Download jones, c - Computer Science

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
Document related concepts
no text concepts found
Transcript 
Computers and Security
by Calder Jones
What is Computer Security
Computer Security is the protection
of computing systems and the data
that they store or access
Early history - 1950’s
➔Development of the Tempest Security
Standard
➔Organization of the U.S.
Communications Security Board
1960’s
➔1967 Spring Joint Computer Conference
◆ First comprehensive computer security
presentation
➔1967 Defense Advanced Research
Projects Agency (DARPA) established
History 1970-1977
➔1970 Tiger Teams
➔1973 Robert Metcalfe warns the ARPANET working group that it is far
too easy to gain access to the network
➔ 1977 Abraham A. Ribicoff introduces the federal computer systems
protection act which defines “computer crimes” and recommends
penalties for them
Condensed History 1977-1988
➔1983 The Orange Book
➔1986 The first pc virus “The
Brain” is created
➔1988 Morris Worm
◆ crashes 600 of the 60,000 computer
linked to the internet
◆ Robert Tappan Morris is the first
person convicted by a jury under the
Computer Fraud and Abuse Act
Condensed History 1988-2000
➔1996 hackers find web tools that allow
them to take remote control of
computers on the internet
➔2000 new computer worms spread
across the internet
Condensed History 2000 - Present Day
➔Many new viruses and malware
appear as the internet explodes in
popularity
➔New exploits found in smartphones
➔Security researchers publish a
guide to hacking automobiles
Problems
➔ Finding new ways to secure a system encourages
hackers to find new ways to break in
Goals of hackers
➔STRIDE
◆ Spoofing
◆ Tampering
◆ Repudiation
◆ Information disclosure
◆ Denial of service
◆ Elevation of Privilege
Spoofing
➔Attempting to gain access to a
system by using a false identity
CounterMeasures
➔Use strong authentication
➔Do not store secrets (i.e.
passwords) in plain text
Tampering
Unauthorized modification of data
CounterMeasures
➔Use data hashing and signing
➔Use digital signatures
➔Use strong authorization
➔Use tamper-resistant protocols
across communication links
Repudiation
The ability of users to deny that they
performed specific actions or
transactions.
CounterMeasure
➔Create secure audit trails
➔Use digital signatures
Information disclosure
Unwanted exposure of private data.
CounterMeasures
➔Use strong authorization
➔Use Strong encryption
➔Secure communication links with
protocols that provide message
confidentiality
Denial of service
The process of making a system or
application unavailable
CounterMeasures
➔Use resource and bandwidth
throttling techniques
➔Validate and filter input
Elevation of privilege
When a user with limited privileges
assumes the identity of a privileged
user to gain privileged access to an
application
CounterMeasures
➔Follow the principle of least
privilege
Current and Future issues
➔Hackers gain more avenues for
entry the more we become
connected with technology (i.e.
homes,cars,personal devices)
➔Keeping the Cloud secure
Sources
"Chapter 2 –Threats and Countermeasures." Threats and Countermeasures. Microsoft, n.d. Web. 31 Jan. 2016.
"Computer Security Threats: A Brief History - Power More." Power More Computer Security Threats A Brief History
Comments. N.p., 28 Aug. 2014. Web. 31 Jan. 2016.
Gasser, Morrie. Building a Secure Computer System. New York: Van Nostrand Reinhold, 1988. Web.
Hirose, Shoichi. "Security Analysis of DRBG Using HMAC in NIST SP 800-90." Information Security Applications Lecture
Notes in Computer Science (n.d.): 278-91. Web.
"Timeline: The U.S. Government and Cybersecurity." Washington Post. The Washington Post, n.d. Web. 31 Jan. 2016.
Related documents
chap16
chap16
Web server software
Web server software
Avian Influenza
Avian Influenza
Chap 6: DB Security File - e
Chap 6: DB Security File - e
Why we need IT security - Department of Computer Science and
Why we need IT security - Department of Computer Science and
Hidden Markov Model Cryptanalysis
Hidden Markov Model Cryptanalysis
Customer markets
Customer markets
ď - Sites
ď - Sites
A. Explain the nature of marketing plans. B. Explain the role
A. Explain the nature of marketing plans. B. Explain the role
Cybersecurity and Information Assurance PPT
Cybersecurity and Information Assurance PPT
A. Explain the nature of marketing plans. B. Explain the role of
A. Explain the nature of marketing plans. B. Explain the role of
file - Conservation Gateway
file - Conservation Gateway
Introduction to Databases - Department of Software and Information
Introduction to Databases - Department of Software and Information
Certified Penetration Testing Specialist
Certified Penetration Testing Specialist
Deans Day 2001 PMG
Deans Day 2001 PMG
Advanced Condensed Matter Physics I - School of Physics
Advanced Condensed Matter Physics I - School of Physics
Network and Hackers
Network and Hackers
ch04 - kuroski.net
ch04 - kuroski.net
Medical Countermeasures and Closed POD Planning
Medical Countermeasures and Closed POD Planning
Medical Challenges for Deploying US Forces
Medical Challenges for Deploying US Forces
Guide to Network Defense and Countermeasures
Guide to Network Defense and Countermeasures
Guide to Network Defense and Countermeasures
Guide to Network Defense and Countermeasures