TANNENBAUM: 9 SECURITY (FOR THE LITTLE FUR FAMILY)

Slides:

Advertisements

Similar presentations

POSSIBLE THREATS TO DATA

Advertisements

Password Cracking Lesson 10. Why crack passwords?

UNIT 6 DIGITAL LITERACY STUDY S3 OBJ 1 VIRUSES & DESTRUCTIVE PROGRAMS.

C risis And A ftermath Eugene H. Spafford 발표자 : 손유민.

Communications of the ACM (CACM), Vol. 32, No. 6, June 1989

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

Hacking M***********s!!. Who is this guy? John Draper (aka Captain Crunch)

Last time Program security Flaws, faults, and failures

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

Introduction to Security Computer Networks Computer Networks Term B10.

Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Computer Viruses and Worms Dragan Lojpur Zhu Fang.

1 Ola Flygt Växjö University, Sweden Malicious Software.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Operating Systems Protection & Security.

Unit 2 - Hardware Computer Security.

Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

By: Sharad Sharma, Somya Verma, and Taranjit Pabla.

Viruses & Destructive Programs

 Physical protection and Simple measures  Passwords  Firewalls  Anti-Virus, Spyware and Malware  Web browsers   Patches  Wireless  Encryption.

Terminology Worm –A computer program that duplicates itself over computer networks. Virus –A computer program that inspects it’s environment and copies.

1 Chapter 19: Malicious Software Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal, U of Kentucky)

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

Viruses, Computer Security & Ethical Issues Digital Communication Systems Ms. Powers.

Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.

Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 47 How Viruses Work.

Passwords Internet Safety for grades Introduction to Passwords Become part of our everyday life –Bank cards, , chat programs, on- line banking,

Cpr E 308 Spring 2004 Security Unix Passwords Security across a network Cryptography – encryption and decryption.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Identification and Authentication CS432 - Security in Computing Copyright © 2005,2010 by Scott Orr and the Trustees of Indiana University.

©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Internet Worm Compromising the availability and reliability of systems through security.

Topic 5: Basic Security.

1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.

4061 Session 26 (4/19). Today Network security Sockets: building a server.

INFORMATION TECHNOLOGY. RIGHT METHODS TO DEAL WITH THE COMPUTER  Screen’s brightness and position should be comfortable for your eyes.  Keyboard should.

Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Computer Skills and Applications Computer Security.

Chapter 9 Intruders.

A Failure to Learn from the Past Presented by Chad Frommeyer CSC 493/593 Professors Charles E. Frank/James Walden.

Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.

The Internet Worm Incident Eugene H. Spafford  Attack Format –Worm vs. Virus  Attack Specifications –Worm operation –Infection and propagaion  Topics.

Introduction1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit switching,

Candidates should be able to:  describe the purpose and use of common utility programs for:  computer security (antivirus, spyware protection and firewalls)

Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.

CIS 450 – Network Security Chapter 10 – UNIX Password Crackers.

COMPUTER VIRUSES Computer Technology. What is a Computer Virus? A kind of A kind of Malicious software written intentionallyMalicious software written.

Insecure PCs virus malware phishing spam spyware botnets DNS spoofing identity theft Trojan horse buffer overflow DoS attack worm keyloggers cross-site.

Chapter 40 Internet Security.

Mark Ryan Professor of Computer Security 25 November 2009

The Internet Worm Compromising the availability and reliability of systems through security failure.

Systems Security Keywords Protecting Systems

Password Cracking Lesson 10.

COMPUTER VIRUSES Computer Technology.

Viruses and Other Malicious Content

Answer the questions to reveal the blocks and guess the picture.

CS 465 PasswordS Last Updated: Nov 7, 2017.

12: Security The Security Problem Authentication Program Threats

Internet Worms, SYN DOS attack

Operating System Concepts

Operating System Concepts

Crisis and Aftermath Morris worm.

Presentation transcript:

TANNENBAUM: 9 SECURITY (FOR THE LITTLE FUR FAMILY)

THE LITTLE FUR SONG

ROBERT TAPPAN MORRIS First person (in 1990) sentenced for spreading malware

11/2/1988 Cornell graduate student released released into (then) Internet Virus A program fragment that attaches to a legitimate program with the intention of infecting other programs Work Self-Replicating program that burrows into systems via networks

MORRIS AND HIS IRONIES The Ironies Irony 1 Annual meeting of Usenix opened at Berkeley By evening participants had distributed fixes Irony 2: The wormexploited weak passwords Morris’s father and Ken Thompson wrote a classic paper on passwords 86% of all passwords were first names, last names, words spelled backwards, and other easy-to-guess stuff

COMPUTER SECURITY REDUCES TO 1.Developing a model of security Who has access to what and what kind of access? 2.Reducing vulnerabilities Fixing them as they occur Reducing the size of the trusted security base 3.Protecting Access: Password Protection 4.Protecting Files: Encryption

MORRIS WORM EXPLOITED TRUST Overview of the Morris Worm Propagation Via the Finger Daemon How the Morris Work Guessed Passwords Spreading Via rexec and rsh

PASSWORDS IN UNIX /etc/passwd holds user info /etc/shadow holds hashed password Salt Demystified creating a hashed and salted password in python import crypt crypt(password, salt) Where salt is a two character element of [a-zA-Z0-9] print(crypt.crypt(‘burningbright01’,’aa’)) To see your shadow password: cat /etc/shadow | grep tyger Irony 3: The orginal crypt() was by written Morris the Elder and Ken Thompson