CMPS 122: Computer Security

Similar documents
EECS 588: Computer and Network Security. Introduction

CSC 474 Information Systems Security

BBM 461: SECURE PROGRAMMING INTRODUCTION. Ahmet Burak Can

Course mechanics. CS 458 / 658 Computer Security and Privacy. Course website. Additional communication

CS 458 / 658 Computer Security and Privacy. Course mechanics. Course website. Module 1 Introduction to Computer Security and Privacy.

EECS 588: Computer and Network Security. Introduction January 14, 2014

E-BUSINESS THREATS AND SOLUTIONS

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu

Computer and Network Security


10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

Computer Security (EDA263 / DIT 641)

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

CSE331: Introduction to Networks and Security. Lecture 1 Fall 2004

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Computer and Information Security

Hackers: Detection and Prevention

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph I MCA

Computer Networks & Computer Security

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

Weighted Total Mark. Weighted Exam Mark

Getting a Secure Intranet

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

Desktop and Laptop Security Policy

IY2760/CS3760: Part 6. IY2760: Part 6

Information Security. CS526 Topic 1

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Security Defense Strategy Basics

Penetration Testing Service. By Comsec Information Security Consulting

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

THE LITTLE BIG BOOK OF BADNESS

TELE 301 Network Management. Lecture 18: Network Security

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

COB 302 Management Information System (Lesson 8)

CHAPTER 10: COMPUTER SECURITY AND RISKS

Firewalls for small business

Network Security. Text. Administrative. My Information. Course Focus. Evaluation CEN

Boston University Security Awareness. What you need to know to keep information safe and secure

E-Commerce: Attacks and Preventative Strategies. The majority of not only our nation, but most of the world, is performing and conducting

Introduction to Information Security

CS Ethical Hacking Spring 2016

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

NEOSHO COUNTY COMMUNITY COLLEGE MASTER COURSE SYLLABUS. Division: Applied Science (AS) Liberal Arts (LA) Workforce Development (WD)

Network Security - ISA 656 Review

Evaluating the Perceptions of People towards Online Security

Network Security. Chapter 12. Learning Objectives. Chapter Outline. After reading this chapter, you should be able to:

Chap. 1: Introduction

Introduction to Security

CSE331: Introduction to Networks and Security. Lecture 1 Fall 2006

TCOM 562 Network Security Fundamentals

SAFE ONLINE BANKING. Online Banking, Data Security You. Your Partnership for Safe Online Banking

COSC 472 Network Security

CPSC 467b: Cryptography and Computer Security

Network Security: Introduction

Content Teaching Academy at James Madison University

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Computer Security (EDA263 / DIT 641)

Viruses, Worms, and Trojan Horses

Application Intrusion Detection

Security Issues with Integrated Smart Buildings

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

Syllabus COMP 517 Computer Security Penn State Harrisburg Fall 2009

Chapter 14 Computer Threats

Cracking and Computer Security

What is Really Needed to Secure the Internet of Things?

CIS433/533 - Computer and Network Security Introduction

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Security and Operating Systems It s the Application

Network Security Survey of Small Businesses

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Footprinting and Reconnaissance Tools

Notes on Network Security - Introduction

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

Network Security Course Specifications

CPSC 467: Cryptography and Computer Security

CS 450/650 Fundamentals of Integrated Computer Security

A Structured Approach to Computer Security *

Project 25 Security Services Overview

Network Security and Surveillance

Government Worker Privacy Survey. Improper Exposure of Official Use, Sensitive, and Classified Materials

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Information Security

Computer Forensics Preparation

Managed Security Services

Network Security. Mobin Javed. October 5, 2011

CS 464/564 Networked Systems Security SYLLABUS

CS549: Cryptography and Network Security

Security Basics: A Whitepaper

DSL and Cable Modems: The Dangers of Having a Static IP Address

The monsters under the bed are real World Tour

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Transcription:

CMPS 122: Computer Security Introduction Today s goals Course introduction Course overview Course logistics (details on the syllabus) Introduction to computer security What is computer security? Goals Attacks Who? How? Defenses Introduction 2 1

Welcome! Ethan Miller elm@cs.ucsc.edu Office: 265 E2 Hours: Tue 11:00 noon Thu 12:30 1:30 PM Alisa Neeman aneeman@cs.ucsc.edu Office: Hours: Mon 10:00 11:00 AM Wed 2:00 3:00 PM No discussion section or lab hours Ask us questions during office hours Class web page (assignments, slides, announcements, etc.) http://www.soe.ucsc.edu/classes/cmps122/winter05/ Introduction 3 Class outline Introduction & concepts Encryption & authentication Secure network protocols (Kerberos, SSL) Program security Bug exploits Malcode: viruses, worms, trojan horses, and more Writing safe code Attacks and defenses on computer systems Firewalls Intrusion detection Countermeasures Trusted operating systems Introduction 4 2

Textbooks Required Cryptography and Network Security (Stallings) Recommended Secrets and Lies (Schneier) Firewalls and Internet Security, 2nd Edition (Cheswick, Bellovin, Rubin) Introduction 5 Course requirements Two exams Midterm in the 5th 6th week Final exam Homework 5 6 homeworks during the quarter About one week per homework Graded Need not do every homework to pass the class Missing homeworks count as a zero! Hand in online Term project More on this in a bit Introduction 6 3

How are grades determined? Final grades based on: Homework: 30% all homeworks weighted equally Midterm: 16% Final: 24% Final project: 25% Class participation: 5% Approximate grade ranges: A: 89% 100% B: 79% 88% C: 69% 78% D: 60% 68% To pass the class, you must Take both exams Turn in a final project Have at least a 50% average on exams and 50% average on homework Satisfying both conditions does not guarantee a passing grade Introduction 7 Other ways to change your grade Up Solve a challenge problem (not normal homework) Find a security hole and have it published by a national organization (CERT, Mercury News, Time magazine ) Down Send me a virus (email or otherwise) Doesn t count if the virus is neutralized and sent as an FYI Email viruses that attack your address book do count Get arrested for a computer security attack Get convicted for a computer security attack To an F/U/NP (i.e., fail!) Get me arrested for something you do related to this class Cheat (we will catch you) Introduction 8 4

Homework Homework lets you Try to solve (or create) computer security problems Test your knowledge and understanding of the subject Homework isn t optional! Homework must be your own work! Programming may be required Use any language you want Use any sources you like, if you cite them Keep in mind that I ll take a dim view of copying someone else in class If the assignment requires that you write your own code, you may not get full credit for using someone else s code In many cases, the biggest benefit is the process! Introduction 9 Challenge problems Open until solved or last day of class First satisfactory answer gets bonus Later answer might still get bonus if it s better Solving in groups is OK Each member gets n/n * value (e.g., 3 people = 3/3 = 0.58) Unlike homework, there s not necessarily a correct answer (or even a solution!) Challenge problems will be listed on the course Web page Introduction 10 5

Final project Write a paper on a topic related to computer security Review several research papers Analyze the security of a particular system Compare the security or performance of several cryptosystems Evaluate security products (firewalls, software, etc.) Explore ways to write more secure code Lots of other possibilities Suggested topics will be posted on the class web site Papers should be about 7 8 pages long Introduction 11 Getting help Computer security can be a tough subject get help if you need it! I m here to help you learn the material It s up to you to ask for help Don t wait too long! Ask questions in class Visit office hours Ask general questions on the course newsgroup Ask specific questions by email Expect short answers, not long explanations Introduction 12 6

What is cheating? Cheating is: Copying answers from your fellow students Having someone else do your project for you Using material without attribution Cheating is not: Studying in a group: your fellow students are a great resource for understanding difficult material Discussing homework in general terms Using information from the Web, assuming you write down where you got it Copying answers off the Web may be cheating, though. Everything you turn in should be yours Document completely if it s not! Use common sense: if you re not sure, ask me before doing it Introduction 13 The Simpsons rule You may discuss homework with others General issues only You may not take notes You must take a 30 minute break before working on any CMPS 122 assignments Watch the Simpsons or good Warner Brothers cartoons Watch mindless TV Work on other classes Take a nap Introduction 14 7

Why should you take this course? Reason #1: Fate of Humanity Cryptography plays a central role in human history Survival of humanity depends on computer security Reason #2: Intellectual Curiosity Cryptology and computer security are about making and solving puzzles It s fun to do this! Reason #3: $$$ Computer security is a growing business There are always jobs for people who know how to keep vital computer resources safe Introduction 15 Bad reasons for taking this class You want to write the ultimate virus to wipe the world s hard drives clean You want to show (by doing) just how insecure Windows is You want to break into (UCSC s the NSA s your bank s) computer systems You re bored, and there s nothing better to take this quarter (I guess this isn t so bad) Introduction 16 8

What is security? Keeping something (information in our case) secure against Someone stealing it Someone destroying it Someone changing it Someone preventing me from using it More specifically Confidentiality: nobody else can see it Integrity: nobody else can change it Availability: I can get at it whenever I want Introduction 17 Security on physical things Use physical security rather than computer security Access to valuables was more difficult to obtain Had to be physically present in many cases! Moving the valuable could be difficult Alteration was easier to notice Physical marks were left if you tried to change something Physical goods had one copy If you have the copy, I don t No notion of multiple parties sharing the item Physical security could be Expensive: need to hire guards Difficult & dangerous: people got injured or killed Introduction 18 9

Security on information: the old way Information isn t like a physical object Copies can be made inexpensively A copy doesn t prevent the original from being used Easy to transport Less need for physical presence Value can be very high for small data Before computers, some things were still easy Integrity easier to check: look for signs of alteration Confidentiality: keep it a locked bank vault (and hope there are no bank robbers) Availability: only when the bank is open Introduction 19 Security in computing More difficult because of the nature of computers Confidentiality Easier to break into a networked computer without physical presence Easy to spread information around the world in minutes Integrity No signs that information has been altered Can t easily check to see if someone might have had access to the information to alter it Availability All the old ways of denying access still work Physical attacks Destroying the information New ways exist Keep the computer too busy to respond Prevent authorized users from seeing the information Introduction 20 10

Addressing security issues What are the risks? How likely is each one? How expensive would it be if the risk came to pass? What are the available countermeasures? How expensive are they to implement? How inconvenient are they? What are the vulnerabilities? Simple design flaws more than basic problems How can they be addressed? Bug fixes Workarounds Introduction 21 Computer intrusions This is (usually) a crime! Typically done for one of two reasons Commercial gain Fun Commercial gain Go after the most valuable item: often information Information can be Destroyed: loss of use to the owner Copied: used by a competitor for commercial advantage Fun Because it s there Because I disagree with their policies In both cases, intrusions follow the path of least resistance Strong security in one area doesn t cover for weak security elsewhere Relative security of different mechanisms can change over time Introduction 22 11

Attacks: terminology Attacks can be made on any of Hardware Software Data (information) Terms Threat: circumstances that may lead to loss or harm Vulnerability: weakness in the security system Control: something that reduces or removes a vulnerability Types of attacks Interception: unauthorized party gets access to an asset Interruption: asset becomes unusable (lost or destroyed) Modification: existing asset is changed Fabrication: fake asset is planted in the system Introduction 23 Goals of computer security Ensure that the system maintains Confidentiality Integrity May have many different (conflicting) meanings Must specify what it means in this case Availability Responds at all? Responds in a timely fashion? Can be used as it was intended? Has sufficient capacity? Others Maintaining these properties can be difficult! Introduction 24 12

Vulnerabilities Interruption Interception Modification Fabrication Hardware Denial of service Physical attack Theft Planting fake computers Software Data Deletion Deletion Unauthorized copying Surveillance Insider theft Logic bomb Trojan horse Virus Trapdoor Information leak Modify databases Change files Fake (or modified) software False records Introduction 25 Types of intruders Amateurs People who steal resources for their own uses Typically unsophisticated Crackers Access resources without permission Typically for fun, but may be other reasons Career criminals Well-planned attacks Usually for financial gain Military Done to disable opposing forces, typically Gain strategic advantage Introduction 26 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information