Download jones, c - Computer Science

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript
Computers and Security
by Calder Jones
What is Computer Security
Computer Security is the protection
of computing systems and the data
that they store or access
Early history - 1950’s
➔Development of the Tempest Security
Standard
➔Organization of the U.S.
Communications Security Board
1960’s
➔1967 Spring Joint Computer Conference
◆ First comprehensive computer security
presentation
➔1967 Defense Advanced Research
Projects Agency (DARPA) established
History 1970-1977
➔1970 Tiger Teams
➔1973 Robert Metcalfe warns the ARPANET working group that it is far
too easy to gain access to the network
➔ 1977 Abraham A. Ribicoff introduces the federal computer systems
protection act which defines “computer crimes” and recommends
penalties for them
Condensed History 1977-1988
➔1983 The Orange Book
➔1986 The first pc virus “The
Brain” is created
➔1988 Morris Worm
◆ crashes 600 of the 60,000 computer
linked to the internet
◆ Robert Tappan Morris is the first
person convicted by a jury under the
Computer Fraud and Abuse Act
Condensed History 1988-2000
➔1996 hackers find web tools that allow
them to take remote control of
computers on the internet
➔2000 new computer worms spread
across the internet
Condensed History 2000 - Present Day
➔Many new viruses and malware
appear as the internet explodes in
popularity
➔New exploits found in smartphones
➔Security researchers publish a
guide to hacking automobiles
Problems
➔ Finding new ways to secure a system encourages
hackers to find new ways to break in
Goals of hackers
➔STRIDE
◆ Spoofing
◆ Tampering
◆ Repudiation
◆ Information disclosure
◆ Denial of service
◆ Elevation of Privilege
Spoofing
➔Attempting to gain access to a
system by using a false identity
CounterMeasures
➔Use strong authentication
➔Do not store secrets (i.e.
passwords) in plain text
Tampering
Unauthorized modification of data
CounterMeasures
➔Use data hashing and signing
➔Use digital signatures
➔Use strong authorization
➔Use tamper-resistant protocols
across communication links
Repudiation
The ability of users to deny that they
performed specific actions or
transactions.
CounterMeasure
➔Create secure audit trails
➔Use digital signatures
Information disclosure
Unwanted exposure of private data.
CounterMeasures
➔Use strong authorization
➔Use Strong encryption
➔Secure communication links with
protocols that provide message
confidentiality
Denial of service
The process of making a system or
application unavailable
CounterMeasures
➔Use resource and bandwidth
throttling techniques
➔Validate and filter input
Elevation of privilege
When a user with limited privileges
assumes the identity of a privileged
user to gain privileged access to an
application
CounterMeasures
➔Follow the principle of least
privilege
Current and Future issues
➔Hackers gain more avenues for
entry the more we become
connected with technology (i.e.
homes,cars,personal devices)
➔Keeping the Cloud secure
Sources
"Chapter 2 –Threats and Countermeasures." Threats and Countermeasures. Microsoft, n.d. Web. 31 Jan. 2016.
"Computer Security Threats: A Brief History - Power More." Power More Computer Security Threats A Brief History
Comments. N.p., 28 Aug. 2014. Web. 31 Jan. 2016.
Gasser, Morrie. Building a Secure Computer System. New York: Van Nostrand Reinhold, 1988. Web.
Hirose, Shoichi. "Security Analysis of DRBG Using HMAC in NIST SP 800-90." Information Security Applications Lecture
Notes in Computer Science (n.d.): 278-91. Web.
"Timeline: The U.S. Government and Cybersecurity." Washington Post. The Washington Post, n.d. Web. 31 Jan. 2016.