logging in or signing up ComputerSecurity PhysicalSecurity slides Rinald Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 557 Category: Education License: All Rights Reserved Like it (2) Dislike it (0) Added: January 23, 2008 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... By: abhijitppt (25 month(s) ago) This is a wonderfull ppt.plzzzzz give me the authority to download this one. Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Computer Security and Physical Security: Computer Security and Physical Security Valentin Razmov Department of Computer Science & Engineering University of Washington, SeattleUseful Keywords: Useful Keywords Key Lock Secret Password Encode / Decode Eavesdrop Tradeoff Risk Threat Spoof Tamper Repudiation Disclosure Denial of service PrivilegeTrue in Both Physical Security and in Computer Security: True in Both Physical Security and in Computer Security There are many potential risks and threats. You can only defend against some of them, but not all. Examples of risks: some real, some absurd… A heavy object falling from the sky as you walk down the street Someone stealing your bag on the train Someone entering your apartment when you are not there Accidentally eating food that contains poison Harmful bacteria transmitted by air to many people and many others… Main questions: What specifically do you want to protect against? Which threats are most realistic and worth defending against?Common Tools Used in Both Worlds: Computer and Physical: Common Tools Used in Both Worlds: Computer and Physical Locks and Keys What you have Used to lock secrets Fences Used to defend boundaries But no protection if you are already inside Firewalls are computer fences Passwords What you know Used to prove that you really are who you say you areTradeoff between the Level of Protection and Ease of Use: Tradeoff between the Level of Protection and Ease of Use Stronger protection means more difficult access Both for you and for anyone else E.g.: a bank vault vs. an old wooden door vs.Ongoing Thought Activity: Ongoing Thought Activity Case study: An electronic commerce company (like Amazon: ) is establishing an online business in Japan. Questions: What physical threats does the company need to defend against? What computer threats does the company need to defend against?Common Types of Physical and Computer Threats (1/6): Common Types of Physical and Computer Threats (1/6) Spoofing Pretending to be someone you are not E.g.: “Hi, I’m Bob.”, says Alice. “On the Internet nobody knows you're a dog.” Question: Is this a real threat for the company’s business? Answer:Common Types of Physical and Computer Threats (2/6): Common Types of Physical and Computer Threats (2/6) Tampering Manipulating objects that do not belong to you E.g.: opening and changing letters addressed not to you Shredding documents Question: Is this a real threat for the company’s business? Answer:Common Types of Physical and Computer Threats (3/6): Common Types of Physical and Computer Threats (3/6) Repudiation Refusing to admit what you have done Question: Is this a real threat for the company’s business? Answer: Which one of you zebras ate my lunch?Common Types of Physical and Computer Threats (4/6): Common Types of Physical and Computer Threats (4/6) Information disclosure Stealing a secret E.g.: via eavesdropping In the physical world we use keys to lock secrets and to protect property Question: Is this a real threat for the company’s business? Answer:Activity: Hiding Information; Discovering Hidden Information: Activity: Hiding Information; Discovering Hidden Information Encode the following phrase by substituting each letter with the previous one in the English alphabet: “University lecture” Decode the following letter sequence by substituting each letter with the next one in the English alphabet: “Vdkbnld sn TV!”Common Types of Physical and Computer Threats (5/6): Common Types of Physical and Computer Threats (5/6) Denial of service Preventing a business from working with its customers E.g.: preventing those who wait to have their turn; picket lines during strikes Question: Is this a real threat for the company’s business? Answer:Common Types of Physical and Computer Threats (6/6): Common Types of Physical and Computer Threats (6/6) Elevation of privilege Doing something without permission Question: Is this a real threat for the company’s business? Answer:Five Key Questions to Evaluate Any Proposed “Solution”: Five Key Questions to Evaluate Any Proposed “Solution” What problem does the proposed approach solve? How well does it solve the problem? What new problems does it add? What are the economic and social costs? Given the above information, is it worth the costs?Security Principles (1/3): Security Principles (1/3) Security is as strong as the weakest link (in the chain) Therefore, security can never be perfect. Defense in depth Using multiple overlapping defenses E.g.: a fence + a water trap + dogs + security guards Keep it simple Complex things are very hard to analyze, and can lead to problems.Security Principles (2/3): Security Principles (2/3) Minimize attack surface E.g.: Fewer entry points into the house are easier to defend. Secure by default E.g.: door locks that lock without a key Least privilege When you are allowed to do only what is absolutely necessary for the job (but not more) E.g.: giving someone only the key to your garage, but not the keys to the house, the office, and the carSecurity Principles (3/3): Security Principles (3/3) Compartmentalize (to contain potential damage) E.g.: Submarines have sealed compartments that do not leak water, even if some of them get flooded. Minimize the window of vulnerability E.g.: not leaving your front door open for too long without watching it Be conservative in what you accept (as valid) You do not have to take anything that you do not want.Useful Keywords: Useful Keywords Key Lock Secret Password Encode / Decode Eavesdrop Tradeoff Risk Threat Spoof Tamper Repudiation Disclosure Denial of service PrivilegeReferences: References http://www.owasp.org/index.php/CLASP_Security_Principles http://www.counterpane.com/crypto-gram-0204.html#1 “Writing Secure Code”, by Michael Howard and David LeBlancQuestions?: Questions? Computer Security and Physical Security Valentin Razmov Department of Computer Science & Engineering University of Washington, Seattle You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
