SOFTWARE SECURITY - PowerPoint PPT Presentation

1 / 44
About This Presentation
Title:

SOFTWARE SECURITY

Description:

WORMS. TROJAN HORSES. BOMBS. TRAP DOORS. SPOOFS. BACTERIAS ... WORMS. An independent program. ... A popular mechanism for disguising a virus or a worm. BOMBS ... – PowerPoint PPT presentation

Number of Views:63
Avg rating:3.0/5.0
Slides: 45
Provided by: engineeri67
Category:

less

Transcript and Presenter's Notes

Title: SOFTWARE SECURITY


1
SOFTWARE SECURITY
  • Computer Risk Management
  • Computer Crimes
  • Cyberterrorism

2
CYBERTERRORISM
  • CORPORATE
  • SECURITY

3
TERRORISM
  • COLD WAR OF THE FUTURE
  • CYBERTERRORISM

4
PRINCIPLES
  • TERRORIZE
  • FEAR
  • TRUST

5
TARGET CATEGORIES
  • SOCIETY
  • GOVERNMENT
  • CORPORATIONS
  • GROUPS
  • INDIVIDUALS

6
GEOGRAPHIC TARGETS
  • GLOBAL
  • INTERNATIONAL
  • NATIONAL
  • REGIONAL
  • LOCAL

7
CORPORATE TARGETS
  • GLOBAL CORPORATIONS
  • MULTI-NATIONAL CORPORATIONS
  • FORTUNE 500 CORPORATIONS
  • FOREIGN COMPANIES
  • DOMESTIC COMPANIES

8
TARGET INDUSTRIES
  • FINANCIAL INSTITUTIONS
  • MARKETING ORGANIZATIONS
  • INFORMATION TECHNOLOGIES
  • MANUFACTURING
  • HIGH-TECH
  • SOFTWARE

9
COMPUTER TARGETS
  • COMMUNICATION SYSTEMS
  • TELECOMMUNICATION
  • INFORMATION SYSTEMS
  • DATABASE SYSTEM

10
CRIME CATEGORIES
  • THEFT
  • BOMBS
  • ESPIONAGE
  • HATE CRIMES
  • PRODUCT TAMPERING
  • MASS DESTRUCTION

11
THEFT
  • PASSWORDS
  • CREDIT PROFILES
  • INTELLIGENCE
  • TRADE SECRETES
  • COMPETIVE INFORMATION
  • FINANCIAL INSTRUMENTS

12
ESPIONAGE
  • STRATEGIC INTELLIGENCE
  • MARKETING INTELLIGENCE
  • PRODUCT

13
BOMBING
  • VIRTUAL BOMBS

14
CRIMINAL ACTS
  • MODIFICATION OF INFO
  • DESTRUCTION OF INFO
  • DECEPTION
  • PROPAGANDA
  • COVERT ACTIVITIES
  • CRACKING
  • HACKING PHREAKING

15
CRIMINAL ACTS
  • EAVES DROPPING
  • REPROGRAMMING
  • INTERCEPTION
  • DESTRUCTION
  • CODE BREAKING
  • CODE CHIPPING

16
WEAPON CHARACTERISTICS
  • REMOTE CONTROLLED
  • READILY AVAILABLE
  • UNTRACEABLE
  • INEXPENSIVE
  • DISPOSABLE
  • INVISIBLE

17
WEAPON TECHNOLOGIES
  • COMPUTER CODE
  • INFORMATION SYSTEMS
  • ELECTRONIC INTERCEPT
  • COMMUNICATION TECHNOLOGY

18
MALICIOUS CODEVANDALWARE
  • VIRUSES
  • WORMS
  • TROJAN HORSES
  • BOMBS
  • TRAP DOORS
  • SPOOFS
  • BACTERIAS
  • RABITS

19
VIRUS
  • A code fragment
  • that copies itself
  • into a larger program
  • modifying that program.
  • A virus is not an
  • independent program!

20
WORMS
  • An independent program.
  • It reproduces by copying itself in full-blown
    fashion from one computer to another, usually
    over a network.

