Network Security. Chapter 12. Learning Objectives. Chapter Outline. After reading this chapter, you should be able to:

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Network Security. Chapter 12. Learning Objectives. Chapter Outline. After reading this chapter, you should be able to:"

Transcription

1 Network Security Chapter 12 Learning Objectives After reading this chapter, you should be able to: Recognize the basic forms of system attacks Recognize the concepts underlying physical protection measures Cite the techniques used to control access to computers and networks Cite the strengths and weaknesses of passwords Cite the techniques used to make data secure Explain the difference between a substitution-based cipher and a transposition-based cipher Outline the basic features of public key cryptography, Advanced Encryption Standard, digital signatures, and the public key infrastructure Cite the techniques used to secure communications Recognize the importance of a firewall and be able to describe the two basic types of firewall protection Recognize the techniques used to secure wireless communications List the advantages to a business of having a security policy Chapter Outline 1. Introduction 2. Standard System Attacks 3. Physical Protection 4. Controlling Access a. Passwords and ID systems b. Access rights c. Auditing 5. Securing Data a. Basic encryption and decryption techniques

2 6. Securing Communications a. Spread spectrum technology b. Guarding against viruses c. Firewalls d. Wireless security 7. Security Policy Design Issues 8. Network Security In Action: Making Wireless LANs Secure 9. Summary Lecture Notes Introduction Computer network security has reached a point at which it can best be characterized by two seemingly conflicting statements: Never has network security been better than it is today, and never have computer networks been more vulnerable than they are today. How both these statements can be true is an interesting paradox. Network security, as well as operating system security, has come a long way from the early days of computers. Standard System Attacks Malicious computer users who try to break into a computer system often start with a standard set of system attacks. They hope that the system administrator has not properly secured the system and has left it vulnerable to attack. The two leading methods of attacks have been exploiting known operating system vulnerabilities and exploiting known vulnerabilities in application software. Another category of common system attacks is denial of service. Denial of service attacks bombard a computer site with so many messages that the site is incapable of performing its normal duties. In bombing, a user sends an excessive amount of unwanted to someone. If the has a return address of someone other than the person sending the , then the sender is spoofing. Physical Protection All computer systems need to be physically protected. Whether the system is a simple personal computer in your home or a major computer network such as the Internet, it is necessary to protect the hardware and software from theft, destruction, and malicious acts of vandalism. Surveillance can be used to monitor activity and deter theft.

3 Controlling Access Controlling access to a computer network involves deciding and then limiting who can use the system and when the system can be used. Network administrators can control access rights, enforce password and ID systems, and perform auditing. Securing Data Many times when storing data and when transferring data from one point to another in a computer network, it is necessary to ensure that the transmission is secure from anyone eavesdropping on the line. The term secure means two things. First, it should not be possible for someone to intercept and copy an existing transmission. Second, it should not be possible for someone to insert false information into an existing transmission. Cryptography is the study of creating and using encryption and decryption techniques. Basic cryptography uses substitutionbased ciphers (that replace one or more characters with one or more characters) and transposition-based ciphers (that rearrange the order of the characters). Public key infrastructure (PKI) is the combination of encryption techniques, software, and services that involves all the necessary pieces to support digital certificates, certificate authorities, and public key generation, storage, and management. A company that adheres to the principles of PKI issues digital certificates to legitimate users and network servers, supplies enrollment software to end users, and provides the tools necessary to manage, renew, and revoke certificates. Steganography, the practice of hiding bits of secret messages within other documents, is another approach to making data secure. Securing Communications Along with securing data, it is also necessary to secure the communications transmitted between computers. Using a spread spectrum transmission system, it is possible to transmit either analog or digital data using an analog signal. However, unlike other encoding and modulation techniques, only an intended receiver with the same type of transmission system can accept and decode the transmissions. The idea behind spread spectrum transmission is to bounce the signal around on seemingly random frequencies rather than transmit the signal on one fixed frequency. Anyone trying to eavesdrop will not be able to listen because the transmission frequencies are constantly changing. Most computers and networks support some form of virus detection software in an attempt to identify and capture virus-laden messages.

4 A firewall is a system or combination of systems that supports an access control policy between two networks. The two networks are usually an internal corporate network and an external network, such as the Internet. A firewall can limit users on the Internet from accessing certain portions of a corporate network and can limit internal users from accessing various portions of the Internet. Firewalls come in two basic types: packet filter, or network level, and proxy servers, or application level. Security Policy Design Issues When designing a firewall system and its corresponding security policy, a number of questions should be answered. The first question involves the company s expected level of security. Is the company trying to restrict all access to services not deemed essential to the business? Or does the company wish to allow all or most types of transactions, thus asking the firewall system only to audit transactions and create an orderly request for transactions? A second question stems from the first decision: How much money is the company willing to invest in a firewall system? A third question relates to the company s commitment to security. If the company is serious about restricting access to the corporate network through a link such as the Internet, will the company be equally serious about supporting security on any and all other links into the corporate network environment? Network Security In Action: A Wireless LAN The In Action example for this chapter returns to the example presented in Chapters 7 through 9. Hannah has to decide if she wants to add wireless capability to her local area network. She must consider all the protocols that support the LAN, including security protocols. Quick Quiz 1. What are the different techniques you can use to authenticate a user? Passwords, badges, fingerprints, voiceprints, faceprints, retina scan, and irisprint, to name a few 2. What are the two major forms of cryptography? Substitution-based ciphers and transposition-based ciphers 3. How can a digital certificate be used? It can be assigned to a document so that the owner can later verify ownership. 4. What are the basic ingredients of public key infrastructure? Encryption techniques, digital certificates, certificate authorities, public key generation, storage, and management

5 Discussion Topics 1. What parts of the body can be used for identification? Are any of these an infringement on privacy? 2. What are some examples of video camera surveillance? Are any of these pushing the limits of privacy? 3. The hackers that break into systems and disrupt Web site services: are they criminals, or are they heroes helping computer specialists discover faults within computer networks and systems? 4. Can the U.S. government really stop advanced encryption techniques from falling into the hands of criminals? 5. List several uses of steganography. Is this technology virtually unstoppable? Teaching Tips 1. When discussing viruses, show students a Web site (such as that discusses virus hoaxes. Solutions to Review Questions 1. How do hackers exploit operating system vulnerabilities? By launching a virus that attacks something about the operating system 2. What is a Trojan horse? A malicious piece of code that is hidden in a normal piece of code 3. How does a denial of service attack work? Bombards a selected site with an overwhelming number of messages 4. What is spoofing, and how does it apply to a denial of service attack? They substitute a fake IP address in the place of their IP address in the Source IP Address field of the IP header. 5. What is a ping storm, and how does it apply to a denial of service attack? A ping storm is when a user uses the TCP/IP ping command to constantly bombard a site.

6 6. List three forms of physical protection. Protection from fire, heat, flooding, and theft 7. How can surveillance be used to improve network security? It can be used to deter crime and to catch a criminal after the fact. 8. How does an intrusion detection system work? It watches for someone trying to attack a system and either alerts an administrator and/or begins to close out portions of the system. 9. What is the major weakness of a password? What is its major strength? Someone else can discover it. It s easy to pick a difficult one, and it can be changed easily and frequently. 10. What are the most common types of access rights? Who and how. Who: user or owner, group, system, world. How: read, write, execute, print, delete, copy, rename, append. 11. How can auditing be used to protect a computer system from fraudulent use? It can be used to deter crime, and it can catch a criminal by tracing his or her transactions. 12. Describe a simple example of a substitution-based cipher. Something in which one or more characters are replaced with one or more characters 13. Describe a simple example of a transposition-based cipher. Anything that reassembles the text into a new position 14. How can public key cryptography make systems safer? You don t have to give out your decryption key to allow someone to send you encrypted data. 15. Give a common example of an application that uses a secure sockets layer. Sending your credit card information over the Internet is very common. 16. What is the Data Encryption Standard? A standard that applies a 56-bit key to 16 levels of encryption

7 17. How is the Advanced Encryption Standard different from the Data Encryption Standard? Uses a vastly superior encryption algorithm and a much larger key 18. What is a digital signature? A digital signature is a hash of a document that has been encrypted with a private key. 19. What kind of applications can benefit from Pretty Good Privacy? Basically anything, such as transfers and storage of documents. 20. Is Kerberos a public key encryption technique or a private key? Explain. Private key. There is only one key used to both encode and decode. Thus, you have to keep the one key secret, or private. 21. List the basic elements of public key infrastructure. Encryption techniques, digital certificates, certificate authorities, public key generation, storage, and management 22. What kind of applications can benefit from Public Key Infrastructure? Any transaction that requires a secure transfer of information 23. What kind of entity issues a certificate? A certificate authority 24. Under what circumstances might a certificate be revoked? Normal expiration, nonpayment of fees, security breech 25. How is steganography used to hide secret messages? By taking a little bit of the secret message and hiding it somehow within another document or file 26. What are the two basic techniques used to create a spread spectrum signal? Direct sequence and frequency hopping

8 27. What is a computer virus, and what are the major types of computer viruses? Parasitic, boot sector, stealth, polymorphic, and macro 28. What are the different techniques used to locate and stop viruses? Signature-based scanner, terminate-and-stay-resident antivirus software, multi-level generic software 29. What is the primary responsibility of a firewall? To keep out malicious attacks and to keep internal users from accessing certain outside services 30. What are the two basic types of firewalls? Packet filter and proxy server 31. What are the advantages of having a security policy in place? Everyone employees, management, external users knows the score. Suggested Solutions to Exercises 1. A major university in Illinois used to place the computer output from student jobs on a table in the computer room. This room is the same computer room that housed all the campus mainframe computers and supporting devices. Students would enter the room, pick up their jobs, and leave. What kinds of security problems might computer services encounter with a system such as this? Dirt, dust, moisture, smoke, theft 2. You have forgotten your password, so you call the help desk and ask them to retrieve your password. After a few moments, they tell you your forgotten password. What has just happened and what is its significance? Normally passwords are stored in the computer in an undecipherable form. Apparently in this system they were not, which means anyone might be able to find the password file and dump its contents. 3. Create (on paper) a simple example of a substitution-based cipher. 4. Create (on paper) a simple example of a transposition-based cipher.

9 5. Using the Vigenére Cipher and the key NETWORK, encode the phrase this is an interesting class. GLBOW JKAMG PSIOF XBJUT VNWL 6. Using the transposition-based cipher from this chapter and the same key, COMPUTER, encode the phrase birthdays should only come once a year. BSNN ADEA RHYE ISLC TOCA YOOR DLME HUOY 7. You are using a Web browser and want to purchase a music CD from an electronic retailer. The retailer asks for your credit card number. Before you transfer your credit card number, the browser enters a secure connection. What sequence of events created the secure connection? The server sends your browser a certificate, your browser selects an algorithm and creates a private key, the browser encrypts its private key with the server s public key, and the browser sends an encrypted private key back to server. 8. You want to write a song and apply a digital signature to it so that you can later prove it is your song. How do you apply the signature, and later on, how do you prove the song is yours? You take the song, convert it to a digital form, take the hash of the form, and apply a private key to the hash. Then you save the encrypted hash. If someone questions ownership at a later date, you decrypt the hash and rehash the song, comparing the hashes. 9. List three examples (other than those listed in the chapter) of everyday actions that might benefit from applying PKI. Many possible answers here, including banking, stock markets, insurance applications, school registrations, other financial transactions, major purchases. 10. Can a firewall filter out requests to a particular IP address, a port address, or both? What is the difference? Both. The IP address would be the address of a device connected to the Internet, while a port address would be the address of a particular application on a machine. You might want to restrict all access to a particular machine or just restrict access to particular applications on a machine. 11. One feature of a firewall is its ability to stop an outgoing IP packet, remove the real IP address, insert a fake IP address, and send the packet on its way. How does this feature work? Do you think it would be effective? Firewall keeps a table of fake IP addresses, pulls out real address and inserts a fake one. This is usually an effective technique.

10 12. How does the size of a key affect the strengths and weaknesses of an encryption technique? Consider both a friendly use of the key and an unfriendly use of the key. Clearly, the bigger the key, the harder it is (more possible combinations) to crack. From an unfriendly point of view, large keys make it virtually impossible to guess. From a friendly point of view, larger keys are harder to remember, especially since you don t want to place a key on paper. 13. Assume a key is 56 bits. If it takes a computer seconds to try each key, how long will it take to try all possible keys? What if 10,000 computers are working together to try all keys? 256 equals x combinations, times seconds per combination, equals x seconds. That equals 548,383.5 years. If 10,000 computers are working together, that comes down to 54.8 years. 14. What are the answers to the questions in Exercise 13 if the key is 128 bits in length? equals x 1038 combinations. At seconds per combination, that equals x seconds. That equals 2.59 x years. With 10,000 computers, that is still 2.59 x years! 15. You want to hide a secret message inside an image file using steganography. You have decided to place one bit at a time from the message into the image s pixels. How are you going to select the pixels? Will they be random or all in a row? And once a pixel is chosen, which bit are you going to replace with the bit from the secret message? Why? Random would be the hardest for anyone to find, including the one that is supposed to find the message. So you would probably have to use a pseudo-random sequence one that appears to be random to an intruder, but isn t. If you select the right-most bit of a pixel (the least significant bit), you should cause the least effect to the image. 16. Why can t a truly random sequence be used in a frequency hopping spread spectrum system? Because if it was truly random, nobody would be able to follow it, including the good guys. Thinking Outside the Box 3. You are working for a company that allows its employees to access computing resources from remote locations and allows suppliers to send and receive order transactions online. Your company is considering incorporating PKI. How would you recommend that PKI be implemented to support these two application areas? I would recommend hiring a third-party company to support your PKI.

11 4. You have a computer at home with a wireless NIC and wireless router. List all the security measures that should be employed so that your home network is secure. Set up a firewall to block illegal port access. Turn on and use the best encryption available on router. Install anti-spyware, anti-spam, antivirus software. 5. Your supervisor has asked you to explore the concept of ID management for the company. What is involved? How does it pertain to the topic of security? Is it a reasonable concept or a concept too new for a functioning business? It is reasonable to consider. ID management involves the decision of password versus ID card versus biometric requirement, etc. Then once the form of ID is decided, how are they managed?

Managing Information Systems Seventh Canadian Edition. Laudon, Laudon and Brabston. CHAPTER 8 Securing Information Systems

Managing Information Systems Seventh Canadian Edition. Laudon, Laudon and Brabston. CHAPTER 8 Securing Information Systems Managing Information Systems Seventh Canadian Edition Laudon, Laudon and Brabston CHAPTER 8 Securing Information Systems Copyright 2015 Pearson Canada Inc. 8-1 System Vulnerability and Abuse Security:

More information

Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com Outline of Information Security Introduction Impact of information Need

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Computer Security and Safety, Ethics, and Privacy

Computer Security and Safety, Ethics, and Privacy Computer Security and Safety, Ethics, and Privacy Computer Security Risks Today, people rely on computers to create, store, and manage critical information. It is crucial to take measures to protect their

More information

Chapter 12 Objectives. Chapter 12 Computers and Society: Security and Privacy

Chapter 12 Objectives. Chapter 12 Computers and Society: Security and Privacy Chapter 12 Objectives Chapter 12 Computers and Society: and Privacy p. 12.2 Identify the various types of security risks that can threaten computers Recognize how a computer virus works and take the necessary

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc. Copyright 2007 Pearson Education, Inc. Slide 5-1 E-commerce business. technology. society. Second Edition Kenneth C. Laudon Carol Guercio Traver Copyright 2007 Pearson Education, Inc. Slide 5-2 Chapter

More information

E-BUSINESS THREATS AND SOLUTIONS

E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Network Incident Report

Network Incident Report To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850

More information

Local Area Networks: Internetworking

Local Area Networks: Internetworking Local Area Networks: Internetworking Chapter 81 Learning Objectives List the reasons for interconnecting multiple local area networks and interconnecting local area networks to wide area networks. Identify

More information

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173 Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security

More information

Information Technology Cyber Security Policy

Information Technology Cyber Security Policy Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please

More information

Wireless Encryption Protection

Wireless Encryption Protection Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost

More information

Firewalls for small business

Firewalls for small business By James Thomas DTEC 6823 Summer 2004 What is a firewall? Firewalls for small business A firewall is either hardware, software or a combination of both that is used to prevent, block or should I say try

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software CEN 448 Security and Internet Protocols Chapter 19 Malicious Software Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

More information

Computers and Society: Security and Privacy

Computers and Society: Security and Privacy 1 Chapter 12 Computers and Society: Security and Privacy 2 Chapter 12 Objectives 3 Computer Security: Risks and Safeguards What is a computer security risk? 4 Computer Security: Risks and Safeguards 1

More information

Learning Objectives. attacks. 2. Describe the common security practices of businesses of

Learning Objectives. attacks. 2. Describe the common security practices of businesses of E-Commerce Security Learning Objectives 1. Document the trends in computer and network security attacks. 2. Describe the common security practices of businesses of all sizes. 3. Understand the basic elements

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Description: Objective: Attending students will learn:

Description: Objective: Attending students will learn: Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of

More information

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank Fraud Detection and Prevention Timothy P. Minahan Vice President Government Banking TD Bank Prevention vs. Detection Prevention controls are designed to keep fraud from occurring Detection controls are

More information

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.

