CSE 127 Computer Security

Size: px
Start display at page:

Download "CSE 127 Computer Security"

Transcription

1 CSE 127 Computer Security Fall 2012 Lecture #12 Physical Security Stefan Savage

2 Physical security What is physical security about? Controlling access to a physical space or object Examples: Gates/Barriers Locks Safes Alarms Mantraps Scanners

3 Same kind of problems as computer security Usability Security through obscurity Side channels Misplaced assumptions Securing the wrong thing Weakest link Lets look at some of this via locks

4 Locks Worlds oldest (pre-biblical) and most pervasive form of access control Egyptian tumbler lock design ~1000 BCE Modern Cylinder lock

5 How physical locks work Shear line Driver pins Plug Bottom pins courtesy Matt Blaze 5

6 How physical locks work courtesy Matt Blaze 6

7 Shared secrets There is a shared secret between the lock and the key its shape In fact, it s a digital code

8 Bitting codes A key can be precisely described with a discrete code Cuts at regular intervals (4-6 cuts) Depth of cuts quantized in standard fashion (typically 6-9 bins) digits sufficient to describe most keys 8

9 Design assumptions If you don t know the secret code, you can t open the lock The secret code is secret If you can t open the lock, everything is fine

10 Design assumptions If you don t know the secret code, you can t open the lock The secret code is secret If you can t open the lock, everything is fine

11 Lock bypass via manipulation Picking & Raking Bumping 11

12 Picking 12

13 Picking Two parts Tension wrench used to apply slight lateral force on plug Pick used to lift individual bottom pins to the shear line Tension causes driver pins to bind above shear line 13

14 Picking 14

15 Raking Similar idea, but less finesse Rake pick moved in and out quickly imparts force to bottom pins; driver pins bind Quick & easy

16 Bumping Similar idea to raking, but does all pins in parallel; super easy to do Max-depth key (bump key) used to impart force to bottom pins who transfer energy to driver pins (think billiards) 16

17 Bumping 17

18 Some defenses Security pins Spool pins, mushroom pins, interlocking pins» Shapes that get stuck when plug under tension

19 Some defenses Security pins Spool pins, mushroom pins, interlocking pins» Shapes that get stuck when plug under tension Pin rotation (angled cuts on keys)

20 Some defenses Ancillary locking mechanisms; sidebars (2)

21 Side issue: master keying How do master keys work? Second set of pins (spacers); multiple shear lines

22 Hmmm. problem? Suppose 6 pins and 10 positions per pin In principal 10 6 combinations; can t guess master But what if you have one working key Scenario: your key: , master: Make key: ; does it work? No, cut groove down one position; at position N it works! If N is not equal to 5, then N is the master cut for that pin Repeat for each pin; six keys are sufficient if all six pins have master pins; Rights Amplification 22

23 Design assumptions If you don t know the secret code, you can t open the lock The secret code is secret If you can t open the lock, everything is fine

24 Design assumptions If you don t know the secret code, you can t open the lock The secret code is secret If you can t open the lock, everything is fine

25 Problem The bitting code is only secret if the key is kept secure What if I borrow your key?

26 Lock bypass via surreptitious duplication Field casting Decoding 26

27 The power of decoding = Key Blank Key replica Code key cutting machine 27

28 28

29 29

30

31 Optical decoding Decode keys semi-automatically from photos Traditional computer vision problem (photometry) Normalize for scale and rotation 31

32 Sneakey: UCSD Reference key measured at control points User supplies correspondences between target key and reference image Image normalized (homographic transform), cut locations identified and cut depths measured (n guesses) 32

33 Works really well Almost perfectly from up close photos (e.g., cell phone cameras, etc) But that s no fun what would James Bond do?

34 Distance experiments 34

35 Where s the Key?

36 One defense: restricted keyways Key shape registered to customer and not avaialble for sale to anyone else 36

37 One defense: restricted keyways But 3D Printers Key milling machines 37

38 A better approach Electronic & mechanical keys Challenge/response via RF But own issues; batteries, replay, how to program, etc

39 Very high security Electronic; no battery; self-erase; heavy RF shielding; different combination for each user; unerasable audit log

40 Design assumptions If you don t know the secret code, you can t open the lock The secret code is secret If you can t open the lock, you can t access what is protected

41 Design assumptions If you don t know the secret code, you can t open the lock The secret code is secret If you can t open the lock, everything is fine

42

43 Taking the big picture What is the threat? Capabilities, resources, goals Faster than the bear or faster than the next guy? What are all the ways the adversary might get access (the attack surface )?

44 Deterrence No physical security is perfect For indiscriminate adversary (e.g., burglar) goal is to make cost higher than its worth Go elsewhere Deterrence can be indirect Lojack story Determined adversary may not be deterable How to increase risk, response, cost, time E.g. time locks, relockers

45 Physical security metrics What are you protecting against? Covert entry Time oriented» Group 1: resist expert manipulation for 20 hrs» Group 2m: resist expert manipulation for 2hrs Capability oriented» Group 1r: sub-category of group 1 that resists radiological probing Destructive entry Container drill resistance (e.g., 15, 30, 60 mins)

46 Defying assumptions

47 Also: Denial of service 47

48 Worse denial of service

49 For those interested Check out Matt Blaze s work» Safecracking for the Computer Scientist» Cryptology and Physical Security: Rights Amplification in Master- Keyed Mechanical Locks» Notes on Picking Pin Tumbler Locks, MIT Guide to Lockpicking Locksport International (http://locksport.com/) Matt Tobias s books (Locks, Safes and Security the bible) However NEVER pick a lock you do not own ALWAYS know the local law about using such tools 49

50 Comparison Both physical and computer security require similar mindset What could an adversary do, what is the easiest way for them to do it, what is the easiest way to stop them, etc Both vulnerable to technological surprise Lock bumping and computational code solving Some differences Physical objects subject to physical laws, but imprecise notion of hardness to break (e.g., Class I safes); less complex dependencies Digital objects exist in largely self-contained world; hardness can sometime be precise; complex dependencies 50

51 Next time Malware I And midterm return 51

Physical Security: From Locks to Dox

Physical Security: From Locks to Dox Physical Security: From Locks to Dox Introduction to Red Team Physical Security Penetration Testing Jess Hires Jax Locksport www.hacksonville.com Disclaimer This information is to be used for professional

More information

LOCKS AND HIGH INSECURITY: PROTECTING CRITICAL INFRASTRUCTURE

LOCKS AND HIGH INSECURITY: PROTECTING CRITICAL INFRASTRUCTURE LOCKS AND HIGH INSECURITY: PROTECTING CRITICAL INFRASTRUCTURE SECURITY VULNERABILITIES FOR MECHANICAL AND ELECTRONIC LOCKING SYSTEMS THAT ARE USED FOR PROTECTING CRITICAL ASSETS CRITICAL FACILITIES TRANSPORTATION

More information

Section 2.2 Locks and Keys. Legal Notice

Section 2.2 Locks and Keys. Legal Notice Section 2.2 Locks and Keys Digital security often begins with physical security 1 Legal Notice Laws regarding lock picking vary significantly state-bystate In most states purchase and possession of dedicated

More information

Techno Security's Guide to Securing SCADA

Techno Security's Guide to Securing SCADA Techno Security's Guide to Securing SCADA Foreword xxiii Chapter 1 Physical Security: SCADA and the Critical Infrastructure's Biggest Vulnerability 1 Introduction 2 Key Control 3 Check All Locks for Proper

More information

Public-Key Cryptography

Public-Key Cryptography Public-Key Cryptography Separate keys are used for encryption and decryption. Sender Communication channel Recipient encrypt decrypt plaintext ciphertext plaintext plaintext public key private key Attacker

More information

Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks

Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks Matt Blaze AT&T Labs Research mab@crypto.com, mab@research.att.com 15 September 2002 PREPRINT: This paper can be

More information

MIT Guide to Lock Picking. Ted the Tool

MIT Guide to Lock Picking. Ted the Tool MIT Guide to Lock Picking Ted the Tool September 1, 1991 Distribution Copyright 1987, 1991 Theodore T. Tool. All rights reserved. Permission to reproduce this document on a non-prot basis is granted provided

More information

Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks

Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks Matt Blaze AT&T Labs Research mab@crypto.com, mab@research.att.com PREPRINT 15 Sept 2002 (revised 6 Feb 2003). To

More information

Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks

Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks Matt Blaze AT&T Labs Research mab@crypto.com, mab@research.att.com PREPRINT 15 Sept 2002 (Revised 2 March 2003).

