SCSC 455 PC Security 2010 Spring.


52 views
Uploaded on:
Description
PC security is a vast and specific field. PC security isolates in numerous ... Individuals with this confirmation will undoubtedly be put on a group ...
Transcripts
Slide 1

SCSC 455 Computer Security 2010 Spring Chapter 1 Overview of Computer Security Dr. Straight to the point Li

Slide 2

Index Overview security dangers in PC frameworks Privacy in PC security Risk appraisal and security arrangement Security-centered associations Government\'s security and protection part Security-Focused Linux Products Security accreditations

Slide 3

Overview Computer Security Computer security is a vast and specific field Computer security isolates from various perspectives from the everyday operation of a system server There are numerous unapproved PC access occasions and assaults on PC systems. Do you know … Carlos Felipe Salgado utilized sniffing strategy to gather more than 100,000 charge card numbers from online traders. He was captured in June 1997 as he attempted to offer them to covert FBI specialists. On Nov. 3, 1988, framework managers everywhere throughout the U.S. found that their frameworks were running anomalous gradually.

Slide 4

Overview Computer Security Do you know … In mid 2000, a progression of assaults endeavor to close down numerous sites (Yahoo, eBay, Microsoft Network, and so forth.) by overpowering them with false demands. Q: What are the reasons for such a large number of assaults on systems and PC frameworks?

Slide 5

Evolution of processing and security Mainframe time The main PCs were a couple of centralized servers, which are utilized for particular undertakings. Clients get to the centralized servers through "moronic" terminals Little danger of security ruptures or vulnerabilities being misused around then. Why?

Slide 6

Mainframe time Because … Only a modest bunch of individuals, who knew how to work the PC, work in a shut domain. Albeit a few centralized servers are organized, it was done in an unrefined manner for particular assignments. In spite of the fact that the OS of that time had issues, programming bugs, and vulnerabilities, very few individuals were keen on exploiting them.

Slide 7

PC and systems administration period PC and systems administration time (1980 - ) Personal (PCs) turn out to be more proficient and less expensive The usefulness of the framework developed, different applications were produced Millions people have entry to PCs Millions of PCs are arranged and birth of the customer/server processing model Many security issues rise Data got tainted incidentally because of individual errors startling inputs from clients noxious endeavors from saltines

Slide 8

Pros and cons of Networking countless are organized these days. This expansive access speaks to the force of arranged PCs, additionally speaks to open doors for pernicious purpose. The all the more comprehensively a PC is arranged, the more potential for access to that PC A lot of important data (individual, money related … ) are put away on PCs. Two terms are usually used to people who break into PC frameworks: programmer versus saltine . The inspirations: for the sake of entertainment or for benefit

Slide 9

Other reasons for PC assaults Cyber-fear mongering: the utilization of processing assets to scare or force others. E.g. Hacking into a doctor\'s facility PC framework and transforming somebody\'s medication remedy to a deadly dose as a demonstration of requital. Data fighting is the hostile and guarded utilization of data and data frameworks to deny, abuse, degenerate, or crush, an enemy\'s data, data based procedures, data frameworks, and PC based systems while securing one\'s own. Such activities are intended to accomplish points of interest over military, political or business enemies. - Dr. Ivan Goldberg Computer Crime : unapproved access to a PC framework. Gathering precise measurements of the harms brought about by PC wrongdoing is troublesome. Why?

Slide 10

The challenges of social event precise insights of PC wrongdoing Computer break-ins are not generally reported are not found are Discovered long after the break-in happened The organization was broken into might not have any desire to hazard negative reputation by reporting the occurrence Computer violations are arraigned utilizing various distinctive laws Matching a wrongdoing with a law is troublesome

Slide 11

How are countries influenced? We are progressively reliant on PC/system innovation for correspondence, stores exchanges, utility administration, taxpayer driven organizations, military activity, and keeping up classified data. E.g. 1, A lion\'s share of the military vehicles, weapons frameworks, and correspondence frameworks are controlled by PC frameworks. E.g. 2, Critical bases and businesses, for example, power framework and correspondence channels, are controlled by PC frameworks. Most governments have remembered this weakness and have begun finding a way to sidestep these sorts of assaults.

Slide 12

How are organizations influenced? Numerous organizations are discovering how security influences their main concern in ways they never anticipated. In the event that an organization endures a security rupture, it will need to manage an extensive variety of issues, for example, sued by the clients. Associations have had prized formulas and protected innovation stolen by representatives who left to work for a contender. An organization can lose cash and time is by its absence of availability to respond to a circumstance. To get a decent protection rate, organizations must demonstrate that they have a strong security program and that they are doing all that they can to ensure their own ventures.

Slide 13

The Evolution of Hacking What is hacking? Joyriding hacking, benefit driven hacking, and moral hacking Hackers\' profile: Baby programmer, instrument programmer, and god father programmer Not just hacking movement on the ascent, however the modernity of the assaults is propelling Steal money related data, military mystery Defacing sites Extortion Phishing Etc.

Slide 14

Index Overview security dangers in PC frameworks Privacy in PC security Risk evaluation and security strategy Security-centered associations Government\'s security and protection part Security-Focused Linux Products Security accreditations

Slide 15

The Privacy Issue Privacy issues emerge when individual data put away in PCs Any individual data put away on a PC is undermined by somebody splitting the framework where it is put away. E.g., Credit card numbers, charge records, medicinal documents, military records Privacy makes PC security an issue of individual concern.

Slide 16

The Privacy Debate Privacy advocates versus those supporting a free stream of data Opt-in versus Quit In pick in: won\'t get advertisements unless you determine say "yes, put me on the mailing list." Opt-out: get promotions unless you contact an organization and say "take me off the mailing list" E.g. Who ought to have the capacity to acquire your credit records? Who ought to be permitted to see your restorative records? In what manner can an organization that accumulates data about you utilize that data?

Slide 17

Privacy Policy A protection arrangement is an intentional proclamation by an organization about how it will and won\'t utilize information that is gathers about clients or clients. Security approaches as a rule contain the accompanying data: We don\'t gather or spare any data about guests to our site We gather data keeping in mind the end goal to finish a deal or enlist clients, yet we don\'t share that information We gather data on guests and use examples to figure out whether a guest may be keen on some of our different items We gather data and offer it with our accomplices who may have items that premium you …

Slide 18

Example of Privacy Policy

Slide 19

Example of Privacy Policy Personal data In all showcasing channels we do gather data you submit, We utilize normal Internet advances, for example, treats, on our Web locales and in our messages. … Uses of data We may impart data about you to merchants we have contracted to give administrations for our sake. ... Your security decisions You may unsubscribe from our email pamphlets and advancements. You may guide us not to send you regular postal mail limited time materials or call you about Consumer Reports items, projects and administrations. …

Slide 20

Ethics and System Administrators Privacy arrangements are typically made by implemented by attorneys and advertising VP, and executed by the framework heads. The weight of moral utilization of information normally falls on the framework director Ethics manages the issue of making the best decision at the correct time, for the right reason Ethics codes were created to characterize the part of framework chairmen in associations and to build the respectability and bring benchmarks of conduct up in the calling

Slide 21

Index Overview security dangers in PC frameworks Privacy in PC security Risk appraisal and security arrangement Security-centered associations Government\'s security and protection part Security-Focused Linux Products Security accreditations

Slide 22

The ways to deal with security An oddity of PC security: the more secure a framework is, the less usable it is. The best way to deal with security is to make a framework profoundly secure without undue irritation to approved clients. "Security through lack of definition" expect that if nobody thinks about your framework, you are sheltered, Is it a decent approach? Why?

Slide 23

Risk Assessment "Security through lack of clarity" must be kept away from. Since … The key to great security is not to trust that nobody finds the security shortcomings of your framework, yet rather to take out those shortcomings. Equipment , programming and information are essential focuses of assault of these three, information introduces the most genuine risk

Slide 24

Outsider versus Insider Crackers break into frameworks keeping in mind the end goal to: take information e.g. charge card degenerate information perhaps accidentally, however regularly for vindictive reasons piece access to the framework as in a Denial-of-Service (DoS) assault Crackers are not by any means the only danger to frameworks, a greater part of security occurrences result from the activities of clients inside an association

Slide 25

Computer assault systems (The points of interest will be

Recommended
View more...