Documente Academic
Documente Profesional
Documente Cultură
Final Exam
Last lecture is only revision, will be quick.
Final exam! Check the exam timetable.
Internet History
1957: Russia launches Sputnik. U.S. Government creates the Defense Advanced Research Projects Agency (DARPA). 1967: starts to develop a data network that can survive a nuclear war. A mesh of connections
so that as bases get nuked, network traffic can travel around the damage.
If its secret, you cant get to it or change it. If you can get to it or change it, its not secret.
% of all accounts
What Is IP Spoofing?
To spoof = to pretend to be someone else. IP spoofing you pretend to be another computer, take over their IP number.
Pretend to be 2 other computers. All traffic between the two computers can be routed through your computer. Example: firewall and the email server so you can read emails.
Source: www.ethereal.com
No way to turn an encrypted password back into the password. But you can encrypt any word
encrypted word = encrypted password?
Yes!
Petunia,
FBI Dictionary-Based Cracker The FBI has a program for finding passwords:
Uses all the words on the victims criminals hard drive. Has a 50% success rate. Runs as a screensaver, so all the idle office PCs are running it.
that is in any
Threats
Threat: an object, person, or other entity that represents a constant danger to an asset Management must be informed of the different threats facing the organization The 2006 CSI/FBI survey found:
72 percent of organizations reported cyber security breaches within the last 12 months 52 percent of respondents identified unauthorized computer use
16
17
18
19
Attacks
Act or action that exploits a vulnerability (i.e., a weakness) in a controlled system
20
Types of Attacks
We can distinguish 2 types of attacks: Active attack: attempts to alter system resources or affect their operation Passive attack: attempts to learn or make use of information from the system, but does not change a system Can also classify attacks by their origin: Inside attack: Initiated by an entity inside the organization (an "insider). Outside attack: Initiated from outside the organization (an outsider).
A submarine with a gap in the pressure hull. Lets it land on top of an undersea cable and pull the cable inside, to attach a listening device to the cable.
http://news.zdnet.com/2100-9595_22-529826.html
24
25
26
27
Another difference:
Law if you didnt know the law, you still go to prison. Policy if you didnt know the policy, its okay.
30
Do you think its okay to go to jail for breaking a law you didnt know?
32
Is this fair?
Once ranked vulnerability risk worksheet complete, must choose one of four strategies to control each risk:
1. Apply safeguards (avoidance) 2. Transfer the risk (transference) 3. Reduce impact (mitigation)
34
1. Avoidance
2. Transference
Control approach that attempts to shift risk to other assets, processes, or organizations
If lacking, organization should hire individuals/firms that provide security management and administration expertise
Organization may then transfer risk associated with management of complex systems to another organization experienced in dealing with those risks
36
3. Mitigation
3. Mitigation (continued)
38
4. Acceptance
Doing nothing to protect a vulnerability and accepting the outcome of its exploitation
Valid only when the particular function, service, information, or asset does not justify cost of protection use cost-benefit?
Risk appetite describes the degree to which organization is willing to accept risk as trade-off to the expense of applying controls
39
There is a tiny chance that your nuclear reactor will destroy the city. Should you turn it off?
40
4 - Ca t a st ro ph ic
C D D D
1 - U nlik e ly
B C D D
2 - O c c a s ion a l
A B C D
3 - P ro ba b le
A A B C
4 - Fr e qu e nt
3 - C ritic a l
2 - M a rg ina l
1 - N e glig a ble
I n c re a s in g F re q u e n c y
Firewall: device that selectively discriminates against information flowing into or out of organization Demilitarized Zone (DMZ): no-mans land between inside and outside networks where some organizations place Web servers Intrusion Detection Systems (IDSs): in effort to detect unauthorized activity within inner network, or on individual machines, organization may wish to implement an IDS
42
43
44
137.219.16.23
45
Dual-Connection Routers
User PCs have addresses in 192.168.*.* with gateway 192.168.2.1 to the Internet.
46
Port numbers go up to 65536. 1024 and above are open to any program.
Usually for replies from servers.
47
Looks for signs of attacks When examining packets, the NIDPS looks for attack patterns. Installed at a place in the network where it watches traffic going in and out of particular segment.
e.g., between the web server and the gateway.
48
49
Access Control
53
Encryption
Plaintext the original information. Ciphertext mixed up, to make it unreadable.
A cipher is another word for a code.
Encryption algorithms are complicated but you need a key to encrypt and a key to decrypt.
Sender Shared Secret-Key Receiver
Network
ciphertext
Decryption plaintext
Vigenre cipher:
57
Encryption
The sender encrypts the messages using a key before sending them out to the network The receiver uses the corresponding key to decrypt. If the keys are secret, nobody else can read messages. Problem: how to distribute keys?
You need a trusted third party to send the keys.
Encryption/Decryption Keys
Public-key cipher two different keys:
A private key for you. A public key for everyone else.
Public-key encryption gets around the key problem! You never send the private key. Only send the public key.
You can tell everyone about the public key. Put it on your business card.
Public-Key Encryption/Decryption
Advantage
Easy to distribute public key More scalable with less keys, 2N keys for N users
Disadvantage
Complex algorithm (very CPU intensive, but not really a problem for modern computers) Still need authentication for the public key (phone to check)
To the public Sender Receivers Private Receiver plaintext Encryption ciphertext Receivers Public
Network
Public-Key Confidentiality
John sends to Sue encrypt with Sues public key. Sue use her private key to decrypt.
Public-Key Authentication
sent this message? 1. John encrypts a message using his private key.
i.e., John signs the message. Authentication how do you know that John really
2. John sends the encrypted message to Sue. 3. Sue decrypts the received message using Johns public key. Everyone can decrypt the message since Johns public key is known not confidential! Everyone knows that the message can only be sent by John, since only John knows his own
Authentication + Confidentiality
To provide both authentication and confidentiality, you need to encrypt twice. You use your private key and someone elses public key. Creates a unique shared key. Two ways to create the shared key.
Use asymmetric encryption to share a unique, onceonly symetric key hybrid. Diffie-Hellman Key Exchange method:
most common hybrid system; provided foundation for subsequent developments in public-key encryption
64
Physical Security
Seven major sources of physical loss: 1. Extreme temperature (e.g., fires) 2. Gases 3. Liquids 4. Living organisms (insects, fungus) 5. Projectiles (e.g., bullets, falling objects)
6. Movement
7. Energy anomalies
65
67
Static electricity
68
Emergency Shutoff
Important physical security feature:
an off switch.
Most computer rooms and wiring closets have an emergency power off button.
69
Allow about 35 minutes for multiple choice and 85 minutes for the short answer.
70