SlideShare a Scribd company logo

Intro (1).ppt

Download as PPT, PDF
Sameer Ali, profile picture
Sameer Ali

This document provides an overview of an introductory computer security class. It outlines administrative details such as staff, grading, and communication. It then discusses key topics that will be covered including the components of computer security, threats, vulnerabilities, attacks, controls, security policy, and assurance. Example topics that will be covered in lectures are also listed.

Education
1 of 27
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Slide #1-1 Introductory Computer Security CS461/ECE422 Fall 2010 Susan Hinrichs
Slide #1-2 Outline • Administrative Issues • Class Overview • Information Assurance Overview – Components of computer security – Threats, Vulnerabilities, Attacks, and Controls – Policy – Assurance
Slide #1-3 Administrivia • Staff – Susan Hinrichs, lecturer – Sonia Jahid, TA – Jurand Nogiec, TA • Communications – Class web page http://www.cs.illinois.edu/class/fa09/cs461 – Newsgroup cs461 • Office Hours – Susan: 12:30-1:30pm Wednesday and after class – Sonia and Jurand: TBA
Slide #1-4 More Administrivia • Grades – 2 midterms worth 25% each. • Tentatively: October 6 and November 17. – Final worth 35%. • 8am, December 16. – Roughly weekly homework worth 15%. Can drop low homework. 8 homeworks last year. – Extra project worth 20% for grad students taking for 4 credits – Submit homework via compass • Class Sections – Online students: geographically distributed – ECE and CS 3 and 4 credit sections
Slide #1-5 A Few Words on Class Integrity • Review department and university cheating and honor codes: – https://agora.cs.illinois.edu/display/under gradProg/Honor+Code – http://admin.illinois.edu/policy/code/artic le1_part4_1-402.html • This has been an issue in the past • Expectations for exams, homeworks, projects, and papers
Slide #1-6 Class Readings • Text Computer Security: Art and Science by Matt Bishop • Additional readings provided via compass or public links • Books on reserve at the library
Slide #1-7 Class Format • Meet three times a week • Mostly lecture format – Will attempt to have a class exercise about once a week. Will be noted on class web site. – Will attempt to make this relevant for online students too. • Lectures video taped for online students – All have access to tapes. Link on class web site. • A few lectures will be video only. Noted on schedule – Will still play video in class • Posted slides not sufficient to master material alone
Slide #1-8 Class communication • Limited physical access – Lecturer part time on campus • Use technology to help – Newsgroup for timely, persistent information – Email and phone
Slide #1-9 Security Classes at UIUC • Three introductory courses – Information Assurance (CS461/ECE422) • Covers NSA 4011 security professional requirements • Taught every semester – Computer Security (CS463/ECE424) • Continues in greater depth on more advanced security topics • Taught every semester or so – Applied Computer Security Lab • Taught last spring as CS498sh Will be CS460 • With CS461 covers NSA 4013 system administrator requirements • Two of the three courses will satisfy the Security Specialization in the CS track for Computer Science majors.
Slide #1-10 More Security Classes at UIUC • Theoretical Foundations of Cryptography – Prof Manoj Prabhakaran and Prof. Borisov • Security Reading Group CS591RHC • Advanced Computer Security CS563 • Math 595/ECE 559 – Cryptography • Local talks http://www.iti.illinois.edu/content/seminars- and-events • ITI Security Roadmap – http://www.iti.illinois.edu/content/security
Slide #1-11 Security in the News • DNS flaws – Dan Kamisky found flaw in widely used DNS protocol requiring upgrade of network infrastructure – http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html • InfoWar – Estonia http://blog.wired.com/27bstroke6/2007/08/cyber-war-and-e.html • Extortion - – Threaten DDoS attack unless company pays up – DDoS protection from carriers can cost $12K per month • Privacy/Identity theft – Albert Gonzalez and 130 million credit card numbers. – Facebook – ChoicePoint, Bank of America, disgruntled waiter • Worms – Conflicker, twitter worms – Slammer worm crashed nuclear power plant network
Slide #1-12 Class Topics • Mix of motivation, design, planning, and mechanisms • See lecture page – http://www.cs.illinois.edu/class/fa10/cs461/ lectures.html • A few open lecture spots if there are topics of particular interest • May have some industry guest lectures
Slide #1-13 Security Components • Confidentiality – Keeping data and resources hidden • Integrity – Data integrity (integrity) – Origin integrity (authentication) • Availability – Enabling access to data and resources
Slide #1-14 CIA Examples
Slide #1-15 Threat Terms • Threat – Set of circumstances that has the potential to cause loss or harm. Or a potential violation of security. • Vulnerability – Weakness in the system that could be exploited to cause loss or harm • Attack – When an entity exploits a vulnerability on system • Control – A means to prevent a vulnerability from being exploited
Slide #1-16 Example
Slide #1-17 Classes of Threats • Disclosure – Unauthorized access to information • Deception – Acceptance of false data • Disruption – Interruption or prevention of correct operation • Usurpation – Unauthorized control of some part of a system
Slide #1-18 Some common threats • Snooping – Unauthorized interception of information • Modification or alteration – Unauthorized change of information • Masquerading or spoofing – An impersonation of one entity by another • Repudiation of origin – A false denial that an entity sent or created something. • Denial of receipt – A false denial that an entity received some information.
Slide #1-19 More Common Threats • Delay – A temporary inhibition of service • Denial of Service – A long-term inhibition of service
Slide #1-20 More definitions • Policy – A statement of what is and what is not allowed – Divides the world into secure and non-secure states – A secure system starts in a secure state. All transitions keep it in a secure state. • Mechanism – A method, tool, or procedure for enforcing a security policy
Slide #1-21 Is this situation secure? • Web server accepts all connections – No authentication required – Self-registration – Connected to the Internet
Slide #1-22 Trust and Assumptions • Locks prevent unwanted physical access. – What are the assumptions this statement builds on?
Slide #1-23 Policy Assumptions • Policy correctly divides world into secure and insecure states. • Mechanisms prevent transition from secure to insecure states.
Slide #1-24 Another Policy Example • Bank officers may move money between accounts. – Any flawed assumptions here?
Slide #1-25 Assurance • Evidence of how much to trust a system • Evidence can include – System specifications – Design – Implementation • Mappings between the levels
Slide #1-26 Aspirin Assurance Example • Why do you trust Aspirin from a major manufacturer? – FDA certifies the aspirin recipe – Factory follows manufacturing standards – Safety seals on bottles • Analogy to software assurance
Slide #1-27 Key Points • Must look at the big picture when securing a system • Main components of security – Confidentiality – Integrity – Availability • Differentiating Threats, Vulnerabilities, Attacks and Controls • Policy vs mechanism • Assurance

More Related Content

PPT
introduction to data science- University
ssuser353bcb
 
PDF
COMP 424 Computer System Security Fall 2016
SamGuy7
 
PPT
lecture1-adnaced network for bigginerrs students
ssuser6c0026
 
PPT
Computer Security.ppt
SharudinBoriak1
 
PDF
Course Slides for CS_6035_01_Security Mindset (1)
leoyang0406
 
PPTX
Introduction to Computer Security
Kamal Acharya
 
PDF
Information Security Concepts.pdf
SameeraSarathchandra1
 
PPTX
02 fundamental aspects of security
Gemy Chan
 
introduction to data science- University
ssuser353bcb
 
COMP 424 Computer System Security Fall 2016
SamGuy7
 
lecture1-adnaced network for bigginerrs students
ssuser6c0026
 
Computer Security.ppt
SharudinBoriak1
 
Course Slides for CS_6035_01_Security Mindset (1)
leoyang0406
 
Introduction to Computer Security
Kamal Acharya
 
Information Security Concepts.pdf
SameeraSarathchandra1
 
02 fundamental aspects of security
Gemy Chan
 

Similar to Intro (1).ppt (20)

PPTX
Lecture1-InforSec-Computer and Internet security.pptx
markhorid1
 
DOCX
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
bagotjesusa
 
PPT
ICSE6104 Lecturedfffffffffffffffffffff 1.ppt
David622220
 
PPT
PBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
Itzsonya
 
PPT
Security practivce and their best way to lear
rahulshah641439
 
PPT
sect1--ch1--intro.ppt
krizettealfelor
 
PPT
IT-Security Awareness and Training session
sameerroushan
 
PPT
Security Of Information Assets and why it matters.ppt
hellasassin
 
PPT
hel1.ppt
ssuserfdf7272
 
PPT
hel1.ppt
Saiyed Shahab Ahmad
 
PPT
hel1.ppt
sheela631571
 
PPT
hel1.ppt
Thontadharya H.J.
 
PPT
Computer security power point prsentation.ppt
pihadar269
 
PPT
hel1.ppt
FauziRahmanWiratmadj
 
PPT
hel1.ppt
LakshmiPrasadGutta
 
PPT
Introduction to Computer Security.ppt
KojaSb
 
PPT
hel1.ppt
SharudinBoriak1
 
PPT
hel1 (1).ppt
Sameer Ali
 
PPT
hel1.ppt
UsmanSafdar21
 
PDF
OPERATING SYSTEM SECURITY
RohitK71
 
Lecture1-InforSec-Computer and Internet security.pptx
markhorid1
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
bagotjesusa
 
ICSE6104 Lecturedfffffffffffffffffffff 1.ppt
David622220
 
PBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
Itzsonya
 
Security practivce and their best way to lear
rahulshah641439
 
sect1--ch1--intro.ppt
krizettealfelor
 
IT-Security Awareness and Training session
sameerroushan
 
Security Of Information Assets and why it matters.ppt
hellasassin
 
hel1.ppt
ssuserfdf7272
 
hel1.ppt
Saiyed Shahab Ahmad
 
hel1.ppt
sheela631571
 
hel1.ppt
Thontadharya H.J.
 
Computer security power point prsentation.ppt
pihadar269
 
hel1.ppt
FauziRahmanWiratmadj
 
hel1.ppt
LakshmiPrasadGutta
 
Introduction to Computer Security.ppt
KojaSb
 
hel1.ppt
SharudinBoriak1
 
hel1 (1).ppt
Sameer Ali
 
hel1.ppt
UsmanSafdar21
 
OPERATING SYSTEM SECURITY
RohitK71
 
Ad

More from Sameer Ali (8)

PPT
555_Spring12CryptoCryptoCrypto_topic23.ppt
Sameer Ali
 
PPTX
Lecture 1 - Introduction to Course & Course outline.pptx
Sameer Ali
 
PPT
cloud-complete.ppt
Sameer Ali
 
PPT
secure_mobile.ppt
Sameer Ali
 
PPTX
CDP_2(1).pptx
Sameer Ali
 
PPTX
F14_Class1.pptx
Sameer Ali
 
PPTX
bruce-sdn.pptx
Sameer Ali
 
PDF
SINDH SALES TAX ON SERVICES ACT 2011.pdf
Sameer Ali
 
555_Spring12CryptoCryptoCrypto_topic23.ppt
Sameer Ali
 
Lecture 1 - Introduction to Course & Course outline.pptx
Sameer Ali
 
cloud-complete.ppt
Sameer Ali
 
secure_mobile.ppt
Sameer Ali
 
CDP_2(1).pptx
Sameer Ali
 
F14_Class1.pptx
Sameer Ali
 
bruce-sdn.pptx
Sameer Ali
 
SINDH SALES TAX ON SERVICES ACT 2011.pdf
Sameer Ali
 
Ad

Recently uploaded (20)

PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
master seminar digital applications in india
ananyaray35
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 

Intro (1).ppt

  • 1. Slide #1-1 Introductory Computer Security CS461/ECE422 Fall 2010 Susan Hinrichs
  • 2. Slide #1-2 Outline • Administrative Issues • Class Overview • Information Assurance Overview – Components of computer security – Threats, Vulnerabilities, Attacks, and Controls – Policy – Assurance
  • 3. Slide #1-3 Administrivia • Staff – Susan Hinrichs, lecturer – Sonia Jahid, TA – Jurand Nogiec, TA • Communications – Class web page http://www.cs.illinois.edu/class/fa09/cs461 – Newsgroup cs461 • Office Hours – Susan: 12:30-1:30pm Wednesday and after class – Sonia and Jurand: TBA
  • 4. Slide #1-4 More Administrivia • Grades – 2 midterms worth 25% each. • Tentatively: October 6 and November 17. – Final worth 35%. • 8am, December 16. – Roughly weekly homework worth 15%. Can drop low homework. 8 homeworks last year. – Extra project worth 20% for grad students taking for 4 credits – Submit homework via compass • Class Sections – Online students: geographically distributed – ECE and CS 3 and 4 credit sections
  • 5. Slide #1-5 A Few Words on Class Integrity • Review department and university cheating and honor codes: – https://agora.cs.illinois.edu/display/under gradProg/Honor+Code – http://admin.illinois.edu/policy/code/artic le1_part4_1-402.html • This has been an issue in the past • Expectations for exams, homeworks, projects, and papers
  • 6. Slide #1-6 Class Readings • Text Computer Security: Art and Science by Matt Bishop • Additional readings provided via compass or public links • Books on reserve at the library
  • 7. Slide #1-7 Class Format • Meet three times a week • Mostly lecture format – Will attempt to have a class exercise about once a week. Will be noted on class web site. – Will attempt to make this relevant for online students too. • Lectures video taped for online students – All have access to tapes. Link on class web site. • A few lectures will be video only. Noted on schedule – Will still play video in class • Posted slides not sufficient to master material alone
  • 8. Slide #1-8 Class communication • Limited physical access – Lecturer part time on campus • Use technology to help – Newsgroup for timely, persistent information – Email and phone
  • 9. Slide #1-9 Security Classes at UIUC • Three introductory courses – Information Assurance (CS461/ECE422) • Covers NSA 4011 security professional requirements • Taught every semester – Computer Security (CS463/ECE424) • Continues in greater depth on more advanced security topics • Taught every semester or so – Applied Computer Security Lab • Taught last spring as CS498sh Will be CS460 • With CS461 covers NSA 4013 system administrator requirements • Two of the three courses will satisfy the Security Specialization in the CS track for Computer Science majors.
  • 10. Slide #1-10 More Security Classes at UIUC • Theoretical Foundations of Cryptography – Prof Manoj Prabhakaran and Prof. Borisov • Security Reading Group CS591RHC • Advanced Computer Security CS563 • Math 595/ECE 559 – Cryptography • Local talks http://www.iti.illinois.edu/content/seminars- and-events • ITI Security Roadmap – http://www.iti.illinois.edu/content/security
  • 11. Slide #1-11 Security in the News • DNS flaws – Dan Kamisky found flaw in widely used DNS protocol requiring upgrade of network infrastructure – http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html • InfoWar – Estonia http://blog.wired.com/27bstroke6/2007/08/cyber-war-and-e.html • Extortion - – Threaten DDoS attack unless company pays up – DDoS protection from carriers can cost $12K per month • Privacy/Identity theft – Albert Gonzalez and 130 million credit card numbers. – Facebook – ChoicePoint, Bank of America, disgruntled waiter • Worms – Conflicker, twitter worms – Slammer worm crashed nuclear power plant network
  • 12. Slide #1-12 Class Topics • Mix of motivation, design, planning, and mechanisms • See lecture page – http://www.cs.illinois.edu/class/fa10/cs461/ lectures.html • A few open lecture spots if there are topics of particular interest • May have some industry guest lectures
  • 13. Slide #1-13 Security Components • Confidentiality – Keeping data and resources hidden • Integrity – Data integrity (integrity) – Origin integrity (authentication) • Availability – Enabling access to data and resources
  • 15. Slide #1-15 Threat Terms • Threat – Set of circumstances that has the potential to cause loss or harm. Or a potential violation of security. • Vulnerability – Weakness in the system that could be exploited to cause loss or harm • Attack – When an entity exploits a vulnerability on system • Control – A means to prevent a vulnerability from being exploited
  • 17. Slide #1-17 Classes of Threats • Disclosure – Unauthorized access to information • Deception – Acceptance of false data • Disruption – Interruption or prevention of correct operation • Usurpation – Unauthorized control of some part of a system
  • 18. Slide #1-18 Some common threats • Snooping – Unauthorized interception of information • Modification or alteration – Unauthorized change of information • Masquerading or spoofing – An impersonation of one entity by another • Repudiation of origin – A false denial that an entity sent or created something. • Denial of receipt – A false denial that an entity received some information.
  • 19. Slide #1-19 More Common Threats • Delay – A temporary inhibition of service • Denial of Service – A long-term inhibition of service
  • 20. Slide #1-20 More definitions • Policy – A statement of what is and what is not allowed – Divides the world into secure and non-secure states – A secure system starts in a secure state. All transitions keep it in a secure state. • Mechanism – A method, tool, or procedure for enforcing a security policy
  • 21. Slide #1-21 Is this situation secure? • Web server accepts all connections – No authentication required – Self-registration – Connected to the Internet
  • 22. Slide #1-22 Trust and Assumptions • Locks prevent unwanted physical access. – What are the assumptions this statement builds on?
  • 23. Slide #1-23 Policy Assumptions • Policy correctly divides world into secure and insecure states. • Mechanisms prevent transition from secure to insecure states.
  • 24. Slide #1-24 Another Policy Example • Bank officers may move money between accounts. – Any flawed assumptions here?
  • 25. Slide #1-25 Assurance • Evidence of how much to trust a system • Evidence can include – System specifications – Design – Implementation • Mappings between the levels
  • 26. Slide #1-26 Aspirin Assurance Example • Why do you trust Aspirin from a major manufacturer? – FDA certifies the aspirin recipe – Factory follows manufacturing standards – Safety seals on bottles • Analogy to software assurance
  • 27. Slide #1-27 Key Points • Must look at the big picture when securing a system • Main components of security – Confidentiality – Integrity – Availability • Differentiating Threats, Vulnerabilities, Attacks and Controls • Policy vs mechanism • Assurance