is4463 secure electronic commerce 5:30-6:45 pm robert kaufman –background –contact information...
TRANSCRIPT
![Page 1: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/1.jpg)
IS4463 Secure Electronic CommerceIS4463 Secure Electronic Commerce
5:30-6:45 PMRobert Kaufman
– Background– Contact information
Syllabus and Class ScheduleStudent Background Information
– Send via Email to [email protected]
![Page 2: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/2.jpg)
Student Background InformationStudent Background Information
NamePhone # (opt) and reliable email
addressIS/CS backgroundSecurity backgroundWhy you are taking this courseWhat do you expect out of this
course
![Page 3: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/3.jpg)
SyllabusSyllabus
http://faculty.business.utsa.edu/rkaufman/
![Page 4: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/4.jpg)
Who relies on computers?Who relies on computers?
Transportation Systems Personal and corporate financial records and
systems Banking and financial institutions Hospitals and the medical community The public telephone network Air Traffic Control Power systems and other utilities The government and the military
Just about everybody
![Page 5: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/5.jpg)
CitibankCitibank
Probably the largest and most famous publicly acknowledged theft
Occurred in 1994 Vladimir Levin, a 30-year old Russian hacker stole
more than $10M All but a few hundred thousand dollars recovered The actual dollar figure lost was minimal to an
organization as large as Citibank, what was more important is how this affected people’s impression of the bank. How many accounts were lost as a result of this public incident?
![Page 6: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/6.jpg)
Worcester AirportWorcester Airport
Occurred in early 1997 14 year old hacker broke into a NYNEX digital
loop carrier system through a dial-in port The individual, who called himself “jester”,
disrupted telephone service for over 600 residents of Rutland, Mass as well as communications at Worcester Airport
Communication to the tower and emergency services was disrupted as well as the main radio transmitter and an electronic system which enables aircraft to send a signal to activate the runway lights
![Page 7: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/7.jpg)
Omega EngineeringOmega Engineering
Timothy Lloyd was convicted in May 2000 of causing an estimated $12 million in damages to his former employer.
Back in 1996, Lloyd discovered he was about to be fired
He planted a logic bomb that systematically erased all of Omega’s contracts and the proprietary software used by the company’s manufacturing tools.
Lloyd’s act of insider cyberterrorism cost Omega its competitive position in the electronics manufacturing market. At Lloyd’s trial, plant manager Jim Ferguson said, “We will never recover.”
![Page 8: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/8.jpg)
And probably the most widely And probably the most widely known security problem…known security problem…
In March 1999, David Smith, a New Jersey resident, released the Melissa virus. The estimated damage it caused: $80 million.
In May 2000, 23-year old college Philippine college student, Onel de Guzman, released the “Love Bug” virus which proceeded to cause an estimated $8 Billion in damages worldwide.
![Page 9: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/9.jpg)
DISA VAAP ResultsDISA VAAP Results
PROTECTION
DETECTION
REACTION
38,000Attacks
24,700Succeed
13,300Blocked
988Detected
23,712Undetected
267Reported
721 NotReported
![Page 10: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/10.jpg)
To date, Chinese hackers already have unlawfully defaced a number of U.S. web sites, replacing existing content with pro-Chinese or anti-U.S. rhetoric.
In addition, an Internet worm named "Lion" is infecting computers and installing distributed
denial of service (DDOS) tools on various systems.
Hack Attack: New Global Way Of War
Washington TimesApril 23, 2001, Front Page
“China Warns Of Hack Attack”
Collateral Damage May Soon Have A New Definition
101001000110010010100100010010001000100101001101001000110010010100100010010001000100101001
101001000110010010100100010010001000100101001101001000110010010100100010010001000100101001
ADVISORY 01- 009
Issued 04/26/2001
![Page 11: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/11.jpg)
You have to have security, or else…You have to have security, or else…
1999 CSI/FBI Computer Crime & Security Survey– 521 security “practitioners” in the U.S.
• 30% reported system penetrations from outsiders, an increase for the third year in a row
• 55% reported unauthorized access from insiders, also an increase for the third year in a row
• Losses due to computer security breaches totaled (for the 163 respondents reporting a loss) $123,779,000
• Average loss $759,380
![Page 12: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/12.jpg)
