INLS 566 - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

INLS 566

Description:

We need to understand all of these threats including hacking ... Post on your web page, password protect (this is in your interest), then email ... – PowerPoint PPT presentation

Number of Views:98
Avg rating:3.0/5.0
Slides: 17
Provided by: billm6
Category:

less

Transcript and Presenter's Notes

Title: INLS 566


1
INLS 566
  • August 29, 2006
  • Information Security Overview

2
Housekeeping
  • New today? Check out class last Thurs
  • Subscribed to inls566_at_listserv.unc.edu?
  • Subscribed to a security newsletter?
  • Any questions about material so far?
  • Any interesting security news? (5 min)

3
More Housekeeping
  • Sign up for presentation dates
  • 1st presentation Tuesday, September 5
  • Volunteer?
  • Hacking statement
  • Windows UNIX computing
  • Electronic delivery of assignments

4
Learning, Yes -- Hacking, No
  • Hacking is one of the usual threats to
    information security
  • We need to understand all of these threats
    including hacking
  • So yes, we will study a few hacks
  • But dont cross the line. INLS 566 is not a safe
    harbor for violations of UNC policy, or for
    illegal behavior

5
No-Hack Guidelines
  • Dont use the UNC network
  • You may be automatically busted, put in penalty
    box
  • (Getting out of the penalty box is tedious and
    uncertain)
  • Well set up our own private sandbox network
  • Meanwhile (off UNC network)
  • Be wary of scanning on any network
  • Scan or probe anothers computer only with their
    informed consent
  • Clean up thoroughly, afterward

6
Windows UNIX Computing
  • Use Ruby or Isis (need accounts)
  • Or, run a virtual machine
  • Or, boot Linux live CD
  • E.g., www.knoppix.org
  • Or, dual boot
  • Or, have two computers

7
Electronic Delivery of Assignments
  • When you finish an assignment, make sure its in
    a form that I can read (e.g., HTML, .doc, .pdf,
    .rtf, ...)
  • Post on your web page, password protect (this is
    in your interest), then email me the URL,
    username, and password
  • Or, email to me as an attachment
  • Ill acknowledge receipt

8
What Is Information Security?
  • (Bottom-up definition)
  • Specified set of information
  • Rules for availability, confidentiality,
    integrity, and/or other properties
  • Mechanisms to enforce those rules
  • Ways to identify success or failure, and respond
    accordingly

9
What Is Information Security?
  • (Top-down definition)
  • What are you trying to protect?
  • What are you protecting it against?
  • How are you planning to do so?
  • BTW, What are you willing to spend?
  • (This becomes your security policy)

10
Course Outline
  • Hackers hacking, war stories
  • How things work on one computer
  • Security specifications and models
  • Whats different about a network
  • Security policies and procedures
  • Some particular topics of interest
  • Crypto, wireless, Web clients servers
  • Telecom, privacy, surveillance, elections

11
Security Resources
  • American Society for Industrial Security
  • Canadian Society for Industrial Security
  • CERT Coordination Center
  • Communications Security Establishment
  • Computer Security Institute
  • The European Forum for Electronic Business (EEMA)
    (see Information Security Solutions Europe
    Conference)
  • Electronic Frontier Foundation
  • Forum of Incident Response and Security Teams
    (FIRST)
  • High-Tech Crime Network
  • Information Security Forum
  • Information Systems Security Association (ISSA)
  • International Association for Cryptologic
    Research
  • ICSA Labs
  • National Security Institute
  • SANS Institute
  • The USENIX Association

12
Incident Reporting
  • CERT (only members can submit reports)
  • CIAC (only DoD can submit reports)
  • FIRST (consortium)
  • Symantec (private enterprise)

13
Security Research
  • SANS, home of several security certification
    programs
  • CERIAS, at Purdue
  • UC Davis SecLab
  • Many more popping up (DHS grants)

14
Privacy Groups
  • EPIC, action clearinghouse for electronic privacy
  • Electronic Frontier Foundation, includes some
    good policy documents and archives
  • Truste, with privacy standards
  • BBBOnline
  • Privacilla

15
Security Certifications
  • CISSP is the big one
  • Several concentrations
  • Multiple levels
  • Is it worth it? Depends on YOU
  • GIAC (SANS.org)
  • CISA
  • CISM

16
For Next Week
  • Read Schneier chapters 4-6
  • Find and read either a security policy or a
    privacy policy (and let me know what it was)
  • Note book review due in 3 weeks
Write a Comment
User Comments (0)
About PowerShow.com