More information

Name: 1. CSE331: Introduction to Networks and Security Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35.

Name: 1. CSE331: Introduction to Networks and Security Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35. Name: 1 CSE331: Introduction to Networks and Security Final Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35 Total /135 Do not begin the exam until you are told to do so. You

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

PROTECTING NETWORKS WITH FIREWALLS

PROTECTING NETWORKS WITH FIREWALLS 83-10-44 DATA SECURITY MANAGEMENT PROTECTING NETWORKS WITH FIREWALLS Gilbert Held INSIDE Connecting to the Internet; Router Packet Filtering; Firewalls; Address Hiding; Proxy Services; Authentication;

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Topics in Network Security

Topics in Network Security Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

CSCI 4250/6250 Fall 2015 Computer and Networks Security

CSCI 4250/6250 Fall 2015 Computer and Networks Security CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP

More information

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference

More information

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems

More information

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500 INFO 1500 9. Information Assurance and Security, Protecting Information Resources 11. ecommerce and ebusiness Janeela Maraj Tutorial 9 21/11/2014 9. Information Assurance and Security, Protecting Information

More information

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure Bendigo and Adelaide Bank Ltd Security Incident Response Procedure Table of Contents 1 Introduction...1 2 Incident Definition...2 3 Incident Classification...2 4 How to Respond to a Security Incident...4

More information

WEBARROW: A CASE STUDY OF SECURE WEB DEPLOYMENT

WEBARROW: A CASE STUDY OF SECURE WEB DEPLOYMENT WEBARROW: A CASE STUDY OF SECURE WEB DEPLOYMENT Namzak Labs White Paper, 2002-02 Version 1 September 30, 2002 Overview As deployment of computer applications over the Internet becomes more prevalent, companies

More information

E-Commerce Security and Fraud Protection CHAPTER 9

E-Commerce Security and Fraud Protection CHAPTER 9 E-Commerce Security and Fraud Protection CHAPTER 9 LEARNING OBJECTIVES 1. Understand the importance and scope of security of information systems for EC. 2. Describe the major concepts and terminology of

More information

Chapter 7 Information System Security and Control

Chapter 7 Information System Security and Control Chapter 7 Information System Security and Control Essay Questions: 1. Hackers and their companion viruses are an increasing problem, especially on the Internet. What can a digital company do to protect

More information

Information Security

Information Security Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Part I: Ethics. Moral guidelines that govern use of computers and information systems. Unauthorized use of computer systems

Part I: Ethics. Moral guidelines that govern use of computers and information systems. Unauthorized use of computer systems What are Computer Ethics? Computing Issues Moral guidelines that govern use of computers and information systems Part I: Ethics Unauthorized use of computer systems Information privacy Intellectual property

More information

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/ DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing

More information

information security and its Describe what drives the need for information security.

information security and its Describe what drives the need for information security. Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

Software Engineering 4C03: Web Encryption Software And It s Purpose

Software Engineering 4C03: Web Encryption Software And It s Purpose Software Engineering 4C03: Web Encryption Software And It s Purpose Gordon Burtch 0147045 Apr. 04, 2005 Dr. Kartik Krishman Introduction This report details the methods and purposes of encryption software

More information

REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY

REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY Babul K Ladhe 1, Akshay R Jaisingpure 2, Pratik S Godbole 3, Dipti S Khode 4 1 B.E Third Year, Information Technology JDIET, Yavatmal ladhebabul23@gmail.com

More information

Network Security. HIT Shimrit Tzur-David

Network Security. HIT Shimrit Tzur-David Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

More information

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Review of Anomaly Detection Techniques in Network Intrusion Detection System A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security

More information

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are

More information

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module

More information

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002 INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before

More information

FBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12.

FBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12. Competency: Defend and Attack (virus, spam, spyware, Trojans, hijackers, worms) 1. Identify basic security risks and issues to computer hardware, software, and data. 2. Define the various virus types and

More information

ISM/ISC Middleware Module

ISM/ISC Middleware Module ISM/ISC Middleware Module Lecture 13: Security for Middleware Applications Dr Geoff Sharman Visiting Professor in Computer Science Birkbeck College Geoff Sharman Sept 07 Lecture 13 Aims to: 2 Show why

More information

Intro to Firewalls. Summary

Intro to Firewalls. Summary Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer

More information

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Internet (In)Security Exposed Prof. Dr. Bernhard Plattner With some contributions by Stephan Neuhaus Thanks to Thomas Dübendorfer, Stefan

More information

Network Security - ISA 656 Email Security

Network Security - ISA 656 Email Security Network Security - ISA 656 Angelos Stavrou November 13, 2007 The Usual Questions The Usual Questions Assets What are we trying to protect? Against whom? 2 / 33 Assets The Usual Questions Assets Confidentiality

More information

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security

More information

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure

More information

COB 302 Management Information System (Lesson 8)

COB 302 Management Information System (Lesson 8) COB 302 Management Information System (Lesson 8) Dr. Stanley Wong Macau University of Science and Technology Chapter 13 Security and Ethical Challenges 安 全 與 倫 理 挑 戰 Remarks: Some of the contents in this

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define

More information

Frequently Asked Questions (FAQ)

Frequently Asked Questions (FAQ) Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart

More information

Chapter 11 Computers and Society, Security, Privacy, and Ethics

Chapter 11 Computers and Society, Security, Privacy, and Ethics Objectives Computers and Society, Security, Privacy, and Ethics Describe the the types of of computer security risks Identify ways to to safeguard against computer viruses, worms, and and Trojan horses

More information

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)

More information

TELE 301 Network Management. Lecture 18: Network Security

TELE 301 Network Management. Lecture 18: Network Security TELE 301 Network Management Lecture 18: Network Security Haibo Zhang Computer Science, University of Otago TELE301 Lecture 18: Network Security 1 Security of Networks Security is something that is not

More information

Detailed Description about course module wise:

Detailed Description about course module wise: Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

Common Cyber Threats. Common cyber threats include:

Common Cyber Threats. Common cyber threats include: Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...

More information

Is your data safe out there? -A white Paper on Online Security

Is your data safe out there? -A white Paper on Online Security Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects

More information

Security Awareness. Wireless Network Security

Security Awareness. Wireless Network Security Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition

More information

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Network Security (2) CPSC 441 Department of Computer Science University of Calgary Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

DOL New Hire Training: Computer Security and Privacy

DOL New Hire Training: Computer Security and Privacy DOL New Hire Training: Computer Security and Privacy Table of Contents Introduction Lesson One: Computer Security Basics Lesson Two: Protecting Personally Identifiable Information (PII) Lesson Three: Appropriate

More information

Safer data transmission using Steganography

Safer data transmission using Steganography Safer data transmission using Steganography Arul Bharathi, B.K.Akshay, M.Priy a, K.Latha Department of Computer Science and Engineering Sri Sairam Engineering College Chennai, India Email: arul.bharathi@yahoo.com,

More information

Security Goals Services

Security Goals Services 1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;

More information

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web.

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web. Topic 8 Database Security LEARNING OUTCOMES When you have completed this Topic you should be able to: 1. Discuss the important of database security to an organisation. 2. Identify the types of threat that

More information

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder

More information

Ethical Hacking Course Layout

Ethical Hacking Course Layout Ethical Hacking Course Layout Introduction to Ethical Hacking o What is Information Security? o Problems faced by the Corporate World o Why Corporate needs Information Security? Who is a Hacker? o Type

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems Page 1 of 5 Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems In July the Payment Card Industry Security Standards Council (PCI SSC) published

More information

IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS

More information

Business Phone Security. Threats to VoIP and What to do about Them

Business Phone Security. Threats to VoIP and What to do about Them Business Phone Security Threats to VoIP and What to do about Them VoIP and Security: What You Need to Know to Keep Your Business Communications Safe Like other Internet-based applications, VoIP services

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

Introduction to Cyber Security / Information Security

Introduction to Cyber Security / Information Security Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be

More information