DOC PREVIEW
DREXEL ECES 490 - Lecture 41a

This preview shows page 1-2-22-23 out of 23 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 23 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 23 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 23 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 23 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 23 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Telecommunications Networking IISlide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Telecommunications Networking IILecture 41aInformation AssuranceHistorical perspective•Ever since people have been able to express their views about anything, they have expressed concerns about privacy:-British common law: “A man’s home is his castle”-the U.S. Constitution: protections against “search and seizure”- “Gentlemen don’t read each other’s mail” (President Harry Truman)Historical perspective•Ever since people have been able to express their views, they have expressed concerns about privacy (continued):-attorney/client, doctor/patient, and priest/parishioner….protections of information discussed from legal discovery-penalties for tampering with U.S. mail-“wiretapping” lawsHistorical perspective•Ever since people began competing for power, territorial control, physical assets, and money they have recognized the importance of timely and accurate information -lifting the “fog of war”-understanding the enemy’s intentions-“getting inside the enemy’s decision cycle”-“loose lips sink ships”(continued on next slide)Historical perspective•Ever since people began competing for power, territorial control, physical assets, and money they have recognized the importance of timely and accurate information (continued) -Understanding the customer’s needs -Understanding the competition (industrial espionage as well as legal industrial intelligence activities)Historical perspective•Ever since people began competing for power, territorial control, physical assets, and money, they have attempted to gain more information through whatever means is at their disposal; and they have also tried to disrupt their adversary’s information flows•Likewise, they have tried to protect their information and their information infrastructuresHistorical perspective•...they have also tried to intercept and/or disrupt their adversaries’ information flows- “steaming” open envelopes-electronic eavesdropping-cutting communication lines between enemy commanders and troops-jamming radio communications-sending intentionally misleading messages-code breaking (e.g., in WWII)Historical perspective•...they have tried to protect their information and their information infrastructures-wax “seals”-cryptography-signatures-notarized documents-LPI (low probability of intercept) communication systems-“hardened” satellite communication systemsInformation Assurance and Network Integrity: the Present•More and more people and organizations are becoming dependent upon computers, networks, and network-based applications (e.g., electronic commerce moving toward $1T/year very rapidly)Information Assurance and Network Integrity: the Present•There is a growing concern with regard to:-Privacy (unauthorized access to personal/sensitive/proprietary/classified DoD information)-Theft (e.g., using stolen credit card numbers)-Reliability (i.e., will my network-based applications work when I need to use them?)Information Assurance and Network Integrity: the Present•If a single new virus, worm, or Trojan horse attack causes each of 100 million computer users to spend 1 hour learning about the new threat, downloading software to defend against the threat, taking other actions…… and if an hour of each person’s time is, on average, worth $50.00… …then each new “event” produces a societal cost of $5BInformation Assurance and Network Integrity: the Present•Recent examples of information assurance problems:-Major loss of paging systems in the US (single satellite failure)-Increasing numbers of virus/worm/Trojan horse/etc., incidents-Intrusions into government/DoD systems-E-bay outage for ~24 hoursInformation Assurance and Network Integrity: the Present -Incorrect data downloaded into the Internet’s Domain Name System (DNS) root servers disrupted conversion of Internet “names” like [email protected] into Internet addresses like 144.118.31.1 for ~24 hours -others that can’t be discussed in publicInformation Assurance and Network Integrity: the Present•Some of these problems are associated with things which we “do to ourselves”. I.e., no malicious intent•Some of these problems are the result of intentional acts, ranging from mischief to criminal activities to state-sponsored terrorismInformation Assurance and Network Integrity: the Present•Some of these problems are associated with violations of privacy, unauthorized access to information, providing false identities, or unauthorized modification of information•Some of these problems are associated with “denial of service” (disrupting systems and applications)AttacksTypes of attacks•Eavesdropping:- I read your message while it is passing through a network- I listen in on your conversation with one or more other person(s)- I monitor which Web pages you are accessing- I monitor how many messages you send, and to whom they are sent (traffic analysis)- I monitor where you are, by looking at your messagesTypes of attacks•Eavesdropping (continued):Eavesdropping is a passive, read-only activity, in the sense that I don’t change anything about your messages.Eavesdrop: To secretly listen in on a private conversationTypes of attacks•Unauthorized “read” accessI read a file that is stored on one of your servers or other computersThis requires that I obtain access to your computer, either via a network, or by some other means. E.g., I physically access your computer; I loan you a floppy disk that contains a malicious application, that copies your files on to the disk…which you return to me (Trojan horse attack)Types of attacks•Content tampering-I change the content of a message passing through a network, or I change the contents of a database (e.g., I change the information on one of your Web pages)Tampering with a message in transit can be done by substitutionTampering with the contents of a computer requires access and “write” privilegesTypes of attacks•Impersonation-I send you a document or a message that appears to have been sent by someone elseThe ability to prove that a message is “authentic” : the sender is who he or she claims to be, and the content has not been modified since it was created by the authentic sender is called “non-repudiation”Types of


View Full Document

DREXEL ECES 490 - Lecture 41a

Download Lecture 41a
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture 41a and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 41a 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?