COMPUTER NETWORK SECURITY

Size: px
Start display at page:

Download "COMPUTER NETWORK SECURITY"

Transcription

1 COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week)

2 Outline Course Information and Policies Course Syllabus 1. Overview

3 Course Information Instructor: Prof. Dr. Hasan H. BALIK, Class Homepage: rksecurity/ Book: Computer Security: Principles and Practice, 3 rd Edition, William Stallings and Lawrie Brown, 2015 Grading: Assingment (Project) 50% Final 50%

4 Course Syllabus Overview Computer security technology and principles o Cryptographic Tools o User Authentication o Access Control o Database and Cloud Security o Malicious Software o Denial-of-Service Attacks o Intrusion Detection o Firewalls and Intrusion Prevention Systems Software security and trusted systems o Buffer Overflow o Software Security o Operating System Security Management ıssues o IT Security Management and Risk Assessment o IT Security Controls, Plans and Procedures

5 1. Overview

6 1.Outline Computer Security Concepts Threats, Attacks, and Assets Security Functional Requirements Fundamental Security Design Principles Attack Surfaces and Attack Trees Computer Security Strategy

7 Confidentiality - data confidentiality - privacy Integrity - data integrity - system integrity Availability

8 Key Security Concepts Confidentiality Integrity Availability Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information Guarding against improper information modification or destruction.a loss of integrity is the unauthorized modification or destruction of information Ensuring timely and reliable access to and use of information

9 Levels of Impact Low Moderate High The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals

10 Computer security is not as simple as it might first appear to the novice Potential attacks on the security features must be considered Procedures used to provide particular services are often counterintuitive Physical and logical placement needs to be determined Additional algorithms or protocols may be involved Attackers only need to find a single weakness, the developer needs to find all weaknesses Users and system managers tend to not see the benefits of security until a failure occurs Security requires regular and constant monitoring Is often an afterthought to be incorporated into a system after the design is complete Thought of as an impediment to efficient and user-friendly operation

11 Computer Security Terminology

12 Owners value Threat agents wish to minimize impose countermeasures assets wish to abuse and/or may damage give rise to to reduce risk to to threats that increase Figure 1.1 Security Concepts and Relationships

13 Assets of a Computer System Hardware Software Data Communication facilities and networks

14 Vulnerabilities, Threats and Attacks Categories of vulnerabilities Corrupted (loss of integrity) Leaky (loss of confidentiality) Unavailable or very slow (loss of availability) Threats Capable of exploiting vulnerabilities Represent potential security harm to an asset Attacks (threats carried out) Passive attempt to learn or make use of information from the system that does not affect system resources Active attempt to alter system resources or affect their operation Insider initiated by an entity inside the security parameter Outsider initiated from outside the perimeter

15 Countermeasures Means used to deal with security attacks Prevent Detect Recover Residual vulnerabilities may remain May itself introduce new vulnerabilities Goal is to minimize residual level of risk to the assets

16

17 Computer and Network Assets, with Examples of Threats Hardware Software Data Communication Lines and Networks Availability Confidentiality Integrity Equipment is stolen or disabled, thus denying service. Programs are deleted, denying access to users. Files are deleted, denying access to users. Messages are destroyed or deleted. Communication lines or networks are rendered unavailable. An unencrypted CD- ROM or DVD is stolen. An unauthorized copy of software is made. An unauthorized read of data is performed. An analysis of statistical data reveals underlying data. Messages are read. The traffic pattern of messages is observed. A working program is modified, either to cause it to fail during execution or to cause it to do some unintended task. Existing files are modified or new files are fabricated. Messages are modified, delayed, reordered, or duplicated. False messages are fabricated.

18 Passive and Active Attacks Passive Attack Attempts to learn or make use of information from the system but does not affect system resources Eavesdropping on, or monitoring of, transmissions Goal of attacker is to obtain information that is being transmitted Two types: o Release of message contents Active Attack Attempts to alter system resources or affect their operation Involve some modification of the data stream or the creation of a false stream Four categories: o o o o Replay Masquerade Modification of messages Denial of service o Traffic analysis

19 Fundamental Security Design Principles Economy of mechanism Fail-safe defaults Complete mediation Open design Separation of privilege Least privilege Least common mechanism Psychological acceptability Isolation Encapsulation Modularity Layering Least astonishment

20 Attack Surfaces Consist of the reachable and exploitable vulnerabilities in a system Examples: Open ports on outward facing Web and other servers, and code listening on those ports Services available on the inside of a firewall Code that processes incoming data, , XML, office documents, and industry-specific custom data exchange formats Interfaces, SQL, and Web forms An employee with access to sensitive information vulnerable to a social engineering attack

21 Attack Surface Categories Network Attack Surface Software Attack Surface Human Attack Surface Vulnerabilities over an enterprise network, wide-area network, or the Internet Vulnerabilities in application, utility, or operating system code Included in this category are network protocol vulnerabilities, such as those used for a denialof-service attack, disruption of communications links, and various forms of intruder attacks Particular focus is Web server software Vulnerabilities created by personnel or outsiders, such as social engineering, human error, and trusted insiders

22 Shallow Medium Security Risk High Security Risk Deep Layering Low Security Risk Medium Security Risk Small Large Attack Surface Figure 1.3 Defense in Depth and Attack Surface

23 Bank Account Compromise User credential compromise UT/U1a User surveillance UT/U1b Theft of token and handwritten notes Malicious software installation UT/U3a Smartcard analyzers UT/U3b Smartcard reader manipulator UT/U3c Brute force attacks with PIN calculators Vulnerability exploit UT/U2a Hidden code UT/U2b Worms UT/U2c s with malicious code CC2 Sniffing Injection of commands User credential guessing IBS2 Security policy violation Use of known authenticated session by attacker User communication with attacker CC3 Active man-in-the middle attacks IBS1 Brute force attacks Normal user authentication with specified session ID UT/U4a Social engineering UT/U4b Web page obfuscation Redirection of communication toward fraudulent site CC1 Pharming IBS3 Web site manipulation CC4 Pre-defined session IDs (session hijacking) Figure 1.4 An Attack Tree for Internet Banking Authentication

24 Computer Security Strategy

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified

More information

ISO/IEC Common Criteria. Threat Categories

ISO/IEC Common Criteria. Threat Categories ISO/IEC 15408 Common Criteria Threat Categories 2005 Bar Biszick-Lockwood / QualityIT Redmond, WA 2003 Purpose This presentation introduces you to the threat categories contained in ISO/IEC 15408, used

More information

COMPUTER NETWORK SECURITY

COMPUTER NETWORK SECURITY COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (3 rd Week) 3. User Authentication 3.Outline Electronic User Authentication Principles Password-Based Authentication Token-Based Authentication Biometric

More information

Define information security Define security as process, not point product.

Define information security Define security as process, not point product. CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is

More information

C and C++ Secure Coding 4-day course. Syllabus

C and C++ Secure Coding 4-day course. Syllabus C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course

More information

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Threat Modeling. Bart De Win Secure Application Development Course, Credits to Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,

More information

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker NH9000 Certified Ethical Hacker 104 Total Hours COURSE TITLE: Certified Ethical Hacker COURSE OVERVIEW: This class will immerse the student into an interactive environment where they will be shown how

More information

Access Controls. CISSP Guide to Security Essentials Chapter 2

Access Controls. CISSP Guide to Security Essentials Chapter 2 Access Controls CISSP Guide to Security Essentials Chapter 2 Objectives Identification and Authentication Centralized Access Control Decentralized Access Control Access Control Attacks Testing Access Controls

More information

Guide to Network Security First Edition. Chapter One Introduction to Information Security

Guide to Network Security First Edition. Chapter One Introduction to Information Security Guide to Network Security First Edition Chapter One Introduction to Information Security About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter

More information

Building Trust in the Internet of Things

Building Trust in the Internet of Things AN INTEL COMPANY Building Trust in the Internet of Things Developing an End-to-End Security Strategy for IoT Applications WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Recent security breaches

More information

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:

More information

Copyright

Copyright 1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?

More information

CHAPTER 8 SECURING INFORMATION SYSTEMS

CHAPTER 8 SECURING INFORMATION SYSTEMS CHAPTER 8 SECURING INFORMATION SYSTEMS BY: S. SABRAZ NAWAZ SENIOR LECTURER IN MANAGEMENT & IT SEUSL Learning Objectives Why are information systems vulnerable to destruction, error, and abuse? What is

More information

CS 356 Operating System Security. Fall 2013

CS 356 Operating System Security. Fall 2013 CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database

More information

Systems and Network Security (NETW-1002)

Systems and Network Security (NETW-1002) Systems and Network Security (NETW-1002) Dr. Mohamed Abdelwahab Saleh IET-Networks, GUC Spring 2017 Course Outline Basic concepts of security: Attacks, security properties, protection mechanisms. Basic

More information

International Journal of Research (IJR) Vol-1, Issue-10 November 2014 ISSN Network Security

International Journal of Research (IJR) Vol-1, Issue-10 November 2014 ISSN Network Security Network Security Megha Verma ; Palak Sharma ; Neha Sundriyal ; Jyoti Chauhan III Semester, Department of Computer Science & Engineering Dronacharya College of Engineering, Gurgaon-123506, India Email Id:

More information

Chapter 4. Network Security. Part I

Chapter 4. Network Security. Part I Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid

More information

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

Information Technology Enhancing Productivity and Securing Against Cyber Attacks Information Technology Enhancing Productivity and Securing Against Cyber Attacks AGENDA Brief Overview of PortMiami Enhancing Productivity Using Technology Technology Being Using at the Port Cyber Attacks

More information

COMPUTER NETWORK SECURITY

COMPUTER NETWORK SECURITY COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls

More information

A (sample) computerized system for publishing the daily currency exchange rates

A (sample) computerized system for publishing the daily currency exchange rates A (sample) computerized system for publishing the daily currency exchange rates The Treasury Department has constructed a computerized system that publishes the daily exchange rates of the local currency

More information

Cryptography and Network Security

Cryptography and Network Security Security Sixth Edition Chapter 1 Introduction Dr. Ahmed Y. Mahmoud Background Information Security requirements have changed in recent times traditionally provided by physical and administrative mechanisms

More information

Introduction to Security

Introduction to Security to Security CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 31 October 2012 CSS322Y12S2L01, Steve/Courses/2012/s2/css322/lectures/introduction.tex,

More information

When the Lights go out. Hacking Cisco EnergyWise. Version: 1.0. Date: 7/1/14. Classification: Ayhan Koca, Matthias Luft

When the Lights go out. Hacking Cisco EnergyWise. Version: 1.0. Date: 7/1/14. Classification: Ayhan Koca, Matthias Luft When the Lights go out Hacking Cisco EnergyWise Version: 1.0 Date: 7/1/14 Classification: Author(s): Public Ayhan Koca, Matthias Luft TABLE OF CONTENT 1 HANDLING... 5 1.1 DOCUMENT STATUS AND OWNER... 5

More information

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard

More information

Bank Infrastructure - Video - 1

Bank Infrastructure - Video - 1 Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation

More information

Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1 Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood of the enemy's

More information

SDR Guide to Complete the SDR

SDR Guide to Complete the SDR I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock

More information

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial

More information

Certified Ethical Hacker

Certified Ethical Hacker Certified Ethical Hacker Certified Ethical Hacker Course Objective Describe how perimeter defenses function by ethically scanning and attacking networks Conduct information systems security audits by understanding

More information

Lecture 9 User Authentication

Lecture 9 User Authentication Lecture 9 User Authentication RFC 4949 RFC 4949 defines user authentication as: The process of verifying an identity claimed by or for a system entity. Authentication Process Fundamental building block

More information

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations. Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely

More information

e-commerce Study Guide Test 2. Security Chapter 10

e-commerce Study Guide Test 2. Security Chapter 10 e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the

More information

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been

More information

Threat Assessment Summary. e-voting, Admin, and pvoting TOE s

Threat Assessment Summary. e-voting, Admin, and pvoting TOE s Threat Assessment Summary e-voting, Admin, and pvoting TOE s, 2011 Page 1 of 22 Source Code, High Level Architecture Documentation and Common Criteria Documentation Copyright (C) 2010-2011 and ownership

More information

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan

More information

Certified Ethical Hacker (CEH)

Certified Ethical Hacker (CEH) Certified Ethical Hacker (CEH) COURSE OVERVIEW: The most effective cybersecurity professionals are able to predict attacks before they happen. Training in Ethical Hacking provides professionals with the

More information

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017 Threat analysis Tuomas Aura CS-C3130 Information security Aalto University, autumn 2017 Outline What is security Threat analysis Threat modeling example Systematic threat modeling 2 WHAT IS SECURITY 3

More information

STUDENT GUIDE Risk Management Framework Step 1: Categorization of the Information System

STUDENT GUIDE Risk Management Framework Step 1: Categorization of the Information System Slide 1 RMF Overview RMF Module 1 RMF takes into account the organization as a whole, including strategic goals and objectives and relationships between mission/business processes, the supporting information

More information

Cyberspace : Privacy and Security Issues

Cyberspace : Privacy and Security Issues Cyberspace : Privacy and Security Issues Chandan Mazumdar Professor, Dept. of Computer Sc. & Engg Coordinator, Centre for Distributed Computing Jadavpur University November 4, 2017 Agenda Cyberspace Privacy

