csce522-lect28 - ItisaRiskyWorld ReadingList...

Info icon This preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
It is a Risky World
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 522 - Farkas 2 Reading List Pfleeger: Chapter 8
Image of page 2
CSCE 522 - Farkas 3 Vulnerabilities Security objectives: Prevent attacks Detect attacks Recover from attacks Attacks: against weaknesses in the  information systems Need: find weaknesses
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 522 - Farkas 4 Identifying and Eliminating  Weaknesses I. Vulnerability monitoring II. Secure system development III. User training and awareness IV. Avoiding single point of failure
Image of page 4
CSCE 522 - Farkas 5 I. Vulnerability Monitoring Identify potential weaknesses in existing  information systems Reveal wide-range of vulnerabilities
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 522 - Farkas 6 I. Security Flaws Secure software installation Correct installation of software Change default settings Validate upgrades/changes Patch new security flaws
Image of page 6
CSCE 522 - Farkas 7 I. Vulnerability Detection Tools Computer Oracle and Password System  (COPS) – FREE Checks vulnerabilities of UNIX systems Secure Analysis Tool for Auditing Networks  (SATAN) – FREE  SAFEsuite (Internet Security Systems, Inc.)  Family of network security assessment tools (web  security scanner, firewall scanner, intranet  scanner, system security scanner) Keyed to the IP address of the customer
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 522 - Farkas 8 I. Keeping up with Security  Publications Legal publications: how to remove  vulnerabilities CERT advisories  SANS Security Digest Hacker publications: “how to” exploit  known vulnerabilities  Security mailing lists
Image of page 8
CSCE 522 - Farkas 9 II. Building Secure Systems 1960s: US Department of Defense (DoD) risk  of unsecured information systems 1981: National Computer Security Center  (NCSC) at the NSA DoD Trusted Computer System Evaluation  Criteria (TCSEC) == Orange Book
Image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 522 - Farkas 10 II. Orange Book Orange Book objectives: Guidance of what security features to build into  new products Provide measurement to evaluate security of  systems Basis for specifying security requirements Security features and Assurances Trusted Computing Base (TCB) security  components of the system
Image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern