DOC PREVIEW
Texas State CS 2315 - Security

This preview shows page 1-2-3-4-5 out of 15 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 15 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

SecurityScope of Security• Three Elements:Confidentiality, Integrity and Availability• Computer Security vs. Computer Crime– Almost all breaches of security are crimes– Not all cybercrimes are security violati onschild porn, drug traffic, illegal downloads• Security vs. Privacy– Often overlap– Privacy – concerns about access by authorized users– Security – concerns about retrieval and alteration byunauthorized users– anonymity tools (for privacy) are a securi ty co ncern1Three Aspects of Security• Data Security– unauthorized access to data– concerns confidentiality, integrity and availability ofdata– refers to proprietary data (protected by law) andsensitive data (personal and confidential)– data need to be secured from unauthorized alter-ation and access and be available to authorized users• System Security– concerns vulnerabilities in system resources: hard-ware, operating system and applications– agents are viruses, worms and other malware• Network Security– agents can be malware (1988 Internet Worm)– can be failure of the system2Ethical Issues• Should computers be free accessible? (Hackers say ”yes”)– information should be free∗ debate rooted in property law and intelle ctualproperty∗ free information ⇒ no privacy, no accuracy orintegrity of information– hackers provi de an im port ant service∗ by exposing security holes (debatable)∗ by exposing questionable behavior of content providers– hacking causes only virtual harm∗ email accusing you of malicious behavior∗ online child porn3• Are Break-Ins Ever Ethically Justifiable?– break-ins always cause harm, cannot be et hical ly jus-tifiable– example: medical data in a computer is needed tosave a life∗ utilitarians(consequences): greater good/lesserharm∗ deontological(duty): right thing to do4Security Threats• Hackers– Hacking is unauthorized access of a compute systemor network– Crackers– hack with intent of doing harm– Alternate definition – master programmers– Hacker Ethic∗ access to computers should be unlimited and to-tal∗ all information should be free∗ mistrust authority, promote decentrali zatio n∗ hackers should be judged by their work, not de-grees, age, race or position∗ computers can be used to create art and beauty∗ computers can change your life for the better5• Cyberterrorism– politically motivated, resulting in loss of life and/oreconomic loss– hard to distinguish from system failure or benignhacking (difference in motivation)– classification (fuzzy)∗ activism–normal, non-disruptive use of Internetto support a cause (ACC campus at RR)∗ hactivism–hacking techniques applied to a selectedtarget to cause disruption but not serious dam-age∗ cyberterrorism–activities intended to cause greatharm– should be more emphasis on deterrence and enforce-ment than on motivation and ideology– potential for damage from terr or ist o rg anizat io ns6• Information Warfare– Operations that target or exploit information mediain order to win some objective over an adversary– Broader concept than cyberterrorismmay or may not involve loss of life or property– Examples∗ destruction of an enemy communication system∗ logic bombs∗ malware aimed at infrastructure– Justifiable?∗ a just war must distinguish combatants from non-combatants∗ not always possible∗ hence not justifiable7Security Countermeasures• An action, device, procedure, technique or other measurethat reduces the vulnerability of a threat to a computersystem• Examples: Firewalls, antivirus and antispy software, e n-cryption, anonymity tools8• Firewalls– A system that enforces a boundary between two ormore networks– Secures against unauthorized access to databases– Secures against unauthorized communication into orout of private networks– Controls access to traffic that leaves or enters a net-work– A blockade or a castl e mo at– Set of mechanisms embedded in hardware, softwareor both– Attempt∗ to ensure authenticity of data communicated acrossboundary∗ to ensure data within the firewall is not accessedor altered by unauthorized users– No protection from internal sabotage9• Anitvirus and Anitspyware– Protects against viruses, worms and other malware– Functions∗ detect and delete viruses∗ repair files and memory– Mostly scan based – scans file s at startup and afterevents such as file download– Must be continually updated– Spyware∗ software installed on a computer without user’sknowledge∗ records personal information from the computerand sends it to a remote computer10• Encryption– Protects data transmitted across networks– Public or private key– How secure is the transmission of a private key?– Strong encryption is favored by e-commerce– Government and law enforcement is opposed to strongencryption∗ restriction is not possible– Digital Signatures∗ Ensure authentication between consumers andvendors∗ Uses public key encryption∗ Example: Verisign11Data Encrypted Data Decrypted Data Encrypted Data Encrypt Key 1 (public or private) Send Decrypt Key 2 (private) 12• Anonymity– should anonymity be protected?– security problem: enables criminal and immoral be-havior– closely tied to privacy– what kind of value is anonymity?– do we have a r ig ht to or expectation of anonymity?13Auto vs Software• Software is not reliable – no t properly tested and regu-lated• We accept that situationexhaustive testing !?• Cars have locks, hence are pr ot ect ed agai nst the ft• Software companies should– produce products that are more secure– should assume full legal and moral responsibility forproducts• Would a code of network ethics be effective?14Total Security• Is this a reasonable expectation?• Tradeoffs in cost convenience and flexibility– hardware and software costs– restrictions on user autonomy, loss of privacy andanonymity• Are we willing to accept a certain l evel of risk?• Cost-benefit analysis– securing an old car• Proposal that complete security requires deterrence, pre-vention, detection, response does not specify how thesemechanisms work• Complete security is not possible because security is aprocess, not a


View Full Document

Texas State CS 2315 - Security

Download Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?