1 / 21

Final Exam May 15 at 10:30 Two hour exam No electronic devices Open Notes

Final Exam May 15 at 10:30 Two hour exam No electronic devices Open Notes Primarily Multiple choice with four short answer questions Not cumulative, but might require knowledge from the beginning of the semester as ideas build on ideas after all. A Cautionary Tale.

johncoleman
Télécharger la présentation

Final Exam May 15 at 10:30 Two hour exam No electronic devices Open Notes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Final Exam May 15 at 10:30 • Two hour exam • No electronic devices • Open Notes • Primarily Multiple choice with four short answer questions • Not cumulative, but might require knowledge from the beginning of the semester as ideas build on ideas after all.

  2. A Cautionary Tale • Now Two stories not strictly keeping to the idea of computer security

  3. A Cautionary Tale • On November 29, 1979 an Air New Zealand plane crashed into Mount Erebus on the Antarctic Continent • All aboard were killed, 257 persons • The crash was originally attributed to. “pilot error” • A second investigation exposed a more complex possibility

  4. A Cautionary Tale • Aircraft in that period where amoung the first to be computer controlled during most of their flights. • A flight plan was loaded into the planes computer and would guide the plane if needed during cruise. • Pilots could override this flight plan

  5. A Cautionary Tale • The flight was a tourist flight. It was meant to pass close to Mt.Erebus and then proceed to overfly McMurdo Base nearby. • The position of McMurdo base was entered incorrectly, it was over a hundred miles out. • The line of flight of the aircraft, in the flight plan, actually passed through the mountain.

  6. A Cautionary Tale • Amazingly, the airline knew of the keying error in entering the flight plan • The first three flights disengaged the computer and flew around the mountain by hand. • The weather was clear on these three occasions

  7. A Cautionary Tale • On the fourth flight • The crew was not briefed on the flight plan error in the computer • The visibility was poor • What is called in polar conditions, whiteout • The pilot did not disengage the computer • The plane tried to fly throught the mountain

  8. A Cautionary Tale • This remains the only crash where the airlines are willing to admit a computer error, albeit a data entry error. • There are about six other suspect incidents

  9. A Cautionary Tale • From a computer security point of view • The planes computer was not hacked • Aircraft computers are not networked • The error occurred on a company mainframe • Not networked then • Certainly networked now • Consider the result if a true cyberterrorist hacked into the computers currently used for flight planning • McKinnon case show high skill is not always needed

  10. Opportunities • There are many similar opportunities • Computers used for industrial control • Power grids • Refinery control • Nuclear power plant, or even conventional power plants • To date, we have not seen a real cyberterrorist

  11. What does a real terrorist look like? • Ted Kazinski – Unabomber • Was a genius, measured IQ – 162 • Received a PHD in Mathmatics • Became a professor • Dropped out and became a neo-Luddite recluse • Lived in a small cabin in Montana • Had an income of less than 1,000 a year

  12. Unabomber • For over a decade, the Unabomber foiled the FBI and terrified the high tech community • He sent letter and package bombs to University professors and people in what he considered the high tech industry. • One of his trademarks was that his bombs provided no forensic evidence. He was brilliantly skilled in anticipating what might give him away. He even mixed his own explosives

  13. Unabomber • He was finally captured when he insisted his manifesto be published to end the bombings • His brother recognized Ted's writing style and gave that information to the FBI • Again, defeated by ego • Without the publication he would be bombing today

  14. What is a terrorist? • A truly dangerous terrorist (successful) • Has high intelligence (Kazinski, Atta, McVeigh) • Has great skill • Has an ideaology • Motivates him to endure hardship to complete plan • Allows him to objectify the victims

  15. What is a terrorist? • So far, in the cyber world we have not encountered this. • Most hackers/crackers with serious skill are largely motivated by money • Those like McKinnon, with other motivations are of relatively low skill • This won't last forever

  16. Jobs in Computer Security • There is a growing shortage of computer security people. • Jobs, with a BS average around 77 thousand • People at a high live, who create security policy, can make in the low six figures • Low level techs implementing security make in the high fifties

  17. Jobs in Computer Security • Preparing for a career in computer security • A BS is less important that certifications • Certifications can be granted by • Professional organizations • CompTIA • Vendors • Microsoft • Cisco • Certifications granted by vendors are currently more important in the Job market.

  18. Jobs in Computer Security • Preparing for a job in Computer Security • Graduate degrees do increase earning power • Mean salary for someone with a grad degree is 90 thousand

  19. Computer Forensics • Computer Forensics is related to computer security • Kicks in after the crime • Deals with analyzing evidence • Looking for hidden data on hard drives • Breaking encryption • Creating “Honeypots” or traps • Analyzing traffic patterns • Defeating privacy software we have studied

  20. Computer Forensics • Job usually requires • Computer training • Police training • How to maintain a chain of evidence • Illegal and legal search • State police lab is just across the street

More Related