Security Distributed Systems Lecture # 14. Why care about security? Authentication Use another person’s ID for sending email Non-repudiation E-commerce.

Slides:



Advertisements
Similar presentations
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Advertisements

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
CHAPTER OVERVIEW SECTION 4.1 – Ethics
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Risks, Controls and Security Measures
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
CHAPTER FOUR ETHICS AND INFORMATION SECURITY MIS BUSINESS CONCERNS
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
ISEC0511 Programming for Information System Security
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
PART THREE E-commerce in Action Norton University E-commerce in Action.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Networks and Security Monday, 10 th Week. Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  Virus  Trojan Horse  Phishing 
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
SECURITY ENGINEERING 2 April 2013 William W. McMillan.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 - Databases, Controls, and Security.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Chapter 21 Distributed System Security Copyright © 2008.
Network security Network security. Look at the surroundings before you leap.
Chapter 4 Application Level Security in Cellular Networks.
Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
Ch9QQ T F 1.Hacking is an example of unauthorized access. T F 2.A Trojan horse is a type of malware that masquerades as another type of program. T F 3.A.
ACM 511 Introduction to Computer Networks. Computer Networks.
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Information Security in Distributed Systems Distributed Systems1.
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
Ingredients of Security
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Information Systems Design and Development Security Precautions Computing Science.
Jeff Warnock COSC 352 Indiana University of Pennsylvania Spring 2010.
Chapter 40 Internet Security.
Threat Modeling for Cloud Computing
Secure Software Confidentiality Integrity Data Security Authentication
Chapter 17 Risks, Security and Disaster Recovery
The Security Problem Security must consider external environment of the system, and protect it from: unauthorized access. malicious modification or destruction.
Information and Network Security
– Communication Technology in a Changing World
ISNE101 Dr. Ken Cosh Week 13.
Security in SDR & cognitive radio
Chapter Goals Discuss the CIA triad
Presentation transcript:

Security Distributed Systems Lecture # 14

Why care about security? Authentication Use another person’s ID for sending Non-repudiation E-commerce Spoof credit card number Replay card transactions Sniff information Monitor the number of transactions or stock-trades Denial of Service Malicious software

W32.Blaster.Worm Distributed Denial of Service Blaster Worm replicated itself on 120,000 computers worldwide On August 11, 2003 Microsoft update server was pelted with DDOS Lost out at name indirection Microsoft removed the DNS entry of windowsupdate.com

What we want to achieve A secure system must ensure privacy, integrity and availability of resources What constitutes a secure system? What do you think? Policy How the system implements it: Mechanism Design Principle: Don’t overdo security! Tension between usability and security

A snapshot of a distributed system Illegal Access Password hacking Spoofing/sniffing Tampering Replaying Illegal Access Denial of service Virus: Byzantine failures

Design space Networks are insecure Interfaces are externally visible Names are well-known

Security Threats Masquerading: Using someone else’s ID Eavesdropping: Spoof data Tampering: Spoof and modify data Replaying: Sniff and replay Denial of Service: Hoard available resources

Common techniques for security Encryption Sender identity? Message integrity? Signatures: non-repudiation Checksums: integrity Authentication: access control Time-stamping: replay attacks Logging: traceback

Code level security Pointers Turing completeness Modularity Type checking Code validity

Design Principles Analyze Threat level Typically lazy/silly users Minimize Trusted kernel Log events Limit the scope and time of security tokens Publish algorithms Security by tokens

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.