Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY: THE BIG PICTURE Ayal Rosenberg PDEV. “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know.

Published byPhoebe Foster Modified over 9 years ago

Similar presentations

Presentation on theme: "SECURITY: THE BIG PICTURE Ayal Rosenberg PDEV. “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know."— Presentation transcript:

1 SECURITY: THE BIG PICTURE Ayal Rosenberg PDEV

2 “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu – The Art of War

3 “A new military revolution has emerged. The revolution is essentially a Transformation from the mechanized warfare of the industrial age to the information warfare of the information age. Information warfare is a war of decisions and control, a war of knowledge, and a war of intellect. The aim of information warfare will be gradually changed from ‘preserving oneself and wiping out the enemy’ to ‘preserving oneself and controlling the opponent’. Information warfare includes electronic warfare, tactical deception, strategic deterrence, propaganda warfare, psychological warfare, network warfare and structural sabotage. Under today’s technological conditions, the ‘all conquering stratagems’ of Sun Tzu more than two millennia ago – ‘vanquishing the enemy without fighting’ and subduing the enemy by ‘soft strike’ or ‘soft destruction’ – could finally be truly realized.” Chinese Army newspaper Jiefangjun Bao – May 1996

4 ATTACKS ADVERSARIES SECURITY NEEDS TECHNOLOGIES NETWORKED COMPUTER SECURITY PROCESSES

5 “Security is a process not a product” - Bruce Scheier

6 ATTACKS ADVERSARIES SECURITY NEEDS TECHNOLOGIES NETWORKED COMPUTER SECURITY PROCESSES

7 CRIMINAL ATTACKS PRIVACY VIOLATIONS PUBLICITY ATTACKS

8 Fraud Scams Destructive Attacks Intellectual Property Theft (Piracy) Brand Theft How can I acquire the maximum financial return by attacking the system?

9 Targeted Attacks Data Harvesting Surveillance Databases Traffic Analysis Massive Electronic Surveillance

10 Bad Press costs more than theft Inform criminals who can exploit the news Denial of Service How can I get famous by attacking the system?

11 ATTACKS ADVERSARIES SECURITY NEEDS TECHNOLOGIES NETWORKED COMPUTER SECURITY PROCESSES

12 Objectives Access Resources Expertise Risk Crooks haven’t changed. It’s just that cyberspace is the new place for them to ply their trade.

13 HACKERS LONE CRIMINALS MALICIOUS INSIDERS INDUSTRIAL ESPIONAGE PRESS ORGANIZED CRIME POLICE TERRORISTS NATIONAL INTELLIGENCE INFO-WARRIORS

14 ATTACKS ADVERSARIES SECURITY NEEDS TECHNOLOGIES NETWORKED COMPUTER SECURITY PROCESSES

15 Privacy Multi-Level Security Anonymity Authentication Integrity Audit Electronic Currency Proactive Solutions

16 ATTACKS ADVERSARIES SECURITY NEEDS TECHNOLOGIES NETWORKED COMPUTER SECURITY PROCESSES

17 CRYPTOGRAPHY COMPUTER SECURITY IDENTIFICATION & AUTHORIZATION

18 Cryptography is not a panacea. You need more than it for security – but it is essential. You don’t have to understand the math. You do have to understand the ramifications. A group of people use private knowledge to keep messages secret from third parties.

19 Distribution of keys Storing of keys Destruction of keys Proliferation of pair-wise keys in symmetric mode Performance degradation in asymmetric mode

20 Compose Message Encrypt Message with key Receive Encrypted Message Decrypt Message with Key

21 Generate Public key and distribute Compose Message Encrypt Message with Public key Send Message Decrypt Message with Private key

22 Cipher Text Only Attack Known Plain Text Attacks Chosen Plain Text Attacks Brute Force Attacks

23 Distribution of keys Storing of keys Destruction of keys Proliferation of pair-wise keys in symmetric mode Performance degradation in asymmetric mode

24 Message Authentication Codes Symmetric Algorithms: HMAC or NMAC One-Way Hash Functions Secure Hash Algorithm (SHA1) Secure Hash Standard (SHS) RIPEMD-160 (EU) MD5 (?) MD4 - obsolete Digital Signatures Public and private keys. Sender encrypts with private and receiver decrypts with public. Allows for non-repudiation. Digital Signature Algorithm (DSA) Digital Signature Standard (DSS)

25 Confidentiality !!! Stop unauthorized users from reading sensitive information. Integrity !!! Every piece of data should be as the last authorized modifier left it. Availability!! The property of being accessible and useable upon demand by an authorized entity. Access Control = Confidentiality + Integrity + Availability

26 Security Kernels Reference Monitor Trusted Computing Base Secure Kernel OS Evaluation Criteria C2 ISO 15408

27 Who are you and can you prove it!! Allow authorized users in! Keep unauthorized users out!

28 Username and Password Username – identification Password - proof of identification Biometrics Biometric came from the person at verification time Biometric matches master on file Access Tokens Password for tokens -> PIN Authentication Protocols Cryptographic authentication over a network Salt Kerberos Single Sign On Incompatible legacy Single point of failure

29 Server X Client Kerberos Server Request to logon onto Machine X Check to see if Client has permission to log on to Server XKerberos sends ticket and session key for authentication to Client Use the session key to create an authenticator Send authenticator and session key to Server X Server X validates ticket and session key with long term key Server X issues with a long term key by Kerbros

30 ATTACKS ADVERSARIES SECURITY NEEDS TECHNOLOGIES NETWORKED COMPUTER SECURITY PROCESSES

31 MALICIOUS SOFTWARE NETWORK SECURITY NETWORK DEFENCES

32 Payload and Propagation Classifications Viruses Worms Trojan Horses Modular Code Problem Isolation and Memory Safety Access Control at the interfaces Code Signing Mobile Code Web Security SSL Cross Site Scripting Cookie Abuse Web Service Scripts

33 Router Vulnerability Password Sniffing IP Spoofing DNS Security Denial of Service Attacks Distributed Denial of Service Attacks Mainly TCP/IP protocol Post office not Telephone company!

34 FIRE-WALLS Attacks Go around Sneak key in Take over Types: Packet Filters & Proxy Gateways DEMILITARIZED ZONES (DMZ) Connect disjointed pieces of network Connect mobile, roaming users VIRTUAL PRIVATE NETWORKS (VPN) Misuse detection Anomaly detection INTRUSION DETECTION SYSTEMS (IDSs) HONEY POTS & ALARMS VULNERABILITY SCANNERS

35 ATTACKS ADVERSARIES SECURITY NEEDS TECHNOLOGIES NETWORKED COMPUTER SECURITY PROCESSES

36 “The problem is that security measures such as cryptography, secure kernels, Firewalls and everything else work much better in theory than they do in practice. In other words: Security flaws in the implementation are much more common and much more serious than security flaws in design. Design is about software reliability” - Bruce Schneier

37 “Products have problems - and they are getting worse. The only reasonable thing to do is to create processes that accept this reality. We must implement these processes to get as much safety as possible.” - Bruce Schneier PRINCIPLES DETECTION & RESPONSE COUNTER-ATTACK RISK MANAGEMENT

38 Compartmentalize Secure the weakest link Use Choke Points In-depth Defense Fail Securely Leverage Unpredictability Embrace Simplicity “Complexity is the worst enemy if security!” “Be as simple as possible but no simpler” - Einstein Enlist Users Assure Question Trust no one – especially yourself!!!!

39 Detect Attacks Analyze Attacks Detection Localization Identification Assessment Respond to Attacks Make the problem go away Catch the Attacker Be Vigilant Continuous Immediateness Prteparedness Watch the Watchers Recover from Attacks Recover from compromise “Detection is more important than prevention!”

40 “The best defense is attack!!!” “Attacker is a tortoise; Defender must be a fox!”

41 “There is no 100% security!” “Identify the risk then either accept it, or reduce it or insure against it.” “Security does not have to be perfect but risks have to be manageable.” “Outsource to experts!”

42 “How big is the potential loss?” “We don’t know!!” “How likely is the loss to occur?” “We don’t know.” “How much is your company worth?” “One billion rands!” “The premium will be one billion rands!”

43 “I’ve realized that the fundamental problems in security are no longer about technology; they’re about how to use technology.” “There is no way to turn security into a product.” “It’s more and more about process.” - Bruce Schneier

44

45 ATTACKS ADVERSARIES SECURITY NEEDS TECHNOLOGIES NETWORKED COMPUTER SECURITY PROCESSES

46

Download ppt "SECURITY: THE BIG PICTURE Ayal Rosenberg PDEV. “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
L0. Introduction Rocky K. C. Chang, January 2013.

L0. Introduction Rocky K. C. Chang, January 2013.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
SECURITY ISSUES IN NETWORKS WITH INTERNET ACCESS PRESENTED BY Sri Vallabh Aida Janciragic Sashidhar Reddy.

SECURITY ISSUES IN NETWORKS WITH INTERNET ACCESS PRESENTED BY Sri Vallabh Aida Janciragic Sashidhar Reddy.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Similar presentations

Ads by Google