21
TROJAN HORSES
  • A code fragment that hides inside a program and
    performs a disguised function.
  • A popular mechanism for disguising a virus or a
    worm

22
BOMBS
  • Triggers some kind of unauthorized action when a
    particular time or condition occurs.
  • TIME BOMBS
  • LOGICAL BOMBS

23
TRAP DOORBACK DOOR
  • Provides the original designer with a secrete
    route into the software.

24
SPOOFS
  • A program that tricks an unsuspecting user into
    giving away privileges.

25
BACTERIA
  • Programs that makes copies of themselves and
    eventually use all the resources.
  • (memory, disk space)

26
RABBITS
  • Rapidly reproducing programs

27
CRABS
  • Programs that attack the display of data on
    computer screens.

28
SALAMIS
  • Slice away tiny pieces of data.
  • Alters one or two numbers
  • Moves a decimal point

29
CRIMINALS
  • HACKERS
  • CYBERPUNKS
  • WHITE-COLOR PROFESSIONALS
  • COMMON CRIMINALS
  • INDIVIDUALS
  • CRIMINAL ORGANIZATIONS
  • DOMESTIC CRIMINALS
  • INTERNATIONAL CRIMINALS

30
CLASSIC HACKERPERSONALITY TRAITS
  • LACK OF EMPATHY
  • FEELING OF ENTITLEMENT
  • NEED FOR CONSTANT ATTENTION ADMIRATION
  • STRONG NEGATIVE RESPONSE TO THREATS OF
    SELF-ESTEEM
  • GRADIOSE SENSE OF SELF-IMPORTANCE

31
MOTIVES
  • POLITICAL
  • RELIGIOUS
  • IDEOLOGICAL
  • REVENGE
  • PERSONEL
  • MATERIAL
  • FINANCIAL

32
CYBER WARFARE
  • PERSONAL INFORAMTION WARFARE
  • CORPORATE INFORMATION WARFARE
  • GLOBAL INFORMATION WARFARE

33
ORANGE BOOKTRUSTED COMPUTER SYSTEM EVALUATION
CRITERIA - DOD
  • D MINIMAL SECURITY
  • C DISCRETIONARY PROTECTION
  • B MANDATORY PROTECTION
  • A VERIFIED PROTECTION

34
SECURITY AUDIT
  • Auditing is the
  • recording
  • examining
  • reviewing
  • of security-related activities

35
ENCRYPTION
  • 2,000 B.C. HIEROGLYPHS
  • 1926 ENIGMA MACHINE
  • CLEARTEXT - CIPHERTEXT
  • ENCRYPTION
  • DECRYPTION

36
CRYPTOGRAPHY
  • PUBLIC KEY
  • PRIVATE KEY
  • ONE-TIME CIPHER KEY

37
DATA ENCRYPTION STANDARD (DES)
  • FOR HARDWARE ONLY
  • NOT FOR SOFTWARE
  • ECB Electronic Codebook
  • CBC Cipher Block Chaining
  • CFB Cipher Feedback
  • OFB Output Feedback

38
BIOMETRIC DEVICES
  • KEYSTROKE PATTERN DEVICES
  • SIGNATURE DEVICES
  • VOICE PATTERN DEVICES
  • HANDPRINT DEVICES
  • FINGERPRINT DEVICES
  • RETINA PATTERN DEVICES

39
INFORMATION PROTECTION LEGISLATION
  • 1988 THE COMPUTER ACT
  • 1992 SENATE CRIME BILL
  • 1993 EXECUTIVE ORDER CLIPPER
    ENCRYPTION

40
PHYSICAL SECURITY
  • ALARM SYSTEM
  • ACCESS CONTROL
  • FIRE PROTECTION
  • PHYSICAL FACILITY LOCATION

41
DETERRENCE
  • EXPLICIT-DETERENCE
  • INCIDENT MUST BE DEFINED
  • CLEAR IDENTITY OF PERPETRATOR
  • PUNISHMENT MUST BE BELIEVED
  • DETERRENCE-IN-KIND
  • PERPETRATORS HAVE VALES AT STAKE
  • PUNISHMENT MUST BE CONTOLLABLE

42
LAW ENFORCEMENT AGENCIES
  • FBI
  • NATIOAL COMPUTER CRIMES SQUAD
  • SECRETE SERVICE
  • ELECTRONIC CRIMES BRANCH
  • JUSTICE DEPARTMENT
  • COMPUTER CRIME UNIT
  • AIR FORCE
  • INFORMATION WARFARE CENTER

43
REGULATORY AGENCIES
  • NIST - NATIONAL INSTITUTE OF STANDARDS AND
    TECHNOLOGY
  • ITU - INTERNATIONAL TELECOMMUNICATIONS UNION (UN)
  • ISO - INTERNATIONAL ORGANIZATION FOR
    STANDARDIZATION
  • IEC INTERNATIONAL ELECTROTECHNICAL COMMISSION

44
SECURITY SERVICES
  • AUTHENTICATION
  • user identity
  • ACCESS CONTROL
  • DATA INTEGRITY
  • unchanged data
  • DATA CONFIDENTIALITY
  • unauthorized disclosure
  • NONREPUDIATION
  • denial of sending/receiving data
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "SOFTWARE SECURITY" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!