csce522-lect28

csce522-lect28 - ItisaRiskyWorld ReadingList...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
It is a Risky World
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 2 Reading List Pfleeger: Chapter 8
Background image of page 2
CSCE 522 - Farkas 3 Vulnerabilities Security objectives: Prevent attacks Detect attacks Recover from attacks Attacks: against weaknesses in the  information systems Need: find weaknesses
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 4 Identifying and Eliminating  Weaknesses I. Vulnerability monitoring II. Secure system development III. User training and awareness IV. Avoiding single point of failure
Background image of page 4
CSCE 522 - Farkas 5 I. Vulnerability Monitoring Identify potential weaknesses in existing  information systems Reveal wide-range of vulnerabilities
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 6 I. Security Flaws Secure software installation Correct installation of software Change default settings Validate upgrades/changes Patch new security flaws
Background image of page 6
CSCE 522 - Farkas 7 I. Vulnerability Detection Tools Computer Oracle and Password System  (COPS) – FREE Checks vulnerabilities of UNIX systems Secure Analysis Tool for Auditing Networks  (SATAN) – FREE  SAFEsuite (Internet Security Systems, Inc.)  Family of network security assessment tools (web  security scanner, firewall scanner, intranet  scanner, system security scanner) Keyed to the IP address of the customer
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 8 I. Keeping up with Security  Publications Legal publications: how to remove  vulnerabilities CERT advisories  SANS Security Digest Hacker publications: “how to” exploit  known vulnerabilities  Security mailing lists
Background image of page 8
CSCE 522 - Farkas 9 II. Building Secure Systems 1960s: US Department of Defense (DoD) risk  of unsecured information systems 1981: National Computer Security Center  (NCSC) at the NSA DoD Trusted Computer System Evaluation  Criteria (TCSEC) == Orange Book
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 10 II. Orange Book Orange Book objectives: Guidance of what security features to build into  new products Provide measurement to evaluate security of  systems Basis for specifying security requirements Security features and Assurances Trusted Computing Base (TCB) security  components of the system
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 522 taught by Professor Farkas during the Fall '11 term at South Carolina.

Page1 / 28

csce522-lect28 - ItisaRiskyWorld ReadingList...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online