{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

lect7_security

lect7_security - Internet Security Are You Safe Out There...

Info icon This preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Carey Nachenberg, Symantec Fellow Symantec Research Labs Internet Security : Are You Safe Out There? An Introduction to Computer Security
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 Outline Security 101 Vulnerabilities Attacks Defenses The only truly secure system is one that is powered off , cast in a block of concrete and sealed in a lead-lined room with armed guards and even then I have my doubts . Eugene H. Spafford
Image of page 2
3 Security 101 The “CIA” Computer security is all about preserving three different things in a computer system: Confidentiality Make sure that private data stays private! Integrity Make sure that attackers don’t modify or corrupt data. Availability Make sure that data is available to those who need it. O
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
4 Security 101: What is a Security Vulnerability? Poor Design The software designer didn’t design the software to be secure Poor Implementation The designer came up with a secure design but the programmer screwed up In case of emergency break glass Poorly Trained People People can be fooled easier than software can! A vulnerability is a flaw that can be exploited by an attacker to compromise a computer system. Where do vulnerabilities come from?
Image of page 4
5 Vulnerabilities are Everywhere! Corporation Government “The Internet” Home Users Organizations often deploy web servers with bugs that open them up to attack! Businesses and governments store massive amounts of data in databases. But forget to change the default account passwords! Many software packages (like your web browser) also have bugs that open your PC up to attacks. Would you like some spyware with your sports scores? Users often get tricked into doing things they don’t want to do! And finally, users often do things for convenience – like sharing their hard drive or writing their password on a post-it.
Image of page 5

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
6 Not only Corporations are Vulnerable Much of our nation’s physical infrastructure is on the Internet too! In 2000 a hacker in Queensland, Australia hacked into sewage treatment plant… causing it to leak hundreds of thousands of gallons of sewage into parks, rivers and the Hyatt Regency Hotel !!!
Image of page 6
7 Vulnerabilities Here’s one example of a software vulnerability. Can you spot the problem? // returns trueif theuser logs in properly w/correct password bool verifyUserLogin(void) { char userName[33]; // usernameup to 32 chars long char userPassword[11]; // password up to 10 chars long readDataFromNetwork (userName); readDataFromNetwork (userPassword); if ( isInDatabase (userName,userPassword) == true) return(true); return(false); // invalid password }
Image of page 7

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
8 Attacks Next, we’ll take a look at some of the more common attacks. Let’s start by examining the stereotypical hacking attack !
Image of page 8
9 Step 1: Attacker uses a hacking tool to break into server hacktool.exe www.retailer.com HACKTOOL 1.0 by Kippy the canine hacker This tool probes a target system for vulnerabilities and if it finds one, allows the attacker to take control.
Image of page 9

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern