Network Security and Surveillance
|
|
- Pauline Walton
- 5 years ago
- Views:
Transcription
1 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance G. Sivakumar Computer Science and Engineering IIT Bombay October 14, Internet Security Overview Some Puzzles 2 Defence: Cryptography 3 Offence: RFIDs and Surveillance
2 Internet s Growth and Charter Information AnyTime, AnyWhere, AnyForm, AnyDevice,... WebTone like DialTone
3 Internet s Dream Why should a fridge be on Internet? Will security considerations make this a nightmare?
4 What are Cyber crimes? Against People Cyber Stalking and Harrassment (Child) Pornography Against Property Cracking Virus and Spam Software/Entertainment Piracy Cyber Terrorism!
5 Security Concerns Match the following! Problems Attackers Highly contagious viruses Unintended blunders Defacing web pages Disgruntled employees or customers Credit card number theft Organized crime On-line scams Foreign espionage agents Intellectual property theft Hackers driven by technical challenge Wiping out data Petty criminals Denial of service Organized terror groups Spam s Information warfare Reading private files... Surveillance... Crackers vs. Hackers Note how much resources available to attackers.
6 Cyber Terrorism? Some examples from : Legion of Doom group took over the BellSouth telephone system, tapped phone lines, re-routed calls, : A white supremacist movement took out a Massachusetts internet service provider 1997: A cracker disabled the computer system of an airport control tower at the Worcester, Mass. Airport. 1997: a hacker in Sweden jammed the 911 emergency telephone system all throughout west-central Florida. 1998: NASA, Navy, and Defence Department computers were attacked. 2000: in Maroochy Shire, Australia, a disgruntled consultant hacked into a waste management control system and released millions of gallons of raw sewage on the town. 2001: Two post-graduate students cracked a bank system used by banks and credit card companies to secure the personal identification numbers of their customers accounts. [38]
7 Emergency Response:
8 Internet Attacks Timeline From training material at
9 Internet Attack Trends From training material at
10 Indian IT Act 2000 Basic Legal Framework Electronic documents, signatures as evidence Cyber Crimes & Punishments Secn 43: Damage to Computers/Network Secn 65: Tampering source code Secn 66: Hacking (cracking) Secn 67: Obscenity (bazee.com!) Secn 69: Interception Several Initiatives (PKI, CERT-IN, Cyber cells,...)
11 Vulnerabilities Application Security Buggy code Buffer Overflows Host Security Server side (multi-user/application) Client side (virus) Transmission Security
12 Denial of Service Small shop-owner versus Supermarket What can the attacker do? What has he gained or compromised? What defence mechanisms are possible? Screening visitors using guards (who looks respectable?) VVIP security, but do you want to be isolated? what is the Internet equivalent?
13 Security Requirements Informal statements (formal is much harder) Confidentiality Protection from disclosure to unauthorized persons Integrity Assurance that information has not been modified unauthorizedly. Authentication Assurance of identity of originator of information. Non-Repudiation Originator cannot deny sending the message. Availability Not able to use system or communicate when desired. Anonymity/Pseudonomity For applications like voting, instructor evaluation. Traffic Analysis Should not even know who is communicating with whom. Why? Emerging Applications Online Voting, Auctions (more later) And all this with postcards (IP datagrams)!
14 Exchanging Secrets Goal A and B to agree on a secret number. But, C can listen to all their conversation. Solution? A tells B: I ll send you 3 numbers. Let s use their LCM as the key.
15 Exchanging Secrets Goal A and B to agree on a secret number. But, C can listen to all their conversation. Solution? A tells B: I ll send you 3 numbers. Let s use their LCM as the key.
16 Mutual Authentication Goal A and B to verify that both know the same secret number. No third party (intruder or umpire!) Solution? A tells B: I ll tell you first 2 digits, you tell me the last two...
17 Mutual Authentication Goal A and B to verify that both know the same secret number. No third party (intruder or umpire!) Solution? A tells B: I ll tell you first 2 digits, you tell me the last two...
18 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance Cryptography and Data Security sine qua non [without this nothing :-] Historically who used first? (L & M) Code Language in joint families!
19 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance Symmetric/Private-Key Algorithms
20 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance Asymmetric/Public-Key Algorithms Keys are duals (lock with one, unlock with other) Cannot infer one from other easily How to encrypt? How to sign?
