Nicholas Beckworth Annie Billings Steven Blair Nimmida Kulwattanasopon Thomas Wootten.

Slides:

Advertisements

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

Advertisements

Denial of Service By: Samarth Shah and Navin Soni.

Dispute Resolution Under the Congressional Accountability Act

Technology: Unethical Behavior and Its Consequences Prepared by Tami Genry March 2004.

Digital Assets Presented by Sharon Rivenson Mark, Esq. and Shirley B. Whitenack, Esq. Adapted from Presentation by Catherine A. Seal, Esq.

Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.

Deborah M. Smith United States Magistrate Judge District of Alaska LAWS AND LAW ENFORCEMENT RELATED TO FRESHWATER ECOSYSTEMS Second Asian Judges Symposium.

United States v. Nosal. The Nosal Fact Pattern Korn/Ferry computer Confidential information and trade secrets Authorized access by users logging in with.

1 Overview of Ethics Requirements for Employees of Montgomery County This is a summary to help identify issues; it is not the law. Please address ethics.

Recovering from an Attack Version 0.1 March, 2003 Bill Woodcock Packet Clearing House.

EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.

U.S criminal law’s reinforcement of technological measures protecting property: where the DMCA fits in Elliot N. Turrini Assistant U.S. Attorney Computer.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Hands-On Ethical Hacking and Network Defense

Security+ Guide to Network Security Fundamentals

Chapter 10 White-Collar and Organized Crime. Introduction ► White-collar crimes – criminal offenses committed by people in upper socioeconomic strata.

2/16/2010 The Family Educational Records and Privacy Act.

Handling Security Incidents

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Web server security Dr Jim Briggs WEBP security1.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

INTERNET and CODE OF CONDUCT

Network security policy: best practices

Incident Response Updated 03/20/2015

APA of Isfahan University of Technology In the name of God.

General Awareness Training

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Spam and The Computer Fraud and Abuse Act Richard Warner.

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

C8- Securing Information Systems

Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.

CSC8320. Outline Content from the book Recent Work Future Work.

Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.

The AIRCRAFT SAFETY ACT of 2000 H.R Wendell H. Ford Aviation Investment and Reform Act for the 21st Century.

EAST HARDIN MIDDLE SCHOOL MR. ERVIN Internet Safety Policy and Acceptable Use Procedures.

Computer Forensics Law & Privacy © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU.

Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.

Computer Fraud and Abuse Act Richard Warner. Liability under the CFAA  1030(a)(2)(C) imposes liability on whoever “intentionally accesses a computer.

Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.

BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.

Cybercrime What is it, what does it cost, & how is it regulated?

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

DoS/DDoS attack and defense

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

Shaun McGorry Executive Briefing July 30, 2009 Identity Theft.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Cyberlaw. “The moving finger writes; and, having writ Moves on: nor all thy piety nor wit Shall lure it back to cancel half a line. Nor all thy tears.

Role Of Network IDS in Network Perimeter Defense.

Extra Credit Presentation: Allegra Earl CSCI 101 T 3:30.

By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)

Issues for Computer Users, Electronic Devices, Computer and Safety.

Marion County Public Schools Acceptable Use Guidelines for Network Access.

Virginia RULES Teens Learn & Live the Law Crimes Against Persons.

CITA 352 Chapter 1 Ethical Hacking Overview. Introduction to Ethical Hacking Ethical hackers –Hired by companies to perform penetration tests Penetration.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Network security Vlasov Illia

18 USC § 1030 Computer Fraud and Abuse Act

Hacking: public policy

Protection of CONSUMER information

Instructor Materials Chapter 7 Network Security

1. The concept and principles of administrative law. 2. The concept and types of administrative offense. 3. The notion of administrative responsibility.

Update on the Computer Fraud and Abuse Act

INTELLECTUAL PROPERTY AND CYBER PIRACY

Computers in Society 12/1/2018.

Firewall Installation

Presentation transcript:

Nicholas Beckworth Annie Billings Steven Blair Nimmida Kulwattanasopon Thomas Wootten

 What is it?  Primary goal of the attack is to deny the victim(s) access to a particular resource.  Examples include:  attempts to "flood" a network, thereby preventing legitimate network traffic  attempts to disrupt connections between two machines, thereby preventing access to a service  attempts to prevent a particular individual from accessing a service  attempts to disrupt service to a specific system or person

 Disable your computer or your network. Depending on the nature of your enterprise, this can effectively disable your organization. Some denial-of-service attacks can be executed with limited resources against a large, sophisticated site  How do you know if an attack is happening?  Unusually slow network performance (opening files or accessing websites)  Unavailability of a particular website  Inability to access any website  Dramatic increase in the amount of spam you receive in your account

 In the US, they can be a serious federal crime under the National Information Infrastructure Protection Act of 1996  Provides federal criminal liability for theft of trade secrets and for "anyone who intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage.“  Prohibits the extraction of information from financial institutions, the U.S. government, or private-sector computers that are used in interstate commerce.  It disallows the intentional and unauthorized access of non- public computers in U.S. governmental departments or agencies.  Bans accessing protected computers without permission for the purposes of defrauding or obtaining material of value, unless a defendant can prove the resulting damages amounted to less than $5,000.

 Other Law Enforcement Enhancements  Sen. Schumer has noted that a Congressional directive to the Sentencing Commission required a mandatory minimum sentence of six months in prison for violations of certain section violations  Juveniles 15 years of age and older are now eligible for federal prosecution in cases where the Attorney General certifies that such prosecution is appropriate.  Any property used or intended to be used to commit or facilitate the crime to the penalties must be forfeited  Permit interception without a court order upon consent of an operator of a system when the system is the subject of attack

 Organizations can attempt to limit the effectiveness of DOS attacks by utilizing several tools:  Switches: Help to limit the rate of traffic flow to a particular site. (Works by delaying or denying access to computers after a certain traffic flow rate is reached.) Like Circuit Breakers  Application Front-End Hardware: Used as a Packet Analyzer before traffic reaches the servers. Can distinguish and prioritize regular traffic and dangerous traffic.  Blackholing or Sinkholing: Redirects traffic attacking an IP Address or Domain Name Server Port to a Null Server, effectively stopping that traffic. Can also redirect to a “Cleaning Center” for packet analysis.  Cleaning Center: Proxy Server that analyzes the traffic and either stops anomalous/“bad” traffic or allows normal traffic. Examples: Verisign Trusted* Certificates on shopping websites.

 A Denial of Service attack directly test preparations made by IT departments. Consequently, IT managers should prepare for an attack now rather than later. This happens along several different fronts:  Hiring: Is there a portion of the IT team dedicated to staying at the forefront of technology security?  Hosting: If the organization’s IT needs are hosted within a cloud- computing infrastructure, the contingency plan for a DOS attack needs to be prepared and correlated with the host organization sooner rather than later. Communication issues should be resolved between organizations before any attacks, not after  Worse-Case Scenarios: If a DOS successfully halts information technology services, preparation for offline functionality need to be made beforehand.  White-Hat consulting: depending on the type of organization, a good IT manager might seek the services of security firms outside of the organization  Finally: It’s important to retain logs of all IT activity so attacks can easily be reported to law enforcement agencies, and legal restitution can be sought later on.