Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Basic Introduction to Computer Security John H. Porter University of Virginia Department of Environmental Sciences.

Published byBruce Butler Modified over 8 years ago

Similar presentations

Presentation on theme: "A Basic Introduction to Computer Security John H. Porter University of Virginia Department of Environmental Sciences."— Presentation transcript:

1 A Basic Introduction to Computer Security John H. Porter University of Virginia Department of Environmental Sciences

2 Achieving Absolute Computer Security n There is only one method that can assure absolute security for the data and programs on your computer n Unplug it from the power outlet!!!

3 The Bad Guys n Trojan Horses Software that does other things than it says it does – often maliciousSoftware that does other things than it says it does – often malicious n Worms Attempt to circumvent controls on network accessAttempt to circumvent controls on network access n Viruses Attempt to modify programs on your computer to add malicious codeAttempt to modify programs on your computer to add malicious code

4 The Bad Guys n Sniffers Tap network lines to capture data and passwordsTap network lines to capture data and passwords n Thieves Stolen computersStolen computers n Bad Luck Floods, fire, lightning, power surgesFloods, fire, lightning, power surges

5 Achieving Relative Security n Backups n Boundary Defense n Defense on the homefront

6 Backups n All computers will, at some point, experience a security breach Backups let you recover lost dataBackups let you recover lost data n Off-site backups protects you against data loss due to violations of physical security Try getting your data back off a stolen or burned hard drive!Try getting your data back off a stolen or burned hard drive!

7 Boundary Defense n Boundary defenses focus on keeping malicious users or programs from having access to files on your computer PasswordsPasswords Control of Internet PortsControl of Internet Ports Restricting ways files may be stored on your computerRestricting ways files may be stored on your computer

8 Passwords n Not all passwords are created equal – some are easier to crack Ones based on publically available information about you (e.g., your name)Ones based on publically available information about you (e.g., your name) Passwords based on dictionary rulesPasswords based on dictionary rules Passwords that are too short or use repeating charactersPasswords that are too short or use repeating characters

9 Strong Passwords n One easy way to create strong passwords is to take the first letter off each word in a sentence and add some punctuation E.g., Iwtbot, - “It was the best of times,”E.g., Iwtbot, - “It was the best of times,” 2b,ON2b – “To Be, or Not to be”2b,ON2b – “To Be, or Not to be” n Also, varying capitalization can help JHwaPDM!JHwaPDM!

10 Protecting Passwords n Even the most “secure” password is vulnerable if communication lines are compromised E.g., “sniffers”E.g., “sniffers” n Use of encrypted connections (ssl, https) can eliminate or greatly reduce this risk

11 Know What You are Sharing n Your computer provides a number of Internet Ports You want to eliminate access to ports that are not serving a legitimate purposeYou want to eliminate access to ports that are not serving a legitimate purpose n You can test at sites like ShieldsUp: https://grc.com/x/ne.dll?bh0bkyd2 Not all access is bad, but you want to KNOW what is exposed!

12 Limit the Places that can Access your Computer n Most SQL databases support restricting access to particular network domains, or even individual machines If your web and database servers are on the same host, you may be able to eliminate ALL network access to the database, since all interactions are mediated by your web serverIf your web and database servers are on the same host, you may be able to eliminate ALL network access to the database, since all interactions are mediated by your web server

13 Keep your Eyes Open! n Just as you would not walk down a darkened alley without paying attention to your surroundings, you need to be alert to strange computer behaviors that may indicate a security problem n Check your software support pages frequently for news about vulnerabilities and fixes

14 Defense on the Homefront n Limit access of your computer to trusted individuals Usually not too much trouble at field stationsUsually not too much trouble at field stations Is especially an issue for web pages that contain DBMS login information in free textIs especially an issue for web pages that contain DBMS login information in free text n Get a good virus checker and update it frequently (daily if possible, at least weekly)

15 Defense on the Homefront n Keep updates to Windows current As security holes are detected, fixes will become availableAs security holes are detected, fixes will become available Windows provides for automatic updatesWindows provides for automatic updates Recent worms (e.g., Blaster) utilized a flaw in the RPC module of Windows to infect large numbers of otherwise protected computers before a fix was availableRecent worms (e.g., Blaster) utilized a flaw in the RPC module of Windows to infect large numbers of otherwise protected computers before a fix was available

16 Protecting the Homefront n Monitor your logs to detect attempts to attack your system Window’s Events logsWindow’s Events logs Web server logsWeb server logs n Exercise good judgment on downloading files Every file downloaded is a potential security intrusionEvery file downloaded is a potential security intrusion

17 Security is Relative n Security is always relative, but it is possible to create a reasonable level of security n The more obscure a resource is, either because it uses “unusual” software or is inconspicuous on the web, the less likely someone is to try to break into it

18 Useful Places to Look n http://www.cert.org/ - Computer Emergency Response Team http://www.cert.org/ n http://grc.com/default.htm - home of ShieldsUp and others http://grc.com/default.htm n http://www.sarc.com/ - Symantec anti- virus site http://www.sarc.com/ n http://guide.vsnl.net.in/tcpip/columns/se curity_internet/index.html - a general guide to Internet Security issues http://guide.vsnl.net.in/tcpip/columns/se curity_internet/index.html http://guide.vsnl.net.in/tcpip/columns/se curity_internet/index.html

Download ppt "A Basic Introduction to Computer Security John H. Porter University of Virginia Department of Environmental Sciences."

Similar presentations

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.

James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.

EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Similar presentations

Ads by Google