SlideShare a Scribd company logo

Information security power point slides.ppt

Download as PPT, PDF
M
MuhammadAbdullah311866

This document provides an overview and introduction to the CS526 Information Security course. It discusses recent security news stories, such as the Snowden NSA leaks and Stuxnet attack. It then outlines the goals of security - confidentiality, integrity, and availability. Computer security issues like malware, hacking, and identity theft are explained. Reasons for attacks are discussed, such as profit motive or boredom of attackers. Challenges to security include software bugs, user mistakes, and complexity of computer systems. Information security is an interesting but challenging field due to human adversaries and the difficulty of defense compared to attack. The course will cover security principles, attacks and defenses, and ethical use of security information. Upcoming topics will include cryptography

Education
1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
CS526 1 Information Security CS 526 Topic 1 Overview of the Course Topic 1
Recent Security News • Snowden leaks information about various NSA data collection programs – Phone call record – Supposedly email, instant message, etc. • National Security Agency – http://www.pbs.org/wgbh/pages/frontline/homefront/pre emption/nsa.html • Facebook CEO’s page hacked by Palestinian Khalil Shreateh to demonstrate bugs in Facebook CS526 Topic 1 2
In the News Last Year: Hackers Force Apple, Amazon to Change Security Policy • What happened? – Hackers gained access to Mat Honan (a reporter)’s iCloud account, then (according to Honan) • At 5:00 PM, they remote wiped my iPhone At 5:01 PM, they remote wiped my iPad At 5:05, they remote wiped my MacBook Air. • How did the attacker get access to iCloud account? Any guess? • Lessons? • Security only as strong as the weakest link. • Information sharing across platforms can lead to unexpected vulnerabilities CS526 Topic 1 3
Stuxnet (2010) • Stuxnet: Windows-based Worm – Worm: self-propagating malicious software (malware) • Attack Siemens software that control industrial control systems (ICS) and these systems – Used in factories, chemical plants, and nuclear power plants • First reported in June 2010, the general public aware of it only in July 2010 • Seems to be a digital weapon created by a nation-state – 60% (more than 62 thousand) of infected computers in Iran – Iran confirmed that nuclear program damaged by Stuxnet – Sophisticated design, special targets, expensive to develop CS526 4 Topic 1
Malware That Appear to Be Related to Stuxnet • Duqu (September 2011) – Use stolen certificates, exploits MS Word • Flame (May 2012) – A tool for cyber espionage in Middle East (infecting approx. 1000 machines, mostly in Iran) – “Suicide” after being discovered – 20 Mbytes, with SQLLite DB to store info, hide its own presence, exploit similar vulnerabilities as StuxNet, adjust its behavior to different Anti-Virus – Presents a novel way to produce MD5 hash collision to exploit certificates CS526 Topic 1 5
CS526 6 See the Course Homepage • http://www.cs.purdue.edu/homes/ninghui/courses/ 526_Fall13/index.html • Knowledge needed for the course – Programming knowledge (for two programming projects) • Web (PHP) • Low-level (C, knowledge of assembly) – Knowledge of computer/networking – Appropriate mathematical sophistication Topic 1
CS526 7 Readings for This Lecture Required readings: – Information Security on Wikipedia (Basic principles & Risk management) Optional Readings: – Counter Hack Reloaded • Chapter 1: Introduction – Security in Computing: Chapter 1 Topic 1
What is Information (Computer) Security? • Security = Sustain desirable properties under intelligent adversaries • Desirable properties – Understand what properties are needed. • Intelligent adversaries – Needs to understand/model adversaries – Always think about adversaries. CS526 Topic 1 8
CS526 9 Security Goals/Properties (C, I, A) • Confidentiality (secrecy, privacy) – only those who are authorized to know can know • Integrity (also authenticity in communication) – only modified by authorized parties and in permitted ways – do things that are expected • Availability – those authorized to access can get access Topic 1
Which of C, I, A are violated in .. • The Stuxnet attack compromises – integrity of software systems, – availability of some control functionalities, – confidentiality of some keys in order to sign malware to be loaded by Windows • The Apple/Amazon attack – Confidentiality of credit card digits – Integrity of password – Availability of data and devices • The Facebook attack – Integrity – Potential availability concern CS526 10 Topic 1
CS526 11 Computer Security Issues • Malware (Malicious Software) – Computer viruses – Trojan horses – Computer worms • E.g., Morris worm (1988), Melissa worm (1999), Stuxnet (2010), etc. – Spywares – Malwares on mobile devices • Computer break-ins • Email spams – E.g., Nigerian scam (419 scam, advanced fee fraud), stock recommendations Topic 1
More Computer Security Issues • Identity theft • Driveby downloads • Botnets • Distributed denial of service attacks • Serious security flaws in many important systems – electronic voting machines, ATM systems CS526 12 Topic 1
CS526 13 Why Do Computer Attacks Occur? • Who are the attackers? – bored teenagers, criminals, organized crime organizations, rogue (or other) states, industrial espionage, angry employees, … • Why they do it? – fun, – fame, – profit, … • computer systems are where the moneys are – Political/military objectives Topic 1
CS526 14 Why These Attacks Can Succeed? • Software/computer systems are buggy • Users make mistakes • Technological factors – Von Neumann architecture: stored programs – Unsafe program languages – Software are complex, dynamic, and increasingly so – Making things secure are hard – Security may make things harder to use Topic 1
CS526 15 Why Do These Factors Exist? • Economical factors – Lack of incentives for secure software – Security is difficult, expensive and takes time • Human factors – Lack of security training for software engineers – Largely uneducated population Topic 1
CS526 16 Security is Not Absolute • Is your car secure? • What does “secure” mean? • Are you secure when you drive your car? • Security is relative – to the kinds of loss one consider • security objectives/properties need to be stated – to the threats/adversaries under consideration. • security is always under certain assumptions Topic 1
CS526 17 Security is Secondary • What protection/security mechanisms one has in the physical world? • Why the need for security mechanisms arises? • Security is secondary to the interactions that make security necessary. Robert H. Morris : The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it. Topic 1
CS526 18 Information Security is Interesting • The most interesting/challenging threats to security are posed by human adversaries – Security is harder than reliability • Information security is a self-sustaining field – Can work both from attack perspective and from defense perspective • Security is about benefit/cost tradeoff – Thought often the tradeoff analysis is not explicit • Security is not all technological – Humans are often the weakest link Topic 1
CS526 19 Information Security is Challenging • Defense is almost always harder than attack. • In which ways information security is more difficult than physical security? – adversaries can come from anywhere – computers enable large-scale automation – adversaries can be difficult to identify – adversaries can be difficult to punish – potential payoff can be much higher • In which ways information security is easier than physical security? Topic 1
CS526 20 Tools for Information Security • Cryptography • Authentication and Access control • Hardware/software architecture for separation • Processes and tools for developing more secure software • Monitoring and analysis • Recovery and response Topic 1
CS526 21 What is This Course About? • Learn to think about security when doing things • Learn to understand and apply security principles • Learn how computers can be attacked, how to prevent attacks and/or limit their consequences. – No silver bullet; man-made complex systems will have errors; errors may be exploited – Large number of ways to attack – Large collection of specific methods for specific purposes Topic 1
CS526 22 Ethical Use of Security Information • We discuss vulnerabilities and attacks – Most vulnerabilities have been fixed – Some attacks may still cause harm – Do not try these outside the context of this course Topic 1
CS526 23 Coming Attractions … • Cryptography: terminology and classic ciphers. • Readings – Cryptography on Wikipedia Topic 1

More Related Content

PPT
15_526_topic01.ppt
Faiz Fanani
 
PPTX
Defending Enterprise IT - beating assymetricality
Claus Cramon Houmann
 
PPTX
LIS3353 SP12 Week 9
Amanda Case
 
PPT
Security for database administrator to enhance security
ssuser20fcbe
 
PPT
Computer Security
Greater Noida Institute Of Technology
 
PPTX
ITT408_Unit#1_InformationSecurity_Fundamentals_STUDENTS.pptx
srizvi9
 
PPTX
Presentation infra and_datacentrre_dialogue_v2
Claus Cramon Houmann
 
PPTX
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 
15_526_topic01.ppt
Faiz Fanani
 
Defending Enterprise IT - beating assymetricality
Claus Cramon Houmann
 
LIS3353 SP12 Week 9
Amanda Case
 
Security for database administrator to enhance security
ssuser20fcbe
 
Computer Security
Greater Noida Institute Of Technology
 
ITT408_Unit#1_InformationSecurity_Fundamentals_STUDENTS.pptx
srizvi9
 
Presentation infra and_datacentrre_dialogue_v2
Claus Cramon Houmann
 
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 

Similar to Information security power point slides.ppt (20)

PPT
Computer Security.ppt
SharudinBoriak1
 
PPT
lecture1-adnaced network for bigginerrs students
ssuser6c0026
 
PPTX
Keynote at the Cyber Security Summit Prague 2015
Claus Cramon Houmann
 
PDF
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Shah Sheikh
 
PDF
1_Introduction.pdf
ssuserfb92ae
 
PPT
Isys20261 lecture 11
Wiliam Ferraciolli
 
PDF
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
PPTX
Security in Computer System
Manesh T
 
PDF
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Mohammed Almeshekah
 
PPT
Isys20261 lecture 01
Wiliam Ferraciolli
 
PPTX
Cyber security for business
Daniel Thomas
 
PPT
Intro (1).ppt
Sameer Ali
 
PDF
cryptograph and computer security lecture 1.pdf
AWELHAJI2
 
PDF
Webinar - Reducing the Risk of a Cyber Attack on Utilities
WPICPE
 
PPT
introduction to data science- University
ssuser353bcb
 
PPT
Isys20261 lecture 02
Wiliam Ferraciolli
 
PPT
Security in Software issues in software.ppt
MrRRThirrunavukkaras
 
PPTX
Data Information and Security Unit-1.pptx
sbrainyajay
 
PPT
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos De Pedro
 
PPT
ISM Chapter 1.ppt
SajjadAbdullah4
 
Computer Security.ppt
SharudinBoriak1
 
lecture1-adnaced network for bigginerrs students
ssuser6c0026
 
Keynote at the Cyber Security Summit Prague 2015
Claus Cramon Houmann
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Shah Sheikh
 
1_Introduction.pdf
ssuserfb92ae
 
Isys20261 lecture 11
Wiliam Ferraciolli
 
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
Security in Computer System
Manesh T
 
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Mohammed Almeshekah
 
Isys20261 lecture 01
Wiliam Ferraciolli
 
Cyber security for business
Daniel Thomas
 
Intro (1).ppt
Sameer Ali
 
cryptograph and computer security lecture 1.pdf
AWELHAJI2
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
WPICPE
 
introduction to data science- University
ssuser353bcb
 
Isys20261 lecture 02
Wiliam Ferraciolli
 
Security in Software issues in software.ppt
MrRRThirrunavukkaras
 
Data Information and Security Unit-1.pptx
sbrainyajay
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos De Pedro
 
ISM Chapter 1.ppt
SajjadAbdullah4
 
Ad

More from MuhammadAbdullah311866 (20)

PDF
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
MuhammadAbdullah311866
 
PPTX
GCCS-privacy-PP-final presentation-3-1.pptx
MuhammadAbdullah311866
 
PPTX
presentationcloud-18123333331185718.pptx
MuhammadAbdullah311866
 
PPTX
cybersecurity assessS-Ment-and-I(1).pptx
MuhammadAbdullah311866
 
PPTX
Security-Monitoring-and-Improvement.pptx
MuhammadAbdullah311866
 
PPTX
Responsibilities of the CSIRT--abss.pptx
MuhammadAbdullah311866
 
PPTX
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
MuhammadAbdullah311866
 
PDF
bash_1_2021-command line introduction.pdf
MuhammadAbdullah311866
 
PPTX
framework_update_report-yer20170301.pptx
MuhammadAbdullah311866
 
PPTX
cybersecurity_framework_webinar_2017.pptx
MuhammadAbdullah311866
 
PPTX
package module in the python environement.pptx
MuhammadAbdullah311866
 
PPTX
Supply-Chain-Management-and-Cloud-Security.pptx
MuhammadAbdullah311866
 
DOCX
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
MuhammadAbdullah311866
 
PPT
overview of principles of computerss.ppt
MuhammadAbdullah311866
 
PPT
information security importance and use.ppt
MuhammadAbdullah311866
 
PPT
implementing the encryption in the JAVA.ppt
MuhammadAbdullah311866
 
PPT
compatibility and complexity in the IS.ppt
MuhammadAbdullah311866
 
PPT
turning test, how it works and winners.ppt
MuhammadAbdullah311866
 
PPT
games, infosec, privacy, adversaries .ppt
MuhammadAbdullah311866
 
PPT
Authentication Authorization-Lesson-2-Slides.ppt
MuhammadAbdullah311866
 
NVIDIA DGX User Group 1st Meet Up_30 Apr 2021.pdf
MuhammadAbdullah311866
 
GCCS-privacy-PP-final presentation-3-1.pptx
MuhammadAbdullah311866
 
presentationcloud-18123333331185718.pptx
MuhammadAbdullah311866
 
cybersecurity assessS-Ment-and-I(1).pptx
MuhammadAbdullah311866
 
Security-Monitoring-and-Improvement.pptx
MuhammadAbdullah311866
 
Responsibilities of the CSIRT--abss.pptx
MuhammadAbdullah311866
 
Fusion-Center-ITS-Security-and-Privacy-Operations (1).pptx
MuhammadAbdullah311866
 
