CIT 380: Securing Computer Systems

Preview:

Click to see full reader

DESCRIPTION

CIT 380: Securing Computer Systems. Security Solutions Part 2. Assumptions. Security rests on assumptions specific to type of security required and environment. Assumptions. Example: TCP/IP designed for pre-commercial Internet. Assumed only legitimate administrators had root access. - PowerPoint PPT Presentation

Citation preview

CIT 380: Securing Computer Systems

Security SolutionsPart 2

CIT 380: Securing Computer Systems Slide #2

Assumptions

• Security rests on assumptions specific to type of security required and environment.

Assumptions

• Example: – TCP/IP designed for pre-commercial Internet.• Assumed only legitimate administrators had root

access.• Trusted IP addresses, since only root can set IP address.• What happens to network when Windows 95 systems

added to network, where desktop user has all privileges?

CIT 380: Securing Computer Systems Slide #3

CIT 380: Securing Computer Systems Slide #4

Assurance

How much can you trust a system?Example:– Purchasing aspirin from a drugstore.– Bases for trust:• Certification of drug by FDA.• Reputation of manufacturer.• Safety seal on bottle.

CIT 380: Securing Computer Systems Slide #5

How much do you trust? Ken Thompson’s compiler hack from

“Reflections on Trusting Trust.”– Modified C compiler does two things:• If compiling a compiler, inserts the self-replicating

code into the executable of the new compiler.• If compiling login, inserts code to allow a backdoor

password.

How much do you trust?

– After recompiling and installing old C compiler:• Source code for Trojan horse does not appear

anywhere in login or C compiler.• Only method of finding Trojan is analyzing binary.

CIT 380: Securing Computer Systems Slide #6

CIT 380: Securing Computer Systems Slide #7

Key Points• Components of security– Confidentiality– Integrity– Availability

• States of information– Storage, Processing, Transmission

• Evaluating risk and security solutions.– Security is a matter of trade-offs.

• Security is a human problem.

Discussion: Gas Drive Away Without Paying

• What measures can be imposed?• What are the costs for the merchant and the

customer?• Do the benefits outweigh the costs?

CIT 380: Securing Computer Systems Slide #9

References1. Ross Anderson, Security Engineering, Wiley,

2001.2. Matt Bishop, Introduction to Computer Security,

Addison-Wesley, 2005.3. Peter Neumann, (moderator), Risks Digest,

http://catless.ncl.ac.uk/Risks/4. Bruce Schneier, Beyond Fear, Copernicus Books,

2003.5. Ken Thompson, “Reflections on Trusting Trust”,

Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763 (http://www.acm.org/classics/sep95/)

Recommended

CIT 480: Securing Computer Systemswaldenj/classes/2016/spring/cit480/... · – Trusted copy of TLS certificate or public key stored in browser. – Successfully detected ANSSI (French
Documents
Certificate in Translation (CIT) CIT-01egyanagar.osou.ac.in/slmfiles/CIT-01-BLOCK-02.pdf · Certificate in Translation (CIT) CIT-01 ... Homonyms, Homophones, ... The soldier decided
Documents
CIT 480: Securing Computer Systemswaldenj/classes/2015/fall/cit480/... · Nmap scan report for scanme.nmap.org (74.207.244.221) ... flags. • Null Scan: Turns off all TCP flags
Documents
CIT 380 Securing Computer Systems
Documents
CIT 480: Securing Computer Systemswaldenj/classes/2015/fall/cit480/... · Initialization vector (IV) ... •Small space of initialization vectors guarantees reuse of the same key
Documents
Examination of Estimates of Expenditure 2005-06CIT)_e1_01_04... · Web viewCEDB(CIT)095 2263 CEDB(CIT)126 0672 CEDB(CIT)157 1370 CEDB(CIT)096 2264 CEDB(CIT)127 2586 CEDB(CIT)158 1886
Documents
CIT 480: Securing Computer Systemswaldenj/classes/2016/spring/cit480/... · wireless network packets destined for other hosts. ... – If network location unsatisfactory, ARP spoofing
Documents
Slide #1 CIT 380: Securing Computer Systems TCP/IP
Documents
CIT 480: Securing Computer Systemswaldenj/classes/2014/fall/... · 2019. 8. 25. · CIT 480: Securing Computer Systems Biometrics are not infallible What are False Accept and Reject
Documents
CIT 480: Securing Computer Systems
Documents
Cit Cit EastvaleNews .com
Documents
Certificate in Translation (CIT) CIT-02
Documents
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Access Control
Documents
DBM 380 DBM380 DBM 380 DBM/380
Documents
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction
Documents
Certificate in Translation (CIT) CIT-03egyanagar.osou.ac.in/slmfiles/CIT-03-BLOCK-02.pdf ·  · 2017-10-21Certificate in Translation (CIT) CIT-03 Translation of Official Documents
Documents
CIT 380: Securing Computer Systems - faculty.cs.nku.edu
Documents
CIT 380: Securing Computer Systemswaldenj/classes/2013/fall/cit380/lectures/... · plugged into the network. – Unlicensed spectrum in the 2.4 and 5 GHz ranges. Coverage – Personal
Documents
CIT - Cork Institute of Technology - CIT
Documents
CIT 380: Securing Computer Systems
Documents