problem Corollary – good programming skills aren’t sufficient to make a good security professional Corollary – good programming skills aren’t sufficient to make a good security professional Add understanding of networks & technology, attention to detail, creativity, …

6 th Principle Utilize Multiple Layers of Defense E.g. Network hardware E.g. Network hardware Router – initial line of defense Bastion host(s) – system(s) visible/available to outside world (e.g. web server) Firewall – second line of defense Secure intranet – internally available systems Can anyone bypass one or more layers? Can anyone bypass one or more layers?

7 th Principle Focus your security energy on dealing with the most likely threats Consider what is most relevant to your environment Consider what is most relevant to your environment Which vulnerabilities do you have? Which of these have known exploits? What users are likely to cause problems? What is the likelihood of a given threat?

8 th Principle One aspect of security is obscurity Don’t set yourself up as a target Don’t set yourself up as a target Maintain a low network profile for your business, computer system, etc. Maintain a low network profile for your business, computer system, etc. Problem: contradicts marketing principles if you’re a business Examples Examples Windows is attacked more than MacOS/OS X Those who claim their systems can’t be hacked will have lots of people trying…

Putting It Together Computer Security is balancing of a number of interrelated factors Considering Security Goals Considering Security Goals Developing Layered Protection (Vertically,Horizontally) Developing Layered Protection (Vertically,Horizontally) Utilizing Available Resources Utilizing Available Resources Developing and Enforcing Policies and Processes Developing and Enforcing Policies and Processes Minimizing Interference With Functionality Minimizing Interference With Functionality Weighing of Risks Weighing of Risks Maintaining Constant Vigilance Maintaining Constant Vigilance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.