lect7_security

lect7_security - Internet Security: Are You Safe Out There?...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Carey Nachenberg, Symantec Fellow Symantec Research Labs Internet Security : Are You Safe Out There? An Introduction to Computer Security
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Outline Security 101 Vulnerabilities Attacks Defenses The only truly secure system is one that is powered off , cast in a block of concrete and sealed in a lead- lined room with armed guards and even then I have my doubts . Eugene H. Spafford
Background image of page 2
3 Security 101 The “CIA” Computer security is all about preserving three different things in a computer system: Confidentiality Make sure that private data stays private! Integrity Make sure that attackers don’t modify or corrupt data. Availability Make sure that data is available to those who need it. O
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Security 101: What is a Security Vulnerability? Poor Design The software designer didn’t design the software to be secure Poor Implementation The designer came up with a secure design but the programmer screwed up In case of emergency break glass Poorly Trained People People can be fooled easier than software can! A vulnerability is a flaw that can be exploited by an attacker to compromise a computer system. Where do vulnerabilities come from?
Background image of page 4
5 Vulnerabilities are Everywhere! Corporation Government “The Internet” Home Users Organizations often deploy web servers with bugs that open them up to attack! Businesses and governments store massive amounts of data in databases. But forget to change the default account passwords! Many software packages (like your web browser) also have bugs that open your PC up to attacks. Would you like some spyware with your sports scores? Users often get tricked into doing things they don’t want to do! And finally, users often do things for convenience – like sharing their hard drive or writing their password on a post-it.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Not only Corporations are Vulnerable Much of our nation’s physical infrastructure is on the Internet too! In 2000 a hacker in Queensland, Australia hacked into sewage treatment plant… causing it to leak hundreds of thousands of gallons of sewage into parks, rivers and the Hyatt Regency Hotel !!!
Background image of page 6
7 Vulnerabilities Here’s one example of a software vulnerability. Can you spot the problem? // returns true if the user logs in properly w/correct password bool verifyUserLogin(void) { char userName[33]; // username up to 32 chars long char userPassword[11]; // password up to 10 chars long readDataFromNetwork (userName); readDataFromNetwork (userPassword); if ( isInDatabase (userName,userPassword) == true) return(true); return(false); // invalid password }
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Attacks Next, we’ll take a look at some of the more common attacks. Let’s start by examining the stereotypical hacking attack !
Background image of page 8
9 Step 1: Attacker uses a hacking tool to break into server hacktool.exe www.retailer.com HACKTOOL 1.0 by Kippy the canine hacker This tool probes a target system for vulnerabilities and if it finds one, allows the attacker to take control. The Typical Hacking Attack
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 31

lect7_security - Internet Security: Are You Safe Out There?...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online