More information

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment

More information

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting

More information

716 West Ave Austin, TX USA

716 West Ave Austin, TX USA Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud

More information

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable

More information

CompTIA Security+ (2008 Edition) Exam

CompTIA Security+ (2008 Edition) Exam CompTIA SY0-201 CompTIA Security+ (2008 Edition) Exam Version: 7.20 Topic 1, Volume A QUESTION NO: 1 Which of the following cryptography types provides the same level of security but uses smaller key sizes

More information

CNT4406/5412 Network Security Introduction

CNT4406/5412 Network Security Introduction CNT4406/5412 Network Security Introduction Zhi Wang Florida State University Fall 2013 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2013 1 / 35 Introduction What is Security? Protecting information

More information

Security Policies and Procedures Principles and Practices

Security Policies and Procedures Principles and Practices Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability

More information

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Certified Secure Web Application Engineer

Certified Secure Web Application Engineer Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),

More information

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Data Communication. Chapter # 5: Networking Threats. By: William Stalling Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals

More information

Endpoint Security - what-if analysis 1

Endpoint Security - what-if analysis 1 Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 6 Intrusion Detection First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Intruders significant issue hostile/unwanted

More information

Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.

Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security. Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language

More information

Achieving End-to-End Security in the Internet of Things (IoT)

Achieving End-to-End Security in the Internet of Things (IoT) Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of

More information

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control

More information

Computer Security Policy

Computer Security Policy Administration and Policy: Computer usage policy B 0.2/3 All systems Computer and Rules for users of the ECMWF computer systems May 1995 Table of Contents 1. The requirement for computer security... 1

More information

Dr. Stephanie Carter CISM, CISSP, CISA

Dr. Stephanie Carter CISM, CISSP, CISA Dr. Stephanie Carter CISM, CISSP, CISA Learning Objectives (LO) LO1 Will learn the theological and practitioner definition of cybersecurity LO2 Will learn the dependency between physical and cyber security

More information

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers

More information

How to perform the DDoS Testing of Web Applications

How to perform the DDoS Testing of Web Applications How to perform the DDoS Testing of Web Applications Peerlyst November 02, 2017 Nasrumminallah Zeeshan (zeeshan@nzwriter.com) A Denial of Service (DoS) attack is consisted of carrying out traffic flooding

More information

CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM

CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM 109 CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM Security is considered to be the most critical factor in many applications. The main issues of such

More information

SAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0

SAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex

More information

Security and Authentication

Security and Authentication Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed

More information

1-7 Attacks on Cryptosystems

1-7 Attacks on Cryptosystems 1-7 Attacks on Cryptosystems In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become imperative to protect useful information from

More information

Solutions Business Manager Web Application Security Assessment

Solutions Business Manager Web Application Security Assessment White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security

More information

Securing Information Systems

Securing Information Systems Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value

More information

CSWAE Certified Secure Web Application Engineer

CSWAE Certified Secure Web Application Engineer CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized

More information

Wireless Attacks and Countermeasures

Wireless Attacks and Countermeasures Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections

More information

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing

More information

Vidder PrecisionAccess

Vidder PrecisionAccess Vidder PrecisionAccess Transparent Multi-Factor Authentication June 2015 910 E HAMILTON AVENUE. SUITE 430. CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview...

More information

BLM6196 COMPUTER NETWORKS AND COMMUNICATION PROTOCOLS

BLM6196 COMPUTER NETWORKS AND COMMUNICATION PROTOCOLS BLM6196 COMPUTER NETWORKS AND COMMUNICATION PROTOCOLS Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Data Communications, Data Networks, and the Internet

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 3 User Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown User Authentication fundamental security building

More information

CS System Security Mid-Semester Review

CS System Security Mid-Semester Review CS 356 - System Security Mid-Semester Review Fall 2013 Mid-Term Exam Thursday, 9:30-10:45 you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This is to

More information

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Distributed Systems. Lecture 14: Security. Distributed Systems 1 06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication

More information

CTS2134 Introduction to Networking. Module 08: Network Security

CTS2134 Introduction to Networking. Module 08: Network Security CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting

More information

Distributed Systems. Lecture 14: Security. 5 March,

Distributed Systems. Lecture 14: Security. 5 March, 06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication

More information

Understanding Cisco Cybersecurity Fundamentals

Understanding Cisco Cybersecurity Fundamentals 210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco

More information

Juniper Vendor Security Requirements

Juniper Vendor Security Requirements Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks

More information

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:

