1 / 16

Computing Security

Computing Security. Paul Wagner Department of Computer Science. Messages. Security as a multi-faceted sub-discipline of computer science System security Client security Server security Application security Network security Database security Social engineering Others….

elina
Télécharger la présentation

Computing Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computing Security Paul Wagner Department of Computer Science

  2. Messages • Security as a multi-faceted sub-discipline of computer science • System security • Client security • Server security • Application security • Network security • Database security • Social engineering • Others…. • There are many interesting issues in each of these areas

  3. Overview • Not just viruses and worms • Understanding security issues • Applying other areas of computer science (networking, operating systems) • Understanding and applying overall security principles • Using tools • Developing a security frame of mind

  4. System Security • Probably single most important area • Multitude of sub-issues and tools • Information gathering • Packet sniffing (e.g. ethereal) • Port scanning (e.g. nmap) • Vulnerability assessment (e.g. nessus) • Intrusion detection (e.g. snort) • Applicability to client and server systems

  5. System Security – Client-Side • Viruses, worms, trojan horses • Spyware • Spam • Patching • Human awareness

  6. System Security – Server-Side • Client issues plus more • Servers are points for possibly harmful access • Program interaction • Parameters passed in • Data passed in • Often running multiple applications • Web server, file server, mail server, …

  7. Application Security • Secure transmission of information • Protocols (e.g. SSL) • How to securely send information? • How to establish a channel for doing so? • Cryptography • Private key systems • DES (Data Encryption Standard) – older • AES (Advanced Encryption Standard) - current • Public key systems • RSA (Rivest, Shamir, Adelman) • Application security issues • C/C++ - buffer overflow on stack • Java – “sandbox” issues

  8. Network Security • Need • Understanding of network protocols • 7-layer OSI network stack • Issues • Network Topology • Firewalls • Secure Communication on Network • Virtual Private Network (VPN) • Other Network Security Approaches • E.g. Network Address Translation (NAT)

  9. Database Security • Issues • Security of data • Security of transmission of data • Problems • SQL Injection • Vulnerabilities in DBMS systems code • Primarily buffer overflows • Data passed insecurely • E.g. from web pages

  10. Web Security • Many Issues • Parameter Passing Issues • Cross-Site Scripting • Expose information • Introduce vulnerabilities • Web Server Configuration

  11. Operating System Security • General Issues • How can an OS be made more secure? • How can an OS protect applications? • Examples • Windows • Heavy usage means more attempts • Linux • Attacks starting (e.g. Luppi worm, PHP, XML-RPC) • Mac • Relatively rare

  12. Social Engineering • Technological security isn’t enough • Best technology isn’t helpful if you can convince someone to turn it off, mis-configure it, tell you how it works… • Many incidents throughout the years • Best example: Kevin Mitnick • “The Art of Deception”, 2002

  13. Ethical, Privacy, Legal Issues • Not just technology • Certain Sony CDs install root-kit on computer • Using a port-scanner against unknown systems from campus can get your system disconnected from network • Violation of security guidelines can lead to court action (Oregon vs. Schwartz) • Important to study computer security in an ethical, legal way that doesn’t interfere with anyone’s privacy

  14. Other Areas • Honeypots and Honeynets • Artificial Intelligence and Security • Physical Security • Computer Forensics

  15. Employment Opportunities • Systems administrator • Network administrator • Security engineer • Security architect • Security officer (CSO)

  16. Courses at UW-Eau Claire • CS 255 – “Distributed OO Programming in Java” • Java Security (SSL, basic crypto) • CS 370 – Computer Security • System security • Area security (e.g. database, web, operating systems) • Theory and tools • Cyberwar exercise – defense and investigation • CS 491 (special topic – Cryptography and Network Security) • Cryptography, including use in applications • Network applications (e.g. email) • MIS 365 (proposed) – Security Policy Management

More Related