Session 7 LBSC 690 Information Technology Security.
-
Upload
primrose-cunningham -
Category
Documents
-
view
213 -
download
0
Transcript of Session 7 LBSC 690 Information Technology Security.
![Page 1: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/1.jpg)
Session 7
LBSC 690
Information Technology
Security
![Page 2: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/2.jpg)
Agenda
• Questions
• Complex systems
• Security
• Midterm exam review
![Page 3: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/3.jpg)
Complex System Issues
• Critical system availability– Who needs warfare - we do it to ourselves!
• Understandability– Why can’t we predict what systems will do?
• Nature of bugs– Why can’t we get rid of them?
• Auditability– How can we learn to do better in the future?
![Page 4: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/4.jpg)
Crisis Management
• Computer Emergency Response Team– Issues advisories about known problems– Need to make sure these reach the right people
• Information Warfare– We depend on our information infrastructure– How can we prevent attacks against it?
• Hacking is individual, this would be organized
– Policy for this is still being worked out
![Page 5: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/5.jpg)
Ownership
• Who has the right to use a computer?
• Who establishes this policy? How?– What equity considerations are raised?
• Can someone else deny access?– Denial of service attacks
• How can denial of service be prevented?– Who can gain access and what can they do?
![Page 6: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/6.jpg)
Denial of Service Attacks
• Viruses– Platform dependent– Typically binary– Virus checkers need frequent updates
• Flooding– The Internet worm– Chain letters
![Page 7: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/7.jpg)
Identity
• Establishing identity permits access control
• What is identity in cyberspace?– Attribution
• When is it desirable?
– Impersonation• How can it be prevented?
• Forgery is really easy– Just set up your mailer with bogus name and email
![Page 8: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/8.jpg)
Authentication
• Used to establish identity• Two types
– Physical (Keys, badges, cardkeys, thumbprints)
– Electronic (Passwords, digital signatures)
• Protected with social structures– Report lost keys
– Don’t tell anyone your password
• Password sniffers will eventually find it
![Page 9: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/9.jpg)
Good Passwords
• Long enough not to be guessed– Programs can try every combination of 4 letters
• Not in the dictionary– Programs can try every word in a dictionary
– And every date, and every proper name, ...
– And even every pair of words
• Mix upper case, lower case, numbers, etc.• Change it often and use one for each account
![Page 10: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/10.jpg)
Other Access Control Issues
• Protect system administrator access– Greater potential for damaging acts– What about nefarious system administrators?
• Trojan horses– Intentionally undocumented access techniques
• Firewalls– Prevent unfamiliar packets from passing through– Makes it harder for hackers to hurt your system
![Page 11: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/11.jpg)
Privacy
• What privacy rights do computer users have?– On email?– When using computers at work? At school?– What about your home computer?
• What about data about you?– In government computers?– Collected by companies and organizations?
• Does obscurity offer any privacy?
![Page 12: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/12.jpg)
Cookies
• Web servers know a little about you– Machine, prior URL, browser,
• From this they can guess a little more– Path you followed, who is on that machine
• Cookies allow them to remember things– They send you a string and your browser stores it– If they ask for the string, your browser provides it– The string can represent identity and/or information
![Page 13: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/13.jpg)
Integrety
• How do you know what’s there is correct?– Attribution is invalid if the contents can change
• Access control would be one solution– No system with people has perfect access control
• Risks digest provides plenty of examples!
• Encryption offers an alternative
![Page 14: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/14.jpg)
Encryption
• Separate keys for writing and reading– Pretty Good Privacy (PGP) is one “standard”
• Identity– “Digital signature” from a private write key
• Integrety– Public read key will decode only one write key
• Privacy– Either write key or read key can be kept secret
![Page 15: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/15.jpg)
Policy Solutions
• Five guidelines– Establish policies– Authenticate– Authorize– Audit– Supervise
• CSC Acceptable Use Policy
![Page 16: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/16.jpg)
Exam Structure
• One hour and 15 minutes• Approximately 4 questions
– Each may have multiple parts
• Open Book (Oakman only)– You may hand write anything in your Oakman– No extra pages of notes
• The software you may use will be specified• You may bring a calculator
![Page 17: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/17.jpg)
Exam Advice
• The only goal is to get points!– Spend each minute in the best place
• Develop a strategy for each question type– Guessing can’t hurt on multiple choice
• This is a change from prior exams
– Don’t write a page when a sentence will do
• Study concepts, not details– Grading rewards conceptual understanding
– Don’t expect a clone of the sample exams
![Page 18: Session 7 LBSC 690 Information Technology Security.](https://reader036.fdocuments.in/reader036/viewer/2022082818/56649ebd5503460f94bc6c36/html5/thumbnails/18.jpg)
Questions
??????