More information

Padlocks. 146 Padlocks FEATURES

Padlocks. 146 Padlocks FEATURES 146 Padlocks Padlocks FEATURES Medeco 3 BiLevel Medeco X4 CLIQ Medeco XT Nexgen Protector II Protector II body accepts 6 pin knob style cylinders Protector II is available as key retaining only System

More information

Maker: Call a 3D Locksmith How 3D Printing can Defeat Physical Security

Maker: Call a 3D Locksmith How 3D Printing can Defeat Physical Security Paper ID #13406 Maker: Call a 3D Locksmith How 3D Printing can Defeat Physical Security Byron Doyle, Brigham Young University Byron is a recent graduate of Brigham Young University with a Bachelor s of

More information

Degree Key System. Technical Manual

Degree Key System. Technical Manual Degree Key System Technical Manual Copyright 03-04, Sargent Manufacturing Company, an ASSA ABLOY Group company. All rights reserved. Reproduction in whole or in part without the express written permission

More information

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 1 (rev. 1) Professor M. J. Fischer September 3, 2008 1 Course Overview Lecture Notes 1 This course is

More information

Ten Things Everyone Should Know About Lockpicking & Physical Security Deviant Ollam

Ten Things Everyone Should Know About Lockpicking & Physical Security Deviant Ollam Ten Things Everyone Should Know About Lockpicking & Physical Security Deviant Ollam Physical security is an oft-overlooked component of data and system security in the technology world. While frequently

More information

Notes on Network Security - Introduction

Notes on Network Security - Introduction Notes on Network Security - Introduction Security comes in all shapes and sizes, ranging from problems with software on a computer, to the integrity of messages and emails being sent on the Internet. Network

More information

CSE331: Introduction to Networks and Security. Lecture 1 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 1 Fall 2006 CSE331: Introduction to Networks and Security Lecture 1 Fall 2006 Basic Course Information Steve Zdancewic lecturer Web: http://www.cis.upenn.edu/~stevez E-mail: stevez@cis.upenn.edu Office hours: Tues.

More information

Lock bumping merits ASTM Standard revision and Master Lock Company leads the way in meeting it

Lock bumping merits ASTM Standard revision and Master Lock Company leads the way in meeting it Contact: The Drucker Group Bob Wolff 224-532-1808 FOR IMMEDIATE RELEASE Lock bumping merits ASTM Standard revision and Master Lock Company leads the way in meeting it New Standard establishes basis for

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC

More information

10 Vulnerability Management Myths By Mark Stamford, OccamSec

10 Vulnerability Management Myths By Mark Stamford, OccamSec 10 Vulnerability Management Myths By Mark Stamford, OccamSec Vulnerability Management (VM) continues to be a key part of many security programs; however, for those still considering doing it, or those

More information

Key Systems Answer Book

Key Systems Answer Book Key Systems Answer Book Contents 4 Mechanical Lock Guide 6 Schlage Keyway Guide 8 Cores 9 Key Systems Overview 11 Everest Keyway Family Overview 13 Primus XP Key Control Levels 16 Everest 29 T Keyways

More information

Strengths and Weaknesses of Access Control Systems. Eric Schmiedl and Mike Spindel

Strengths and Weaknesses of Access Control Systems. Eric Schmiedl and Mike Spindel Strengths and Weaknesses of Access Control Systems Eric Schmiedl and Mike Spindel Choosing a System Error rate Environment Cost Physical Vulnerability Additional Constraints Error Rate False Reject Rate

More information

Area 451 Parts cruise control Installation Instructions

Area 451 Parts cruise control Installation Instructions DISCLAIMER OF LIABILITY Area 451 Parts cruise control Installation Instructions Installing, operating, or otherwise utilizing this device in any way, indicates the owner of this device and/or the vehicle

More information

Cyber Security and Science

Cyber Security and Science Cyber Security and Science Peter Weinberger pjw@googlecom Feb 9, 2011 These opinions are only mine, no one else s and even then, only today They may change at any time Protecting intellectual property

More information

A secure email login system using virtual password

A secure email login system using virtual password A secure email login system using virtual password Bhavin Tanti 1,Nishant Doshi 2 1 9seriesSoftwares, Ahmedabad,Gujarat,India 1 {bhavintanti@gmail.com} 2 SVNIT, Surat,Gujarat,India 2 {doshinikki2004@gmail.com}

More information

Paper Airplanes & Scientific Methods

Paper Airplanes & Scientific Methods Paper Airplanes 1 Name Paper Airplanes & Scientific Methods Scientific Inquiry refers to the many different ways in which scientists investigate the world. Scientific investigations are done to answer

More information

ROLLER BLINDS INSTALLATION OPERATING AND CARE INSTRUCTIONS

ROLLER BLINDS INSTALLATION OPERATING AND CARE INSTRUCTIONS ROLLER BLINDS INSTALLATION OPERATING AND CARE INSTRUCTIONS MATERIAL AND TOOLS Each Roller Blind ordered should include: 1 pair of universal installation brackets. If a linked blind has been ordered you

More information

Security Through Transparency: An Open Source Approach to Physical Security

Security Through Transparency: An Open Source Approach to Physical Security Security Through Transparency: An Open Source Approach to Physical Security John Loughlin Stanton Concepts Lebanon, NJ jpl@stantonconcepts.us Security through obscurity has never been a sensible approach

More information

Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) Contents...1 Abstract...2 Introduction...3 The importance of the cryptography...4 The idea about how (PGP) works...5 Legal issues surrounding (PGP)...6 The implementation and

More information

Course mechanics. CS 458 / 658 Computer Security and Privacy. Course website. Additional communication

Course mechanics. CS 458 / 658 Computer Security and Privacy. Course website. Additional communication CS 458 / 658 Computer Security and Privacy Module 1 Introduction to Computer Security and Privacy Fall 2008 Course mechanics Instructor: Ian Goldberg Contact info: http://www.cs.uwaterloo.ca/ iang/ Office

More information

Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Clouds. Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage

Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Clouds. Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Clouds Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage UCSD MIT UCSD UCSD Today s talk in one slide Third-party

More information

VERY IMPORTANT NOTE! - RAID

VERY IMPORTANT NOTE! - RAID Disk drives are an integral part of any computing system. Disk drives are usually where the operating system and all of an enterprise or individual s data are stored. They are also one of the weakest links

More information

Information Security in Business: Issues and Solutions

Information Security in Business: Issues and Solutions Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information

More information

MANUAL. IGNITION SERVICE KIT For G.M. 10-CUT #PS2

MANUAL. IGNITION SERVICE KIT For G.M. 10-CUT #PS2 Security Manufacturing Corp. MANUAL IGNITION SERVICE KIT For G.M. 10-CUT #PS2 MADE IN U.S.A. A-1 Security Manufacturing Corp. 3001 West Moore Street Richmond, Virginia 23230 (804) 359-9003 IMPORTANT Replacement

More information

Cyber intelligence in an online world

Cyber intelligence in an online world Cyber intelligence in an online world James Hanlon CISM, CISSP, CMI Cyber Strategy & GTM, EMEA Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM 2014 2 Software and data powers the world

More information

Project 25 Security Services Overview

Project 25 Security Services Overview Project 25 Security Services Overview Bill Janky Director, System Design Harris Corporation 1 Agenda Overview of P25 Security Services What s new; What s coming Other topics 2 If you re in Public Safety...

More information

Milling Tools These are the tools currently available for use with the milling machine

Milling Tools These are the tools currently available for use with the milling machine Jason Ward Page 1 of 5 Milling Tools These are the tools currently available for use with the milling machine T1 Milling Tool The missile-shaped T1 milling tools are the highest precision of T-Tech's milling

More information

Management Information System Prof. Biswajit Mahanty Department of Industrial Engineering & Management Indian Institute of Technology, Kharagpur

Management Information System Prof. Biswajit Mahanty Department of Industrial Engineering & Management Indian Institute of Technology, Kharagpur Management Information System Prof. Biswajit Mahanty Department of Industrial Engineering & Management Indian Institute of Technology, Kharagpur Lecture - 02 Introduction Part II Welcome to all of you

More information

Secrets of Vulnerability Scanning: Nessus, Nmap and More. Ron Bowes - Researcher, Tenable Network Security

Secrets of Vulnerability Scanning: Nessus, Nmap and More. Ron Bowes - Researcher, Tenable Network Security Secrets of Vulnerability Scanning: Nessus, Nmap and More Ron Bowes - Researcher, Tenable Network Security 1 About me Ron Bowes (@iagox86) My affiliations (note: I m here to educate, not sell) 2 SkullSpace

More information

Primus Primus, Primus XP, Everest TM Primus, Everest Primus XP, Everest 29 TM Primus, Everest 29 Primus XP. Service manual

Primus Primus, Primus XP, Everest TM Primus, Everest Primus XP, Everest 29 TM Primus, Everest 29 Primus XP. Service manual Primus Primus, Primus XP, Everest TM Primus, Everest Primus XP, Everest 29 TM Primus, Everest 29 Primus XP Service manual Contents 5 Introduction 5 Key systems 7 Terminology 7 Keyways 7 Cylinder mechanisms

More information

Cyber Security Threats

Cyber Security Threats Cyber Security Threats What keeps us up at night? Doug Jacobson Information Assurance Center www.iac.iastate.edu Information Assurance Center Iowa State University 1 Outline Who are the players The good,

More information

HIGHER STANDARDS. For Magnetic Contacts Needed As Security Vulnerabilities Are Exposed WHITE PAPER

HIGHER STANDARDS. For Magnetic Contacts Needed As Security Vulnerabilities Are Exposed WHITE PAPER HIGHER STANDARDS For ic Contacts Needed As Security Vulnerabilities Are Exposed WHITE PAPER HIGHER STANDARDS For ic Contacts Needed As Security Vulnerabilities Are Exposed INTRODUCTION The reed switch

More information

Ribcage v1.1 Installation

Ribcage v1.1 Installation Ribcage v1.1 Installation Part 2 - Assembly Back-Bone V1.1 Contents Section 1 Before You Get Started... 2 Included With Your Kit:... 2 Figure: A... 3 CAUTION!... 4 Tools Required... 5 Section 2: Ribcage

More information

The Basics of Robot Mazes Teacher Notes

The Basics of Robot Mazes Teacher Notes The Basics of Robot Mazes Teacher Notes Why do robots solve Mazes? A maze is a simple environment with simple rules. Solving it is a task that beginners can do successfully while learning the essentials

More information

Remote Access Securing Your Employees Out of the Office

Remote Access Securing Your Employees Out of the Office Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction

More information

Raileasy Cable Railing system with patented tensioner

Raileasy Cable Railing system with patented tensioner Raileasy Cable Railing system with patented tensioner Sleek and Easy to Install Reasons to Choose Corrosion resistant stainless steel styled with marine inspired components offers unobstructed views Easy

More information

Lead Screw Backlash and Mach3, version 2

Lead Screw Backlash and Mach3, version 2 Lead Screw Backlash and Mach3, version 2 By R. G. Sparber Copyleft protects this document. 1 This article looks closely at backlash and then explains how to measure it. The resulting numbers are used in

More information

The Hive Bodies. In the Beekeeper s Work Shop. Building a Bee Hive: The Hive Bodies. by Stephen E. Tilmann

The Hive Bodies. In the Beekeeper s Work Shop. Building a Bee Hive: The Hive Bodies. by Stephen E. Tilmann The Hive Bodies In the Beekeeper s Work Shop The hive body is the heart of a managed bee hive colony (Figure 1). It is where the queen lays her eggs, the house bees raise the brood and the workers store

More information

Policy for Protecting Customer Data

Policy for Protecting Customer Data Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees

More information

Choosing a Computer for Running SLX, P3D, and P5

Choosing a Computer for Running SLX, P3D, and P5 Choosing a Computer for Running SLX, P3D, and P5 This paper is based on my experience purchasing a new laptop in January, 2010. I ll lead you through my selection criteria and point you to some on-line

More information

Twist Drill Grinding Attachment By Steven Skiprat Jackson June 2009

Twist Drill Grinding Attachment By Steven Skiprat Jackson June 2009 Twist Drill Grinding Attachment By Steven Skiprat Jackson June 2009 Part 1. About the tool Part 2. Mounting the tool Part 3. Using the tool Part 1. About the tool This little gadget while not a precision

More information

GATES, GUARDS, AND GADGETS: AN INTRODUCTION TO THE PHYSICAL SECURITY OF IT

GATES, GUARDS, AND GADGETS: AN INTRODUCTION TO THE PHYSICAL SECURITY OF IT GATES, GUARDS, AND GADGETS: AN INTRODUCTION TO THE PHYSICAL SECURITY OF IT Kai Axford, MBA, CPP, CISSP, ACE Manager, IT Security Services Accretive Solutions kaxford@accretivesolutions.com THIS SESSION

More information

83-10-35 A New Security Model for Networks and the Internet Dan Thomsen Payoff

83-10-35 A New Security Model for Networks and the Internet Dan Thomsen Payoff 83-10-35 A New Security Model for Networks and the Internet Dan Thomsen Payoff Computer security is a matter of controlling how data is shared for reading and modifying. Type enforcement is a new security

More information

Bridging the gap between COTS tool alerting and raw data analysis

Bridging the gap between COTS tool alerting and raw data analysis Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading

More information

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

Greater Lafayette Security Professionals, January Keith A. Watson, CISSP CISA CERIAS, Purdue University

Greater Lafayette Security Professionals, January Keith A. Watson, CISSP CISA CERIAS, Purdue University Greater Lafayette Security Professionals, January 2011 Keith A. Watson, CISSP CISA CERIAS, Purdue University The need Policy Safe versus Security Design of Physical Protection Systems Assessments Penetration

More information

What locks do I have Timber Doors

What locks do I have Timber Doors What locks do I have Timber Doors Introduction Locking mechanisms on doors are varied and it can be difficult to judge whether what you have is good, bad or indifferent. This information takes you through

More information

Patented technology ASSA P600. Reliable master key system. ASSA ABLOY, the global leader in door opening solutions

Patented technology ASSA P600. Reliable master key system. ASSA ABLOY, the global leader in door opening solutions Patented technology ASSA P600 Reliable master key system ASSA ABLOY, the global leader in door opening solutions 2 The ASSA P600 cylinder finish has been designed to match the finish of other architectual

More information

Today. Important From Last Time. Old Joke. Computer Security. Embedded Security. Trusted Computing Base

Today. Important From Last Time. Old Joke. Computer Security. Embedded Security. Trusted Computing Base Important From Last Time A system is safety critical when its failure may result in injuries or deaths Verification and validation can dominate overall development effort Today Embedded system security

More information

ikompass PMP Exam tips

ikompass PMP Exam tips ikompass PMP Certification Singapore ikompass PMP Exam tips Taking an exam can be a daunting task for people of any age. The unique structure of the PMP exam which involves rules like being sensitive to

More information

OWASP Top 10 for IoT - Explained

OWASP Top 10 for IoT - Explained OWASP Top 10 for IoT - Explained Table of Contents Introduction... 1 Insecure Web Interface... 2 Insufficient Authentication/Authorization... 3 Insecure Network Services... 3 Lack of Transport Encryption...

More information

Computer and Network Security

Computer and Network Security Computer and Network Security R. E. Newman Computer & Information Sciences & Engineering University Of Florida Gainesville, Florida 32611-6120 nemo@cise.ufl.edu Introduction to Computer and Network Security

More information

Detect, Contain and Control Cyberthreats

Detect, Contain and Control Cyberthreats A SANS Whitepaper Written by Eric Cole, PhD June 2015 Sponsored by Raytheon Websense 2015 SANS Institute Introduction Dwell Time Relates to damage because the longer a system is compromised, the bigger

More information

Intrusion Detection Systems

Intrusion Detection Systems Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics

More information

Combining Digital and Traditional Output in Prints

Combining Digital and Traditional Output in Prints SGCI2015:Demo Handout Combining Digital and Traditional Output in Prints Kelsey Stephenson, University of Tennessee, Saturday March 21, 10:00 11:30am, Printshop, AA 241 East SGCI Demo Handout Combining

More information

Viewpoint Paper. Being Vulnerable to the Threat of Confusing Threats with Vulnerabilities*

Viewpoint Paper. Being Vulnerable to the Threat of Confusing Threats with Vulnerabilities* Viewpoint Paper Being Vulnerable to the Threat of Confusing Threats with Vulnerabilities* Roger G. Johnston Vulnerability Assessment Team Nuclear Engineering Division Argonne National Laboratory The following

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

Installation Guide for 5X Racing Adjustable Timing Wheel for Mazda Miata

Installation Guide for 5X Racing Adjustable Timing Wheel for Mazda Miata Installation Guide for 5X Racing Adjustable Timing Wheel for 1999-2005 Mazda Miata 5X Racing recommends using your repair manual for step by step instructions to perform this installation. Your factory

More information

Cylinders. Hardware By Professionals For Professionals. Hardware By Professionals For Professionals 223

Cylinders. Hardware By Professionals For Professionals. Hardware By Professionals For Professionals 223 Cylinders Hardware By Professionals For Professionals 222 Hardware By Professionals For Professionals 223 BS EN 1303 Classification Guide A guide to the classification for Mila Pro-Linea cylinders is below.

More information

8 secrets. Your Burglar Won't Tell You

8 secrets. Your Burglar Won't Tell You 8 secrets Your Burglar Won't Tell You In the United States alone, a home burglary occurs every 14 seconds. These kinds of statistics can be alarming, and the best thing you can do as a homeowner is educate

More information

SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E)

SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E) SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E) 2 LECTURE OUTLINE Threats and countermeasures Access control mechanisms SQL s grant and revoke Role of views 3 THREATS What are the threats? Loss of integrity

More information

Getting Started with WebSite Tonight

Getting Started with WebSite Tonight Getting Started with WebSite Tonight WebSite Tonight Getting Started Guide Version 3.0 (12.2010) Copyright 2010. All rights reserved. Distribution of this work or derivative of this work is prohibited

More information

The Need for Intelligent Network Security: Adapting IPS for today s Threats

The Need for Intelligent Network Security: Adapting IPS for today s Threats The Need for Intelligent Network Security: Adapting IPS for today s Threats James Tucker Security Engineer Sourcefire Nordics A Bit of History It started with passive IDS. Burglar alarm for the network

More information

OPERATING INSTRUCTIONS FOR THE MODEL 210B-2 SRA

OPERATING INSTRUCTIONS FOR THE MODEL 210B-2 SRA OPERATING INSTRUCTIONS FOR THE MODEL 210B-2 SRA SAFETY PRECAUTIONS FOR THE MODEL 210B-2 SRA System Under Pressure: Shut off air supply and disconnect air hose before disassembling or disconnecting parts.

More information

Knowledge Based Authentication (KBA) Metrics

Knowledge Based Authentication (KBA) Metrics Knowledge Based Authentication (KBA) Metrics Santosh Chokhani, Ph.D. February, 2004 Background Model for KBA Issues and Considerations Practical Usage of KBA Metrics for KBA Applicability to U.S. Government

More information

Measuring Software Security

Measuring Software Security Measuring Software Security Defining Security Metrics Dr. Bill Young Department of Computer Science University of Texas at Austin Last updated: July 1, 2014 at 14:53 Dr. Bill Young: 1 Why Is CyberSecurity

More information

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation

More information

OPERATING INSTRUCTIONS FOR

OPERATING INSTRUCTIONS FOR OPERATING INSTRUCTIONS FOR MEDECO KEY MACHINES FOR MEDECO ORIGINAL, BIAXIAL, MEDECO 3, KEYMARK CLASSIC & KEYMARK X4 PRODUCTS MEDECO HIGH SECURITY LOCKS ASSUMES NO RESPONSIBILITY FOR INJURY OR PROPERTY

More information

CMPS 122: Computer Security

CMPS 122: Computer Security CMPS 122: Computer Security Introduction Today s goals Course introduction Course overview Course logistics (details on the syllabus) Introduction to computer security What is computer security? Goals

More information

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA OVERVIEW Introduction Overview The IDS Puzzle Current State of IDS Threats I have a good firewall, why do I need an IDS? Expectations

More information

Application Intrusion Detection

Application Intrusion Detection Application Intrusion Detection Drew Miller Black Hat Consulting Application Intrusion Detection Introduction Mitigating Exposures Monitoring Exposures Response Times Proactive Risk Analysis Summary Introduction

More information

Geotechnical Measurements and Explorations Prof. Nihar Ranjan Patra Department of Civil Engineering Indian Institute of Technology, Kanpur

Geotechnical Measurements and Explorations Prof. Nihar Ranjan Patra Department of Civil Engineering Indian Institute of Technology, Kanpur Geotechnical Measurements and Explorations Prof. Nihar Ranjan Patra Department of Civil Engineering Indian Institute of Technology, Kanpur Lecture No. # 13 (Refer Slide Time: 00:18) So last class, it was

More information

Contents TABLE OF. List of Illustrations... IX. Preface... XV. Chapter 1: How the Burglar Breaks into Your Home... 1

Contents TABLE OF. List of Illustrations... IX. Preface... XV. Chapter 1: How the Burglar Breaks into Your Home... 1 TABLE OF Contents List of Illustrations................................. IX Preface........................................... XV Why You Should Read This Book Burglars Kill Every Security System Can Be

More information

Understanding and evaluating risk to information assets in your software projects

Understanding and evaluating risk to information assets in your software projects Understanding and evaluating risk to information assets in your software projects ugh.. what a mouthful Dana Epp Windows Security MVP Who am I? Microsoft Windows Security MVP Information Security Professional

More information

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?

More information

CSE 227 Computer Security Winter 2012

CSE 227 Computer Security Winter 2012 CSE 227 Computer Security Winter 2012 Stefan Savage Course info Stefan Savage Web: http://www.cs.ucsd.edu/~savage E-mail: savage@cs.ucsd.edu Office hours: M 3-4pm (or by appt, or drop by) CSE 3106 Course

More information

Starter Training Session

Starter Training Session Starter Training Session Trainer Liam O Mahony Company Computer Talk Ltd Email liam@computertalk.co.uk Web www.computertalk.co.uk Agenda Hardware and Basic Functionality Components Technology Ready Light

More information

White Paper. Top Five Ways to Cheat a Truck Scale. How To Prevent it from Happening to You

White Paper. Top Five Ways to Cheat a Truck Scale. How To Prevent it from Happening to You White Paper Top Five Ways to Cheat a Truck Scale How To Prevent it from Happening to You Theft, forgery and credit card fraud. Those are all ways that criminals cheat the system for their own personal

More information

COUNTERTOP SAW PARTS Rev 2015 IMAGE DESCRIPTION BOLD Part No.

COUNTERTOP SAW PARTS Rev 2015 IMAGE DESCRIPTION BOLD Part No. SOLID STATE DIODE LASER ½ Diameter - 635nm, 5 mw, 90 Degree Beam Angle E1009204 SOLID STATE DIODE LASER ¾ Diameter - 10 mw - 3/16 wide beam E1009207 1.5 HP Porter Cable Router Motor 120V [Motor Only] B5154600

More information

EECS 588: Computer and Network Security. Introduction January 14, 2014

EECS 588: Computer and Network Security. Introduction January 14, 2014 EECS 588: Computer and Network Security Introduction January 14, 2014 Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade

More information

A locksport primer. locksport international brings you A Brief introduction to lock picking. learn to pick locks with a visual step-by-step guide

A locksport primer. locksport international brings you A Brief introduction to lock picking. learn to pick locks with a visual step-by-step guide A locksport primer locksport international brings you A Brief introduction to lock picking learn to pick locks with a visual step-by-step guide learn how to re-pin a lock, make tools, and more! to learn

More information

Think like an MBA not a CISSP

Think like an MBA not a CISSP Think like an MBA not a CISSP Embracing University Culture to Achieve Security Initiatives' Matt Malone Security Services Director 512-650-0179 Matt.Malone@SLAITconsulting.com Goals Security is a business

More information

KEYCREATOR 3D Direct Modeling Software

KEYCREATOR 3D Direct Modeling Software KeyCreator Lesson KC9601 Mechanical Drawing Projection The widespread use of CAD (Computer Aided Design) tools has revolutionized the creation of mechanical drawings throughout every area in industry.

More information

Optimizing Network Vulnerability

Optimizing Network Vulnerability SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management Optimizing Network Vulnerability Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965

More information

The Festool Parallel Guides Take Guided Rail Cutting and Routing to a Whole New Level

The Festool Parallel Guides Take Guided Rail Cutting and Routing to a Whole New Level The Festool Parallel Guides Take Guided Rail Cutting and Routing to a Whole New Level Text and photos by Jerry Work Copyright 2009, The Dovetail Joint Those familiar with the Festool guided rail cutting

More information

WIRE ROPE CUTTERS. Designed for new and unused wire rope. Since 1928

WIRE ROPE CUTTERS. Designed for new and unused wire rope. Since 1928 WIRE ROPE CUTTERS Designed for new and unused wire rope Since 1928 IMPACT 101 104 106 108 103 105 107 109 Model 1 (light duty): Model 1 3 /4 capacity 101 Cutter complete 8 lbs. 102 Casting base 4 lbs.

More information

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004 CSE331: Introduction to Networks and Security Lecture 32 Fall 2004 Hackers / Intruders External attacks Typical hacker Exploits carried out remotely Does not have an account on the remote machine Insider

More information

Interchangeable Cores

Interchangeable Cores *00381-000-70* Keying Falcon 00381-000-70 Interchangeable Cores Installation Instructions Preparation Before keying or rekeying an interchangeable core, all pins and springs within the core must be removed.

More information

The Truth About Information Security in Schools Region V 23 rd Annual Spring Conference -April 4th, 2013 Evan Francen CISSP, CISM, CCSK President of FRSecure, LLC Thank You for Attending! & Many Thanks

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information