Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with...

31
Chapter 15 Security Bernard Chen Spring 2007

TAGS:

Transcript of Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with...

Page 1: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Chapter 15Security

Bernard ChenSpring 2007

Protection vs Security

Protection (Ch14) deals with internal problem

Security (Ch 15) Deals with external problem

Security In many applications ensuring the security of

the computer system is worth considerable effort

Large commercial systems containing payroll or other financial data are inviting targets to thieves

Security must consider external environment of the system and protect the system resources

The Security Problem Intruders (crackers) attempt to

breach security Threat is potential security violation Attack is attempt to breach security

Attack can be accidental or malicious Easier to protect against accidental

than malicious misuse

Security Violations

Categories Breach of confidentiality Breach of integrity Breach of availability Theft of service Denial of service

Security Violations Breach of confidentiality This type of violation involves unauthorized

reading of data (or theft of information) Capturing secret data from a system such as credit-card information identity theft

Breach of integrity This violation involves unauthorized

modification of data Such as modification of the source code of an important commercial application

Security Violations Breach of availability This violation involved unauthorized

destruction of data Website defacement is a common example of this type

Theft of service This violation involves unauthorized use of

resource

Denial of service (DOS) This violation involves preventing legitimate

use of the system

Security Violation Methods

Methods Masquerading (breach authentication) Replay attack Message modification Man-in-the-middle attack Session hijacking

Security Violation Methods Masquerading one participant in a

communication pretends to be someone else By masquerading attackers breach authentication the correctness of identification

Replay Attack consist of the malicious or fraudulent repeat of a valid data transmission

Security Violation Methods

Message modification

Man-in-the-middle attack

Session hijacking

Security Measure LevelsSecurity must occur at four levels to be effective

Physical

Human (Avoid phishing a legitimate-looking email or a web

page misleads a user into entering confidential information

dumpster diving attempting to gather information in order to gain unauthorized access to the computer)

Operating System

Network

Program Threats

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 2: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Protection vs Security

Protection (Ch14) deals with internal problem

Security (Ch 15) Deals with external problem

Security In many applications ensuring the security of

the computer system is worth considerable effort

Large commercial systems containing payroll or other financial data are inviting targets to thieves

Security must consider external environment of the system and protect the system resources

The Security Problem Intruders (crackers) attempt to

breach security Threat is potential security violation Attack is attempt to breach security

Attack can be accidental or malicious Easier to protect against accidental

than malicious misuse

Security Violations

Categories Breach of confidentiality Breach of integrity Breach of availability Theft of service Denial of service

Security Violations Breach of confidentiality This type of violation involves unauthorized

reading of data (or theft of information) Capturing secret data from a system such as credit-card information identity theft

Breach of integrity This violation involves unauthorized

modification of data Such as modification of the source code of an important commercial application

Security Violations Breach of availability This violation involved unauthorized

destruction of data Website defacement is a common example of this type

Theft of service This violation involves unauthorized use of

resource

Denial of service (DOS) This violation involves preventing legitimate

use of the system

Security Violation Methods

Methods Masquerading (breach authentication) Replay attack Message modification Man-in-the-middle attack Session hijacking

Security Violation Methods Masquerading one participant in a

communication pretends to be someone else By masquerading attackers breach authentication the correctness of identification

Replay Attack consist of the malicious or fraudulent repeat of a valid data transmission

Security Violation Methods

Message modification

Man-in-the-middle attack

Session hijacking

Security Measure LevelsSecurity must occur at four levels to be effective

Physical

Human (Avoid phishing a legitimate-looking email or a web

page misleads a user into entering confidential information

dumpster diving attempting to gather information in order to gain unauthorized access to the computer)

Operating System

Network

Program Threats

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 3: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Security In many applications ensuring the security of

the computer system is worth considerable effort

Large commercial systems containing payroll or other financial data are inviting targets to thieves

Security must consider external environment of the system and protect the system resources

The Security Problem Intruders (crackers) attempt to

breach security Threat is potential security violation Attack is attempt to breach security

Attack can be accidental or malicious Easier to protect against accidental

than malicious misuse

Security Violations

Categories Breach of confidentiality Breach of integrity Breach of availability Theft of service Denial of service

Security Violations Breach of confidentiality This type of violation involves unauthorized

reading of data (or theft of information) Capturing secret data from a system such as credit-card information identity theft

Breach of integrity This violation involves unauthorized

modification of data Such as modification of the source code of an important commercial application

Security Violations Breach of availability This violation involved unauthorized

destruction of data Website defacement is a common example of this type

Theft of service This violation involves unauthorized use of

resource

Denial of service (DOS) This violation involves preventing legitimate

use of the system

Security Violation Methods

Methods Masquerading (breach authentication) Replay attack Message modification Man-in-the-middle attack Session hijacking

Security Violation Methods Masquerading one participant in a

communication pretends to be someone else By masquerading attackers breach authentication the correctness of identification

Replay Attack consist of the malicious or fraudulent repeat of a valid data transmission

Security Violation Methods

Message modification

Man-in-the-middle attack

Session hijacking

Security Measure LevelsSecurity must occur at four levels to be effective

Physical

Human (Avoid phishing a legitimate-looking email or a web

page misleads a user into entering confidential information

dumpster diving attempting to gather information in order to gain unauthorized access to the computer)

Operating System

Network

Program Threats

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 4: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

The Security Problem Intruders (crackers) attempt to

breach security Threat is potential security violation Attack is attempt to breach security

Attack can be accidental or malicious Easier to protect against accidental

than malicious misuse

Security Violations

Categories Breach of confidentiality Breach of integrity Breach of availability Theft of service Denial of service

Security Violations Breach of confidentiality This type of violation involves unauthorized

reading of data (or theft of information) Capturing secret data from a system such as credit-card information identity theft

Breach of integrity This violation involves unauthorized

modification of data Such as modification of the source code of an important commercial application

Security Violations Breach of availability This violation involved unauthorized

destruction of data Website defacement is a common example of this type

Theft of service This violation involves unauthorized use of

resource

Denial of service (DOS) This violation involves preventing legitimate

use of the system

Security Violation Methods

Methods Masquerading (breach authentication) Replay attack Message modification Man-in-the-middle attack Session hijacking

Security Violation Methods Masquerading one participant in a

communication pretends to be someone else By masquerading attackers breach authentication the correctness of identification

Replay Attack consist of the malicious or fraudulent repeat of a valid data transmission

Security Violation Methods

Message modification

Man-in-the-middle attack

Session hijacking

Security Measure LevelsSecurity must occur at four levels to be effective

Physical

Human (Avoid phishing a legitimate-looking email or a web

page misleads a user into entering confidential information

dumpster diving attempting to gather information in order to gain unauthorized access to the computer)

Operating System

Network

Program Threats

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 5: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Security Violations

Categories Breach of confidentiality Breach of integrity Breach of availability Theft of service Denial of service

Security Violations Breach of confidentiality This type of violation involves unauthorized

reading of data (or theft of information) Capturing secret data from a system such as credit-card information identity theft

Breach of integrity This violation involves unauthorized

modification of data Such as modification of the source code of an important commercial application

Security Violations Breach of availability This violation involved unauthorized

destruction of data Website defacement is a common example of this type

Theft of service This violation involves unauthorized use of

resource

Denial of service (DOS) This violation involves preventing legitimate

use of the system

Security Violation Methods

Methods Masquerading (breach authentication) Replay attack Message modification Man-in-the-middle attack Session hijacking

Security Violation Methods Masquerading one participant in a

communication pretends to be someone else By masquerading attackers breach authentication the correctness of identification

Replay Attack consist of the malicious or fraudulent repeat of a valid data transmission

Security Violation Methods

Message modification

Man-in-the-middle attack

Session hijacking

Security Measure LevelsSecurity must occur at four levels to be effective

Physical

Human (Avoid phishing a legitimate-looking email or a web

page misleads a user into entering confidential information

dumpster diving attempting to gather information in order to gain unauthorized access to the computer)

Operating System

Network

Program Threats

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 6: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Security Violations Breach of confidentiality This type of violation involves unauthorized

reading of data (or theft of information) Capturing secret data from a system such as credit-card information identity theft

Breach of integrity This violation involves unauthorized

modification of data Such as modification of the source code of an important commercial application

Security Violations Breach of availability This violation involved unauthorized

destruction of data Website defacement is a common example of this type

Theft of service This violation involves unauthorized use of

resource

Denial of service (DOS) This violation involves preventing legitimate

use of the system

Security Violation Methods

Methods Masquerading (breach authentication) Replay attack Message modification Man-in-the-middle attack Session hijacking

Security Violation Methods Masquerading one participant in a

communication pretends to be someone else By masquerading attackers breach authentication the correctness of identification

Replay Attack consist of the malicious or fraudulent repeat of a valid data transmission

Security Violation Methods

Message modification

Man-in-the-middle attack

Session hijacking

Security Measure LevelsSecurity must occur at four levels to be effective

Physical

Human (Avoid phishing a legitimate-looking email or a web

page misleads a user into entering confidential information

dumpster diving attempting to gather information in order to gain unauthorized access to the computer)

Operating System

Network

Program Threats

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 7: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Security Violations Breach of availability This violation involved unauthorized

destruction of data Website defacement is a common example of this type

Theft of service This violation involves unauthorized use of

resource

Denial of service (DOS) This violation involves preventing legitimate

use of the system

Security Violation Methods

Methods Masquerading (breach authentication) Replay attack Message modification Man-in-the-middle attack Session hijacking

Security Violation Methods Masquerading one participant in a

communication pretends to be someone else By masquerading attackers breach authentication the correctness of identification

Replay Attack consist of the malicious or fraudulent repeat of a valid data transmission

Security Violation Methods

Message modification

Man-in-the-middle attack

Session hijacking

Security Measure LevelsSecurity must occur at four levels to be effective

Physical

Human (Avoid phishing a legitimate-looking email or a web

page misleads a user into entering confidential information

dumpster diving attempting to gather information in order to gain unauthorized access to the computer)

Operating System

Network

Program Threats

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 8: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Security Violation Methods

Methods Masquerading (breach authentication) Replay attack Message modification Man-in-the-middle attack Session hijacking

Security Violation Methods Masquerading one participant in a

communication pretends to be someone else By masquerading attackers breach authentication the correctness of identification

Replay Attack consist of the malicious or fraudulent repeat of a valid data transmission

Security Violation Methods

Message modification

Man-in-the-middle attack

Session hijacking

Security Measure LevelsSecurity must occur at four levels to be effective

Physical

Human (Avoid phishing a legitimate-looking email or a web

page misleads a user into entering confidential information

dumpster diving attempting to gather information in order to gain unauthorized access to the computer)

Operating System

Network

Program Threats

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 9: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Security Violation Methods Masquerading one participant in a

communication pretends to be someone else By masquerading attackers breach authentication the correctness of identification

Replay Attack consist of the malicious or fraudulent repeat of a valid data transmission

Security Violation Methods

Message modification

Man-in-the-middle attack

Session hijacking

Security Measure LevelsSecurity must occur at four levels to be effective

Physical

Human (Avoid phishing a legitimate-looking email or a web

page misleads a user into entering confidential information

dumpster diving attempting to gather information in order to gain unauthorized access to the computer)

Operating System

Network

Program Threats

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 10: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Security Violation Methods

Message modification

Man-in-the-middle attack

Session hijacking

Security Measure LevelsSecurity must occur at four levels to be effective

Physical

Human (Avoid phishing a legitimate-looking email or a web

page misleads a user into entering confidential information

dumpster diving attempting to gather information in order to gain unauthorized access to the computer)

Operating System

Network

Program Threats

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 11: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Security Measure LevelsSecurity must occur at four levels to be effective

Physical

Human (Avoid phishing a legitimate-looking email or a web

page misleads a user into entering confidential information

dumpster diving attempting to gather information in order to gain unauthorized access to the computer)

Operating System

Network

Program Threats

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 12: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Program Threats

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 13: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

C Program with Buffer C Program with Buffer-overflow Condition

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 14: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

C Program with Buffer C Program with Buffer-overflow Condition

In stead of using ldquostrcpy(buffer argv[1])rdquoUseldquostrncpy(bufferargv[1]sizeof(buffer)

-1)rdquo

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 15: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Hypothetical Stack Frame

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 16: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Viruses Code fragment embedded in legitimate

program Very specific to CPU architecture

operating system applications Usually borne via email or as a macro

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 17: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Types of VirusesMany categories of viruses literally many thousands of

viruses1048698 File1048698 Boot1048698 Macro1048698 Source code1048698 Polymorphic1048698 Encrypted1048698 Stealth1048698 Tunneling1048698 Multipartite1048698 Armored

