Not yet an achievable goal we must be able to trace a

This preview shows page 15 - 24 out of 30 pages.

not yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.
Image of page 15

Subscribe to view the full document.

Computer Security 1. Not simple 2. Must consider potential attacks 3. Procedures used to provide service might be counter-intuitive 4. Must decide where to deploy mechanisms and algorithms 5. Involve secret information 6. Attacker only needs to find a single weakness (defender must find all weaknesses) 7. Users do not see benefits until system fails 8. Requires regular monitoring 9. Too often an after-thought 10. Regarded as impediment to using system
Image of page 16
Vulnerabilities and Attacks System resource may become: I Corrupted (loss of integrity) I Leaky (loss of confidentiality) I Unavailable (loss of availability)
Image of page 17

Subscribe to view the full document.

Vulnerabilities and Attacks Threats I Capable of exploiting vulnerabilities I Represent potential security harm to an asset Attacks (threats carried out) I Passive: does not affect system resources I Active: attempt to alter system resources or affect their operation I Insider: initiated by an entity inside the security parameter I Outsider: initiated from outside the perimeter
Image of page 18
Countermeasures I Means used to deal with security attacks I Prevent I Detect I Recover I May result in new vulnerabilities I Will have residual vulnerability I Goal is to minimize risk given constraints
Image of page 19

Subscribe to view the full document.

The Ten Immutable Laws of Computer Security I Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore. I Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore. I Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore. I Law #4: If you allow a bad guy to run active content in your website, it’s not your website any more. I Law #5: Weak passwords trump strong security. I Law #6: A computer is only as secure as the administrator is trustworthy. I Law #7: Encrypted data is only as secure as its decryption key. I Law #8: An out-of-date anti-malware scanner is only marginally better than no scanner at all. I Law #9: Absolute anonymity isn’t practically achievable, online or offline. I Law #10: Technology is not a panacea.
Image of page 20
Threat Consequences I Unauthorized disclosure I Exposure, interception, inference, intrusion I Deception I Masquerade, falsification, repudiation I Disruption I Incapacitation, corruption, obstruction I Usurpation, misappropriation, misuse
Image of page 21

Subscribe to view the full document.

Secure Operating Systems
Image of page 22
Secure Operating Systems
Image of page 23

Subscribe to view the full document.

Image of page 24

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern