Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

Similar documents
CS 332 Computer Networks Security

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Welcome to CS 395/495 Internet Security: A Measurement-based Approach

Online Threats. This include human using them!

CSC 8560 Computer Networks: Network Security

INTERNET SAFETY IS IMPORTANT

Security: Focus of Control. Authentication

Computer Communication Networks Network Security


Ref:

Network Security. Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2002.

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

2 User Guide. Contents

Security: Focus of Control

Elementary Computing CSC 100. M. Cheng, Computer Science

PROTECTING YOUR BUSINESS ASSETS

CHAPTER 8 SECURING INFORMATION SYSTEMS

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Unique Phishing Attacks (2008 vs in thousands)

Home Computer and Internet User Security

The Network Security Model. What can an adversary do? Who might Bob and Alice be? Computer Networks 12/2/2009. CSC 257/457 - Fall

Personal Cybersecurity

BEST PRACTICES FOR PERSONAL Security

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

3.5 SECURITY. How can you reduce the risk of getting a virus?

Chapter 6 Network and Internet Security and Privacy

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

14. Internet Security (J. Kurose)

MPEG Frame Types intrapicture predicted picture bidirectional predicted picture. I frames reference frames

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Cyber Security Practice Questions. Varying Difficulty

Best Practices Guide to Electronic Banking

Online Security and Safety Protect Your Computer - and Yourself!

Spam Protection Guide

Chapter 9 Security and Privacy

Security Awareness. Presented by OSU Institute of Technology

Distributed Systems. Lecture 14: Security. Distributed Systems 1

IT Security Protecting Ourselves From Phishing Attempts. Ray Copeland Chief Information Officer (CIO)

Verteilte Systeme (Distributed Systems)

Computer Security. Assoc. Prof. Pannipa Phaiboonnimit. Adapted for English Section by Kittipitch Kuptavanich and Prakarn Unachak

Distributed Systems. Lecture 14: Security. 5 March,

Protecting your Security and Privacy on the Web. Tony Brett Head of IT Support Staff Services IT Services. 11 March 2013

A Review Paper on Network Security Attacks and Defences

Octopus Online Service Safety Guide

Information Security CS 526

Malware, , Database Security

SECURING YOUR HOME NETWORK

ECDL / ICDL IT Security. Syllabus Version 2.0

e-commerce Study Guide Test 2. Security Chapter 10

Man in the middle. Bởi: Hung Tran

COSC : mobility within same subnet. Lecture 26. H1 remains in same IP subnet: IP address can remain same

SECURE USE OF IT Syllabus Version 2.0

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Unit 2 Assignment 2. Software Utilities?

DoD Spear-Phishing Awareness Training. Joint Task Force - Global Network Operations

Spam & Phishing. Aggelos Kiayias

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

NHS South Commissioning Support Unit

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Your security on click Jobs

Diffie-Hellman. Part 1 Cryptography 136

SiteAdvisor Enterprise

Identity Theft, Fraud & You. PrePare. Protect. Prevent.

Cryptographic Protocols 1

Chapter 4 Network and Internet Security

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

The process by which a user can associate specific permissions to each username.

Webomania Solutions Pvt. Ltd. 2017

Custom Plugin A Solution to Phishing and Pharming Attacks

Chapter 10: Security and Ethical Challenges of E-Business

1/11/11. o Syllabus o Assignments o News o Lecture notes (also on Blackboard)

CTS2134 Introduction to Networking. Module 08: Network Security

Chapter 8. Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004.

Securing Internet Communication: TLS

DO NOT OPEN UNTIL INSTRUCTED

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Vendor: Microsoft. Exam Code: Exam Name: MTA Security Fundamentals Practice Test. Version: Demo

Security Using Digital Signatures & Encryption

COSC 301 Network Management. Lecture 14: Electronic Mail

Welcome to Cogeco UltraFibre Internet. UltraFibre Internet User Guide

FAQ. Usually appear to be sent from official address

Computer Networks & Security 2016/2017

Cyber Security Guide for NHSmail

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

UNIT - IV Cryptographic Hash Function 31.1

Most Common Security Threats (cont.)

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

Acceptable Use Policy

TIPS TO AVOID PHISHING SCAMS

Security Awareness Training June 2016

Infosec - Where is your weakest link?

Microsoft Exam Security fundamentals Version: 9.0 [ Total Questions: 123 ]

Authentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi

Security and Privacy

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

QUARTERLY TRENDS AND ANALYSIS REPORT

Transcription:

Security and Privacy Xin Liu Computer Science University of California, Davis Introduction 1-1

What is network security? Confidentiality: only sender, intended receiver should understand message contents sender encrypts message receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and availability: services must be accessible and available to users Introduction 1-2

Friends and enemies: Alice, Bob, Trudy well known in network security world Bob, Alice (lovers!) want to communicate securely Trudy (intruder) may intercept, delete, add messages Alice channel data, control messages Bob data secure sender secure receiver data Trudy Introduction 1-3

Who might Bob, Alice be? well, real life Bobs and Alices! Web browser/server for electronic transactions (e.g., on line purchases) on line banking client/server DNS servers routers exchanging routing table updates other examples? Introduction 1-4

There are bad guys (and girls) out there! Q: What can a bad guy do? A: a lot! eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: take over ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources) Introduction 1-5

A few security tools Crypto Public key structure symmetric key structure Certificate authentication Firewall WLAN security Introduction 1-6

A certificate contains: Serial number (unique to issuer) info about certificate owner, including algorithm and key value itself (not shown) info about certificate issuer valid dates digital signature by issuer Introduction 1-7

Phishing an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication (definition from wikipedia) Defense: Social response Technical response: filtering, identify legitimate site, browser alert, augment password Introduction 1-8

Spamming indiscriminately send unsolicited bulk messages Email, phone, IM, cellular phone, etc. How do spammers gather the addresses? Anti spam Bayesian filter, white list, black list, collective filtering, keyword filtering Introduction 1-9

Computer Virus a computer program that can copy and propagate itself without permission or knowledge of the computer user How does computer virus spread: Attachment Exploring bugs in existing software systems Active content code: HTML virus Counter measure: Antivirus software, Software update Be conscious Introduction 1-10

Spyware A software that intercepts or takes partial control over the user's interaction with the computer, without the user's informed consent. Adware Where does it come from? Piggybacking, trick users to install Security hole Counter measure Anti spyware software Be conscious Introduction 1-11

Practical issues http vs. https Open WiFi networks (and automatic connection) Multi factor authentication Change password on your home router Using the same password on multiple accounts Password vs. passphrase John081595, asdf1234 (how is this password?) Change the last digit of password Dictionary attack and big data Bottom line: convenience vs. security

Practical Tips http://software.ucdavis.edu Click on Antivirus software Sophos 360 Security (PC and Android) Cleanmaster for mobile devices Introduction 1-13

Practice tips Security patches OS, Office, Adobe, etc. Password management Is it safe to let the browser save passwords for you? Good password/passphrase Email Never ever send your SSN/login/password and other sensitive information through email Be cautious when you open attachment, even from people you know Use other online tools to open attachment for you (e.g., google) Warnings about websites that may cause harm to your computer Close the browser after sensitive transactions BE CAUTIOUS: security is as strong as the weakest link Anything else you can think of? Introduction 1-14

Privacy Hard to define, easy to identify Bits on the Internet NEVER EVER disappear Even if you delete it. Privacy on social networks What do they know about us? they: Facebook, Google, Yahoo, Amazon, etc. It is fairly common for potential employers or dates to check out a candidate on Facebook, Linkedin, etc. Introduction 1-15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback