Download presentation
Presentation is loading. Please wait.
1
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 1 Security Systems Lecture notes Drs. Clifford Neuman University of Southern California Information Sciences Institute
2
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 2 CSci530: Security Systems Lecture 1 – August 27, 2004 Dr. Clifford Neuman University of Southern California Information Sciences Institute
3
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 3 Administration v Class home page http://ccss.isi.edu/CSci530.html (or http://530.cliffordneuman.com) –Preliminary Syllabus –Assigned Readings –Lecture notes –Assignments
4
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 4 Who gets in v Class size is 120 students –Main room holds 70 u 50 will view from overflow room or through webcast. –Currently waiting list of about 30 u Most will likely get in u You must have given your name to the CS department for addition to the waiting list, or send mail to csci530@usc.edu.csci530@usc.edu
5
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 5 Structure of lecture v Classes from 9:00 AM – 11:50 AM –10-15 minute break halfway through –Final 15 minutes for discussion of current events in security.
6
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 6 Administration v Class e-mail: csci530@usc.educsci530@usc.edu v Instructors –Dr. Clifford Neuman –Office hours Friday 1:30-2:30 v TAs –Ho Chung –Office hours Tuesday 9:00 - Noon –Second TA to be determined
7
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 7 Administration v A separate 1 unit lab class is available as a CS590 Advanced Security Systems http://www-scf.usc.edu/~csci590 –Provides hands on experience with systems discussed in class. –Developed jointly with this class. –May take concurrently, or in subsequent semester.
8
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 8 Administration v Grading –Reading reports: 5,5,5 –Exams: 25,25 –Research paper, 35 –Class participation (up to 15% bonus)
9
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 9 Blackboard v Using the DEN Blackboard system –Go to http://den.usc.eduhttp://den.usc.edu –Click “for on campus students” –Follow the instructions to obtain your Blackboard password for the DEN site. –Contact webclass@usc.edu if you have difficulty gaining access to the system.webclass@usc.edu v Experimental interactive features for discussion will be added within a couple weeks.
10
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 10 Class Participation v This is a large class, but I will promote discussion as if it were smaller. –Class participation is important. u Either by asking or answering questions in class. u Or by asking, answering, and participating in discussion online. –Bonus for class participation u If I don’t remember who you are from lecture or office hours, then I go back and look at participation in the web forums, and what kinds of participation. –Did you ask good questions. –Did you provide good answers to others that did not duplicate earlier answers. –Did you make good points in discussions.
11
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 11 What is security v System, Network, Data –What do we want to protect –From what perspective v How to evaluate –Balance costs to protect with costs of compromise –Balance costs to compromise with benefit to attacker. v Security vs. Risk Management –Prevent successful attacks vs. mitigate the consequences. v It’s not all technical
12
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 12 Why we aren’t secure v Buggy code v Protocols design failures v Weak crypto v Social engineering v Insider threats v Poor configuration v Incorrect policy specification v Stolen keys or identities v Denial of service
13
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 13 What do we want from security v Confidentiality –Prevent unauthorized disclosure v Integrity –Authenticity of document –That it hasn’t changes v Availability –That the system continues to operate –That the system and data is reachable and readable. v Enforcement of policies –Privacy –Accountability and audit –Payment
14
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 14 The role of policy in security architecture Policy – Defines what is allowed and how the system and security mechanisms should act. Enforced By Mechanism – Provides protection interprets/evaluates (firewalls, ID, access control, confidentiality, integrity) Implemented as: Software: which must be implemented correctly and according to sound software engineering principles.
15
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 15 Security Mechanisms v Encryption v Checksums v Key management v Authentication v Authorization v Accounting v Firewalls v Virtual Private Nets v Intrusion detection v Intrusion response v Development tools v Virus Scanners v Policy managers v Trusted hardware
16
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 16 Today’s security deployment v Most of the deployment of security services today handles the easy stuff, implementing security at a single point in the network, or at a single layer in the protocol stack: –Firewalls, VPN’s –IPSec –SSL v Unfortunately, security isn’t that easy. It must be better integrated with the application. –At the level at which it must ultimately be specified, security policies pertain to application level objects, and identify application level entities (users).
17
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 17 Security Systems vs Systems Security SECURITY AUDIT RECORDS INTRUSION DETECTION UNDER ATTACK POLICY GAA API EACL... Authentication Integration of dynamic security services creates feedback path enabling effective response to attacks Databases Web Servers Firewalls IPSec …
18
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 18 Current event – What is security relevant here From: Copyright_Compliance@usc.edu Date: August 26, 2004 Subject: Copyright Compliance Notice Dear Student: This e-mail is being sent to all students at USC to make sure that they have the same information about copyright compliance. … Furthermore, infringing conduct exposes the infringer to serious legal penalties. In response to the growth of infringement through P2P networks, the recording and motion picture industries have increased their efforts to identify and stop those who download unauthorized music and video files. Organizations such as the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) can and do monitor P2P users, obtaining "snapshots" of the users' Internet protocol addresses, the files they are downloading or uploading from their P2P directories, the time that downloading occurs, and the Internet service provider (ISP) through which the files travel. (Gathering this information is not a violation of the users' privacy rights, because the user has voluntarily made his or her P2P directory available for public file sharing.) …
Similar presentations
