Documente Academic
Documente Profesional
Documente Cultură
Introduction
Introduction
Vandals
– Commercial and political reasons
– Mostly, nut cases and irresponsible kids (“script kiddies”)
Joy riders
– Technically skilled
– Psychologically challenged
– Again, mostly kids
Insiders!
EDUCATION!!
Security and People
People, not technology, are often the weakest link
– Create awareness and educate people that security matters
– Create business processes that enhance security
• accurate provisioning, password mgmt, stronger authentication,
segregation of duty
1/2002, hacker penetrates financial software maker Online Resources; then uses
this to hack into a NY bank and steal account data; then extorts the bank
2007 - Theft of laptops and PDAs is top security concern for CIOs
2008 – Identity theft is top concern for individuals (1 in 6 Americans last year!)
2009 – Data Leakage is a key concern for security and compliance officers
2010 – Where are our (virtualized) systems? Who has access to them?
70% of all cases are “internal work” – profit, revenge, and ignorance
Nightmare Scenario #2:
Our communication can be exposed
In 16th century, Mary Queen of Scots loses her head when her coded
messages are deciphered
In WWII, many German U-boats were destroyed once the British were
able to decipher their Enigma messages
Massive defacing
– 2001- hacker group defaces 679 sites in 1 minute
– 2003 - Blackhat defacing competition: winner must deface 6000 sites asap
Main Textbook
– “Network Security Essentials: Applications and Standards” /
William Stallings (old edition OK)
Highly recommended
– Applied Cryptography / Bruce Schneier
Administrativia
Lecturer: Dr. Ron Rymon
Teaching Assistant: Ilan Atias
Credits: 3
Open to CS MSc, and BSc (2nd and 3rd year) students
Alice Bob
Trusted Server
Example
Alice Bob
Authorization
– Must be authorized to gain access to specific data, other
computing resources.
• E.g., file systems, firewalls, application authorization model
• Various levels of granularity
ITU/IETF X.800: Security Threats,
Attacks, Services, and Mechanisms
Security Threat: A potential attack on systems or on information
security needs