Professional Documents
Culture Documents
Types of Security
Physical Communications Emissions Computer Network
Physical security
People have been concerned about
security for a long time, long before computers existed. The first concern was physical security.
Communications Security
Large problem during the Roman
Empire was Communications security. Solution: The Caesar cipher. Later on
Emissions Security
A current moving through a wire creates a
magnetic field or emission. First problem was with telegraph wires. In computers:
TEMPEST
COMP 3705 Topics in Network Security
Computer Security
Computer security is complex. Work by David Bell and Leonard La
Padula leads to the US Department of Defence (DoD) Trusted Computer System Evaluation Criteria or Orange Book in 1985 Many levels ranging from D (lowest) to A (highest)
COMP 3705 Topics in Network Security
Network Security
Network security combines all other
types of security. Mix of different systems, applications, and users. Systems theory Very difficult
Five Ws of Security
Who What Where When Why And How!
Difficult in groups In what way? Many things can be legitimately modified. Usable Sufficient capacity Completes in a reasonable time
Integrity
Availability
CVE-2005-2127 reports a vulnerability in Internet Explorer. The threat is a denial of service (attack on availability). Microsoft reports that the threat to this vulnerability is controlled by a patch that they have issued.
Data
Disgruntled employee Accidents Competitors (technical, financial, damage) Controversial business High profile (piggyback)
H4G1S and NASA Re: Kevin Mitnick
External attacks
Social Engineering
From the Jargon File: social engineering: n.
Term used among crackers and samurai for cracking techniques that rely on weaknesses in wetware rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system's security. Classic scams include phoning up a mark who has the required information and posing as a field service tech or a fellow employee with an urgent access problem. See also the tiger team story in the patch entry, and rubber-hose cryptanalysis.
COMP 3705 Topics in Network Security
Questions?
Review
Types of security
Review (cont.)
Who would want to attack? What can be attacked? Where does the attack happen? When can you expect an attack? Why does an attack happen? How is an attack made?
Next class
Definitions Quiz! Network protocols Network hardware and topology Routing