1 / 31

CS 456 Security I

CS 456 Security I. Work Station Lock Down Cryptography Information Assurance Information Security Systems Engineering Trust Models, Threat Models and AD Secure Systems Test & Eval Systems Security Testing. CS 456 Security I. Requirements: No Whining 1 Workstation Lab 1 Crypto Project

denton
Télécharger la présentation

CS 456 Security I

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 456Security I • Work Station Lock Down • Cryptography • Information Assurance • Information Security Systems Engineering • Trust Models, Threat Models and AD • Secure Systems Test & Eval • Systems Security Testing

  2. CS 456Security I Requirements: • No Whining • 1 Workstation Lab • 1 Crypto Project • 1 Midterm • 1 Final

  3. CSIA Track WARNING The material that you will learn in the CSIA track is dual use. The ethical and legal implications of your use of information and techniques presented should always be part of your decisions.

  4. Information Systems Security Information assurance • Electronic information • Ubiquity • Importance • Corruptibility • Information systems • Characteristics • Types • Pervasive

  5. Information Assurance Security Keep information in a known and trusted state that can be used appropriately.

  6. Trust “Generally an entity can be said to 'trust' a second entity when the first entity makes an assumption that the second entity will behave exactly as the first entity expects” ITU-T X.509, § 3.3.54

  7. Threats Threat profiles identify specific threats that are most likely to put your environment at risk. • Unauthorized probing of system or data • Unauthorized access • Introduction of malicious code • Unauthorized modification or disclosure of data • Denial of service attacks

  8. Vulnerabilities Vulnerabilities are characteristics of an information system's architecture, implementation, use or maintenance that has or could compromise the information.

  9. Electronic Information • Digital data • Communications • Executables • System states • Analog information

  10. Information Security Model Information States Transmission Storage Processing Security Measures Training Critical Information Characteristics Confidentiality Policies Technology Integrity Availability

  11. Information States • Transmission • Storage • Processing

  12. Information Transmission • Space • Radio waves • Copper • Analog • Digital • Glass • Snell's Law

  13. Space RF Transmission • Types • Radio and TV • Cell phones • Unintentional • Radio waves • Modulation techniques • Many types of encoding • Easily detected and intercepted • All conductors are antennas • Transmission over wires radiate RF signals

  14. Signals over a Conductor • Analog • Voice - Telephony • TV – Not for long • Digital • Modems • Ethernet • Backplanes • Motherboards

  15. Signals over a Conductor • Conductors are antennas • Ethernet • Telephone wires • Backplanes

  16. Optical Fiber Transmission • Difficult to intercept • To date (2011)‏ • Not difficult now • Many encoding techniques

  17. Information Storage • All of the obvious • However • Caches • HW Buffers • Store and forward technologies • Copy machines (20 GB storage)‏ • Cell phones (Rupert Murdock)‏`

  18. Information Storage • Laws have changed • Exploits have advanced • Attitudes have changed

  19. Information Processing • Altered executables • Introduced executables • Scripts

  20. Information Security Model Information States Transmission Storage Processing Security Measures Training Critical Information Characteristics Confidentiality Policies Technology Integrity Availability

  21. Critical Information Characteristics • Confidentiality • Integrity • Availability

  22. Confidentiality • Keeping information secret • Encryption • Authentication • Authorization • Non-repudiation

  23. Integrity • Making sure the information is as it should be. • Message authentication code • Message digests

  24. Availability • Making the information is available when it is requested. • System design • Appropriate confidentiality and integrity techniques • No DdoS – bad, bad, bad

  25. Information Security Model Information States Transmission Storage Processing Security Measures Training Critical Information Characteristics Confidentiality Policies Technology Integrity Availability

  26. Security Measures • Technology • Policies & Procedures • Training & Awareness

  27. Technology Measures • Programs • Software • Architecture • Design • Etc.

  28. Policy and Procedures • What to do • How to do it • What is permissible • What is not

  29. Policies • Sample Policies • www.sans.org/resources/policies • Many of these policies are part of the Employee Handbook • These are the laws of the Corp

  30. Procedures • Step by step description on how do something • Update anti-virus program • Configure a firewall • Etc.

  31. Training • Training is dumb • Training is everything • Training, Education & Awareness • The most important security measure • Understanding: • Reasons for security • Reasons for info protection • Results of not doing it

More Related