ComputerSecurity PhysicalSecurity slides Rinald Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 557 Category: Education License: All Rights Reserved Like it (2) Dislike it (0) Added: January 23, 2008 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... By: abhijitppt (25 month(s) ago) This is a wonderfull ppt.plzzzzz give me the authority to download this one. Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Computer Security and Physical Security: Computer Security and Physical Security Valentin Razmov Department of Computer Science & Engineering University of Washington, SeattleUseful Keywords: Useful Keywords Key Lock Secret Password Encode / Decode Eavesdrop Tradeoff Risk Threat Spoof Tamper Repudiation Disclosure Denial of service PrivilegeTrue in Both Physical Security and in Computer Security: True in Both Physical Security and in Computer Security There are many potential risks and threats. You can only defend against some of them, but not all. Examples of risks: some real, some absurd… A heavy object falling from the sky as you walk down the street Someone stealing your bag on the train Someone entering your apartment when you are not there Accidentally eating food that contains poison Harmful bacteria transmitted by air to many people and many others… Main questions: What specifically do you want to protect against? Which threats are most realistic and worth defending against?Common Tools Used in Both Worlds: Computer and Physical: Common Tools Used in Both Worlds: Computer and Physical Locks and Keys What you have Used to lock secrets Fences Used to defend boundaries But no protection if you are already inside Firewalls are computer fences Passwords What you know Used to prove that you really are who you say you areTradeoff between the Level of Protection and Ease of Use: Tradeoff between the Level of Protection and Ease of Use Stronger protection means more difficult access Both for you and for anyone else E.g.: a bank vault vs. an old wooden door vs.Ongoing Thought Activity: Ongoing Thought Activity Case study: An electronic commerce company (like Amazon: ) is establishing an online business in Japan. Questions: What physical threats does the company need to defend against? What computer threats does the company need to defend against?Common Types of Physical and Computer Threats (1/6): Common Types of Physical and Computer Threats (1/6) Spoofing Pretending to be someone you are not E.g.: “Hi, I’m Bob.”, says Alice. “On the Internet nobody knows you're a dog.” Question: Is this a real threat for the company’s business? Answer:Common Types of Physical and Computer Threats (2/6): Common Types of Physical and Computer Threats (2/6) Tampering Manipulating objects that do not belong to you E.g.: opening and changing letters addressed not to you Shredding documents Question: Is this a real threat for the company’s business? Answer:Common Types of Physical and Computer Threats (3/6): Common Types of Physical and Computer Threats (3/6) Repudiation Refusing to admit what you have done Question: Is this a real threat for the company’s business? Answer: Which one of you zebras ate my lunch?Common Types of Physical and Computer Threats (4/6): Common Types of Physical and Computer Threats (4/6) Information disclosure Stealing a secret E.g.: via eavesdropping In the physical world we use keys to lock secrets and to protect property Question: Is this a real threat for the company’s business? Answer:Activity: Hiding Information; Discovering Hidden Information: Activity: Hiding Information; Discovering Hidden Information Encode the following phrase by substituting each letter with the previous one in the English alphabet: “University lecture” Decode the following letter sequence by substituting each letter with the next one in the English alphabet: “Vdkbnld sn TV!”Common Types of Physical and Computer Threats (5/6): Common Types of Physical and Computer Threats (5/6) Denial of service Preventing a business from working with its customers E.g.: preventing those who wait to have their turn; picket lines during strikes Question: Is this a real threat for the company’s business? Answer:Common Types of Physical and Computer Threats (6/6): Common Types of Physical and Computer Threats (6/6) Elevation of privilege Doing something without permission Question: Is this a real threat for the company’s business? Answer:Five Key Questions to Evaluate Any Proposed “Solution”: Five Key Questions to Evaluate Any Proposed “Solution” What problem does the proposed approach solve? How well does it solve the problem? What new problems does it add? What are the economic and social costs? Given the above information, is it worth the costs?Security Principles (1/3): Security Principles (1/3) Security is as strong as the weakest link (in the chain) Therefore, security can never be perfect. Defense in depth Using multiple overlapping defenses E.g.: a fence + a water trap + dogs + security guards Keep it simple Complex things are very hard to analyze, and can lead to problems.Security Principles (2/3): Security Principles (2/3) Minimize attack surface E.g.: Fewer entry points into the house are easier to defend. Secure by default E.g.: door locks that lock without a key Least privilege When you are allowed to do only what is absolutely necessary for the job (but not more) E.g.: giving someone only the key to your garage, but not the keys to the house, the office, and the carSecurity Principles (3/3): Security Principles (3/3) Compartmentalize (to contain potential damage) E.g.: Submarines have sealed compartments that do not leak water, even if some of them get flooded. Minimize the window of vulnerability E.g.: not leaving your front door open for too long without watching it Be conservative in what you accept (as valid) You do not have to take anything that you do not want.Useful Keywords: Useful Keywords Key Lock Secret Password Encode / Decode Eavesdrop Tradeoff Risk Threat Spoof Tamper Repudiation Disclosure Denial of service PrivilegeReferences: References http://www.owasp.org/index.php/CLASP_Security_Principles http://www.counterpane.com/crypto-gram-0204.html#1 “Writing Secure Code”, by Michael Howard and David LeBlancQuestions?: Questions? Computer Security and Physical Security Valentin Razmov Department of Computer Science & Engineering University of Washington, Seattle