CNT5410 - Computer and Network Security Review/Wrapup

Similar documents
CIS 433/533 - Computer and Network Security. Web Vulnerabilities, Wrapup

CSE543 - Introduction to Computer and Network Security. Module: Final review

EECS 588: Computer and Network Security. Introduction January 14, 2014

Chapter 8. Network Security

Security + Certification (ITSY 1076) Syllabus

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

Information Security and Cryptography

SSL BEST PRACTICES OVERVIEW

VALLIAMMAI ENGINEERING COLLEGE

EECS 588: Computer and Network Security. Introduction

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Passing PCI Compliance How to Address the Application Security Mandates

Firewalls, Tunnels, and Network Intrusion Detection

Advanced Authentication

Chapter 7 Transport-Level Security

Authenticity of Public Keys

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

NETWORK ADMINISTRATION AND SECURITY

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Designing and Coding Secure Systems

LBSEC.

Network Test Labs (NTL) Software Testing Services for igaming

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

IAIK. Motivation 2. Advanced Computer Networks 2015/2016. Johannes Feichtner IAIK

Web Security, Privacy, and Commerce

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Network Security - ISA 656 Review

White Paper Secure Reverse Proxy Server and Web Application Firewall

Protecting Your Organisation from Targeted Cyber Intrusion

Computer and Network Security

Security vulnerabilities in the Internet and possible solutions

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Transport Layer Security Protocols

Client Server Registration Protocol

EXAM questions for the course TTM Information Security May Part 1

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Network Security Essentials Chapter 5

Jort Kollerie SonicWALL

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Key & Data Storage on Mobile Devices

JVA-122. Secure Java Web Development

CS 3251: Computer Networking 1 Security Protocols I

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

CS 5490/6490: Network Security Fall 2015

Web Security Considerations

74% 96 Action Items. Compliance

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

A Systems Engineering Approach to Developing Cyber Security Professionals

Public Key Applications & Usage A Brief Insight

Summary of the SEED Labs For Authors and Publishers

Entrust IdentityGuard

Rational AppScan & Ounce Products

COMP-530 Cryptographic Systems Security *Requires Programming Background. University of Nicosia, Cyprus

Application Security: Threats and Architecture

SECURITY ISSUES INTERNET WORLD WIDE WEB FOR THE AND THE

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

CSCI 454/554 Computer and Network Security. Final Exam Review

CS Computer and Network Security: Intrusion Detection

Information Security

CS 494/594 Computer and Network Security

Securing Data on Microsoft SQL Server 2012

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

Secure Sockets Layer

Network Security Essentials:

Detailed Description about course module wise:

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Transport Level Security

Operating System Security

Cryptography and Key Management Basics

Cryptography and network security CNET4523

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Introduction to Cyber Security / Information Security

What is Web Security? Motivation

Security Goals Services

CompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Security vulnerabilities in new web applications. Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant

BM482E Introduction to Computer Security

MS-55096: Securing Data on Microsoft SQL Server 2012

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

Protocol Rollback and Network Security

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Bellevue University Cybersecurity Programs & Courses

CompTIA Security+ (Exam SY0-410)

CRYPTOG NETWORK SECURITY

CS Final Exam

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Security Protocols/Standards

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Enterprise Application Security Workshop Series

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Transcription:

CNT5410 - Computer and Network Security Review/Wrapup Professor Kevin Butler Fall 2015

Review What did we talk about this semester? Cryptography secret vs public-key key exchange (Diffie-Hellman) symmetric ciphers and modes of operation hashing, MAC, HMAC encryption and digital signatures constructions based on crypto primitives (e.g., hash chains) 2

Review Authentication credentials and types thereof (passwords, biometrics, tokens) Kerberos PKI Network security TCP sequence number attacks ARP spoofing DNS security Securing legacy protocols IPsec 3

Review Intrusion detection Insider threat rootkit network and host intrustion detection system behavior and signature based IDS anomaly detection Bayesian rate fallacy Firewalls blacklisting vs whitelisting firewall policy 4

Review Malware and bonnets Ransomware C&C architectures Fraud Bot cycles (scan-infect-download-communicate) Prevention mechanisms Bayesian fallacy ROC curves 5

Review Web security legacy and new web models cookie design content injection IFRAME compromise cross-site scripting browser security architectures SSL 6

Review Cloud computing Types of cloud service architectures Threat and trust models Multi-Tenancy Cloud side channels 7

Review Anonymous networks and censorship resistance TOR Hidden services Mix vs DC-nets Limitations Anonymous publishing Private browsing 8

Mobile Networks and Devices Rigidity in cellular networks SMS attacks Android communication mechanisms Secure application design and deployment End-to-end principle 9

Wrapup So, what does it all mean? 10

The state of security issues are in public consciousness Press coverage is increasing Losses mounting (billions and billions) Affect increasing (ATMs, commerce, infrastructure) Public is at risk... What are we doing? sound and fury signifying nothing (well, it s not quite that bad) 11

The problems What is the root cause? Security is not a key goal...... and it never has been...... so, we need to figure out how to change the way we do engineering (and science)...... to make computers secure. Far too much misunderstanding about basic security and the use of technology (security theatre) 12

The current solutions Make better software we mean it - B. Gates (2002) no really - B. Gates (2003) Linux/OS X/Sun OS etc. is bad too - B. Gates (2005) Vista will fix everything - B. Gates (2006) Vista fixes everything - B. Gates (2007) Sorry about Vista... - B. Gates (2007.5) Windows 7.0 will fix everything - B. Gates (2008) CERT/SANS-based problem/event tracking Experts tracking vulnerabilities Patch system completely broken Destructive research Back-pressure on product developers Arms-race with bad guys Problem: reactive, rather than proactive 13

The real solutions Fix the economic incentive equation Eventually, MS/Sun/Apple/*** will be in enough pain that they change the way they make software Education Things will get better when people understand when how to use technology Fix engineering practices Design for security Apply technology What we have been talking about Policy: how do we as technologists balance security and privacy? 14

Your new skills arsenal A little knowledge is a dangerous thing More and more, real lives at stake through subverting computers With great power comes great responsibility 15

The bottom line The Web/Internet and new technologies have limited ability to address security and privacy concerns computer science is making the world less safe!! it is incumbent on us as scientists to meet these challenges. Evangelize importance of security Provide sound technologies Define better practices Choose your questions wisely 16

Additional Courses Systems Security (grad. certificate) Cryptography Hardware security Embedded systems security Mobile computing security Research opportunities 17

Thank You butler@ufl.edu 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information