21 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance One way Functions Mathematical Equivalents Factoring large numbers (product of 2 large primes) Discrete Logarithms
22 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance Security Mechanisms System Security: Nothing bad happens to my computers and equipment virus, trojan-horse, logic/time-bombs,... Network Security: Authentication Mechanisms you are who you say you are Access Control Firewalls, Proxies who can do what Data Security: for your eyes only Encryption, Digests, Signatures,...
23 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance Security Mechanisms System Security: Nothing bad happens to my computers and equipment virus, trojan-horse, logic/time-bombs,... Network Security: Authentication Mechanisms you are who you say you are Access Control Firewalls, Proxies who can do what Data Security: for your eyes only Encryption, Digests, Signatures,...
24 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance Security Mechanisms System Security: Nothing bad happens to my computers and equipment virus, trojan-horse, logic/time-bombs,... Network Security: Authentication Mechanisms you are who you say you are Access Control Firewalls, Proxies who can do what Data Security: for your eyes only Encryption, Digests, Signatures,...
25 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance Network Security Mechanism Layers Cryptograhphic Protocols underly all security mechanisms. Real Challenge to design good ones for key establishment, mutual authentication etc.
26 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance What is RFID? Not just super barcode. Already in use by Andhra Pradesh police?
27 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance How RFID works
28 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance RFID Tags Passive Cheapest: no battery in tag All power comes from reader Semi Passive With batteries Improved performance and reliability Increased size and cost Active High performance and cost Active
29 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance Privacy Concerns
30 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance RFID Applications Payment Toll collection Fuel payment (Speedpass) Parking Pre-payment card (Dexit) Supply Chain Mgmt Logistics Inventory Mgmt Asset Tracking High value assets Re-useable containers Shipping containers Inventory Access Control Card Keys Automotive anti-theft Anti-theft Shrinkage Automotive anti-theft Track & Trace Food Pharmaceuticals Books Parts/lots tracking Apparel
31 Internet Security Overview Defence: Cryptography Offence: RFIDs and Surveillance References Books TCP/IP Illustrated by Richard Stevens, Vols 1-3, Addison-Wesley. Applied Cryptography - Protocols, Algorithms, and Source Code in C by Bruce Schneier, Jon Wiley & Sons, Inc Cryptography and Network Security: Principles and Practice by William Stallings (2nd Edition), Prentice Hall Press; Practical Unix and Internet Security, Simson Garfinkel and Gene Spafford, O Reilly and Associates, ISBN Web sites (Centre for Education and Research in Information Assurance and Security) (System Administration, Audit, Network Security) cve.mitre.org (Common Vulnerabilities and Exposures) csrc.nist.gov (Computer Security Resources Clearinghouse)
Network Security. G. Sivakumar Computer Science and Engineering IIT Bombay May 26, 2005
G. Sivakumar Computer Science and Engineering IIT Bombay siva@iitb.ac.in May 26, 2005 Outline of This Lecture Threats and Requirements TCP/IP Essentials: How Internet Works Defending the Network (more
More information. Cyber Crime Investigation. September 28, 2013
.. शवक म र G. Sivakumar ச வக ம ர Computer Science and Engineering भ रत य गक स न म बई (IIT Bombay) siva@iitb.ac.in September 28, 2013 The Good (Web 1.0, 2.0, 3.0) 20% The Bad (Threats, Vulnerabilities,
More informationNetworking and Related Research at IIT Bombay
Networking and Related Research at IIT Bombay Page 1 of 100 G. Sivakumar Computer Science Department Indian Institute of Technology, Bombay Mumbai 400076, India siva@iitb.ac.in Outline of Talk IIT Bombay
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationIS Today: Managing in a Digital World 9/17/12
IS Today: Managing in a Digital World Chapter 10 Securing Information Systems Worldwide losses due to software piracy in 2005 exceeded $34 billion. Business Software Alliance, 2006 Accessories for war
More informationCPET 581 E-Commerce & Business Technologies. References
CPET 581 E-Commerce & Business Technologies The E-Commerce Security Part 2 of 2 Paul I-Hai Lin, Professor http://www.etcs.ipfw.edu/~lin A Specialty Course for M.S. in Technology IT/Advanced Computer Applications
More informationCybercrime Criminal Law Definitions and Concepts
Cybercrime Criminal Law Definitions and Concepts How to Criminalize Attacks on Computer Networks and Information Computer Crime and Intellectual Property Section U.S. Department of Justice 1 Overview Introduction
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationE-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.