More information

KALASALINGAM UNIVERSITY

KALASALINGAM UNIVERSITY KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE

More information

Intruders, Human Identification and Authentication, Web Authentication

Intruders, Human Identification and Authentication, Web Authentication Intruders, Human Identification and Authentication, Web Authentication David Sanchez Universitat Pompeu Fabra 06-06-2006 Lecture Overview Intruders and Intrusion Detection Systems Human Identification

More information

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations VARONIS COMPLIANCE BRIEF NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) 800-53 FOR FEDERAL INFORMATION SYSTEMS CONTENTS OVERVIEW 3 MAPPING NIST 800-53 CONTROLS TO VARONIS SOLUTIONS 4 2 OVERVIEW

More information

Vulnerability Assessment. Detection. Aspects of Assessment. 1. Asset Identification. 1. Asset Identification. How Much Danger Am I In?

Vulnerability Assessment. Detection. Aspects of Assessment. 1. Asset Identification. 1. Asset Identification. How Much Danger Am I In? Detection Vulnerability Assessment Week 4 Part 2 How Much Danger Am I In? Vulnerability Assessment Aspects of Assessment Vulnerability Assessment is a systematic evaluation of asset exposure to threats

More information

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications

More information

Cyber Security Audit & Roadmap Business Process and

Cyber Security Audit & Roadmap Business Process and Cyber Security Audit & Roadmap Business Process and Organizations planning for a security assessment have to juggle many competing priorities. They are struggling to become compliant, and stay compliant,

More information

Curso: Ethical Hacking and Countermeasures

Curso: Ethical Hacking and Countermeasures Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security

More information

Internet of Things Toolkit for Small and Medium Businesses

Internet of Things Toolkit for Small and Medium Businesses Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors

More information

WHITEPAPER. Vulnerability Analysis of Certificate Validation Systems

WHITEPAPER. Vulnerability Analysis of Certificate Validation Systems WHITEPAPER Vulnerability Analysis of Certificate Validation Systems The US Department of Defense (DoD) has deployed one of the largest Public Key Infrastructure (PKI) in the world. It serves the Public

More information

Securing Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software

Securing Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software Securing Your Web Application against security vulnerabilities Alvin Wong, Brand Manager IBM Rational Software Agenda Security Landscape Vulnerability Analysis Automated Vulnerability Analysis IBM Rational

More information

2. INTRUDER DETECTION SYSTEMS

2. INTRUDER DETECTION SYSTEMS 1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding

More information

Web Security, Summer Term 2012

Web Security, Summer Term 2012 IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 7 Broken Authentication and Session

More information

Web Security, Summer Term 2012

Web Security, Summer Term 2012 Table of Contents IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Introduction Examples of Attacks Brute Force Session

More information

CIS 5373 Systems Security

CIS 5373 Systems Security CIS 5373 Systems Security Topic 4.1: Network Security Basics Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) 2 Network Security INTRODUCTION 3 What

More information

CSE 565 Computer Security Fall 2018

CSE 565 Computer Security Fall 2018 CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based

More information

IT ACCEPTABLE USE POLICY

IT ACCEPTABLE USE POLICY CIO Signature Approval & Date: IT ACCEPTABLE USE POLICY 1.0 PURPOSE The purpose of this policy is to define the acceptable and appropriate use of ModusLink s computing resources. This policy exists to

More information

CSci530 Final Exam. Fall 2011

CSci530 Final Exam. Fall 2011 CSci530 Final Exam Fall 2011 Instructions: Show all work. No electronic devices are allowed. This exam is open book, open notes. You have 120 minutes to complete the exam. Please prepare your answers on

More information

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets Threat Control and Containment in Intelligent Networks Philippe Roggeband - proggeba@cisco.com Product Manager, Security, Emerging Markets 1 Agenda Threat Control and Containment Trends in motivation The

More information

How Insecure is Wireless LAN?

How Insecure is Wireless LAN? Page 1 of 7 How Insecure is Wireless LAN? Abstract Wireless LAN has gained popularity in the last few years due to its enormous benefits such as scalability, mobile access of the network, and reduced cost

More information

Checklist: Credit Union Information Security and Privacy Policies

Checklist: Credit Union Information Security and Privacy Policies Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC

More information

Testpassport http://www.testpassport.net Exam : SY0-301 Title : Security+ Certification Exam 2011 version Version : Demo 1 / 5 1.Which of the following is the BEST approach to perform risk mitigation of

More information

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.

More information

Securing Information Systems

Securing Information Systems Chapter 7 Securing Information Systems 7.1 Copyright 2011 Pearson Education, Inc. STUDENT LEARNING OBJECTIVES Why are information systems vulnerable to destruction, error, and abuse? What is the business

More information