Sie sind auf Seite 1von 19

Alan Davidson 2008

Slide 1 of 19
Introduction to Information Security
and its Environment, Part 2
Lecture 1
Introduction
Alan Davidson
alan@dsv.su.se
Alan Davidson 2008
Slide 2 of 19
Today
Administration
Introduction
Using the course wiki
Alan Davidson 2008
Slide 3 of 19
Question 1
Note rie!ly "and y all means rutally
honestly# what you $ersonally ho$e to gain
!rom this $art o! the course.
Alan Davidson 2008
Slide of 19
The course goals
%aving com$leted this course the student will
e ale to
a#communicate knowledge o! the conce$ts&
models and terms commonly used in the
area o! I'T security.
#identi!y and $roductively e($eriment with
currently relevant I'T security issues.
c#evaluate !actors that in!luence the security
o! systems.
Alan Davidson 2008
Slide ! of 19
)tudy Diaries * re+uirements

,nline

Identi!iale and securely time*stam$ed

-our own words& or $ro$erly cited.

.e!erences

/inked into the course wiki


Alan Davidson 2008
Slide " of 19
)tudy Diaries * contents

0rocess

'ourse ook studies "$rior to lectures#

Alternative sources

)tudy grou$s

0rogress

$rolems discovered...

...and solved

hel$!ul assistance given to course*mates

Additions made to wiki


Alan Davidson 2008
Slide # of 19
The 0racticals

1eek no. 23
A $ractical introduction to tools& threats and
methods. Documented in writing.

1eek no. 23*21


4rou$*wise $ro5ects& devised and $lanned y
the grou$& a$$roved grou$*wise y the course
sta!!. Documented in writing.
Alan Davidson 2008
Slide 8 of 19
6)ecurity7
6)8kerhet7
69:;<=>?97
Alan Davidson 2008
Slide 9 of 19
'IA
Availaility Integrity
'on!identiality
)ecure
Alan Davidson 2008
Slide 10 of 19
Question @
Arie!ly descrie a security a$$lication or
situation that illustrates a 'IA trade*o!!
Alan Davidson 2008
Slide 11 of 19
Threats

)noo$ing

Bodi!ication

)$oo!ing

.e$udiation o! origin

Denial o! recei$t

Delay

Denial o! service
Alan Davidson 2008
Slide 12 of 19
The 0er$etrators

Amateurs

'rackers

'areer 'riminals
Alan Davidson 2008
Slide 13 of 19
Threats& Culnerailities& 'ontrols
0!leegerD0!leeger& $om%utin& in Security& E
rd
Fdition& 0rentice %all&@33E
Alan Davidson 2008
Slide 1 of 19
,$erational Issues

'ost*Aene!it Analysis

.isk Analysis

/aws and 'ustoms


%uman Issues

,rganisational 0rolems

0eo$le 0rolems
Alan Davidson 2008
Slide 1! of 19
Question E
Think o! a true*to*li!e like situation where
you guess that the costs o! $rotection
outweigh the risks
...and then one situation that is vice*versa
Alan Davidson 2008
Slide 1" of 19
Bulti$le 'ontrols
0!leegerD0!leeger& $om%utin& in Security& E
rd
Fdition& 0rentice %all&@33E
Alan Davidson 2008
Slide 1# of 19
4ollmannGs ,nion Bodel
4ollmann& $om%uter Security& 1iley& 1HHH
%ardware
,
)
Ier
n
e
l
,
$
e
r
a
t
ing )
y
s
t
e
m
)
e
rvice
s
A
$
$licatio
n
s
Alan Davidson 2008
Slide 18 of 19
1hen it comes to de!ining security&
im$osing a structure or terminology
J
K
1.There is no single de!inition o! security
@.1hen reading a document& e care!ul not to
con!use your own notion o! security with that
used in the document.
E. A lot o! time is eing s$ent "and wasted# in
trying to de!ine unamiguous notations !or
security.
J4ollmann& Dieter. 6$om%uter Security7& 1iley& 1HHH
Alan Davidson 2008
Slide 19 of 19
-et another $ers$ective
Test 1rite 0rotect U$date
AlanGs Lstages o! vulneraility avoidanceL
Time ")tages to de$loyment#