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 18: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

A Boot-sector Computer Virus

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 19: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Worms A worm is a process that uses the

SPAWN mechanism to ravage system performance

The worm spawns copies of itself using up system resources and perhaps locking out all other processes

The worm was made up of two programs a grappling hook program and the main program

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 20: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Worm

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 21: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Cryptography as a Security Tool It is the broadest security tool available

Source and destination of messages cannot be trusted without cryptography

The method is based on secrets (keys)

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 22: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Encryption

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 23: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Encryption

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 24: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Symmetric Encryption

Same key used to encrypt and decrypt

E(k) can be derived from D(k) and vice versa

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 25: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Symmetric Encryption DES is most commonly used symmetric

block-encryption algorithm (created by US Govt)

Encrypts a block of data at a time Triple-DES considered more secure Advanced Encryption Standard (AES)

twofish up and coming RC4 is most common symmetric stream

cipher but known to have vulnerabilities

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 26: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Asymmetric Encryption

Public-key encryption based on each user having two keys

public key ndash published key used to encrypt data

private key ndash key known only to individual user used to decrypt data

Page 27: Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Unit 11: Classification Ch. 3 Classification Taxonomy = branch of biology that deals w/ naming & classifying organisms.

Unit 11: Classification Ch. 3 Classification Taxonomy = branch of biology that deals w/ naming & classifying organisms.

Security Market Indices (Ch. 2) - CFA Institute

Security Market Indices (Ch. 2) - CFA Institute

Ch. 12 security

Ch. 12 security

CNIT 123: Ch 7: Programming for Security Professionals

CNIT 123: Ch 7: Programming for Security Professionals

WAN CH 4 Security

WAN CH 4 Security

CH&Cie Cyber Security - CIB - Teaser

CH&Cie Cyber Security - CIB - Teaser

Ch. 8 – Security

Ch. 8 – Security

ERM Ch 49 Travel Security Em

ERM Ch 49 Travel Security Em

Operating System security deals with four important … · Operating System security deals with four important functions. ... Defense -> apply security templates 426 . ... School

Operating System security deals with four important … · Operating System security deals with four important functions. ... Defense -> apply security templates 426 . ... School

Cisco IronPort Web Security Appliance - Katedra informan½ch

Cisco IronPort Web Security Appliance - Katedra informan½ch

CISSP Prep: Ch 9. Software Development Security

CISSP Prep: Ch 9. Software Development Security

CISSP Prep: Ch 7. Security Assessment and Testing

CISSP Prep: Ch 7. Security Assessment and Testing

Biometric Security Systems: Fingerprint and Speech Technologyorsag/IICAI-03.pdf · Biometric Security Systems: Fingerprint and Speech ... deals with the design of a biometric security

Biometric Security Systems: Fingerprint and Speech Technologyorsag/IICAI-03.pdf · Biometric Security Systems: Fingerprint and Speech ... deals with the design of a biometric security

Infographic: How Asia deals with data security breaches

Infographic: How Asia deals with data security breaches

Discussion 3 food security (ch. 11)

Discussion 3 food security (ch. 11)

F.S.1995 SECURITY OF COMMUNICATIONS Ch. 934 CHAPTER …flstats.fsulawrc.com/FlStatutes/docs/1995/1995TXLVIIC934.pdf · F.S.1995 SECURITY OF COMMUNICATIONS Ch. 934 CHAPTER 934 SECURITY

F.S.1995 SECURITY OF COMMUNICATIONS Ch. 934 CHAPTER …flstats.fsulawrc.com/FlStatutes/docs/1995/1995TXLVIIC934.pdf · F.S.1995 SECURITY OF COMMUNICATIONS Ch. 934 CHAPTER 934 SECURITY

Social Security: Glossary-CH

Social Security: Glossary-CH

CH 2 Power System Security

CH 2 Power System Security

Ch 2. Security and Risk Management (Part 2)Information Security Professional (CISSP Preparation) Ch 2. Security and Risk Management (Part 2) Updated 10-13-17 2 Legal and Regulatory

Ch 2. Security and Risk Management (Part 2)Information Security Professional (CISSP Preparation) Ch 2. Security and Risk Management (Part 2) Updated 10-13-17 2 Legal and Regulatory

Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )