isqs 3360 telecomm security john r. durrett, ph.d. fall 2010 various security videos
TRANSCRIPT
![Page 1: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/1.jpg)
ISQS 3360
Telecomm SecurityJohn R. Durrett, Ph.D.Fall 2010Various Security Videos
![Page 2: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/2.jpg)
Course Overview
Why the CISSP Exam Review
Web Site
Contacting Me
Grading
![Page 3: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/3.jpg)
Why
In CyberWar, China is Just a Skirmish Sony Rootkit of 2005 Data theft at BlueCross Crackers & Open Sources Methods Schneier on Security Security News Portal Current Vulnerabilities
![Page 4: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/4.jpg)
How to Worry about Linux Security(Linux Journal 8/28/06)
“Worry about a networked system is good, the trick is to worry about the right things & to act on our worries”
Folks you should worry about Weapons you should worry about Vulnerabilities You Should Worry About How to channel worries into constructive
action
![Page 5: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/5.jpg)
Folks You Should Worry About
Mostly work you way outward, but once in awhile look from cracker's viewpoint
Identity Thieves Resource Thieves Malicious Code Vandals Corporate Spies Stalkers
Not all crackers are remote: INSIDERS
![Page 6: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/6.jpg)
Weapons You Should Worry About
Mid 90's weapon was cracker at PC (or) Direct interaction: attacker – victim Usually correct, sometimes not
Today vast majority are automated viruses, trojans and worms botnet:
spammers paid per distribution node DdoSers, Phishers
Crackers still here but most are “script kiddies”
![Page 7: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/7.jpg)
VulnerabilitiesYou Should Worry About a threat equals an attacker plus some
vulnerability If a vulnerability cannot be exploited it
does not constitute a risk
No such thing as a completely invulnerable system but can lower %
![Page 8: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/8.jpg)
Common types of vulnerabilities
Bugs in user-space software (applications) Bugs in system software
(kernel, drivers/modules, etc.) Extraneous user accounts Extraneous software
(with bugs or sloppy/default settings) Unused security features in applications Unused security features in the OS Gullible users
![Page 9: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/9.jpg)
Recipe to convert worry to action
1. Define system functionSun Tzu: analyze terrain you need to defend
2. Prioritize types of attacks most likely
3. What data/resources most likely target
4. What vulnerabilities give access to #3
5. How can I lower/remove vulnerability
![Page 10: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/10.jpg)
CISSP
International Information Systems Security Consortium (ISC)2
https://www.isc2.org/cgi-bin/content.cgi?category=1314
Common Body of Knowledge Ten Domains: created to establish a
common communications platform CISSP:
NOT THE PURPOSE of THIS COURSE
![Page 11: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/11.jpg)
Ten Domains1. Security Management Practices2. Access Control Systems3. Telecommunications & Network Security4. Cryptography5. Security Architecture & Modules6. Operations Security7. Applications & Systems Development8. Business Continuity & Disaster Recovery9. Law, Investigation & Politics10. Physical Security
![Page 12: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/12.jpg)
Ch 1: Security Management Practices
Basic Security Concepts Policies, Standards, Guidelines, &
Procedures Roles played in security management Security Awareness Risk Management Data & Information Classification
![Page 13: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/13.jpg)
Ch 2:Access Control Systems
A means of ensuring a system’s C.I.A (Confidentiality, Integrity, &
Availability) given the threats, vulnerabilities, &
risks its infrastructure
![Page 14: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/14.jpg)
Ch 3 :Telecommunications & Network Security
C.I.A. as it applies to Network Security Protocols & Layered Network Architectures OSI and TCP/IP TCP/IP protocol architecture IP addressing & Routing TCP Applications IPv6
![Page 15: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/15.jpg)
Ch 4 :Cryptography
Purpose: to protect transmitted information from being read or altered by non authorized subjects
![Page 16: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/16.jpg)
Ch 5 :Security Architecture & Models
“The security architecture of an information system is fundamental to enforcing an organization’s information security policy.”
![Page 17: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/17.jpg)
Ch 6 :Operations Security
“Controls over the hardware in a computing facility, over the data media used, and over the operators using these resources.”
Controls & Protections needed to insure CIA
Monitoring & Auditing above Controls Threats & Vulnerabilities
![Page 18: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/18.jpg)
Ch 7 :Application & System Development
A very brief overview of the SDLC and the security issues involved. Generic Systems Engineering Waterfall Model, Spiral Model Cost Estimations Models Security Components of the Models Agile Development, AI Systems Database, BI, & Application Controls
![Page 19: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/19.jpg)
Ch 8 : Business Continuity & Disaster Recovery Planning
Assumes the Worst Has Happened
Preparation, testing, & updating of actions required to protect critical business processes from the effects of major system & network failures
Specific ProceduresPlan Development
TestingBus. Impact Assess. (BIA)
PlanningPlan initiation
Disaster Recovery (DRP)Buss Continuity (BCP)
![Page 20: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/20.jpg)
Ch 9 :Law, Investigation, & Ethics
What laws apply to computer crimes, how to determine a crime has occurred, how to preserve evidenced, conduct an investigation, & what are the liabilities.
![Page 21: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/21.jpg)
Ch 10:Physical Security
“Least sexy of the 10 domains but the best firewall in the world will not stand up to a well placed brick.”
Addresses threats, vulnerabilities, countermeasures to physically protect org’s resources & sensitive info
Natural disasters Unauthorized entry and/or theft
![Page 22: ISQS 3360 Telecomm Security John R. Durrett, Ph.D. Fall 2010 Various Security Videos](https://reader035.vdocuments.site/reader035/viewer/2022062408/56649ec75503460f94bd2ade/html5/thumbnails/22.jpg)
“The World is Flat” by Thomas Friedman
Internet, High bandwidth, Ubiquitous Global Connectivity Outsourcing Education http://www.thomaslfriedman.com/worldisflat.htm
The Post-American World (The Rise of the Rest)
The next 100 Years: A History of the 21st Century