bash_1_2021-command line introduction.pdf
MuhammadAbdullah311866
 
framework_update_report-yer20170301.pptx
MuhammadAbdullah311866
 
cybersecurity_framework_webinar_2017.pptx
MuhammadAbdullah311866
 
package module in the python environement.pptx
MuhammadAbdullah311866
 
Supply-Chain-Management-and-Cloud-Security.pptx
MuhammadAbdullah311866
 
1-William Stallings - Effective Cybersecurity_ A Guide to Using Best Practice...
MuhammadAbdullah311866
 
overview of principles of computerss.ppt
MuhammadAbdullah311866
 
information security importance and use.ppt
MuhammadAbdullah311866
 
implementing the encryption in the JAVA.ppt
MuhammadAbdullah311866
 
compatibility and complexity in the IS.ppt
MuhammadAbdullah311866
 
turning test, how it works and winners.ppt
MuhammadAbdullah311866
 
games, infosec, privacy, adversaries .ppt
MuhammadAbdullah311866
 
Authentication Authorization-Lesson-2-Slides.ppt
MuhammadAbdullah311866
 
Ad

Recently uploaded (20)

PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PPTX
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PDF
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Pre independence Education in Inndia.pdf
goofy5603
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 

Information security power point slides.ppt

  • 1. CS526 1 Information Security CS 526 Topic 1 Overview of the Course Topic 1
  • 2. Recent Security News • Snowden leaks information about various NSA data collection programs – Phone call record – Supposedly email, instant message, etc. • National Security Agency – http://www.pbs.org/wgbh/pages/frontline/homefront/pre emption/nsa.html • Facebook CEO’s page hacked by Palestinian Khalil Shreateh to demonstrate bugs in Facebook CS526 Topic 1 2
  • 3. In the News Last Year: Hackers Force Apple, Amazon to Change Security Policy • What happened? – Hackers gained access to Mat Honan (a reporter)’s iCloud account, then (according to Honan) • At 5:00 PM, they remote wiped my iPhone At 5:01 PM, they remote wiped my iPad At 5:05, they remote wiped my MacBook Air. • How did the attacker get access to iCloud account? Any guess? • Lessons? • Security only as strong as the weakest link. • Information sharing across platforms can lead to unexpected vulnerabilities CS526 Topic 1 3
  • 4. Stuxnet (2010) • Stuxnet: Windows-based Worm – Worm: self-propagating malicious software (malware) • Attack Siemens software that control industrial control systems (ICS) and these systems – Used in factories, chemical plants, and nuclear power plants • First reported in June 2010, the general public aware of it only in July 2010 • Seems to be a digital weapon created by a nation-state – 60% (more than 62 thousand) of infected computers in Iran – Iran confirmed that nuclear program damaged by Stuxnet – Sophisticated design, special targets, expensive to develop CS526 4 Topic 1
  • 5. Malware That Appear to Be Related to Stuxnet • Duqu (September 2011) – Use stolen certificates, exploits MS Word • Flame (May 2012) – A tool for cyber espionage in Middle East (infecting approx. 1000 machines, mostly in Iran) – “Suicide” after being discovered – 20 Mbytes, with SQLLite DB to store info, hide its own presence, exploit similar vulnerabilities as StuxNet, adjust its behavior to different Anti-Virus – Presents a novel way to produce MD5 hash collision to exploit certificates CS526 Topic 1 5
  • 6. CS526 6 See the Course Homepage • http://www.cs.purdue.edu/homes/ninghui/courses/ 526_Fall13/index.html • Knowledge needed for the course – Programming knowledge (for two programming projects) • Web (PHP) • Low-level (C, knowledge of assembly) – Knowledge of computer/networking – Appropriate mathematical sophistication Topic 1
  • 7. CS526 7 Readings for This Lecture Required readings: – Information Security on Wikipedia (Basic principles & Risk management) Optional Readings: – Counter Hack Reloaded • Chapter 1: Introduction – Security in Computing: Chapter 1 Topic 1
  • 8. What is Information (Computer) Security? • Security = Sustain desirable properties under intelligent adversaries • Desirable properties – Understand what properties are needed. • Intelligent adversaries – Needs to understand/model adversaries – Always think about adversaries. CS526 Topic 1 8
  • 9. CS526 9 Security Goals/Properties (C, I, A) • Confidentiality (secrecy, privacy) – only those who are authorized to know can know • Integrity (also authenticity in communication) – only modified by authorized parties and in permitted ways – do things that are expected • Availability – those authorized to access can get access Topic 1
