Quick overview of the course
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

Quick Overview of the Course PowerPoint PPT Presentation


  • 46 Views
  • Uploaded on
  • Presentation posted in: General

Computer Security. Quick Overview of the Course. Saeed Rajput, Ph.D. Wikileaks. Issues: Confidentiality Authentication Non-repudiation Availability Audit Privacy Anonymity. Google Versus China. http://www.cnn.com/2010/TECH/01/12/google.china/index.html Please read this Blog:

Download Presentation

Quick Overview of the Course

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Quick overview of the course

Computer Security

Quick Overview of the Course

Saeed Rajput, Ph.D.


Wikileaks

Wikileaks

  • Issues:

    • Confidentiality

    • Authentication

    • Non-repudiation

    • Availability

    • Audit

    • Privacy

    • Anonymity


Google versus china

Google Versus China

  • http://www.cnn.com/2010/TECH/01/12/google.china/index.html

  • Please read this Blog:

  • http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

SANS: SysAdmin, Audit, Network, Security, Institute

  • http://www.sans.org/about/sans.php


Recent news record data breaches in 2007

Recent News: Record data breaches in 2007

http://news.yahoo.com/s/ap/20071231/ap_on_hi_te/data_breaches_5

  • Loss or theft of personal data soared to unprecedented levels in 2007:

    • credit card numbers

    • Social Security numbers,

  • Foley’s Group: 79 million+ records reported compromised in the United States through Dec. 18.

    • Nearly fourfold increase from the nearly 20 million records reported in all of 2006.

  • Attrition.org, estimates more than 162 million records compromised through Dec. 21 — both in the U.S. and overseas, unlike the other group's U.S.-only list. Attrition reported 49 million last year.

  • Trend isn't expected to turn around anytime soon: (Why?)

    • Hackers stay a step ahead of security

    • Laptops disappear with sensitive information.

  • Companies, government agencies, schools and other institutions:

    • spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption


Older news 2005

Older News: 2005

  • Polo Ralph Lauren Customers' Data Stolen

    • Theft of Credit Card Information at Polo Ralph Lauren Leaves 180,000 Vulnerable:

    • Thursday April 14, 11:52 pm ET

    • Possible security breach "of transaction data associated with a U.S.-based retailer" in January 2005.

    • Polo Ralph Lauren shares dropped 55 cents, or 1.4 percent, to $37.91 in afternoon trading on the New York Stock Exchange where they have traded in a 52-week range of $31.01 to $42.83.

    • Shares Outstanding:102.68M (Loss?)

  • http://www.usatoday.com/tech/news/computersecurity/infotheft/2005-04-14-polo-data-theft_x.htm


Recent news

Recent News

  • ChoicePoint Inc., which is based in suburban Atlanta, disclosed in February 2005 that thieves, who operated undetected for more than a year, opened up 50 accounts and received vast amounts of data on some 145,000 consumers nationwide. Authorities said some 750 people were defrauded


Overview of the course

Overview of the Course

  • What is Security?

  • Background

    • Basics of Operating Systems

  • Attacks and Threats

    • Attacks Against Information Systems

    • Classification of Threats

  • Security Concerns

    • Cryptography

    • Access Control

    • Confidentiality

    • Integrity

  • Security Areas:

    • Operating System Security

    • Database Security


Basics of operating system

Basics of Operating System

  • Memory and Paging

  • General Object Access Control

  • Procedures

  • Files

  • User Authentication


Risk analysis

Risk Analysis

  • Vulnerabilities

  • Threats

  • Controls (Countermeasures)

  • MOM

    • Method

    • Opportunity

    • Motive


Attacks

Attacks

  • Known Attacks

  • Attack Classifications

    • Passive

      • Interception

    • Active

      • Modification

      • Fabrication

    • Denial of Service

      • Interruption


Security services

Security Services

  • Availability

  • Integrity

  • Confidentiality

  • Authentication


Cryptography

Cryptography

  • Symmetric Key Cryptography

  • Public Key Cryptography

  • Some Algorithms


Other algorithms needed for cryptography

Other Algorithms Needed for Cryptography

  • Cryptographic Hash Functions

  • True Random Number Generators.


Security services based on cryptography

Security Services based on Cryptography

  • Availability

  • Integrity (Hash Algorithms)

  • Confidentiality (Symmetric Key)

  • Authentication (Public/Symmetric Key Cryptography)


Security infrastructures based on cryptography

Security Infrastructures based on Cryptography

  • Public Key Infrastructures

  • Some Security Protocols

    • SSL

    • IPSEC


Access control

Access Control

  • Classical Security Models

    • Bell-La Padula Confidentiality Model

    • Biba Integrity Model

  • Graham-Denning Model

  • Lattice Model

  • Role Base Access Control (RBAC)

  • State Machine Model

  • Information Flow Model

  • Brewer Nash Model

  • Clark Wilson Model


Network infrastructure security

Network/Infrastructure Security

  • Attacks through Networks

  • Firewalls and their types

  • Virtual Private Networks

  • Intrusion Detection Systems


Operating system security

Operating System Security

  • Memory Protection

  • Access Control to General Objects

  • File Protection

  • User Authentication

  • Designing Trusted Operating Systems


Database security

Database Security

  • Integrity

  • Access Control

  • Inference and Aggregation

  • Multilevel secure databases

    • Partitioned

    • Cryptographically Sealed, and filtered


  • Login