Review

Document Sample
Review Powered By Docstoc
					Review Slides, Security +
Ted Demopoulos ted@demop.com
          Risk Management
• Security is all about Risk Management
• Risk = Vulnerability x Threat
• Vulnerability – a weakness in a system. All
  complex systems have vulnerabilities
• Threat – an event that can cause an
  undesirable outcome. Threat implies
  potential harm
                SLE/ALE
• SLE: Single Loss Expectancy – loss from a
  single event (how bad can it be?)

• ALE: Annual Loss Expectancy – loss from
  a threat over an entire year (can it happen
  multiple times?)
    Quantitative vs. Qualitative
• Risk assessment can be Quantitative or
  Qualitative
• Quantitative -- a quantity or number.
  e.g. if a Katrina strength hurricane hits
  again the expected loss is 22 billion dollars
• Qualitative
  e.g. if a Katrina strength hurricane hits again
  it will be extremely bad
             Crypto Algorithms
 Symmetric       Asymmetric             Hashing
  Secret Key       Public Key     Message Digest
                                  1-way Encryption
                                  Irreversible Encryption
   One Key      Public, Private          No Key
                Key Pairs
 DES, 3-DES    Diffie-Hellman,    MD2, MD4, MD5,
AES, IDEA, RC4 RSA, El Gamal,      SHA-1, SHA-2
               ECC
            PGP versus PKI
PKI – Central authority in change of trust,
 You MUST trust the central authority

PGP – Closer to anarchy. NO central
 authority.
 Web of Trust – you trust your friends and
 many of your friend’s friends.
             Access Control
• Discretionary Access Control (DAC)
  – Users control
• Mandatory Access Control (MAC)
  – Not controlled by users, requires matching
    clearance and classification levels (e.g. top
    secret, secret, classified, etc.)
• Role Based Access Control (RBAC)
  – Based on group memberships
TCP/IP 3 way Handshake


         SYN

        SYN, ACK


          ACK
      Some Common Ports (1)
TCP 20, 21 – FTP (file transfer protocol)
TCP 22 – SSH (secure shell)
TCP 23 – telnet
TCP 25 – SMTP (simple mail transfer
 protocol)
TCP and UDP 53 – DNS (domain name
 system)
     Some Common Ports (2)
TCP 80 – HTTP (hyper text transfer protocol)
TCP 110 POP3 (post office protocol)
TCP 143 IMAP (internet message access
 protocol)
TCP 443 SSL, HTTPS (secure sockets layer,
 HTTP over SSL)
 Open Source Tools (not on test)
Sniffers: TCPdump, Ethereal (now called
  Wireshark)
802.11: NetStumbler, Kismet
Password Assessment: John the Ripper, Cain
  and Abel
Vulnerability Assessment: Nessus
Intrusion Detection: Snort

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:6
posted:9/19/2012
language:English
pages:11