We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byHaley Owen
Modified over 7 years ago
© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu
© 2005 Ravi Sandhu www.list.gmu.edu 2 Cyber-security goals have changedCyber-security goals electronic commerce information sharing etcetera multi-party security objectives fuzzy objectives INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure USAGE purpose USAGE
© 2005 Ravi Sandhu www.list.gmu.edu 3 Cyber-security attacks have changed The professionals have moved in Hacking for fun and fame Hacking for cash, espionage and sabotage
© 2005 Ravi Sandhu www.list.gmu.edu 4 INTERNET INSECURITY Internet insecurity spreads at Internet speed Morris worm of 1987 Password sniffing attacks in 1994 IP spoofing attacks in 1995 Denial of service attacks in 1996 Email borne viruses 1999 Distributed denial of service attacks 2000 Fast spreading worms and viruses 2003 Spam 2004 Phishing 2005 Botnets 2005 … no end in sight Internet insecurity grows at super-Internet speed security incidents are growing faster than the Internet (which has roughly doubled every year since 1988)
© 2005 Ravi Sandhu www.list.gmu.edu SECURITY TECHNIQUES Prevention access control Detection and Recovery auditing/intrusion detection incident response Acceptance practicality
© 2005 Ravi Sandhu www.list.gmu.edu THREATS, VULNERABILITIES ASSETS AND RISK THREATS are possible attacks VULNERABILITIES are weaknesses ASSETS are information and resources that need protection RISK requires assessment of threats, vulnerabilities and assets
© 2005 Ravi Sandhu www.list.gmu.edu 7 RISK Outsider Attack – insider attack Insider Attack – outsider attack
© 2005 Ravi Sandhu www.list.gmu.edu PERSPECTIVE ON SECURITY No silver bullets A process NOT a turn-key product Requires a conservative stance Requires defense-in-depth A secondary objective Absolute security does not exist Security in most systems can be improved
© 2005 Ravi Sandhu www.list.gmu.edu 9 PERSPECTIVE ON SECURITY absolute security is impossible does not mean absolute insecurity is acceptable
© 2005 Ravi Sandhu www.list.gmu.edu 10 CLASSICAL INTRUSIONS SCENARIO 1 Insider attack The insider is already an authorized user Insider acquires privileged access exploiting bugs in privileged system programs exploiting poorly configured privileges Install backdoors/Trojan horses to facilitate subsequent acquisition of privileged access
© 2005 Ravi Sandhu www.list.gmu.edu 11 CLASSICAL INTRUSIONS SCENARIO 2 Outsider attack Acquire access to an authorized account Perpetrate an insider attack
© 2005 Ravi Sandhu www.list.gmu.edu 12 NETWORK INTRUSIONS SCENARIO 3 Outsider/Insider attack Spoof network protocols to effectively acquire access to an authorized account
© 2005 Ravi Sandhu www.list.gmu.edu 13 DENIAL OF SERVICE ATTACKS Flooding network ports with attack source masking TCP/SYN flooding of internet service providers in 1996
© 2005 Ravi Sandhu www.list.gmu.edu 14 INFRASTRUCTURE ATTACKS router attacks modify router configurations domain name server attacks internet service attacks web sites ftp archives
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
© 2006 Ravi Sandhu Cyber-Identity, Authority and Trust Systems Prof. Ravi Sandhu Professor of Information Security and Assurance Director,
Copyright, The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce.
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
CS5038 The Electronic Society
Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem Overall size of cybercrime unclear; amount of losses.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Information Society Security Risks. Attacks Origin Consequences RISKS...
Security+ Guide to Network Security Fundamentals
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Introducing Computer and Network Security
© 2021 SlidePlayer.com Inc. All rights reserved.