1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research

Slides:



Advertisements
Similar presentations
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Advertisements

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security on the Internet: The Problem, Solutions and Perspectives Alain Patrick AINA Copyright, ECA, June 2006.
CS426Fall 2010/Lecture11 Computer Security CS 426 Lecture 1 Overview of the Course.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Internet Security In the 21st Century Presented by Daniel Mills.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Botnets An Introduction Into the World of Botnets Tyler Hudak
Securing Information Systems
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
PART THREE E-commerce in Action Norton University E-commerce in Action.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Staying Safe Online Aberdeen Grammar School. Things to do online Keep in touch with friends and family using , twitter and social networking sites.
Computer Threats Cybercrimes are criminal acts conducted through the use of computers by cybercriminals. © 2009 Prentice-Hall, Inc. 1.
 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.
Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.
Security at NCAR David Mitchell February 20th, 2007.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Review 2 Chapters 7, 8, 9. 2  Define a network and its purpose.  Explain how communications technologies are used in our every day lives.  Understand.
Chapter 1  Introduction 1 Chapter 1: Introduction.
IS Network and Telecommunications Risks Chapter Six.
What is e-safety? It is about measures and best practices for Netizens to guard their personal safety and the security of their networks.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
MIS 7003 MIS Core Course The MBA Program The University of Tulsa Professor: Akhilesh Bajaj Security: Personal & Business © Akhilesh Bajaj 2004,2005, 2007,
Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.
AVAR 2004, Japan, Tokyo Today’s Threats and the Evolution of the Computer Underground Today’s Threats and the Evolution of the Computer Underground Eugene.
Network Security.  With an increasing amount of people getting connected to networks, the security threats that cause massive harm are increasing also.
1 Host versus Network Security Steven M. Bellovin
Information Systems Week 7 Securing Information Systems.
Cybersecurity Test Review Introduction to Digital Technology.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.
Information Management System Ali Saeed Khan 29 th April, 2016.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Network System Security - Task 2. Russell Johnston.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Security Risks Todays Lesson Security Risks Security Precautions
Securing Information Systems
Unit 3 Section 6.4: Internet Security
Botnets A collection of compromised machines
Secure Programming Dr. X
Done by… Hanoof Al-Khaldi Information Assurance
Secure Programming Dr. X
Botnets A collection of compromised machines
Securing Information Systems
Teaching Computing to GCSE
– Communication Technology in a Changing World
ISNE101 Dr. Ken Cosh Week 13.
Chapter 9 E-Commerce Security and Fraud Protection
WJEC GCSE Computer Science
INTERNET SECURITY.
Presentation transcript:

1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research

2 The New Bad Guys ● The spammers now pay the hackers – Hacked PCs are being used to spread spam – Many recent worms (i.e.. SoBig.F) carry spam engines – A profit motive for hacking! ● Major corporations and universities have done it. ● Politicians are hacking ● Organized crime? – Online extortion is happening today

3 "It is a well-known fact that no other section of the population avail themselves more readily and speedily of the latest triumphs of science than the criminal class." Inspector John Bonfield, Chicago police 1888

4 Spyware ● Growing problem ● Spread by various means: – Voluntarily downloaded, because of deceptive license agreements – Embedded in desired software – Exploit various security holes – Sometimes spread by worms (see above...)

5 Network Attacks ● Distributed denial of service (DDoS) ● Eavesdropping on WiFi traffic at hotspots ● Attacks to come: – Fake hotspots – Fraud against hotspot providers – Are these happening already?

6 Phishing ● Rapidly-growing form of identity and credential theft ● Simple technical solutions won't work; there's a human dimension to the problem: – paypal.com versus paypa1.com – login.paypal.com versus login-paypal.com ● Sites can supply cryptographic credentials; users have to verify them properly

7 Firewalls ● Firewalls are less useful – lots more connectivity today ● Who uses a company-supplied laptop? ● How many of those laptops will connect to the company network after the conference? ● The August 2001 IETF meeting was during the Code Red worm outbreak. We spotted a dozen infect machines on the conference LAN.

8 Why Do We Have Such Problems? ● It's (mostly) not the protocols – We can encrypt most protocols with little effort – Sometimes, crypto is pointless – cryptography can't stop spam ● Some of it is due to the Internet's fundamental architecture – But giving that up would mean giving up many of the benefits of the Internet, such as decentralization ● But what is the cause?

9 Buggy Code and Complex Software ● Most security problems are due to buggy code – This is the oldest unsolved problem in computer science – We can make things better; can we make them good? ● Many of the rest are due to user misconfigurations or user misunderstanding – Can we make computers simple to administer? That may be difficult – the basic concepts can be hard.

10 What Can We Do? ● Firewalls and intrusion detection systems are not network security devices; they're the network's response to bad software. ● Design our systems to isolate vulnerable components. ● Design our systems to be robust in case of partial penetration. ● Educate users.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.