threats to information systems l.
Download
Skip this Video
Download Presentation
Threats to Information Systems

Loading in 2 Seconds...

play fullscreen
1 / 5

Threats to Information Systems - PowerPoint PPT Presentation


  • 208 Views
  • Uploaded on

Threats to Information Systems. Don Faatz 5 October 1999. Adversaries are malicious. Adversary is deliberately pursuing a goal - attack is a means to an end Defender’s response to attack may be the goal Deny service Reduce capability Attack may be intended to mislead the defender

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Threats to Information Systems' - thai


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
threats to information systems

Threats to Information Systems

Don Faatz

5 October 1999

adversaries are malicious
Adversaries are malicious
  • Adversary is deliberately pursuing a goal - attack is a means to an end
    • Defender’s response to attack may be the goal
      • Deny service
      • Reduce capability
    • Attack may be intended to mislead the defender
    • Attacks may be combined into a “campaign”
    • Attack probabilities are volatile
      • Addressing one branch of an attack tree changes likelihood of other branches
    • Every piece of software has been sabotaged
      • Easter eggs
adversaries evolve
Adversaries evolve
  • Adversaries learn from every encounter with a defense mechanism
    • stack attack becomes heap attack
    • attacks evolve much faster than defenses
  • Defenders must consider how a defense will make an adversary behave in the future
    • searching all potential future moves
  • Defenses must be built with appropriate flexibility to handle adversary evolution
  • There are no rules for adversaries
    • “They didn’t attack where we put our sensors …”
normal system functionality represents an exposure
Normal System Functionality Represents an Exposure
  • Who is doing it versus what is being done
    • Who is hard question to answer
    • Privacy concerns may keep it a hard question
  • Other dimensions, when, how much, may also represent and attack
  • Every service is a tradeoff between exposure and functionality
    • chargen/echo
    • finger
    • login