E-Commerce Security 2008 Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al. Learning Objectives 1. Explain EC-related crimes and why they cannot be stopped. 2. Describe an EC security
More informationSyllabus for P.G. Diploma in Cyber Law and Information Technology
Syllabus for P.G. Diploma in Cyber Law and Information Technology Paper I: Basic of computer and Cyber Security Paper II: Information Technology Law (Cyber Law) Paper III: Cyber crime and investigation
More informationChapter 10: Security and Ethical Challenges of E-Business
Chapter 10: Security and Ethical Challenges of E-Business Learning Objectives Identify several ethical issues in IT that affect employment, individuality, working condition, privacy, crime health etc.
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More informationGod is in the Small Stuff and it all matters. .In the Small Stuff. Security and Ethical Challenges. Introduction to Information Systems Chapter 11
Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise 1 Eleventh Edition 2 Chapter Objectives C h a p t e r 11 Eleventh Edition James A. O Brien Identify several ethical
More informationHOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS
HOLY ANGEL UNIVERSITY LLEGE OF INFORMATION AND MMUNICATIONS TECHNOLOGY CYBER SECURITY URSE SYLLABUS Course Code : 6CSEC Prerequisite : 6MPRO2L Course Credit : 3 Units (2 hours LEC,3 hours LAB) Year Level:
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More informationThe Tension. Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes
s10 Security 1 The Tension Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes Security vs. desire of individuals to act anonymously
More informationDefine information security Define security as process, not point product.
CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is
More informationCryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood of the enemy's
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationDNA Intrusion Detection Methodology. James T. Dollens, Ph.D Cox Road Roswell, GA (678)
DNA Intrusion Detection Methodology by James T. Dollens, Ph.D. 1675 Cox Road Roswell, GA 30075 JTDDGC@aol.com (678) 576-3759 Copyright 2001, 2004 James T. Dollens Page 1 of 1 Introduction Computer viruses,
More informationChapter 6 Network and Internet Security and Privacy
Chapter 6 Network and Internet Security and Privacy Learning Objectives LO6.1: Explain network and Internet security concerns LO6.2: Identify online threats LO6.3: Describe cyberstalking and other personal
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationThailand Initiatives and Challenges in Cyber Terrorism
Thailand Initiatives and Challenges in Cyber Terrorism Agenda Cyber-Terrorism weapons & tactics MICT Cyber Inspector Group IT Laws Development Challenges Cyber-Terrorism weapons & tactics What is Cyber-Terrorism?
More informationKALASALINGAM UNIVERSITY
KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,
More informationSystems and Network Security (NETW-1002)
Systems and Network Security (NETW-1002) Dr. Mohamed Abdelwahab Saleh IET-Networks, GUC Spring 2017 Course Outline Basic concepts of security: Attacks, security properties, protection mechanisms. Basic
More informationSafeguarding company from cyber-crimes and other technology scams ASSOCHAM
www.pwc.com Safeguarding company from cyber-crimes and other technology scams ASSOCHAM Rahul Aggarwal - Director The new digital business ecosystem is complex and highly interconnected The new business
More informationCleveland State University General Policy for University Information and Technology Resources
Cleveland State University General Policy for University Information and Technology Resources 08/13/2007 1 Introduction As an institution of higher learning, Cleveland State University both uses information
More information2 nd ARF Seminar on Cyber Terrorism PAKISTAN S PERSPECTIVE AND EXPERIENCE WITH REFERENCE TO CERT IN COMBATING CYBER TERRORISM
2 nd ARF Seminar on Cyber Terrorism PAKISTAN S PERSPECTIVE AND EXPERIENCE WITH REFERENCE TO CERT IN COMBATING CYBER TERRORISM Recap of 1 st ARF Jeju (South Korea) Cyber Terrorism recently been brought
More informationSecure Programming. Course material Introduction. 3 Course material. 4 Contents
2 Course material 1 Secure Programming Introduction Ahmet Burak Can Hacettepe University Counter Hack Reloaded:A Step-by- Step Guide to Computer Attacks and Effective Defenses, Edward Skoudis, Tom Liston,
More informationSecure Programming. Introduction. Ahmet Burak Can Hacettepe University
Secure Programming Introduction 1 Ahmet Burak Can Hacettepe University 2 Course material Counter Hack Reloaded:A Step-by- Step Guide to Computer Attacks and Effective Defenses, Edward Skoudis, Tom Liston,
More information4 Information Security
4 Information Security 1. Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one. 2. Compare and contrast human mistakes
More informationInformation Security
Information Security Dr. Rabie A. Ramadan GUC, Cairo Rabie.ramadan@guc.edu.eg Room C7-310 Lecture 1 Class Organization One class Weekly One Tutorial Weekly Most probably taught by myself 3-4 theoretical
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Best Practice In Data Security
More information1.264 Lecture 26. Security protocols. Next class: Anderson chapter 4. Exercise due before class
1.264 Lecture 26 Security protocols Next class: Anderson chapter 4. Exercise due before class 1 Encryption Encryption is the process of: Transforming information (referred to as plaintext) Using an algorithm
More informationEthics and Information Security. 10 주차 - 경영정보론 Spring 2014
Ethics and Information Security 10 주차 - 경영정보론 Spring 2014 Ethical issue in using ICT? Learning Outcomes E-policies in an organization relationships and differences between hackers and viruses relationship
More informationOverview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter
Computer Network Lab 2017 Fachgebiet Technische Informatik, Joachim Zumbrägel Overview Security Type of attacks Firewalls Protocols Packet filter 1 Security Security means, protect information (during
More informationCryptography and Network Security
Security Sixth Edition Chapter 1 Introduction Dr. Ahmed Y. Mahmoud Background Information Security requirements have changed in recent times traditionally provided by physical and administrative mechanisms
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More information10EC832: NETWORK SECURITY
10EC832: NETWORK SECURITY Objective: In this electronic age, security and privacy are two of the issues whose importance cannot be stressed enough. How do we ensure the systems we use are resistant to
More informationCS 134: Elements of Cryptography and Computer + Network Security Winter sconce.ics.uci.edu/134-w16/ CS 134 Background
CS 134: Elements of Cryptography and Computer + Network Security Winter 2016 sconce.ics.uci.edu/134-w16/ 1 CS 134 Background 11:00-12:20 @ SSL 290 Discussions section as needed (must register!) Senior-level
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 22-1 1. Intruders 2. Intrusion
More informationII.C.4. Policy: Southeastern Technical College Computer Use
II.C.4. Policy: Southeastern Technical College Computer Use 1.0 Overview Due to the technological revolution in the workplace, businesses such as Southeastern Technical College (STC) have turned to computer
More informationDiploma in Cyber Laws Examination, 2010 Paper I : BASIS AND REGULATORY FRAME WORK OF CYBER WORLD
*374131* [3741] 31 Paper I : BASIS AND REGULATORY FRAME WORK OF CYBER WORLD Instructions : 1) Question 9 is compulsory. It carries 20 marks. 2) Out of the remaining questions, answer any five questions
More informationSINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker
NH9000 Certified Ethical Hacker 104 Total Hours COURSE TITLE: Certified Ethical Hacker COURSE OVERVIEW: This class will immerse the student into an interactive environment where they will be shown how
More informationDiscovering Computers Living in a Digital World
Discovering Computers 2010 Living in a Digital World Objectives Overview Define the term, computer security risks, and briefly describe the types of cybercrime perpetrators Describe various types of Internet
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More informationAcceptable Use Policy
Acceptable Use Policy. August 2016 1. Overview Kalamazoo College provides and maintains information technology resources to support its academic programs and administrative operations. This Acceptable
More informationCHAPTER 8 SECURING INFORMATION SYSTEMS
CHAPTER 8 SECURING INFORMATION SYSTEMS BY: S. SABRAZ NAWAZ SENIOR LECTURER IN MANAGEMENT & IT SEUSL Learning Objectives Why are information systems vulnerable to destruction, error, and abuse? What is
More informationAssistance with University Projects? Research Reports? Writing Skills? We ve got you covered! www.assignmentstudio.net WhatsApp: +61-424-295050 Toll Free: 1-800-794-425 Email: contact@assignmentstudio.net
More informationNetwork Security Issues and Cryptography
Network Security Issues and Cryptography PriyaTrivedi 1, Sanya Harneja 2 1 Information Technology, Maharishi Dayanand University Farrukhnagar, Gurgaon, Haryana, India 2 Information Technology, Maharishi
More informationIntroduction to VANET
VANET Introduction to VANET -Vehicles connected to each others through an ad hoc formation form a wireless network called Vehicular Ad Hoc Network. -Vehicular ad hoc networks (VANETs) are a subgroup of
More informationSecuring Information Systems
Introduction to Information Management IIM, NCKU System Vulnerability and Abuse (1/6) Securing Information Systems Based on Chapter 8 of Laudon and Laudon (2010). Management Information Systems: Managing
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationDepartment of Computer Science and Technology, UTU
205 Teaching Schedule 040020309 Cyber Security Objective:To understand fundamentals of cyber security, be familiar with security attacks and security mechanisms, study legal perspectives of cyber security
More informationProtection and Security. Sarah Diesburg Operating Systems CS 3430
Protection and Security Sarah Diesburg Operating Systems CS 3430 Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms implemented
More informationHacking Terminology. Mark R. Adams, CISSP KPMG LLP
Hacking Terminology Mark R. Adams, CISSP KPMG LLP Backdoor Also referred to as a trap door. A hole in the security of a system deliberately left in place by designers or maintainers. Hackers may also leave
More informationUNIQUE IAS ACADEMY-COMPUTER QUIZ-15
1. Which menu should you access if you need to edit header or footer of a document: a) Insert b) Edit c) View 2. Watermark is available on: a) Insert b) Page Layout c) Format 3. Background color or picture
More informationManagement of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model
Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model Abhijit Vitthal Sathe Modern Institute of Business Management, Shivajinagar, Pune 411 005 abhijit_sathe@hotmail.com
More informationAN ANALYSIS OF CYBER CRIME AND INTERNET SECURITY
WORLD JOURNAL OF PHARMACY AND PHARMACEUTICAL SCIENCES Shoba. SJIF Impact Factor 6.647 Volume 6, Issue 5, 304-308 Review Article ISSN 2278 4357 AN ANALYSIS OF CYBER CRIME AND INTERNET SECURITY *Prof. V.
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationCYBER CRIME A COMPARATIVE LAW ANALYSIS SANDRA MARIANA MAAT. submitted in part fulfilment of the requirements for the degree of MAGISTER LEGUM.
CYBER CRIME A COMPARATIVE LAW ANALYSIS by SANDRA MARIANA MAAT submitted in part fulfilment of the requirements for the degree of MAGISTER LEGUM at the UNIVERSITY OF SOUTH AFRICA SUPERVISOR: PROF D P VAN
More informationPersonal Cybersecurity
Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions
More informationFraud and Social Engineering in Community Banks
Fraud and Social Engineering in Community Banks Information Security Trends and Strategies October 2, 2010 1 Our perspective LarsonAllen Started in 1953 with a goal of total client service Today, industry
More informationFour Grand Challenges in Trustworthy Computing
Overview Four Grand Challenges in Trustworthy Computing Reformatted from the presentation created and given by Dr. Gene Spafford, Purdue University. CS 6204 Spring 2005 2 Why Grand Challenges? Inspire
More informationIT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston
IT443 Network Security Administration Spring 2018 Gabriel Ghinita University of Massachusetts at Boston Contact Information Instructor: Dr. Gabriel Ghinita Email: Gabriel.Ghinita@umb.edu (preferred contact)
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationInternational Journal of Research (IJR) Vol-1, Issue-10 November 2014 ISSN Network Security
Network Security Megha Verma ; Palak Sharma ; Neha Sundriyal ; Jyoti Chauhan III Semester, Department of Computer Science & Engineering Dronacharya College of Engineering, Gurgaon-123506, India Email Id:
More informationAIT 682: Network and Systems Security. Instructor: Dr. Kun Sun
AIT 682: Network and Systems Security Instructor: Dr. Kun Sun About Instructor Dr. Kun Sun, Associate Professor of Information Sciences and Technology http://csis.gmu.edu/ksun/ Phone: (703) 993-1715 Email:
More informationNIGERIAN CYBERCRIME LAW: WHAT NEXT? BY CHINWE NDUBEZE AT THE CYBER SECURE NIGERIA 2016 CONFERENCE ON 7 TH APRIL 2014
NIGERIAN CYBERCRIME LAW: WHAT NEXT? BY CHINWE NDUBEZE AT THE CYBER SECURE NIGERIA 2016 CONFERENCE ON 7 TH APRIL 2014 OUR MANDATE O The EFCC is the agency charged with the responsibility for the enforcement
More informationUsing the BS 7799 to improve Organization Information Security. Gaurav Malik
Using the BS 7799 to improve Organization Information Security. Gaurav Malik E-Mail: gauravrmalik@gmail.com ABSTRACT In this paper i have explained how we can we improve information security process of
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More informationAcceptable Use Policy
Acceptable Use Policy 1. Purpose The purpose of this policy is to outline the acceptable use of computer equipment at Robotech CAD Solutions. These rules are in place to protect the employee and Robotech
More informationIntroduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?
Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011
More information2005 E-Crime Watch Survey Survey Results Conducted by CSO magazine in cooperation with the U.S. Secret Service and CERT Coordination Center
OVERALL RESULTS E-Crime Watch Survey: 2005 Field Dates: 3/3/05 3/14/05 Total completed surveys: 819 Margin of Error: +/- 3.4% NOTE TO EDITOR For the purpose of this survey, electronic crime, intrusion,
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview The Information Technology (IT) department s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Quincy College s established
More informationThreat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017
Threat analysis Tuomas Aura CS-C3130 Information security Aalto University, autumn 2017 Outline What is security Threat analysis Threat modeling example Systematic threat modeling 2 WHAT IS SECURITY 3
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationIntroduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright Chapter 12 1
Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright 2005 Chapter 12 1 IT Ethics, Impacts, and Security Chapter 12 2 Chapter Outline Ethical Issues Impact
More informationCIT 480: Securing Computer Systems. Authentication
CIT 480: Securing Computer Systems Authentication Topics 1. Digital Identity and Groups 2. Authentication 3. Formal Definition 4. Authentication Types 5. Tokens 6. Biometrics 7. UNIX Authentication Digital
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationState of New Mexico Public School Facilities Authority Information Technology (IT) Acceptable Use Policy
State of New Mexico Public School Facilities Authority Information Technology (IT) Acceptable Use Policy Public School Facilities Authority, IT Acceptable Use Policy 1 State of NM Public School Facilities
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationRaj Jain. Washington University in St. Louis
Intrusion Detection Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationFACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?
FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationDONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY
DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY Published By: Fusion Factor Corporation 2647 Gateway Road Ste 105-303 Carlsbad, CA 92009 USA 1.0 Overview Fusion Factor s intentions for publishing an
More informationE-Commerce/Web Security
E-Commerce/Web Security Prepared For: Software Engineering 4C03 Kartik Sivaramakrishnan McMaster University 2005 Prepared by James Allin 9902847 1.0 - Introduction... 3 2.0 - E-Commerce Transaction Overview...
More informationThe University of Jordan. Accreditation & Quality Assurance Center. COURSE Syllabus
The University of Jordan Accreditation & Quality Assurance Center COURSE Syllabus 1 Course title Computer Security 2 Course number 1901463 Credit hours (theory, practical) 3 3 Contact hours (theory, practical)
More informationSecurity Technologies for Dynamic Collaboration
Special Issue Advanced Technologies Driving Dynamic Collaboration Featuring System Technologies Security Technologies for Dynamic Collaboration By Hiroshi MIYAUCHI,* Ayako KOMATSU, Masato KAWATSU and Masashi
More informationTen Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier
Presented by Joshua Schiffman & Archana Viswanath Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier Trust Models Rooted Trust Model! In a
More informationSecurity Awareness. Presented by OSU Institute of Technology
Security Awareness Presented by OSU Institute of Technology Information Technologies Division Security Awareness Topics Social Engineering Phishing Social Networks Displaying Sensitive Information Wireless
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More information