You have to have security, or else…You have to have security, or else…
2000 CSI/FBI Computer Crime and Security Survey– 643 security “practitioners” in the U.S.
• 90% reported computer security breaches within the previous 12 months
• 70% reported unauthorized use
• 74% suffered financial losses due to breaches
• Losses due to computer security breaches totaled (for the 273 respondents reporting a loss) $265,589,940
• Average loss $972,857
![Page 13: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/13.jpg)
You have to have security, or else…You have to have security, or else…
2001 CSI/FBI Computer Crime and Security Survey– 538 security “practitioners” in the U.S.
• 91% reported computer security breaches within the previous 12 months
• 70% reported their Internet connection as a frequent point of attack (up from 59% in 2000)
• 64% suffered financial losses due to breaches, 35% could quantify this loss.
• Losses due to computer security breaches totaled (for the 186 respondents reporting a loss) $377,828,700
• Average loss $2,031,337
![Page 14: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/14.jpg)
You have to have security, or else…You have to have security, or else… 2002 CSI/FBI Computer Crime & Security Survey
– 503 security “practitioners” in the U.S.• 90% detected computer security breaches• 40% detected penetrations from the outside• 80% acknowledged financial losses due to breaches• $455,848,000 in losses due to computer security breaches
totaled (for the 223 respondents reporting a loss) • 26 reported theft of proprietary info ($170,827,000)• 25 reported financial fraud ($115,753,000)• 34% reported intrusions to law enforcement• 78% detected employee abuse of internet access
privileges, i.e. pornography and inappropriate email use• Average loss $2,044,161
![Page 15: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/15.jpg)
A sampling of activity from a A sampling of activity from a security perspectivesecurity perspective
March 1999 - EBay gets hacked March 1999 - Melissa virus hits Internet April 1999 - Chernobyl Virus hits May 1999 - Hackers shut down web sites of FBI, Senate, and DOE June 1999 - Worm.Explore.Zip virus hits July 1999 - Cult of the Dead Cow (CDC) releases Back Orifice Sept 1999 - Hacker pleads guilty to attacking NATO and Gore web sites Oct 1999 - teenage hacker admits to breaking into AOL Nov 1999 - BubbleBoy virus hits Dec 1999 - Babylonia virus spreads Feb 2000 - several sites experience DOS attacks Feb 2000 - Alaska Airlines site hacked May 2000 - Love Bug virus ravages net
![Page 16: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/16.jpg)
Internet Security Software Market
2002 - $7.4 Billion est.
1999 - $4.2 Billion
1998 - $3.1 Billion
1997 - $2 Billion
’97 & ’98 figures based on a study released by market research firm International Data Corp. in Framingham, Mass.
’99 & ’02 figures from IDC study based on a survey of 300 companies with more than $100 million in annual revenues
![Page 17: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/17.jpg)
What are our goals in Security?What are our goals in Security?
The “CIA” of security– Confidentiality– Integrity– Availability– (authentication)– (nonrepudiation)
![Page 18: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/18.jpg)
The “root” of the problemThe “root” of the problem
Most security problems can be grouped into one of the following categories:– Network and host misconfigurations
• Lack of qualified people in the field
– Operating system and application flaws• Deficiencies in vendor quality assurance efforts• Lack of qualified people in the field• Lack of understanding of/concern for security
![Page 19: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/19.jpg)
Computer Security Operational ModelComputer Security Operational Model
Protection = Prevention + (Detection + Response)
Access ControlsEncryptionFirewalls
Intrusion DetectionIncident Handling
![Page 20: IS4463 Secure Electronic Commerce 5:30-6:45 PM Robert Kaufman –Background –Contact information Syllabus and Class Schedule Student Background Information](https://reader035.vdocuments.site/reader035/viewer/2022072015/56649ed25503460f94be157c/html5/thumbnails/20.jpg)
Proactive –vs- Reactive ModelsProactive –vs- Reactive Models
“Most organizations only react to security threats, and, often times, those reactions come after the damage has already been done.”
“The key to a successful information security program resides in taking a pro-active stance towards security threats, and attempting to eliminate vulnerability points before they can be used against you.”