Presentation is loading. Please wait.

Presentation is loading. Please wait.

Review Slides, Security +

Published bySusanne Eike Meyer Modified over 5 years ago

Similar presentations

Presentation on theme: "Review Slides, Security +"— Presentation transcript:

1 Review Slides, Security +
Ted Demopoulos

2 Risk Management Security is all about Risk Management
Risk = Vulnerability x Threat Vulnerability – a weakness in a system. All complex systems have vulnerabilities Threat – an event that can cause an undesirable outcome. Threat implies potential harm

3 SLE/ALE SLE: Single Loss Expectancy – loss from a single event (how bad can it be?) ALE: Annual Loss Expectancy – loss from a threat over an entire year (can it happen multiple times?)

4 Quantitative vs. Qualitative
Risk assessment can be Quantitative or Qualitative Quantitative -- a quantity or number. e.g. if a Katrina strength hurricane hits again the expected loss is 22 billion dollars Qualitative e.g. if a Katrina strength hurricane hits again it will be extremely bad

5 Crypto Algorithms Symmetric Asymmetric Hashing Secret Key Public Key
Message Digest 1-way Encryption Irreversible Encryption One Key Public, Private Key Pairs No Key DES, 3-DES AES, IDEA, RC4 Diffie-Hellman, RSA, El Gamal, ECC MD2, MD4, MD5, SHA-1, SHA-2

6 PGP versus PKI PKI – Central authority in change of trust, You MUST trust the central authority PGP – Closer to anarchy. NO central authority. Web of Trust – you trust your friends and many of your friend’s friends.

7 Access Control Discretionary Access Control (DAC)
Users control Mandatory Access Control (MAC) Not controlled by users, requires matching clearance and classification levels (e.g. top secret, secret, classified, etc.) Role Based Access Control (RBAC) Based on group memberships

8 TCP/IP 3 way Handshake SYN SYN, ACK ACK

9 Some Common Ports (1) TCP 20, 21 – FTP (file transfer protocol)
TCP 22 – SSH (secure shell) TCP 23 – telnet TCP 25 – SMTP (simple mail transfer protocol) TCP and UDP 53 – DNS (domain name system)

10 Some Common Ports (2) TCP 80 – HTTP (hyper text transfer protocol)
TCP 110 POP3 (post office protocol) TCP 143 IMAP (internet message access protocol) TCP 443 SSL, HTTPS (secure sockets layer, HTTP over SSL)

11 Open Source Tools (not on test)
Sniffers: TCPdump, Ethereal (now called Wireshark) 802.11: NetStumbler, Kismet Password Assessment: John the Ripper, Cain and Abel Vulnerability Assessment: Nessus Intrusion Detection: Snort

Download ppt "Review Slides, Security +"

Similar presentations

Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.

CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.
Application Layer. This graphic is taken from The Abdus Salam International Centre for Theoretical Physics.

Application Layer. This graphic is taken from The Abdus Salam International Centre for Theoretical Physics.
Web services security I

Web services security I
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
Internet-Based Client Access

Internet-Based Client Access
 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.

 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.
Web Server Administration Chapter 10 Securing the Web Environment.

Web Server Administration Chapter 10 Securing the Web Environment.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.
CCNA1 v3 Module 11 v3 CCNA 1 Module 11 JEOPARDY S Dow.

CCNA1 v3 Module 11 v3 CCNA 1 Module 11 JEOPARDY S Dow.
SSH and SSL CIT304 University of Sunderland Harry R. Erwin, PhD.

SSH and SSL CIT304 University of Sunderland Harry R. Erwin, PhD.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
1 7-Oct-15 OSI transport layer CCNA Exploration Semester 1 Chapter 4.

1 7-Oct-15 OSI transport layer CCNA Exploration Semester 1 Chapter 4.
Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,

Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,
TCP/IP fundamentals Unit objectives Discuss the evolution of TCP/IP Discuss TCP/IP fundamentals.

TCP/IP fundamentals Unit objectives Discuss the evolution of TCP/IP Discuss TCP/IP fundamentals.
Network Security Essentials Chapter 5

Network Security Essentials Chapter 5

Similar presentations

Ads by Google