  • 10. Which of C, I, A are violated in .. • The Stuxnet attack compromises – integrity of software systems, – availability of some control functionalities, – confidentiality of some keys in order to sign malware to be loaded by Windows • The Apple/Amazon attack – Confidentiality of credit card digits – Integrity of password – Availability of data and devices • The Facebook attack – Integrity – Potential availability concern CS526 10 Topic 1
  • 11. CS526 11 Computer Security Issues • Malware (Malicious Software) – Computer viruses – Trojan horses – Computer worms • E.g., Morris worm (1988), Melissa worm (1999), Stuxnet (2010), etc. – Spywares – Malwares on mobile devices • Computer break-ins • Email spams – E.g., Nigerian scam (419 scam, advanced fee fraud), stock recommendations Topic 1
  • 12. More Computer Security Issues • Identity theft • Driveby downloads • Botnets • Distributed denial of service attacks • Serious security flaws in many important systems – electronic voting machines, ATM systems CS526 12 Topic 1
  • 13. CS526 13 Why Do Computer Attacks Occur? • Who are the attackers? – bored teenagers, criminals, organized crime organizations, rogue (or other) states, industrial espionage, angry employees, … • Why they do it? – fun, – fame, – profit, … • computer systems are where the moneys are – Political/military objectives Topic 1
  • 14. CS526 14 Why These Attacks Can Succeed? • Software/computer systems are buggy • Users make mistakes • Technological factors – Von Neumann architecture: stored programs – Unsafe program languages – Software are complex, dynamic, and increasingly so – Making things secure are hard – Security may make things harder to use Topic 1
  • 15. CS526 15 Why Do These Factors Exist? • Economical factors – Lack of incentives for secure software – Security is difficult, expensive and takes time • Human factors – Lack of security training for software engineers – Largely uneducated population Topic 1
  • 16. CS526 16 Security is Not Absolute • Is your car secure? • What does “secure” mean? • Are you secure when you drive your car? • Security is relative – to the kinds of loss one consider • security objectives/properties need to be stated – to the threats/adversaries under consideration. • security is always under certain assumptions Topic 1
  • 17. CS526 17 Security is Secondary • What protection/security mechanisms one has in the physical world? • Why the need for security mechanisms arises? • Security is secondary to the interactions that make security necessary. Robert H. Morris : The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it. Topic 1
  • 18. CS526 18 Information Security is Interesting • The most interesting/challenging threats to security are posed by human adversaries – Security is harder than reliability • Information security is a self-sustaining field – Can work both from attack perspective and from defense perspective • Security is about benefit/cost tradeoff – Thought often the tradeoff analysis is not explicit • Security is not all technological – Humans are often the weakest link Topic 1
  • 19. CS526 19 Information Security is Challenging • Defense is almost always harder than attack. • In which ways information security is more difficult than physical security? – adversaries can come from anywhere – computers enable large-scale automation – adversaries can be difficult to identify – adversaries can be difficult to punish – potential payoff can be much higher • In which ways information security is easier than physical security? Topic 1
  • 20. CS526 20 Tools for Information Security • Cryptography • Authentication and Access control • Hardware/software architecture for separation • Processes and tools for developing more secure software • Monitoring and analysis • Recovery and response Topic 1
  • 21. CS526 21 What is This Course About? • Learn to think about security when doing things • Learn to understand and apply security principles • Learn how computers can be attacked, how to prevent attacks and/or limit their consequences. – No silver bullet; man-made complex systems will have errors; errors may be exploited – Large number of ways to attack – Large collection of specific methods for specific purposes Topic 1
  • 22. CS526 22 Ethical Use of Security Information • We discuss vulnerabilities and attacks – Most vulnerabilities have been fixed – Some attacks may still cause harm – Do not try these outside the context of this course Topic 1
  • 23. CS526 23 Coming Attractions … • Cryptography: terminology and classic ciphers. • Readings – Cryptography on Wikipedia Topic 1