Vigna thesolutiontonetworksecurity 7 strong

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: on of both services and users Reliable authorization/access control Effective abuse control Flawless protocols, infrastructure, operating systems, and applications Perfect policy Perfect policy enforcement …and every user is a security expert The real world 8 Effective security protections are not deployed Administrators do not keep up with vendor updates/patches Sites do not monitor or restrict access to their internal hosts Organizations do not devote enough staff/resources to improve and maintain security (e.g., user education) Sites do not implement policies (if they have one!) Infrastructure service providers are driven by market/service, not security Users insist on using flawed applications (e.g., mail reader that automatically execute attachments) Security domains Intra-node Security Inter-node Security Security posture of a subnetwork with respect to other networks Infrastructure Security 9 Security management in a subnetwork Inter-net Security Security issues in the interaction between two nodes Intra-net Security Security within a node Security of the global communication infrastructure Goals Understand network security issues Networks Network services and protocols Applications Learn about protection mechanisms and techniques Learn about detection techniques 10 What is secure communication? Alice Message Bob 1. Bob understands the message 2. Bob knows that message is sent by Alice and no one else tampered it 3. Is privacy part of this? Can others see the message? Can we hide the fact that 11 Message is coming from Alice Message is destined to Bob Both of the above What is secure communication? What can go wrong? Eavesdropping (passive) Send/fabricate messages Impersonate an address and lie in between Replay recorded message Modify a message in transit Write malicious code and trick people to run it 12 Trojan horse – hidden instruction on a program Virus – hidden instructions added on a program afterwards Worm – a program that replaces itself by installing its copies Trapdoor – undocumented entry point to a system Logic bomb – malicious instructions triggered by an event Zombie – malicious instructions remotely triggered over the network The Internet A network of networks A network composed of a set of autonomous subnetworks Open architecture Different administrative domains with different and possibly conflicting goals Governments, companies, universities, organizations rely on the Internet to perform mission-critical tasks 13 2008 CSI/FBI Computer Crime and Security Survey Key findings: 14 Most expensive incidents were...
View Full Document

Ask a homework question - tutors are online