csce824-lecture3

csce824-lecture3 - Security Overview Reading Lecture notes...

Info iconThis preview shows pages 1–16. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Security Overview Reading Lecture notes for CSCE 520, http://www.cse.sc.edu/~farkas/csce520-2011/csce CSCE 522, http://www.cse.sc.edu/~farkas/csce522-2010/csce CSCE 824 2 Farkas Attack Sophistication vs. Intruder Technical Knowledge High Low 1980 1985 1990 1995 2000 password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools Attackers Intruder Knowledge Attack Sophistication stealth / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Cross site scripting Staged attack Copyright: CERT, 2000 3 Farkas CSCE 824 Security Objectives Confidentiality : prevent/detect/deter improper disclosure of information Integrity : prevent/detect/deter improper modification of information Availability : prevent/detect/deter improper denial of access to services 4 Farkas CSCE 824 Distributed applications Authenticity Non-repudiation CSCE 824 5 Farkas Fourth Objective Securing computing resources : prevent/detect/deter improper use of computing resources Hardware Software Data Network 6 Farkas CSCE 824 Sample Questions What is the trade off between the security objectives? Give an example of the security objectives in the domain of college education. Consider the trend about attack sophistication and intruders knowledge. Recommend an approach to enhance the security of future computing systems. 7 Farkas CSCE 824 Achieving Security Policy What to protect? Mechanism How to protect? Assurance How good is the protection? 8 Farkas CSCE 824 Security Policy Organizational Policy Computerized Information System Policy 9 Farkas CSCE 824 Sample Questions Why do we need to fit the security policy into the organizational policy? Why is it recommended to separate policy from mechanism? What does assurance mean in the context of security? Give an example security policy enforced on your personal computer/CSE computing system/CEC computing system and recommend security mechanism to implement the policy. 10 Farkas CSCE 824 Security Mechanism Prevention Detection Tolerance/Recovery 11 Farkas CSCE 824 Security Tradeoffs COST Security Functionality Ease of Use 12 Farkas CSCE 824 Threats, Attacks, Vulnerability, Risk Types of threats Types of attacks Relation to security objectives M(ethod), O(pportunity), and M(otive) of attacks Methods of defense Security planning Risk Management 13 Farkas CSCE 824 Risk Management Framework (Business Context) Understand Business Context Identify Business and Technical Risks Synthesize and Rank Risks Define Risk Mitigation Strategy Carry Out Fixes and Validate Measurement and Reporting 14 Farkas CSCE 824 Sample Questions Give an example of vulnerability, threat, risk, and attack in the domain of...
View Full Document

Page1 / 98

csce824-lecture3 - Security Overview Reading Lecture notes...

This preview shows document pages 1 - 16. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online